Search in sources :

Example 1 with GeneralNames

use of org.mozilla.jss.netscape.security.x509.GeneralNames in project apollo by salesforce.

the class CrlDistPointExtension method create.

public static CrlDistPointExtension create(final NameType distribPointNameType, final String distribPointName, final NameType crlIssuerNameType, final String crlIssuer, final ReasonFlags reasons) {
    final DistributionPointName dp = new DistributionPointName(distribPointNameType.generalNames(distribPointName));
    final GeneralNames crl;
    if (crlIssuerNameType != null && crlIssuer != null) {
        crl = crlIssuerNameType.generalNames(crlIssuer);
    } else {
        crl = null;
    }
    return create(dp, reasons, crl);
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)

Example 2 with GeneralNames

use of org.mozilla.jss.netscape.security.x509.GeneralNames in project xwiki-commons by xwiki.

the class BcExtensionUtils method getGeneralNames.

/**
 * Convert a collection of X.509 general names to Bouncy Castle general names.
 *
 * @param genNames a collection of X.509 general names.
 * @return a bouncy castle general names.
 */
public static GeneralNames getGeneralNames(X509GeneralName[] genNames) {
    GeneralName[] names = new GeneralName[genNames.length];
    int i = 0;
    for (X509GeneralName name : genNames) {
        if (name instanceof BcGeneralName) {
            names[i++] = ((BcGeneralName) name).getGeneralName();
        } else {
            throw new IllegalArgumentException("Unexpected general name: " + name.getClass().toString());
        }
    }
    return new GeneralNames(names);
}
Also used : X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 3 with GeneralNames

use of org.mozilla.jss.netscape.security.x509.GeneralNames in project solarnetwork-node by SolarNetwork.

the class PKITestUtils method generateNewCACert.

public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
    final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
    final X500Name subjectDn = new X500Name(subject);
    final BigInteger serial = getNextSerialNumber();
    final Date notBefore = new Date();
    final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
    // add "CA" extension
    BasicConstraints basicConstraints;
    if (issuer == null) {
        basicConstraints = new BasicConstraints(true);
    } else {
        int issuerPathLength = issuer.getBasicConstraints();
        basicConstraints = new BasicConstraints(issuerPathLength - 1);
    }
    builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
    // add subjectKeyIdentifier
    JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
    SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
    builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
    // add authorityKeyIdentifier
    GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
    AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
    aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
    builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
    // add keyUsage
    X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
    builder.addExtension(X509Extension.keyUsage, true, keyUsage);
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
    ContentSigner signer = signerBuilder.build(issuerKey);
    X509CertificateHolder holder = builder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    return converter.getCertificate(holder);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) Date(java.util.Date) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)

Example 4 with GeneralNames

use of org.mozilla.jss.netscape.security.x509.GeneralNames in project jss by dogtagpki.

the class ExtPrettyPrint method getCertificateIssuerExtension.

/**
 * String Representation of CertificateIssuerExtension
 */
private String getCertificateIssuerExtension() {
    StringBuffer sb = new StringBuffer();
    try {
        sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERTIFICATE_ISSUER) + "- " + mExt.getExtensionId().toString() + "\n");
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
        CertificateIssuerExtension ext = (CertificateIssuerExtension) mExt;
        if (mExt.isCritical()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        GeneralNames issuerNames = (GeneralNames) ext.get(CertificateIssuerExtension.CERTIFICATE_ISSUER);
        if (issuerNames != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n");
            for (int i = 0; i < issuerNames.size(); i++) {
                GeneralName issuerName = (GeneralName) issuerNames.elementAt(i);
                if (issuerName != null) {
                    String nameType = "";
                    if (issuerName.getType() == GeneralNameInterface.NAME_DIRECTORY)
                        nameType = "DirectoryName: ";
                    sb.append(pp.indent(mIndentSize + 8) + nameType + issuerName.toString() + "\n");
                }
            }
        }
        return sb.toString();
    } catch (IOException e) {
        e.printStackTrace();
        return "";
    }
}
Also used : GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames) GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName) IOException(java.io.IOException) CertificateIssuerExtension(org.mozilla.jss.netscape.security.x509.CertificateIssuerExtension) CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint) IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)

Example 5 with GeneralNames

use of org.mozilla.jss.netscape.security.x509.GeneralNames in project jss by dogtagpki.

the class ExtPrettyPrint method getIssuingDistributionPointExtension.

/**
 * String Representation of IssuerAlternativeName Extension
 */
private String getIssuingDistributionPointExtension() {
    StringBuffer sb = new StringBuffer();
    sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
    sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUING_DIST_POINT) + "- " + mExt.getExtensionId().toString() + "\n");
    sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
    if (mExt.isCritical()) {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
    } else {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
    }
    IssuingDistributionPointExtension ext = (IssuingDistributionPointExtension) mExt;
    IssuingDistributionPoint issuingDistributionPoint = ext.getIssuingDistributionPoint();
    if (issuingDistributionPoint != null) {
        GeneralNames fullNames = issuingDistributionPoint.getFullName();
        RDN relativeName = issuingDistributionPoint.getRelativeName();
        if (fullNames != null || relativeName != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n");
            if (fullNames != null) {
                sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n");
                for (int i = 0; i < fullNames.size(); i++) {
                    GeneralName fullName = (GeneralName) fullNames.elementAt(i);
                    if (fullName != null) {
                        sb.append(pp.indent(mIndentSize + 12) + fullName.toString() + "\n");
                    }
                }
            }
            if (relativeName != null) {
                sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + relativeName.toString() + "\n");
            }
        }
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_USER_CERTS));
        if (issuingDistributionPoint.getOnlyContainsUserCerts()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_CA_CERTS));
        if (issuingDistributionPoint.getOnlyContainsCACerts()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        BitArray onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
        if (onlySomeReasons != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS));
            sb.append("0x" + pp.toHexString(onlySomeReasons.toByteArray()));
        }
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_INDIRECT_CRL));
        if (issuingDistributionPoint.getIndirectCRL()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
    }
    return sb.toString();
}
Also used : IssuingDistributionPointExtension(org.mozilla.jss.netscape.security.x509.IssuingDistributionPointExtension) IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint) GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames) GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName) RDN(org.mozilla.jss.netscape.security.x509.RDN) CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint) IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)140 GeneralName (org.bouncycastle.asn1.x509.GeneralName)115 IOException (java.io.IOException)62 X500Name (org.bouncycastle.asn1.x500.X500Name)42 X509Certificate (java.security.cert.X509Certificate)41 ArrayList (java.util.ArrayList)38 ContentSigner (org.bouncycastle.operator.ContentSigner)38 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)38 BigInteger (java.math.BigInteger)30 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)30 List (java.util.List)26 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)25 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)25 Date (java.util.Date)24 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)22 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)22 X500Principal (javax.security.auth.x500.X500Principal)21 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)20 DERIA5String (org.bouncycastle.asn1.DERIA5String)18 DEROctetString (org.bouncycastle.asn1.DEROctetString)18