Search in sources :

Example 1 with X509ExtensionBuilder

use of org.xwiki.crypto.pkix.X509ExtensionBuilder in project xwiki-platform by xwiki.

the class RSACryptoScriptService method issueCertificate.

/**
 * Create an end entity certificate. By default, the key can be used for encryption and signing. If the end entity
 * contains some alternate subject names of type X509Rfc822Name a extended email protection usage is added. If the
 * end entity contains some alternate subject names of type X509DnsName or X509IpAddress extended server and client
 * authentication usages are added.
 *
 * @param issuer the keypair for issuing the certificate
 * @param publicKey the public key to certify
 * @param dn the distinguished name for the new the certificate.
 * @param validity the validity of the certificate from now in days.
 * @param subjectAltName the alternative names for the certificate
 * @return a certified public key.
 * @throws IOException in case on error while reading the public key.
 * @throws GeneralSecurityException in case of error.
 */
public CertifiedPublicKey issueCertificate(CertifiedKeyPair issuer, PublicKeyParameters publicKey, String dn, int validity, List<X509GeneralName> subjectAltName) throws IOException, GeneralSecurityException {
    X509CertificateParameters params;
    X509ExtensionBuilder builder = extensionBuilder.get().addKeyUsage(EnumSet.of(KeyUsage.digitalSignature, KeyUsage.dataEncipherment));
    if (subjectAltName != null) {
        params = new X509CertificateParameters(extensionBuilder.get().addSubjectAltName(false, subjectAltName.toArray(new X509GeneralName[] {})).build());
        Set<String> extUsage = new HashSet<String>();
        for (X509GeneralName genName : subjectAltName) {
            if (genName instanceof X509Rfc822Name) {
                extUsage.add(ExtendedKeyUsages.EMAIL_PROTECTION);
            } else if (genName instanceof X509DnsName || genName instanceof X509IpAddress) {
                extUsage.add(ExtendedKeyUsages.SERVER_AUTH);
                extUsage.add(ExtendedKeyUsages.CLIENT_AUTH);
            }
            builder.addExtendedKeyUsage(false, new ExtendedKeyUsages(extUsage));
        }
    } else {
        params = new X509CertificateParameters();
    }
    return certificateGeneratorFactory.getInstance(CertifyingSigner.getInstance(true, issuer, signerFactory), new X509CertificateGenerationParameters(validity, builder.build())).generate(new DistinguishedName(dn), publicKey, params);
}
Also used : X509DnsName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName) X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName) X509IpAddress(org.xwiki.crypto.pkix.params.x509certificate.extension.X509IpAddress) DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) X509Rfc822Name(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Rfc822Name) X509CertificateGenerationParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters) X509ExtensionBuilder(org.xwiki.crypto.pkix.X509ExtensionBuilder) X509CertificateParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters) ExtendedKeyUsages(org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages) HashSet(java.util.HashSet)

Aggregations

HashSet (java.util.HashSet)1 X509ExtensionBuilder (org.xwiki.crypto.pkix.X509ExtensionBuilder)1 DistinguishedName (org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)1 X509CertificateGenerationParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters)1 X509CertificateParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters)1 ExtendedKeyUsages (org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages)1 X509DnsName (org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName)1 X509GeneralName (org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName)1 X509IpAddress (org.xwiki.crypto.pkix.params.x509certificate.extension.X509IpAddress)1 X509Rfc822Name (org.xwiki.crypto.pkix.params.x509certificate.extension.X509Rfc822Name)1