Search in sources :

Example 76 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project athenz by yahoo.

the class Crypto method generateX509CSR.

public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
    // Create Distinguished Name
    X500Principal subject = new X500Principal(x500Principal);
    // Create ContentSigner
    JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
    ContentSigner signer = csBuilder.build(privateKey);
    // Create the CSR
    PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
    if (sanArray != null) {
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        GeneralNames subjectAltNames = new GeneralNames(sanArray);
        extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
        p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
    }
    PKCS10CertificationRequest csr = p10Builder.build(signer);
    // write to openssl PEM format
    PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
    StringWriter strWriter;
    try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
        pemWriter.writeObject(pemObject);
    }
    return strWriter.toString();
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) PemObject(org.bouncycastle.util.io.pem.PemObject) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) StringWriter(java.io.StringWriter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Principal(javax.security.auth.x500.X500Principal) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 77 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project BiglyBT by BiglySoftware.

the class AttributeCertificateIssuer method match.

@Override
public boolean match(Certificate cert) {
    if (!(cert instanceof X509Certificate)) {
        return false;
    }
    X509Certificate x509Cert = (X509Certificate) cert;
    if (form instanceof V2Form) {
        V2Form issuer = (V2Form) form;
        if (issuer.getBaseCertificateID() != null) {
            return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) && matchesDN(x509Cert.getIssuerX500Principal(), issuer.getBaseCertificateID().getIssuer());
        }
        GeneralNames name = issuer.getIssuerName();
        if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
            return true;
        }
    } else {
        GeneralNames name = (GeneralNames) form;
        if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
            return true;
        }
    }
    return false;
}
Also used : V2Form(org.gudy.bouncycastle.asn1.x509.V2Form) GeneralNames(org.gudy.bouncycastle.asn1.x509.GeneralNames) X509Certificate(java.security.cert.X509Certificate)

Example 78 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project BiglyBT by BiglySoftware.

the class AttributeCertificateIssuer method getNames.

private Object[] getNames() {
    GeneralNames name;
    if (form instanceof V2Form) {
        name = ((V2Form) form).getIssuerName();
    } else {
        name = (GeneralNames) form;
    }
    GeneralName[] names = name.getNames();
    List l = new ArrayList(names.length);
    for (int i = 0; i != names.length; i++) {
        if (names[i].getTagNo() == GeneralName.directoryName) {
            try {
                l.add(new X500Principal(((ASN1Encodable) names[i].getName()).getEncoded()));
            } catch (IOException e) {
                throw new RuntimeException("badly formed Name object");
            }
        }
    }
    return l.toArray(new Object[l.size()]);
}
Also used : V2Form(org.gudy.bouncycastle.asn1.x509.V2Form) GeneralNames(org.gudy.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ArrayList(java.util.ArrayList) List(java.util.List) GeneralName(org.gudy.bouncycastle.asn1.x509.GeneralName) ASN1Encodable(org.gudy.bouncycastle.asn1.ASN1Encodable) IOException(java.io.IOException)

Example 79 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.

the class P12ComplexCsrGenCmd method createComplexGeneralNames.

private static GeneralNames createComplexGeneralNames(String prefix) {
    List<GeneralName> list = new LinkedList<>();
    // otherName
    ASN1EncodableVector vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.1"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.1")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    vec = new ASN1EncodableVector();
    vec.add(new ASN1ObjectIdentifier("1.2.3.2"));
    vec.add(new DERTaggedObject(true, 0, new DERUTF8String(prefix + "I am otherName 1.2.3.2")));
    list.add(new GeneralName(GeneralName.otherName, new DERSequence(vec)));
    // rfc822Name
    list.add(new GeneralName(GeneralName.rfc822Name, prefix + "info@example.org"));
    // dNSName
    list.add(new GeneralName(GeneralName.dNSName, prefix + "dns.example.org"));
    // directoryName
    list.add(new GeneralName(GeneralName.directoryName, new X500Name("CN=demo,C=DE")));
    // ediPartyName
    vec = new ASN1EncodableVector();
    vec.add(new DERTaggedObject(false, 0, new DirectoryString(prefix + "assigner1")));
    vec.add(new DERTaggedObject(false, 1, new DirectoryString(prefix + "party1")));
    list.add(new GeneralName(GeneralName.ediPartyName, new DERSequence(vec)));
    // uniformResourceIdentifier
    list.add(new GeneralName(GeneralName.uniformResourceIdentifier, prefix + "uri.example.org"));
    // iPAddress
    list.add(new GeneralName(GeneralName.iPAddress, "69.1.2.190"));
    // registeredID
    list.add(new GeneralName(GeneralName.registeredID, "2.3.4.5"));
    return new GeneralNames(list.toArray(new GeneralName[0]));
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERSequence(org.bouncycastle.asn1.DERSequence) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) LinkedList(java.util.LinkedList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 80 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project xipki by xipki.

the class CaUtil method createCrlDistributionPoints.

public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) {
    ParamUtil.requireNonEmpty("crlUris", crlUris);
    int size = crlUris.size();
    DistributionPoint[] points = new DistributionPoint[1];
    GeneralName[] names = new GeneralName[size];
    for (int i = 0; i < size; i++) {
        names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i));
    }
    // Distribution Point
    GeneralNames gns = new GeneralNames(names);
    DistributionPointName pointName = new DistributionPointName(gns);
    GeneralNames crlIssuer = null;
    if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) {
        GeneralName crlIssuerName = new GeneralName(crlSignerSubject);
        crlIssuer = new GeneralNames(crlIssuerName);
    }
    points[0] = new DistributionPoint(pointName, null, crlIssuer);
    return new CRLDistPoint(points);
}
Also used : GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72 GeneralName (org.bouncycastle.asn1.x509.GeneralName)61 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)22 ArrayList (java.util.ArrayList)19 X500Name (org.bouncycastle.asn1.x500.X500Name)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)15 DEROctetString (org.bouncycastle.asn1.DEROctetString)14 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)14 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)14 Date (java.util.Date)13 List (java.util.List)13 X500Principal (javax.security.auth.x500.X500Principal)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12 GeneralNames (sun.security.x509.GeneralNames)12 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)11 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11 Test (org.junit.Test)11