Search in sources :

Example 36 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project apiRecord by tobecoder2015.

the class CertUtil method genCert.

/**
 * 动态生成服务器证书,并进行CA签授
 *
 * @param issuer       颁发机构
 * @param serverPubKey
 * @param caPriKey
 * @param caPubKey
 * @param host
 * @return
 * @throws Exception
 */
public static X509Certificate genCert(String issuer, PublicKey serverPubKey, PrivateKey caPriKey, PublicKey caPubKey, String host) throws Exception {
    X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
    /* String issuer = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=ProxyeeRoot";
        String subject = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=" + host;*/
    // 根据CA证书subject来动态生成目标服务器证书的issuer和subject
    String subject = Arrays.stream(issuer.split(", ")).map((dn) -> {
        String[] temp = dn.split("=");
        if (temp[0].equalsIgnoreCase("CN")) {
            return temp[0] + "=" + host;
        }
        return dn;
    }).collect(Collectors.joining(", "));
    v3CertGen.reset();
    v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    v3CertGen.setIssuerDN(new X509Principal(issuer));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 10 * ONE_DAY));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + 3650 * ONE_DAY));
    v3CertGen.setSubjectDN(new X509Principal(subject));
    v3CertGen.setPublicKey(serverPubKey);
    // SHA256 Chrome需要此哈希算法否则会出现不安全提示
    v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    // SAN扩展 Chrome需要此扩展否则会出现不安全提示
    GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, host));
    v3CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
    X509Certificate cert = v3CertGen.generateX509Certificate(caPriKey);
    cert.checkValidity(new Date());
    cert.verify(caPubKey);
    return cert;
}
Also used : X509Certificate(java.security.cert.X509Certificate) IntStream(java.util.stream.IntStream) java.security(java.security) X509Principal(org.bouncycastle.jce.X509Principal) Arrays(java.util.Arrays) EncodedKeySpec(java.security.spec.EncodedKeySpec) ByteArrayOutputStream(java.io.ByteArrayOutputStream) CertificateFactory(java.security.cert.CertificateFactory) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) Files(java.nio.file.Files) Date(java.util.Date) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) FileInputStream(java.io.FileInputStream) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) Collectors(java.util.stream.Collectors) TimeUnit(java.util.concurrent.TimeUnit) GeneralName(org.bouncycastle.asn1.x509.GeneralName) List(java.util.List) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) Paths(java.nio.file.Paths) BigInteger(java.math.BigInteger) URI(java.net.URI) InputStream(java.io.InputStream) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509Principal(org.bouncycastle.jce.X509Principal) GeneralName(org.bouncycastle.asn1.x509.GeneralName) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate)

Example 37 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project keystore-explorer by kaikramer.

the class DAuthorityKeyIdentifier method prepopulateWithValue.

private void prepopulateWithValue(byte[] value) throws IOException {
    AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(value);
    if (authorityKeyIdentifier.getKeyIdentifier() != null) {
        jkiKeyIdentifier.setKeyIdentifier(authorityKeyIdentifier.getKeyIdentifier());
    }
    GeneralNames authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
    if (authorityCertIssuer != null) {
        jgnAuthorityCertIssuer.setGeneralNames(authorityCertIssuer);
    }
    BigInteger authorityCertSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
    if (authorityCertSerialNumber != null) {
        jtfAuthorityCertSerialNumber.setText("" + authorityCertSerialNumber.longValue());
        jtfAuthorityCertSerialNumber.setCaretPosition(0);
    }
}
Also used : JGeneralNames(org.kse.gui.crypto.generalname.JGeneralNames) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) BigInteger(java.math.BigInteger) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)

Example 38 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project keystore-explorer by kaikramer.

the class DSubjectAlternativeName method okPressed.

private void okPressed() {
    GeneralNames alternativeName = jgnAlternativeName.getGeneralNames();
    if (alternativeName.getNames().length == 0) {
        JOptionPane.showMessageDialog(this, res.getString("DSubjectAlternativeName.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return;
    }
    try {
        value = alternativeName.getEncoded(ASN1Encoding.DER);
    } catch (IOException ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(this);
        dError.setVisible(true);
        return;
    }
    closeDialog();
}
Also used : JGeneralNames(org.kse.gui.crypto.generalname.JGeneralNames) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) IOException(java.io.IOException) DError(org.kse.gui.error.DError)

Example 39 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.

the class CRLDistributionPointsController method init.

/**
 * Initialize the dialog with existing extension data.
 *
 * @param data The extension data to use.
 * @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
 * @return This controller.
 */
public CRLDistributionPointsController init(CRLDistributionPointsExtensionData data, boolean expertMode) {
    init(expertMode);
    this.ctlCritical.setSelected(data.getCritical());
    ObservableList<GeneralName> nameItems = this.ctlNames.getItems();
    for (DistributionPoint distributionPoint : data) {
        DistributionPointName distributionPointName = distributionPoint.getName();
        if (distributionPointName != null) {
            GeneralNames names = distributionPointName.getFullName();
            if (names != null) {
                for (GeneralName name : names) {
                    nameItems.add(name);
                }
            }
            break;
        }
    }
    return this;
}
Also used : GeneralNames(de.carne.certmgr.certs.x509.GeneralNames) DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName) GeneralName(de.carne.certmgr.certs.x509.GeneralName) DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)

Example 40 with GeneralNames

use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.

the class CRLDistributionPointsController method validateAndGetDistributionPoint.

private DistributionPoint validateAndGetDistributionPoint() throws ValidationException {
    GeneralNames names = new GeneralNames();
    int nameCount = 0;
    for (GeneralName name : this.ctlNames.getItems()) {
        names.addName(name);
        nameCount++;
    }
    InputValidator.isTrue(nameCount > 0, CRLDistributionPointsI18N::formatSTR_MESSAGE_NO_NAMES);
    return new DistributionPoint(new DistributionPointName(names));
}
Also used : GeneralNames(de.carne.certmgr.certs.x509.GeneralNames) DistributionPointName(de.carne.certmgr.certs.x509.DistributionPointName) GeneralName(de.carne.certmgr.certs.x509.GeneralName) DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint) DistributionPoint(de.carne.certmgr.certs.x509.DistributionPoint)

Aggregations

GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)72 GeneralName (org.bouncycastle.asn1.x509.GeneralName)61 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)22 ArrayList (java.util.ArrayList)19 X500Name (org.bouncycastle.asn1.x500.X500Name)19 DERIA5String (org.bouncycastle.asn1.DERIA5String)15 DEROctetString (org.bouncycastle.asn1.DEROctetString)14 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)14 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)14 Date (java.util.Date)13 List (java.util.List)13 X500Principal (javax.security.auth.x500.X500Principal)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)12 GeneralNames (sun.security.x509.GeneralNames)12 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)11 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)11 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11 Test (org.junit.Test)11