Search in sources :

Example 11 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project wildfly-elytron by wildfly-security.

the class IssuerAlternativeNamesExtension method encodeTo.

public void encodeTo(final ASN1Encoder encoder) {
    encoder.startSequence();
    for (GeneralName name : issuerAlternativeNames) {
        name.encodeTo(encoder);
    }
    encoder.endSequence();
}
Also used : GeneralName(org.wildfly.security.x500.GeneralName)

Example 12 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project wildfly-elytron by wildfly-security.

the class EntityUtil method decodeGeneralNames.

/* -- Methods used to decode ASN.1 data structures required for entity authentication -- */
/**
 * Decode the next element from the given DER decoder as a {@code GeneralNames} element.
 *
 * @param decoder the DER decoder
 * @return the general names
 * @throws ASN1Exception if the next element from the given decoder is not a general names element
 */
public static List<GeneralName> decodeGeneralNames(final DERDecoder decoder) throws ASN1Exception {
    List<GeneralName> generalNames = new ArrayList<GeneralName>();
    GeneralName generalName = null;
    decoder.startSequence();
    while (decoder.hasNextElement()) {
        out: {
            for (int generalNameType = 0; generalNameType <= 8; generalNameType++) {
                switch(generalNameType) {
                    case OTHER_NAME:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, true)) {
                            decoder.decodeImplicit(generalNameType);
                            decoder.startSequence();
                            String typeId = decoder.decodeObjectIdentifier();
                            byte[] encodedValue = decoder.drainElement();
                            decoder.endSequence();
                            generalName = new OtherName(typeId, encodedValue);
                            break out;
                        }
                        break;
                    case RFC_822_NAME:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, false)) {
                            decoder.decodeImplicit(generalNameType);
                            generalName = new RFC822Name(decoder.decodeIA5String());
                            break out;
                        }
                        break;
                    case DNS_NAME:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, false)) {
                            decoder.decodeImplicit(generalNameType);
                            generalName = new DNSName(decoder.decodeIA5String());
                            break out;
                        }
                        break;
                    case X400_ADDRESS:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, true)) {
                            decoder.decodeImplicit(generalNameType);
                            generalName = new X400Address(decoder.drainElementValue(), true);
                            break out;
                        }
                        break;
                    case DIRECTORY_NAME:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, true)) {
                            byte[] encodedName = decoder.drainElementValue();
                            generalName = new DirectoryName((new X500Principal(encodedName)).getName(X500Principal.CANONICAL));
                            break out;
                        }
                        break;
                    case EDI_PARTY_NAME:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, true)) {
                            decoder.decodeImplicit(generalNameType);
                            generalName = new EDIPartyName(decoder.drainElementValue(), true);
                            break out;
                        }
                        break;
                    case URI_NAME:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, false)) {
                            decoder.decodeImplicit(generalNameType);
                            generalName = new URIName(decoder.decodeIA5String());
                            break out;
                        }
                        break;
                    case IP_ADDRESS:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, false)) {
                            decoder.decodeImplicit(generalNameType);
                            generalName = new IPAddress(decoder.decodeOctetString());
                            break out;
                        }
                        break;
                    case REGISTERED_ID:
                        if (decoder.isNextType(CONTEXT_SPECIFIC_MASK, generalNameType, false)) {
                            decoder.decodeImplicit(generalNameType);
                            generalName = new RegisteredID(decoder.decodeObjectIdentifier());
                            break out;
                        }
                        break;
                    default:
                        throw saslEntity.asnInvalidGeneralNameType();
                }
            }
        }
        generalNames.add(generalName);
    }
    decoder.endSequence();
    return generalNames;
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) GeneralName(org.wildfly.security.x500.GeneralName)

Example 13 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project wildfly-elytron by wildfly-security.

the class EntityUtil method encodeGeneralNames.

/**
 * <p>
 * Encode a {@code GeneralNames} element using the given DER encoder, where
 * {@code GeneralNames} is defined as:
 *
 * <pre>
 *      GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
 * </pre>
 * </p>
 *
 * @param encoder the DER encoder
 * @param generalNames the general names, as a {@code List} where each entry is a {@link GeneralName}
 * @throws ASN1Exception if any of the general names are invalid
 */
public static void encodeGeneralNames(final DEREncoder encoder, List<GeneralName> generalNames) throws ASN1Exception {
    encoder.startSequence();
    for (GeneralName generalName : generalNames) {
        generalName.encodeTo(encoder);
    }
    encoder.endSequence();
}
Also used : GeneralName(org.wildfly.security.x500.GeneralName)

Example 14 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project axelor-open-suite by axelor.

the class X509Generator method getAuthorityKeyIdentifier.

/**
 * Returns the <code>AuthorityKeyIdentifier</code> corresponding to a given <code>PublicKey</code>
 *
 * @param publicKey the given public key
 * @param issuer the certificate issuer
 * @param serial the certificate serial number
 * @return the authority key identifier of the public key
 * @throws IOException
 */
private AuthorityKeyIdentifier getAuthorityKeyIdentifier(PublicKey publicKey, String issuer, BigInteger serial) throws IOException {
    InputStream input;
    SubjectPublicKeyInfo keyInfo;
    ASN1EncodableVector vector;
    input = new ByteArrayInputStream(publicKey.getEncoded());
    try (final ASN1InputStream is = new ASN1InputStream(input)) {
        keyInfo = SubjectPublicKeyInfo.getInstance((ASN1Sequence) is.readObject());
    }
    vector = new ASN1EncodableVector();
    vector.add(new GeneralName(new X509Name(issuer)));
    return new AuthorityKeyIdentifier(keyInfo, GeneralNames.getInstance(new DERSequence(vector)), serial);
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) X509Name(org.bouncycastle.asn1.x509.X509Name) DERSequence(org.bouncycastle.asn1.DERSequence) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) GeneralName(org.bouncycastle.asn1.x509.GeneralName) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)

Example 15 with GeneralName

use of org.mozilla.jss.netscape.security.x509.GeneralName in project dubbo-spi-extensions by apache.

the class IstioCitadelCertificateSigner method generateCsr.

private String generateCsr(PublicKey publicKey, ContentSigner signer) throws IOException {
    GeneralNames subjectAltNames = new GeneralNames(new GeneralName[] { new GeneralName(6, istioEnv.getCsrHost()) });
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
    PKCS10CertificationRequest request = new JcaPKCS10CertificationRequestBuilder(new X500Name("O=" + istioEnv.getTrustDomain()), publicKey).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()).build(signer);
    String csr = generatePemKey("CERTIFICATE REQUEST", request.getEncoded());
    if (logger.isDebugEnabled()) {
        logger.debug("CSR Request to Istio Citadel. \n" + csr);
    }
    return csr;
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Aggregations

GeneralName (org.bouncycastle.asn1.x509.GeneralName)238 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)113 IOException (java.io.IOException)110 ArrayList (java.util.ArrayList)76 DERIA5String (org.bouncycastle.asn1.DERIA5String)53 X500Name (org.bouncycastle.asn1.x500.X500Name)52 X509Certificate (java.security.cert.X509Certificate)51 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)48 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)47 List (java.util.List)40 BigInteger (java.math.BigInteger)37 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)37 DEROctetString (org.bouncycastle.asn1.DEROctetString)36 ContentSigner (org.bouncycastle.operator.ContentSigner)35 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)31 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)30 Date (java.util.Date)30 X500Principal (javax.security.auth.x500.X500Principal)29 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)29 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)29