Example 1 with GeneralNames
use of org.mozilla.jss.netscape.security.x509.GeneralNames in project apollo by salesforce.
the class CrlDistPointExtension method create.
public static CrlDistPointExtension create(final NameType distribPointNameType, final String distribPointName, final NameType crlIssuerNameType, final String crlIssuer, final ReasonFlags reasons) {
final DistributionPointName dp = new DistributionPointName(distribPointNameType.generalNames(distribPointName));
final GeneralNames crl;
if (crlIssuerNameType != null && crlIssuer != null) {
crl = crlIssuerNameType.generalNames(crlIssuer);
} else {
crl = null;
}
return create(dp, reasons, crl);
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
Example 2 with GeneralNames
use of org.mozilla.jss.netscape.security.x509.GeneralNames in project xwiki-commons by xwiki.
the class BcExtensionUtils method getGeneralNames.
/**
* Convert a collection of X.509 general names to Bouncy Castle general names.
*
* @param genNames a collection of X.509 general names.
* @return a bouncy castle general names.
*/
public static GeneralNames getGeneralNames(X509GeneralName[] genNames) {
GeneralName[] names = new GeneralName[genNames.length];
int i = 0;
for (X509GeneralName name : genNames) {
if (name instanceof BcGeneralName) {
names[i++] = ((BcGeneralName) name).getGeneralName();
} else {
throw new IllegalArgumentException("Unexpected general name: " + name.getClass().toString());
}
}
return new GeneralNames(names);
}
Also used :
X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 3 with GeneralNames
use of org.mozilla.jss.netscape.security.x509.GeneralNames in project solarnetwork-node by SolarNetwork.
the class PKITestUtils method generateNewCACert.
public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
final X500Name subjectDn = new X500Name(subject);
final BigInteger serial = getNextSerialNumber();
final Date notBefore = new Date();
final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
// add "CA" extension
BasicConstraints basicConstraints;
if (issuer == null) {
basicConstraints = new BasicConstraints(true);
} else {
int issuerPathLength = issuer.getBasicConstraints();
basicConstraints = new BasicConstraints(issuerPathLength - 1);
}
builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
// add subjectKeyIdentifier
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
// add authorityKeyIdentifier
GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
// add keyUsage
X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
builder.addExtension(X509Extension.keyUsage, true, keyUsage);
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
ContentSigner signer = signerBuilder.build(issuerKey);
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
return converter.getCertificate(holder);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
Date(java.util.Date)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)
Example 4 with GeneralNames
use of org.mozilla.jss.netscape.security.x509.GeneralNames in project jss by dogtagpki.
the class ExtPrettyPrint method getCertificateIssuerExtension.
/**
* String Representation of CertificateIssuerExtension
*/
private String getCertificateIssuerExtension() {
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERTIFICATE_ISSUER) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
CertificateIssuerExtension ext = (CertificateIssuerExtension) mExt;
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
GeneralNames issuerNames = (GeneralNames) ext.get(CertificateIssuerExtension.CERTIFICATE_ISSUER);
if (issuerNames != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n");
for (int i = 0; i < issuerNames.size(); i++) {
GeneralName issuerName = (GeneralName) issuerNames.elementAt(i);
if (issuerName != null) {
String nameType = "";
if (issuerName.getType() == GeneralNameInterface.NAME_DIRECTORY)
nameType = "DirectoryName: ";
sb.append(pp.indent(mIndentSize + 8) + nameType + issuerName.toString() + "\n");
}
}
}
return sb.toString();
} catch (IOException e) {
e.printStackTrace();
return "";
}
}
Also used :
GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames)
GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName)
IOException(java.io.IOException)
CertificateIssuerExtension(org.mozilla.jss.netscape.security.x509.CertificateIssuerExtension)
CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
Example 5 with GeneralNames
use of org.mozilla.jss.netscape.security.x509.GeneralNames in project jss by dogtagpki.
the class ExtPrettyPrint method getIssuingDistributionPointExtension.
/**
* String Representation of IssuerAlternativeName Extension
*/
private String getIssuingDistributionPointExtension() {
StringBuffer sb = new StringBuffer();
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUING_DIST_POINT) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
IssuingDistributionPointExtension ext = (IssuingDistributionPointExtension) mExt;
IssuingDistributionPoint issuingDistributionPoint = ext.getIssuingDistributionPoint();
if (issuingDistributionPoint != null) {
GeneralNames fullNames = issuingDistributionPoint.getFullName();
RDN relativeName = issuingDistributionPoint.getRelativeName();
if (fullNames != null || relativeName != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n");
if (fullNames != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n");
for (int i = 0; i < fullNames.size(); i++) {
GeneralName fullName = (GeneralName) fullNames.elementAt(i);
if (fullName != null) {
sb.append(pp.indent(mIndentSize + 12) + fullName.toString() + "\n");
}
}
}
if (relativeName != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + relativeName.toString() + "\n");
}
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_USER_CERTS));
if (issuingDistributionPoint.getOnlyContainsUserCerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_CA_CERTS));
if (issuingDistributionPoint.getOnlyContainsCACerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
BitArray onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
if (onlySomeReasons != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS));
sb.append("0x" + pp.toHexString(onlySomeReasons.toByteArray()));
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_INDIRECT_CRL));
if (issuingDistributionPoint.getIndirectCRL()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
}
return sb.toString();
}
Also used :
IssuingDistributionPointExtension(org.mozilla.jss.netscape.security.x509.IssuingDistributionPointExtension)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames)
GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName)
RDN(org.mozilla.jss.netscape.security.x509.RDN)
CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
Aggregations
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)140
GeneralName (org.bouncycastle.asn1.x509.GeneralName)115
IOException (java.io.IOException)62
X500Name (org.bouncycastle.asn1.x500.X500Name)42
X509Certificate (java.security.cert.X509Certificate)41
ArrayList (java.util.ArrayList)38
ContentSigner (org.bouncycastle.operator.ContentSigner)38
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)38
BigInteger (java.math.BigInteger)30
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)30
List (java.util.List)26
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)25
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)25
Date (java.util.Date)24
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)22
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)22
X500Principal (javax.security.auth.x500.X500Principal)21
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)20
DERIA5String (org.bouncycastle.asn1.DERIA5String)18
DEROctetString (org.bouncycastle.asn1.DEROctetString)18
