Example 1 with X509GeneralName
use of org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName in project xwiki-platform by xwiki.
the class RSACryptoScriptService method issueCertificate.
/**
* Create an end entity certificate. By default, the key can be used for encryption and signing. If the end entity
* contains some alternate subject names of type X509Rfc822Name a extended email protection usage is added. If the
* end entity contains some alternate subject names of type X509DnsName or X509IpAddress extended server and client
* authentication usages are added.
*
* @param issuer the keypair for issuing the certificate
* @param publicKey the public key to certify
* @param dn the distinguished name for the new the certificate.
* @param validity the validity of the certificate from now in days.
* @param subjectAltName the alternative names for the certificate
* @return a certified public key.
* @throws IOException in case on error while reading the public key.
* @throws GeneralSecurityException in case of error.
*/
public CertifiedPublicKey issueCertificate(CertifiedKeyPair issuer, PublicKeyParameters publicKey, String dn, int validity, List<X509GeneralName> subjectAltName) throws IOException, GeneralSecurityException {
X509CertificateParameters params;
X509ExtensionBuilder builder = extensionBuilder.get().addKeyUsage(EnumSet.of(KeyUsage.digitalSignature, KeyUsage.dataEncipherment));
if (subjectAltName != null) {
params = new X509CertificateParameters(extensionBuilder.get().addSubjectAltName(false, subjectAltName.toArray(new X509GeneralName[] {})).build());
Set<String> extUsage = new HashSet<String>();
for (X509GeneralName genName : subjectAltName) {
if (genName instanceof X509Rfc822Name) {
extUsage.add(ExtendedKeyUsages.EMAIL_PROTECTION);
} else if (genName instanceof X509DnsName || genName instanceof X509IpAddress) {
extUsage.add(ExtendedKeyUsages.SERVER_AUTH);
extUsage.add(ExtendedKeyUsages.CLIENT_AUTH);
}
builder.addExtendedKeyUsage(false, new ExtendedKeyUsages(extUsage));
}
} else {
params = new X509CertificateParameters();
}
return certificateGeneratorFactory.getInstance(CertifyingSigner.getInstance(true, issuer, signerFactory), new X509CertificateGenerationParameters(validity, builder.build())).generate(new DistinguishedName(dn), publicKey, params);
}
Also used :
X509DnsName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName)
X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName)
X509IpAddress(org.xwiki.crypto.pkix.params.x509certificate.extension.X509IpAddress)
DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)
X509Rfc822Name(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Rfc822Name)
X509CertificateGenerationParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters)
X509ExtensionBuilder(org.xwiki.crypto.pkix.X509ExtensionBuilder)
X509CertificateParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters)
ExtendedKeyUsages(org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages)
HashSet(java.util.HashSet)
Aggregations
HashSet (java.util.HashSet)1
X509ExtensionBuilder (org.xwiki.crypto.pkix.X509ExtensionBuilder)1
DistinguishedName (org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)1
X509CertificateGenerationParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters)1
X509CertificateParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters)1
ExtendedKeyUsages (org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages)1
X509DnsName (org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName)1
X509GeneralName (org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName)1
X509IpAddress (org.xwiki.crypto.pkix.params.x509certificate.extension.X509IpAddress)1
X509Rfc822Name (org.xwiki.crypto.pkix.params.x509certificate.extension.X509Rfc822Name)1
