List of usage examples for org.bouncycastle.asn1.x509 GeneralName iPAddress
int iPAddress
To view the source code for org.bouncycastle.asn1.x509 GeneralName iPAddress.
Click Source Link
From source file:okhttp3.tls.HeldCertificateTest.java
License:Apache License
@Test public void subjectAlternativeNames() throws CertificateParsingException { HeldCertificate heldCertificate = new HeldCertificate.Builder().addSubjectAlternativeName("1.1.1.1") .addSubjectAlternativeName("cash.app").build(); X509Certificate certificate = heldCertificate.certificate(); List<List<?>> subjectAlternativeNames = new ArrayList<>(certificate.getSubjectAlternativeNames()); assertEquals(subjectAlternativeNames, Arrays.asList(Arrays.asList(GeneralName.iPAddress, "1.1.1.1"), Arrays.asList(GeneralName.dNSName, "cash.app"))); }
From source file:org.apache.cloudstack.utils.security.CertUtils.java
License:Apache License
public static X509Certificate generateV3Certificate(final X509Certificate caCert, final KeyPair caKeyPair, final PublicKey clientPublicKey, final String subject, final String signatureAlgorithm, final int validityDays, final List<String> dnsNames, final List<String> publicIPAddresses) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, InvalidKeyException, SignatureException, OperatorCreationException { final DateTime now = DateTime.now(DateTimeZone.UTC); final BigInteger serial = generateRandomBigInt(); final JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); final X509v3CertificateBuilder certBuilder; if (caCert == null) { // Generate CA certificate certBuilder = new JcaX509v3CertificateBuilder(new X500Name(subject), serial, now.minusHours(12).toDate(), now.plusDays(validityDays).toDate(), new X500Name(subject), clientPublicKey);/* ww w.jav a 2 s.co m*/ certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); } else { // Generate client certificate certBuilder = new JcaX509v3CertificateBuilder(caCert, serial, now.minusHours(12).toDate(), now.plusDays(validityDays).toDate(), new X500Principal(subject), clientPublicKey); certBuilder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)); } certBuilder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(clientPublicKey)); final List<ASN1Encodable> subjectAlternativeNames = new ArrayList<ASN1Encodable>(); if (publicIPAddresses != null) { for (final String publicIPAddress : publicIPAddresses) { if (Strings.isNullOrEmpty(publicIPAddress)) { continue; } subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, publicIPAddress)); } } if (dnsNames != null) { for (final String dnsName : dnsNames) { if (Strings.isNullOrEmpty(dnsName)) { continue; } subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, dnsName)); } } if (subjectAlternativeNames.size() > 0) { final GeneralNames subjectAltNames = GeneralNames .getInstance(new DERSequence(subjectAlternativeNames.toArray(new ASN1Encodable[] {}))); certBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); } final ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider("BC") .build(caKeyPair.getPrivate()); final X509CertificateHolder certHolder = certBuilder.build(signer); final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder); if (caCert != null) { cert.verify(caCert.getPublicKey()); } else { cert.verify(caKeyPair.getPublic()); } return cert; }
From source file:org.apache.cloudstack.utils.security.CertUtilsTest.java
License:Apache License
@Test public void testGenerateCertificate() throws Exception { final KeyPair clientKeyPair = CertUtils.generateRandomKeyPair(1024); final List<String> domainNames = Arrays.asList("domain1.com", "www.2.domain2.com", "3.domain3.com"); final List<String> addressList = Arrays.asList("1.2.3.4", "192.168.1.1", "2a02:120b:2c16:f6d0:d9df:8ebc:e44a:f181"); final X509Certificate clientCert = CertUtils.generateV3Certificate(caCertificate, caKeyPair, clientKeyPair.getPublic(), "CN=domain.example", "SHA256WithRSAEncryption", 10, domainNames, addressList);/*from w w w.j ava 2 s . c om*/ clientCert.verify(caKeyPair.getPublic()); Assert.assertEquals(clientCert.getIssuerDN(), caCertificate.getIssuerDN()); Assert.assertEquals(clientCert.getSigAlgName(), "SHA256WITHRSA"); Assert.assertArrayEquals(clientCert.getPublicKey().getEncoded(), clientKeyPair.getPublic().getEncoded()); Assert.assertNotNull(clientCert.getSubjectAlternativeNames()); for (final List<?> altNames : clientCert.getSubjectAlternativeNames()) { Assert.assertTrue(altNames.size() == 2); final Object first = altNames.get(0); final Object second = altNames.get(1); if (first instanceof Integer && ((Integer) first) == GeneralName.iPAddress) { Assert.assertTrue(addressList.contains((String) second)); } if (first instanceof Integer && ((Integer) first) == GeneralName.dNSName) { Assert.assertTrue(domainNames.contains((String) second)); } } }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelperTest.java
License:Apache License
private List<String> extractSanFromCsr(JcaPKCS10CertificationRequest csr) { List<String> sans = new ArrayList<>(); Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); GeneralName[] names = gns.getNames(); for (GeneralName name : names) { logger.info("Type: " + name.getTagNo() + " | Name: " + name.getName()); String title = ""; if (name.getTagNo() == GeneralName.dNSName) { title = "DNS"; } else if (name.getTagNo() == GeneralName.iPAddress) { title = "IP Address"; // name.toASN1Primitive(); } else if (name.getTagNo() == GeneralName.otherName) { title = "Other Name"; }/*from w w w.j av a 2s. c om*/ sans.add(title + ": " + name.getName()); } } } return sans; }
From source file:org.apache.zookeeper.common.X509TestHelpers.java
License:Apache License
/** * Returns subject alternative names for "localhost". * @return the subject alternative names for "localhost". *///from www . j a v a 2 s .c om private static GeneralNames getLocalhostSubjectAltNames() throws UnknownHostException { InetAddress[] localAddresses = InetAddress.getAllByName("localhost"); GeneralName[] generalNames = new GeneralName[localAddresses.length + 1]; for (int i = 0; i < localAddresses.length; i++) { generalNames[i] = new GeneralName(GeneralName.iPAddress, new DEROctetString(localAddresses[i].getAddress())); } generalNames[generalNames.length - 1] = new GeneralName(GeneralName.dNSName, new DERIA5String("localhost")); return new GeneralNames(generalNames); }
From source file:org.apache.zookeeper.common.ZKTrustManagerTest.java
License:Apache License
private X509Certificate[] createSelfSignedCertifcateChain(String ipAddress, String hostname) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, "NOT_LOCALHOST"); Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(notBefore);/*from w ww . jav a2s . c om*/ cal.add(Calendar.YEAR, 1); Date notAfter = cal.getTime(); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); List<GeneralName> generalNames = new ArrayList<>(); if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); } if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); return new X509Certificate[] { new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)) }; }
From source file:org.apache.zookeeper.server.quorum.QuorumSSLTest.java
License:Apache License
public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey, String hostname, String ipAddress, String crlPath, Integer ocspPort) throws Exception { X509CertificateHolder holder = new JcaX509CertificateHolder(caCert); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey); List<GeneralName> generalNames = new ArrayList<>(); if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); }/*from w w w .ja va 2s. c o m*/ if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory .createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic().getEncoded())); X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils(); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()), certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic()) .addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(holder)) .addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(entityKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(false)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } if (crlPath != null) { DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, "file://" + crlPath))); certificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[] { new DistributionPoint(distPointOne, null, null) })); } if (ocspPort != null) { certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort))); } return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(signer)); }
From source file:org.ccnx.ccn.impl.security.crypto.util.MinimalCertificateGenerator.java
License:Open Source License
/** * Adds ip address to subjectAltName and IPSec usage to EKU * @param ipAddress string form of the IP address. Assumed to be in either * IPv4 form, "n.n.n.n", with 0<=n<256, orIPv6 form, * "n.n.n.n.n.n.n.n", where the n's are the HEXADECIMAL form of the * 16-bit address components.//from w ww .jav a 2s . c o m **/ public void setIPSecUsage(String ipAddress) { GeneralName name = new GeneralName(GeneralName.iPAddress, ipAddress); _subjectAltNames.add(name); _ekus.add(id_kp_ipsec); }
From source file:org.cesecore.certificates.certificate.certextensions.standard.NameConstraint.java
License:Open Source License
/** * Converts a list of encoded strings of Name Constraints into ASN1 GeneralSubtree objects. * This is needed when creating an BouncyCastle ASN1 NameConstraint object for inclusion * in a certificate./*w w w . jav a2 s. co m*/ */ public static GeneralSubtree[] toGeneralSubtrees(List<String> list) { if (list == null) { return new GeneralSubtree[0]; } GeneralSubtree[] ret = new GeneralSubtree[list.size()]; int i = 0; for (String entry : list) { int type = getNameConstraintType(entry); Object data = getNameConstraintData(entry); GeneralName genname; switch (type) { case GeneralName.dNSName: case GeneralName.rfc822Name: genname = new GeneralName(type, (String) data); break; case GeneralName.directoryName: genname = new GeneralName(new X500Name(CeSecoreNameStyle.INSTANCE, (String) data)); break; case GeneralName.iPAddress: genname = new GeneralName(type, new DEROctetString((byte[]) data)); break; default: throw new UnsupportedOperationException( "Encoding of name constraint type " + type + " is not implemented."); } ret[i++] = new GeneralSubtree(genname); } return ret; }
From source file:org.cesecore.certificates.certificate.certextensions.standard.NameConstraint.java
License:Open Source License
/** * Returns the GeneralName type code for an encoded Name Constraint. *///from ww w. j a v a 2 s . c o m private static int getNameConstraintType(String encoded) { String typeString = encoded.split(":", 2)[0]; if ("iPAddress".equals(typeString)) return GeneralName.iPAddress; if ("dNSName".equals(typeString)) return GeneralName.dNSName; if ("directoryName".equals(typeString)) return GeneralName.directoryName; if ("rfc822Name".equals(typeString)) return GeneralName.rfc822Name; throw new UnsupportedOperationException("Unsupported name constraint type " + typeString); }