use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project apiRecord by tobecoder2015.
the class CertUtil method genCert.
/**
* 动态生成服务器证书,并进行CA签授
*
* @param issuer 颁发机构
* @param serverPubKey
* @param caPriKey
* @param caPubKey
* @param host
* @return
* @throws Exception
*/
public static X509Certificate genCert(String issuer, PublicKey serverPubKey, PrivateKey caPriKey, PublicKey caPubKey, String host) throws Exception {
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
/* String issuer = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=ProxyeeRoot";
String subject = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=" + host;*/
// 根据CA证书subject来动态生成目标服务器证书的issuer和subject
String subject = Arrays.stream(issuer.split(", ")).map((dn) -> {
String[] temp = dn.split("=");
if (temp[0].equalsIgnoreCase("CN")) {
return temp[0] + "=" + host;
}
return dn;
}).collect(Collectors.joining(", "));
v3CertGen.reset();
v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
v3CertGen.setIssuerDN(new X509Principal(issuer));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 10 * ONE_DAY));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + 3650 * ONE_DAY));
v3CertGen.setSubjectDN(new X509Principal(subject));
v3CertGen.setPublicKey(serverPubKey);
// SHA256 Chrome需要此哈希算法否则会出现不安全提示
v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
// SAN扩展 Chrome需要此扩展否则会出现不安全提示
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, host));
v3CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
X509Certificate cert = v3CertGen.generateX509Certificate(caPriKey);
cert.checkValidity(new Date());
cert.verify(caPubKey);
return cert;
}
use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project keystore-explorer by kaikramer.
the class DAuthorityKeyIdentifier method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(value);
if (authorityKeyIdentifier.getKeyIdentifier() != null) {
jkiKeyIdentifier.setKeyIdentifier(authorityKeyIdentifier.getKeyIdentifier());
}
GeneralNames authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
if (authorityCertIssuer != null) {
jgnAuthorityCertIssuer.setGeneralNames(authorityCertIssuer);
}
BigInteger authorityCertSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
if (authorityCertSerialNumber != null) {
jtfAuthorityCertSerialNumber.setText("" + authorityCertSerialNumber.longValue());
jtfAuthorityCertSerialNumber.setCaretPosition(0);
}
}
use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project keystore-explorer by kaikramer.
the class DSubjectAlternativeName method okPressed.
private void okPressed() {
GeneralNames alternativeName = jgnAlternativeName.getGeneralNames();
if (alternativeName.getNames().length == 0) {
JOptionPane.showMessageDialog(this, res.getString("DSubjectAlternativeName.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
try {
value = alternativeName.getEncoded(ASN1Encoding.DER);
} catch (IOException ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class CRLDistributionPointsController method init.
/**
* Initialize the dialog with existing extension data.
*
* @param data The extension data to use.
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public CRLDistributionPointsController init(CRLDistributionPointsExtensionData data, boolean expertMode) {
init(expertMode);
this.ctlCritical.setSelected(data.getCritical());
ObservableList<GeneralName> nameItems = this.ctlNames.getItems();
for (DistributionPoint distributionPoint : data) {
DistributionPointName distributionPointName = distributionPoint.getName();
if (distributionPointName != null) {
GeneralNames names = distributionPointName.getFullName();
if (names != null) {
for (GeneralName name : names) {
nameItems.add(name);
}
}
break;
}
}
return this;
}
use of org.openecard.bouncycastle.asn1.x509.GeneralNames in project certmgr by hdecarne.
the class CRLDistributionPointsController method validateAndGetDistributionPoint.
private DistributionPoint validateAndGetDistributionPoint() throws ValidationException {
GeneralNames names = new GeneralNames();
int nameCount = 0;
for (GeneralName name : this.ctlNames.getItems()) {
names.addName(name);
nameCount++;
}
InputValidator.isTrue(nameCount > 0, CRLDistributionPointsI18N::formatSTR_MESSAGE_NO_NAMES);
return new DistributionPoint(new DistributionPointName(names));
}
Aggregations