use of org.openecard.bouncycastle.asn1.x509.GeneralName in project nhin-d by DirectProject.
the class CertGenerator method createLeafCertificate.
private static CertCreateFields createLeafCertificate(CertCreateFields fields, KeyPair keyPair, boolean addAltNames) throws Exception {
String altName = "";
StringBuilder dnBuilder = new StringBuilder();
// create the DN
if (fields.getAttributes().containsKey("EMAILADDRESS")) {
dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
altName = fields.getAttributes().get("EMAILADDRESS").toString();
}
if (fields.getAttributes().containsKey("CN"))
dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
if (fields.getAttributes().containsKey("C"))
dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
if (fields.getAttributes().containsKey("ST"))
dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
if (fields.getAttributes().containsKey("L"))
dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
if (fields.getAttributes().containsKey("O"))
dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
String DN = dnBuilder.toString().trim();
if (DN.endsWith(","))
DN = DN.substring(0, DN.length() - 1);
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
// not the best way to do this... generally done with a db file
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
// issuer is the parent cert
v1CertGen.setIssuerDN(fields.getSignerCert().getSubjectX500Principal());
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
v1CertGen.setSubjectDN(new X509Principal(DN));
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
// pointer to the parent CA
v1CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
v1CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
boolean allowToSign = (fields.getAttributes().get("ALLOWTOSIGN") != null && fields.getAttributes().get("ALLOWTOSIGN").toString().equalsIgnoreCase("true"));
v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(allowToSign));
int keyUsage = 0;
if (fields.getAttributes().get("KEYENC") != null && fields.getAttributes().get("KEYENC").toString().equalsIgnoreCase("true"))
keyUsage = keyUsage | KeyUsage.keyEncipherment;
if (fields.getAttributes().get("DIGSIG") != null && fields.getAttributes().get("DIGSIG").toString().equalsIgnoreCase("true"))
keyUsage = keyUsage | KeyUsage.digitalSignature;
if (keyUsage > 0)
v1CertGen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(keyUsage));
if (fields.getSignerCert().getSubjectAlternativeNames() != null) {
for (List<?> names : fields.getSignerCert().getSubjectAlternativeNames()) {
GeneralNames issuerAltName = new GeneralNames(new GeneralName((Integer) names.get(0), names.get(1).toString()));
v1CertGen.addExtension(X509Extensions.IssuerAlternativeName, false, issuerAltName);
}
}
if (addAltNames && !altName.isEmpty()) {
int nameType = altName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
GeneralNames subjectAltName = new GeneralNames(new GeneralName(nameType, altName));
v1CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
}
// use the CA's private key to sign the certificate
X509Certificate newCACert = v1CertGen.generate((PrivateKey) fields.getSignerKey(), CryptoExtensions.getJCEProviderName());
// validate the certificate
newCACert.verify(fields.getSignerCert().getPublicKey());
// write the certificate the file system
writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
return fields;
}
use of org.openecard.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class X509CertSelectorTest method test_setSubjectAlternativeNamesLjava_util_Collection.
/**
* java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>)
*/
public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setSubjectAlternativeNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setSubjectAlternativeNames(sans);
selector.getSubjectAlternativeNames();
}
use of org.openecard.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class X509CertSelectorTest method test_addSubjectAlternativeNameLintLjava_lang_String2.
/**
* java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String)
*/
public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception {
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san6);
sans1.addName(san2);
X509CertSelector selector = new X509CertSelector();
selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id");
selector.addSubjectAlternativeName(2, "dNSName");
GeneralNames sans2 = new GeneralNames();
sans2.addName(san2);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
assertTrue(selector.match(cert1));
assertFalse(selector.match(cert2));
selector.setSubjectAlternativeNames(null);
GeneralName name = new GeneralName(new Name("O=Android"));
try {
selector.addSubjectAlternativeName(0, (name.toString()));
} catch (IOException e) {
// ok
}
}
use of org.openecard.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class X509CertSelectorTest method test_setPathToNamesLjava_util_Collection.
/**
* java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>)
*/
public void test_setPathToNamesLjava_util_Collection() throws Exception {
GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans1 = new GeneralNames();
sans1.addName(san0);
sans1.addName(san1);
sans1.addName(san2);
sans1.addName(san3);
sans1.addName(san4);
sans1.addName(san6);
sans1.addName(san7);
sans1.addName(san8);
GeneralNames sans2 = new GeneralNames();
sans2.addName(san0);
TestCert cert1 = new TestCert(sans1);
TestCert cert2 = new TestCert(sans2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setPathToNames(null);
assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
Collection<List<?>> sans = sans1.getPairsList();
selector.setPathToNames(sans);
selector.getPathToNames();
}
use of org.openecard.bouncycastle.asn1.x509.GeneralName in project robovm by robovm.
the class CertPathValidatorUtilities method addAdditionalStoresFromCRLDistributionPoint.
// BEGIN android-removed
// protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
// List certStores)
// throws AnnotatedException
// {
// Set certs = new HashSet();
// Iterator iter = certStores.iterator();
//
// while (iter.hasNext())
// {
// Object obj = iter.next();
//
// if (obj instanceof X509Store)
// {
// X509Store certStore = (X509Store)obj;
// try
// {
// certs.addAll(certStore.getMatches(certSelect));
// }
// catch (StoreException e)
// {
// throw new AnnotatedException(
// "Problem while picking certificates from X.509 store.", e);
// }
// }
// }
// return certs;
// }
// END android-removed
protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) throws AnnotatedException {
if (crldp != null) {
DistributionPoint[] dps = null;
try {
dps = crldp.getDistributionPoints();
} catch (Exception e) {
throw new AnnotatedException("Distribution points could not be read.", e);
}
for (int i = 0; i < dps.length; i++) {
DistributionPointName dpn = dps[i].getDistributionPoint();
// look for URIs in fullName
if (dpn != null) {
if (dpn.getType() == DistributionPointName.FULL_NAME) {
GeneralName[] genNames = GeneralNames.getInstance(dpn.getName()).getNames();
// look for an URI
for (int j = 0; j < genNames.length; j++) {
if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) {
String location = DERIA5String.getInstance(genNames[j].getName()).getString();
CertPathValidatorUtilities.addAdditionalStoreFromLocation(location, pkixParams);
}
}
}
}
}
}
}
Aggregations