List of usage examples for org.bouncycastle.asn1.x509 Extension subjectAlternativeName
ASN1ObjectIdentifier subjectAlternativeName
To view the source code for org.bouncycastle.asn1.x509 Extension subjectAlternativeName.
Click Source Link
From source file:org.xipki.security.shell.CertRequestGenCommand.java
License:Open Source License
@Override protected Object _doExecute() throws Exception { P10RequestGenerator p10Gen = new P10RequestGenerator(); hashAlgo = hashAlgo.trim().toUpperCase(); if (hashAlgo.indexOf('-') != -1) { hashAlgo = hashAlgo.replaceAll("-", ""); }// w ww . ja va 2 s. c om if (needExtensionTypes == null) { needExtensionTypes = new LinkedList<>(); } // SubjectAltNames List<Extension> extensions = new LinkedList<>(); if (isNotEmpty(subjectAltNames)) { extensions.add(P10RequestGenerator.createExtensionSubjectAltName(subjectAltNames, false)); needExtensionTypes.add(Extension.subjectAlternativeName.getId()); } // SubjectInfoAccess if (isNotEmpty(subjectInfoAccesses)) { extensions.add(P10RequestGenerator.createExtensionSubjectInfoAccess(subjectInfoAccesses, false)); needExtensionTypes.add(Extension.subjectInfoAccess.getId()); } // Keyusage if (isNotEmpty(keyusages)) { Set<KeyUsage> usages = new HashSet<>(); for (String usage : keyusages) { usages.add(KeyUsage.getKeyUsage(usage)); } org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages); ASN1ObjectIdentifier extType = Extension.keyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } // ExtendedKeyusage if (isNotEmpty(extkeyusages)) { Set<ASN1ObjectIdentifier> oids = new HashSet<>(SecurityUtil.textToASN1ObjectIdentifers(extkeyusages)); ExtendedKeyUsage extValue = X509Util.createExtendedUsage(oids); ASN1ObjectIdentifier extType = Extension.extendedKeyUsage; extensions.add(new Extension(extType, false, extValue.getEncoded())); needExtensionTypes.add(extType.getId()); } if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) { ExtensionExistence ee = new ExtensionExistence( SecurityUtil.textToASN1ObjectIdentifers(needExtensionTypes), SecurityUtil.textToASN1ObjectIdentifers(wantExtensionTypes)); extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded())); } ConcurrentContentSigner identifiedSigner = getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain)); Certificate cert = Certificate.getInstance(identifiedSigner.getCertificate().getEncoded()); X500Name subjectDN; if (subject != null) { subjectDN = new X500Name(subject); } else { subjectDN = cert.getSubject(); } SubjectPublicKeyInfo subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo(); ContentSigner signer = identifiedSigner.borrowContentSigner(); PKCS10CertificationRequest p10Req; try { p10Req = p10Gen.generateRequest(signer, subjectPublicKeyInfo, subjectDN, extensions); } finally { identifiedSigner.returnContentSigner(signer); } File file = new File(outputFilename); saveVerbose("saved PKCS#10 request to file", file, p10Req.getEncoded()); return null; }
From source file:org.xwiki.crypto.pkix.internal.extension.DefaultX509ExtensionBuilder.java
License:Open Source License
@Override public X509ExtensionBuilder addSubjectAltName(boolean critical, X509GeneralName[] names) { if (names == null) { return this; }/*from www .ja v a 2s . c om*/ return addExtension(Extension.subjectAlternativeName, false, BcExtensionUtils.getGeneralNames(names)); }
From source file:uk.ac.cam.gpe21.droidssl.mitm.crypto.cert.CertificateGenerator.java
License:Apache License
public X509CertificateHolder generate(String cn, String[] sans) { try {/*ww w .j a va2 s.co m*/ /* basic certificate structure */ //serial = serial.add(BigInteger.ONE); // TODO: temporary workaround as reusing serial numbers makes Firefox complain serial = new BigInteger(Long.toString(System.currentTimeMillis())); Calendar notBefore = new GregorianCalendar(UTC); notBefore.add(Calendar.HOUR, -1); Calendar notAfter = new GregorianCalendar(UTC); notAfter.add(Calendar.HOUR, 24); X500Name subject = new X500NameBuilder().addRDN(BCStyle.CN, cn).build(); BcX509ExtensionUtils utils = new BcX509ExtensionUtils(); X509v3CertificateBuilder builder = new BcX509v3CertificateBuilder(ca.getCertificate(), serial, notBefore.getTime(), notAfter.getTime(), subject, keyPair.getPublic()); /* subjectAlernativeName extension */ if (sans.length > 0) { GeneralName[] names = new GeneralName[sans.length]; for (int i = 0; i < names.length; i++) { names[i] = new GeneralName(GeneralName.dNSName, sans[i]); } builder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(names)); } /* basicConstraints extension */ builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); /* subjectKeyIdentifier extension */ builder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(keyPair.getPublic())); /* authorityKeyIdentifier extension */ builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(ca.getPublicKey())); /* keyUsage extension */ int usage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyAgreement; builder.addExtension(Extension.keyUsage, true, new KeyUsage(usage)); /* extendedKeyUsage extension */ KeyPurposeId[] usages = { KeyPurposeId.id_kp_serverAuth }; builder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(usages)); /* create the signer */ AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1withRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder() .find(signatureAlgorithm); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm) .build(ca.getPrivateKey()); /* build and sign the certificate */ return builder.build(signer); } catch (IOException | OperatorCreationException ex) { throw new CertificateGenerationException(ex); } }