List of usage examples for org.bouncycastle.asn1.x509 GeneralName GeneralName
public GeneralName(int tag, String name)
From source file:org.elasticsearch.xpack.core.ssl.CertGenUtils.java
License:Open Source License
/** * Creates an X.509 {@link GeneralName} for use as a <em>Common Name</em> in the certificate's <em>Subject Alternative Names</em> * extension. A <em>common name</em> is a name with a tag of {@link GeneralName#otherName OTHER}, with an object-id that references * the {@link #CN_OID cn} attribute, an explicit tag of '0', and a DER encoded UTF8 string for the name. * This usage of using the {@code cn} OID as a <em>Subject Alternative Name</em> is <strong>non-standard</strong> and will not be * recognised by other X.509/TLS implementations. *//*from ww w .j av a2 s .co m*/ public static GeneralName createCommonName(String cn) { final ASN1Encodable[] sequence = { new ASN1ObjectIdentifier(CN_OID), new DERTaggedObject(true, 0, new DERUTF8String(cn)) }; return new GeneralName(GeneralName.otherName, new DERSequence(sequence)); }
From source file:org.elasticsearch.xpack.core.ssl.CertificateGenerateTool.java
License:Open Source License
private static GeneralNames getSubjectAlternativeNamesValue(List<String> ipAddresses, List<String> dnsNames, List<String> commonNames) { Set<GeneralName> generalNameList = new HashSet<>(); for (String ip : ipAddresses) { generalNameList.add(new GeneralName(GeneralName.iPAddress, ip)); }/*from ww w . jav a2 s . com*/ for (String dns : dnsNames) { generalNameList.add(new GeneralName(GeneralName.dNSName, dns)); } for (String cn : commonNames) { generalNameList.add(CertGenUtils.createCommonName(cn)); } if (generalNameList.isEmpty()) { return null; } return new GeneralNames(generalNameList.toArray(new GeneralName[0])); }
From source file:org.glite.security.util.IPAddressComparator.java
License:Apache License
/** * Parses the string representation of the IP address and returns the address as a byte array. The methods returns * bytes of the IP address, 4 bytes for IPv4 address, 16 for the IPv6 address, 5 for IPv4 address with netmask and * 17 for the IPv6 address with netmask. example 137.138.125.111/24 would return bytes {137, 138, 125, 111, 24}. So * far only the slash-int way of defining the netmask is supported. * /*from w w w .j ava 2 s . c om*/ * @param ip The IP address with optional netmask. * @return see above for explanation of the return value. */ public static byte[] parseIP(String ip) { // TODO: maybe implement properly without using GeneralName... GeneralName name = new GeneralName(7, ip); return ASN1OctetString.getInstance(name.getName()).getOctets(); }
From source file:org.glite.security.util.proxy.ProxyRestrictionData.java
License:Apache License
/** * Adds a new permitted IP addressSpace to the data structure. * /* w ww .jav a 2 s . c om*/ * @param address The address space to add to the allowed ip address space. Example of the format: 192.168.0.0/16. * Which equals a 192.168.0.0 with a net mask 255.255.0.0. A single IP address can be defined as * xxx.xxx.xxx.xxx/32. <br> * See <a href="http://www.ietf.org/rfc/rfc4632.txt"> RFC 4632.</a> The restriction is of the format used * for NameConstraints, meaning GeneralName with 8 octets for ipv4 and 32 octets for ipv6 addresses. */ public void addPermittedIPAddressWithNetmask(String address) { m_permittedGeneralSubtrees .add(new GeneralSubtree(new GeneralName(GeneralName.iPAddress, address), null, null)); }
From source file:org.glite.security.util.proxy.ProxyRestrictionData.java
License:Apache License
/** * Adds a new excluded IP addressSpace to the data structure. * //from w w w . ja va2 s . c o m * @param address The address space to add to the allowed ip address space. Example of the format: 192.168.0.0/16. * Which equals a 192.168.0.0 with a net mask 255.255.0.0. A single IP address can be defined as * xxx.xxx.xxx.xxx/32. <br> * See <a href="http://www.ietf.org/rfc/rfc4632.txt"> RFC 4632.</a> The restriction is of the format used * for NameConstraints, meaning GeneralName with 8 octets for ipv4 and 32 octets for ipv6 addresses. */ public void addExcludedIPAddressWithNetmask(String address) { m_excludedGeneralSubtrees .add(new GeneralSubtree(new GeneralName(GeneralName.iPAddress, address), null, null)); }
From source file:org.glite.security.util.proxy.ProxyTracingExtension.java
License:Apache License
/** * Generates a new proxy tracing item from the URL. * /*from w w w . ja v a2s . co m*/ * @param url The URL to identify the issuer or the subject. */ public ProxyTracingExtension(String url) { m_name = new GeneralName(GeneralName.uniformResourceIdentifier, url); m_names = new GeneralNames(m_name); }
From source file:org.glite.slcs.pki.CertificateExtensionFactory.java
License:eu-egee.org license
/** * Creates a RFC882 Subject Alternative Name: email:johndoe@example.com * extension./* ww w.j a v a2 s . co m*/ * * @param emailAddress * The email address to be included as alternative name. * @return The subject alternative name CertificateExtension. */ static protected CertificateExtension createSubjectAltNameExtension(String emailAddress) { GeneralName subjectAltName = new GeneralName(GeneralName.rfc822Name, emailAddress); GeneralNames subjectAltNames = new GeneralNames(subjectAltName); X509Extension subjectAltNameExtension = new X509Extension(false, new DEROctetString(subjectAltNames)); return new CertificateExtension(X509Extensions.SubjectAlternativeName, "SubjectAltName", subjectAltNameExtension, emailAddress); }
From source file:org.glite.slcs.pki.CertificateExtensionFactory.java
License:eu-egee.org license
/** * //w w w.j ava 2 s . c o m * @param prefixedAltNames * @param values * @return */ static protected CertificateExtension createSubjectAltNameExtension(Vector prefixedAltNames, String values) { ASN1EncodableVector altNames = new ASN1EncodableVector(); Enumeration typeAndNames = prefixedAltNames.elements(); while (typeAndNames.hasMoreElements()) { String typeAndName = (String) typeAndNames.nextElement(); typeAndName = typeAndName.trim(); if (typeAndName.startsWith("email:")) { String emailAddress = typeAndName.substring("email:".length()); GeneralName altName = new GeneralName(GeneralName.rfc822Name, emailAddress); altNames.add(altName); } else if (typeAndName.startsWith("dns:")) { String hostname = typeAndName.substring("dns:".length()); GeneralName altName = new GeneralName(GeneralName.dNSName, hostname); altNames.add(altName); } else { LOG.error("Unsupported subjectAltName: " + typeAndName); } } DERSequence subjectAltNames = new DERSequence(altNames); GeneralNames generalNames = new GeneralNames(subjectAltNames); X509Extension subjectAltNameExtension = new X509Extension(false, new DEROctetString(generalNames)); return new CertificateExtension(X509Extensions.SubjectAlternativeName, "SubjectAltName", subjectAltNameExtension, values); }
From source file:org.hyperledger.fabric.sdk.security.certgen.TLSCertificateBuilder.java
License:Open Source License
private void addSAN(X509v3CertificateBuilder certBuilder, String san) throws CertIOException { ASN1Encodable[] subjectAlternativeNames = new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, san) }; certBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(subjectAlternativeNames)); }
From source file:org.iotivity.cloud.accountserver.resources.credprov.cert.CertificateResource.java
License:Open Source License
/** * Handles post requests to Certificate Resource. * Request should be with specified format * POST /oic/credprov/cert/*from ww w . j a va 2s. c om*/ * { * di? : 11-22-xx?, * csr? : { * encoding? : oic.sec.encoding.base64?, * data? : <Base64 encoded CSR Binary>? * } * } * Method checks encoding, and decodes data by specified encoding if needed. * * Method issus a certificate including User UUID in extension field, * stores issuing information (serial number, validity, device uuid, user uuid) for management (e.g. re-issue). * Response should be in next format for example: * 2.04 CHANGED * { * di? : 1111-22-xx?, * cert? : { * encoding? : oic.sec.encoding.base64?, * data? : <Base64 encoded Cert. Binary>? * }, * certchain? : { * encoding? : oic.sec.encoding.base64?, * data? : <Base64 encoded CA Cert. chain>? * } * } * or returns BAD_REQUEST: 4.0.1 if any exceptions occured. * * @param request request with payload information. * @throws ServerException */ private IResponse handlePostRequest(IRequest request) throws ServerException { byte[] requestPayload = request.getPayload(); IResponse response = MessageBuilder.createResponse(request, ResponseStatus.BAD_REQUEST); if (requestPayload != null) { Map<String, Object> payloadData = MAP_CBOR.parsePayloadFromCbor(requestPayload, HashMap.class); if (payloadData != null) { Object csr = payloadData.get(Constants.REQ_CSR); if (csr != null && csr instanceof Map) { Object encoding = ((Map<String, Object>) csr).get(ENCODING); Object data = ((Map<String, Object>) csr).get(DATA); if (encoding != null && encoding instanceof String && data != null && data instanceof byte[]) { byte[] csrData = (byte[]) data; if (encoding.equals(BASE_64)) { csrData = Base64.decode(csrData); } try { CSRParser parser = new CSRParser(csrData); String commonName = parser.getCommonName(); String pattern = "^uuid:(.*)$"; Pattern r = Pattern.compile(pattern); Matcher m = r.matcher(commonName); String deviceId = (String) payloadData.get(RESP_DEVICE_ID); if (m.find() && m.group(1).equals(deviceId) && parser.isSignatureValid()) { CertificateManager certificateManager = new CertificateManager(deviceId); CertificateTable certificateTable = certificateManager.getCertificate(); if (certificateTable != null) { try { CrlManager.CRL_MANAGER.revoke(certificateTable.getSerialNumber()); } catch (CRLException | OperatorCreationException e) { Log.e(e.getMessage() + e.getClass()); } certificateManager.update(certificateTable, true); } PublicKey publicKey = parser.getPublicKey(); if (publicKey != null) { CertificateExtension extension = new CertificateExtension( Extension.subjectAlternativeName, false, new DERSequence(new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, Constants.KEYFIELD_USERID + ":" + Utility.getUserID(deviceId)) })); CertificateBuilder certBuilder = new CertificateBuilder(parser.getSubject(), publicKey, extension); try { X509Certificate personal = certBuilder.build(); byte[] encodedCert = personal.getEncoded(); byte[] encodedCa = CertificateStorage.ROOT_CERTIFICATE.getEncoded(); if (encoding.equals(CertificateConstants.BASE_64)) { encodedCert = Base64.encode(encodedCert); encodedCa = Base64.encode(encodedCa); } certificateManager.put(Constants.RESP_DEVICE_ID, deviceId); certificateManager.put(Constants.CERT, new CSR(encoding.toString(), encodedCert)); certificateManager.put(Constants.CERT_CHAIN, new CSR(encoding.toString(), encodedCa)); certificateManager.save(personal.getSerialNumber(), personal.getNotAfter(), personal.getNotBefore()); response = MessageBuilder.createResponse(request, ResponseStatus.CHANGED, ContentFormat.APPLICATION_CBOR, MAP_CBOR.encodingPayloadToCbor(certificateManager.getPayLoad())); } catch (GeneralSecurityException | OperatorCreationException | CertIOException e) { Log.e(e.getMessage()); } } } } catch (IOException e) { Log.e(e.getMessage()); } } } } } return response; }