List of usage examples for org.bouncycastle.asn1.x509 GeneralName GeneralName
public GeneralName(int tag, String name)
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * @see com.otterca.common.crypto.X509CertificateBuilder#setCaRepositories(URI...) *//*from w w w.ja va 2s .c o m*/ // @Override public X509CertificateBuilder setCaRepositories(URI... locations) { caRepositories.clear(); for (URI location : locations) { caRepositories.add(new GeneralName(GeneralName.uniformResourceIdentifier, location.toString())); } return this; }
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * @see com.otterca.common.crypto.X509CertificateBuilder#setCaRepositories(com.otterca.common.crypto.GeneralName...) */// ww w .ja va 2 s. c o m @Override public X509CertificateBuilder setCaRepositories(com.otterca.common.crypto.GeneralName<?>... names) { caRepositories.clear(); for (com.otterca.common.crypto.GeneralName<?> name : names) { switch (name.getType()) { case DIRECTORY: caRepositories.add(new GeneralName(GeneralName.directoryName, name.get().toString())); break; case URI: caRepositories.add(new GeneralName(GeneralName.uniformResourceIdentifier, name.get().toString())); break; default: throw new IllegalArgumentException("unexpected type for CA repository: " + name.getType()); } } return this; }
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * @see com.otterca.common.crypto.X509CertificateBuilder#setTimestampingLocations(URI...) *//*from www . j ava 2s.co m*/ // @Override public X509CertificateBuilder setTimestampingLocations(URI... locations) { timestamping.clear(); for (URI location : locations) { timestamping.add(new GeneralName(GeneralName.uniformResourceIdentifier, location.toString())); } return this; }
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * @see com.otterca.common.crypto.X509CertificateBuilder#setTimestampingLocations(com.otterca.common.crypto.GeneralName...) */// ww w . j a v a2 s .c om @Override public X509CertificateBuilder setTimestampingLocations(com.otterca.common.crypto.GeneralName<?>... names) { timestamping.clear(); for (com.otterca.common.crypto.GeneralName<?> name : names) { switch (name.getType()) { case URI: timestamping.add(new GeneralName(GeneralName.uniformResourceIdentifier, name.get().toString())); break; case EMAIL: timestamping.add(new GeneralName(GeneralName.rfc822Name, name.get().toString())); break; case DNS: timestamping.add(new GeneralName(GeneralName.dNSName, name.get().toString())); break; case IP_ADDRESS: timestamping .add(new GeneralName(GeneralName.iPAddress, ((InetAddress) name.get()).getHostAddress())); break; default: throw new IllegalArgumentException("unexpected type for Timestamping location: " + name.getType()); } } return this; }
From source file:com.otterca.common.crypto.X509CertificateBuilderImpl.java
License:Apache License
/** * Set Authority Key Identifier (RFC3280 4.2.1.1) * //w w w . ja v a 2s . com * @throws InvalidKeyException * @throws CertificateParsingException */ protected final void setAKID() throws InvalidKeyException, CertificateParsingException { if (issuer != null) { // signed certificates AuthorityKeyIdentifierStructure akis = new AuthorityKeyIdentifierStructure(issuer); generator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, akis); } else { // self-signed certificates since we already require subjectDN = // issuerDN GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, issuerDN)); AuthorityKeyIdentifier akis = new AuthorityKeyIdentifierStructure(pubkey); akis = new AuthorityKeyIdentifier(akis.getKeyIdentifier(), issuerName, serialNumber); generator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, akis); } }
From source file:com.qut.middleware.crypto.impl.CryptoProcessorImpl.java
License:Apache License
private X509Certificate generateV3Certificate(KeyPair pair, String certSubjectDN, Calendar before, Calendar expiry) throws CryptoException { X509V3CertificateGenerator cert = new X509V3CertificateGenerator(); /* Set the certificate serial number to a random number */ Random rand = new Random(); rand.setSeed(System.currentTimeMillis()); /* Generates a number between 0 and 2^32 as the serial */ BigInteger serial = BigInteger.valueOf(rand.nextInt(Integer.MAX_VALUE)); logger.info("Setting X509 Cert Serial to: " + serial); cert.setSerialNumber(serial);/*from w w w. j av a2 s.com*/ /* Set the certificate issuer */ cert.setIssuerDN(new X500Principal(this.certIssuerDN)); /* Set the start of valid period. */ cert.setNotBefore(before.getTime()); /* Set the certificate expiry date. */ cert.setNotAfter(expiry.getTime()); /* Set the subject */ cert.setSubjectDN(new X500Principal(certSubjectDN)); cert.setPublicKey(pair.getPublic()); /* Signature algorithm, this may need to be changed if not all hosts have SHA256 and RSA implementations */ cert.setSignatureAlgorithm("SHA512withRSA"); cert.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); /* Only for signing */ cert.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign)); cert.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); /* Set a contact email address for the issuer */ cert.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, this.certIssuerEmail))); logger.debug("Generating X509Certificate for key pair: " + pair); try { /* Use the BouncyCastle provider to actually generate the X509Certificate now */ return cert.generateX509Certificate(pair.getPrivate(), "BC"); } catch (InvalidKeyException e) { this.logger.error("InvalidKeyException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } catch (NoSuchProviderException e) { this.logger.error("NoSuchProviderException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } catch (SecurityException e) { this.logger.error("SecurityException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } catch (SignatureException e) { this.logger.error("SignatureException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } }
From source file:com.rcn.service.CertificateService.java
License:Open Source License
private GeneralNames toGeneralNames(String altName, Map<String, String> generalNameMap) { GeneralName subjectAltName = new GeneralName(GeneralName.rfc822Name, altName); List<GeneralName> generalNameList = new ArrayList<GeneralName>(); generalNameList.add(subjectAltName); generalNameMap.keySet().forEach(oid -> { String value = generalNameMap.get(oid); DERUTF8String derUtf8 = new DERUTF8String(value); ASN1Encodable oidObj = new DERObjectIdentifier(oid); ASN1Encodable valueObj = new DERTaggedObject(true, 0, derUtf8); ASN1Encodable[] asn1Seq = new ASN1Encodable[] { oidObj, valueObj }; generalNameList.add(new GeneralName(GeneralName.otherName, new DERSequence(asn1Seq))); });//from w w w . java 2 s . co m return new GeneralNames(new DERSequence(generalNameList.toArray(new GeneralName[0]))); }
From source file:com.vmware.identity.openidconnect.client.TestUtils.java
License:Open Source License
static X509Certificate generateCertificate(KeyPair keyPair, String dn, String subjectAltName) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//from ww w . j ava2 s .c o m if (subjectAltName != null) { v3CertGen .addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(subjectAltName)) })))); } X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.sts.auth.impl.UserCertAuthenticatorTest.java
License:Open Source License
private static X509Certificate generateCertificate(KeyPair keyPair, String dn) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//w w w . ja v a2 s . co m v3CertGen.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(upn)) })))); X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.yahoo.athenz.auth.util.CryptoTest.java
License:Apache License
@Test(dataProvider = "x500Principal") public void testX509CSRrequest(String x500Principal, boolean badRequest) throws Exception { PublicKey publicKey = Crypto.loadPublicKey(rsaPublicKey); PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey); String certRequest = null;//from w w w .j a v a2 s . co m GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1")); GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2")); GeneralName[] sanArray = new GeneralName[] { otherName1, otherName2 }; try { certRequest = Crypto.generateX509CSR(privateKey, publicKey, x500Principal, sanArray); } catch (Exception e) { if (!badRequest) { fail("Should not have failed to create csr"); } } if (!badRequest) { //Now validate the csr Crypto.getPKCS10CertRequest(certRequest); } }