List of usage examples for org.bouncycastle.pkcs PKCS10CertificationRequest getAttributes
public Attribute[] getAttributes(ASN1ObjectIdentifier type)
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static String extractX509CSREmail(PKCS10CertificationRequest certReq) { String rfc822 = null;/*from w w w .j a v a2 s . c o m*/ Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.rfc822Name) { rfc822 = (((DERIA5String) name.getName()).getString()); break; } } } } return rfc822; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) { List<String> dnsNames = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.dNSName) { dnsNames.add(((DERIA5String) name.getName()).getString()); }/*from w w w. j a va 2s .c o m*/ } } } return dnsNames; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest certReq) { List<String> ipAddresses = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.iPAddress) { try { InetAddress addr = InetAddress .getByAddress(((DEROctetString) name.getName()).getOctets()); ipAddresses.add(addr.getHostAddress()); } catch (UnknownHostException e) { }//from w ww . j a v a 2 s. com } } } } return ipAddresses; }
From source file:org.cesecore.util.CertToolsTest.java
License:Open Source License
@Test public void test19getAltNameStringFromExtension() throws Exception { {/*from w ww . ja v a 2 s . c om*/ PKCS10CertificationRequest p10 = new JcaPKCS10CertificationRequest(p10ReqWithAltNames); Attribute attribute = p10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)[0]; // The set of attributes contains a sequence of with type oid // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest boolean found = false; DERSet s = (DERSet) attribute.getAttrValues(); Extensions exts = Extensions.getInstance(s.getObjectAt(0)); Extension ext = exts.getExtension(Extension.subjectAlternativeName); if (ext != null) { found = true; String altNames = CertTools.getAltNameStringFromExtension(ext); assertEquals("dNSName=ort3-kru.net.polisen.se, iPAddress=10.252.255.237", altNames); } assertTrue(found); } { PKCS10CertificationRequest p10 = new JcaPKCS10CertificationRequest(p10ReqWithAltNames2); // The set of attributes contains a sequence of with type oid // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest Attribute attribute = p10.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)[0]; boolean found = false; DERSet s = (DERSet) attribute.getAttrValues(); Extensions exts = Extensions.getInstance(s.getObjectAt(0)); Extension ext = exts.getExtension(Extension.subjectAlternativeName); if (ext != null) { found = true; String altNames = CertTools.getAltNameStringFromExtension(ext); assertEquals("dNSName=foo.bar.com, iPAddress=10.0.0.1", altNames); } assertTrue(found); } }
From source file:org.elasticsearch.xpack.core.ssl.CertificateGenerateToolTests.java
License:Open Source License
public void testGeneratingCsr() throws Exception { Path tempDir = initTempDir(); Path outputFile = tempDir.resolve("out.zip"); Path instanceFile = writeInstancesTo(tempDir.resolve("instances.yml")); Collection<CertificateInformation> certInfos = CertificateGenerateTool.parseFile(instanceFile); assertEquals(4, certInfos.size());/*from w w w .j a va2s. c om*/ assertFalse(Files.exists(outputFile)); CertificateGenerateTool.generateAndWriteCsrs(outputFile, certInfos, randomFrom(1024, 2048)); assertTrue(Files.exists(outputFile)); Set<PosixFilePermission> perms = Files.getPosixFilePermissions(outputFile); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_READ)); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_WRITE)); assertEquals(perms.toString(), 2, perms.size()); FileSystem fileSystem = FileSystems.newFileSystem(new URI("jar:" + outputFile.toUri()), Collections.emptyMap()); Path zipRoot = fileSystem.getPath("/"); assertFalse(Files.exists(zipRoot.resolve("ca"))); for (CertificateInformation certInfo : certInfos) { String filename = certInfo.name.filename; assertTrue(Files.exists(zipRoot.resolve(filename))); final Path csr = zipRoot.resolve(filename + "/" + filename + ".csr"); assertTrue(Files.exists(csr)); assertTrue(Files.exists(zipRoot.resolve(filename + "/" + filename + ".key"))); PKCS10CertificationRequest request = readCertificateRequest(csr); assertEquals(certInfo.name.x500Principal.getName(), request.getSubject().toString()); Attribute[] extensionsReq = request.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (certInfo.ipAddresses.size() > 0 || certInfo.dnsNames.size() > 0) { assertEquals(1, extensionsReq.length); Extensions extensions = Extensions.getInstance(extensionsReq[0].getAttributeValues()[0]); GeneralNames subjAltNames = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); assertSubjAltNames(subjAltNames, certInfo); } else { assertEquals(0, extensionsReq.length); } } }
From source file:org.elasticsearch.xpack.core.ssl.CertificateToolTests.java
License:Open Source License
public void testGeneratingCsr() throws Exception { Path tempDir = initTempDir(); Path outputFile = tempDir.resolve("out.zip"); Path instanceFile = writeInstancesTo(tempDir.resolve("instances.yml")); Collection<CertificateInformation> certInfos = CertificateTool.parseFile(instanceFile); assertEquals(4, certInfos.size());//from w ww . j a v a2s.c o m assertFalse(Files.exists(outputFile)); int keySize = randomFrom(1024, 2048); new CertificateTool.SigningRequestCommand().generateAndWriteCsrs(outputFile, keySize, certInfos); assertTrue(Files.exists(outputFile)); Set<PosixFilePermission> perms = Files.getPosixFilePermissions(outputFile); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_READ)); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_WRITE)); assertEquals(perms.toString(), 2, perms.size()); FileSystem fileSystem = FileSystems.newFileSystem(new URI("jar:" + outputFile.toUri()), Collections.emptyMap()); Path zipRoot = fileSystem.getPath("/"); assertFalse(Files.exists(zipRoot.resolve("ca"))); for (CertificateInformation certInfo : certInfos) { String filename = certInfo.name.filename; assertTrue(Files.exists(zipRoot.resolve(filename))); final Path csr = zipRoot.resolve(filename + "/" + filename + ".csr"); assertTrue(Files.exists(csr)); assertTrue(Files.exists(zipRoot.resolve(filename + "/" + filename + ".key"))); PKCS10CertificationRequest request = readCertificateRequest(csr); assertEquals(certInfo.name.x500Principal.getName(), request.getSubject().toString()); Attribute[] extensionsReq = request.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (certInfo.ipAddresses.size() > 0 || certInfo.dnsNames.size() > 0) { assertEquals(1, extensionsReq.length); Extensions extensions = Extensions.getInstance(extensionsReq[0].getAttributeValues()[0]); GeneralNames subjAltNames = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); assertSubjAltNames(subjAltNames, certInfo); } else { assertEquals(0, extensionsReq.length); } } }
From source file:org.shredzone.acme4j.util.CSRBuilderTest.java
License:Apache License
/** * Checks if the CSR contains the right parameters. * <p>/*from w w w.java2 s . co m*/ * This is not supposed to be a Bouncy Castle test. If the * {@link PKCS10CertificationRequest} contains the right parameters, we assume that * Bouncy Castle encodes it properly. */ @SuppressWarnings("unchecked") private void csrTest(PKCS10CertificationRequest csr) { X500Name name = csr.getSubject(); assertThat(name.getRDNs(BCStyle.CN), arrayContaining(new RDNMatcher("abc.de"))); assertThat(name.getRDNs(BCStyle.C), arrayContaining(new RDNMatcher("XX"))); assertThat(name.getRDNs(BCStyle.L), arrayContaining(new RDNMatcher("Testville"))); assertThat(name.getRDNs(BCStyle.O), arrayContaining(new RDNMatcher("Testing Co"))); assertThat(name.getRDNs(BCStyle.OU), arrayContaining(new RDNMatcher("Testunit"))); assertThat(name.getRDNs(BCStyle.ST), arrayContaining(new RDNMatcher("ABC"))); Attribute[] attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); assertThat(attr.length, is(1)); ASN1Encodable[] extensions = attr[0].getAttrValues().toArray(); assertThat(extensions.length, is(1)); GeneralNames names = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName); assertThat(names.getNames(), arrayContaining(new GeneralNameMatcher("abc.de"), new GeneralNameMatcher("fg.hi"), new GeneralNameMatcher("jklm.no"), new GeneralNameMatcher("pqr.st"), new GeneralNameMatcher("uv.wx"), new GeneralNameMatcher("y.z"))); }