Search in sources :

Example 1 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project xwiki-commons by xwiki.

the class BcExtensionUtils method getGeneralNames.

/**
 * Convert a collection of X.509 general names to Bouncy Castle general names.
 *
 * @param genNames a collection of X.509 general names.
 * @return a bouncy castle general names.
 */
public static GeneralNames getGeneralNames(X509GeneralName[] genNames) {
    GeneralName[] names = new GeneralName[genNames.length];
    int i = 0;
    for (X509GeneralName name : genNames) {
        if (name instanceof BcGeneralName) {
            names[i++] = ((BcGeneralName) name).getGeneralName();
        } else {
            throw new IllegalArgumentException("Unexpected general name: " + name.getClass().toString());
        }
    }
    return new GeneralNames(names);
}
Also used : X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 2 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project solarnetwork-node by SolarNetwork.

the class PKITestUtils method generateNewCACert.

public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
    final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
    final X500Name subjectDn = new X500Name(subject);
    final BigInteger serial = getNextSerialNumber();
    final Date notBefore = new Date();
    final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
    // add "CA" extension
    BasicConstraints basicConstraints;
    if (issuer == null) {
        basicConstraints = new BasicConstraints(true);
    } else {
        int issuerPathLength = issuer.getBasicConstraints();
        basicConstraints = new BasicConstraints(issuerPathLength - 1);
    }
    builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
    // add subjectKeyIdentifier
    JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
    SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
    builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
    // add authorityKeyIdentifier
    GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
    AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
    aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
    builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
    // add keyUsage
    X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
    builder.addExtension(X509Extension.keyUsage, true, keyUsage);
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
    ContentSigner signer = signerBuilder.build(issuerKey);
    X509CertificateHolder holder = builder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    return converter.getCertificate(holder);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) Date(java.util.Date) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)

Example 3 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project jss by dogtagpki.

the class ExtPrettyPrint method getCertificateIssuerExtension.

/**
 * String Representation of CertificateIssuerExtension
 */
private String getCertificateIssuerExtension() {
    StringBuffer sb = new StringBuffer();
    try {
        sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERTIFICATE_ISSUER) + "- " + mExt.getExtensionId().toString() + "\n");
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
        CertificateIssuerExtension ext = (CertificateIssuerExtension) mExt;
        if (mExt.isCritical()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        GeneralNames issuerNames = (GeneralNames) ext.get(CertificateIssuerExtension.CERTIFICATE_ISSUER);
        if (issuerNames != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n");
            for (int i = 0; i < issuerNames.size(); i++) {
                GeneralName issuerName = (GeneralName) issuerNames.elementAt(i);
                if (issuerName != null) {
                    String nameType = "";
                    if (issuerName.getType() == GeneralNameInterface.NAME_DIRECTORY)
                        nameType = "DirectoryName: ";
                    sb.append(pp.indent(mIndentSize + 8) + nameType + issuerName.toString() + "\n");
                }
            }
        }
        return sb.toString();
    } catch (IOException e) {
        e.printStackTrace();
        return "";
    }
}
Also used : GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames) GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName) IOException(java.io.IOException) CertificateIssuerExtension(org.mozilla.jss.netscape.security.x509.CertificateIssuerExtension) CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint) IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)

Example 4 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project jss by dogtagpki.

the class ExtPrettyPrint method getIssuingDistributionPointExtension.

/**
 * String Representation of IssuerAlternativeName Extension
 */
private String getIssuingDistributionPointExtension() {
    StringBuffer sb = new StringBuffer();
    sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
    sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUING_DIST_POINT) + "- " + mExt.getExtensionId().toString() + "\n");
    sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
    if (mExt.isCritical()) {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
    } else {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
    }
    IssuingDistributionPointExtension ext = (IssuingDistributionPointExtension) mExt;
    IssuingDistributionPoint issuingDistributionPoint = ext.getIssuingDistributionPoint();
    if (issuingDistributionPoint != null) {
        GeneralNames fullNames = issuingDistributionPoint.getFullName();
        RDN relativeName = issuingDistributionPoint.getRelativeName();
        if (fullNames != null || relativeName != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n");
            if (fullNames != null) {
                sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n");
                for (int i = 0; i < fullNames.size(); i++) {
                    GeneralName fullName = (GeneralName) fullNames.elementAt(i);
                    if (fullName != null) {
                        sb.append(pp.indent(mIndentSize + 12) + fullName.toString() + "\n");
                    }
                }
            }
            if (relativeName != null) {
                sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + relativeName.toString() + "\n");
            }
        }
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_USER_CERTS));
        if (issuingDistributionPoint.getOnlyContainsUserCerts()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_CA_CERTS));
        if (issuingDistributionPoint.getOnlyContainsCACerts()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        BitArray onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
        if (onlySomeReasons != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS));
            sb.append("0x" + pp.toHexString(onlySomeReasons.toByteArray()));
        }
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_INDIRECT_CRL));
        if (issuingDistributionPoint.getIndirectCRL()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
    }
    return sb.toString();
}
Also used : IssuingDistributionPointExtension(org.mozilla.jss.netscape.security.x509.IssuingDistributionPointExtension) IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint) GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames) GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName) RDN(org.mozilla.jss.netscape.security.x509.RDN) CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint) IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)

Example 5 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project jss by dogtagpki.

the class SubjectInfoAccessExtension method main.

public static void main(String[] argv) {
    AuthInfoAccessExtension aia = new AuthInfoAccessExtension(false);
    GeneralName ocspName = new GeneralName(new URIName("http://ocsp.netscape.com"));
    aia.addAccessDescription(METHOD_OCSP, ocspName);
    GeneralName caIssuersName = new GeneralName(new URIName("http://ocsp.netscape.com"));
    aia.addAccessDescription(METHOD_CA_ISSUERS, caIssuersName);
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    try {
        aia.encode(os);
        System.out.println(Utils.base64encode(os.toByteArray(), true));
    } catch (IOException e) {
        System.out.println(e.toString());
    }
    try {
        // test serialization
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        ObjectOutputStream oos = new ObjectOutputStream(bos);
        oos.writeObject(aia);
        ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray());
        ObjectInputStream ois = new ObjectInputStream(bis);
        AuthInfoAccessExtension clone = (AuthInfoAccessExtension) ois.readObject();
        System.out.println(clone);
    } catch (Exception e) {
        System.out.println(e.toString());
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) ObjectOutputStream(java.io.ObjectOutputStream) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) URIName(org.mozilla.jss.netscape.security.x509.URIName) ObjectInputStream(java.io.ObjectInputStream)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)238 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)113 IOException (java.io.IOException)110 ArrayList (java.util.ArrayList)76 DERIA5String (org.bouncycastle.asn1.DERIA5String)53 X500Name (org.bouncycastle.asn1.x500.X500Name)52 X509Certificate (java.security.cert.X509Certificate)51 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)48 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)47 List (java.util.List)40 BigInteger (java.math.BigInteger)37 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)37 DEROctetString (org.bouncycastle.asn1.DEROctetString)36 ContentSigner (org.bouncycastle.operator.ContentSigner)35 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)31 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)30 Date (java.util.Date)30 X500Principal (javax.security.auth.x500.X500Principal)29 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)29 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)29