Java Code Examples for org.bouncycastle.asn1.x509.ExtensionsGenerator#addExtension()
The following examples show how to use
org.bouncycastle.asn1.x509.ExtensionsGenerator#addExtension() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TlsHelper.java From nifi with Apache License 2.0 | 6 votes |
|
public static Extensions createDomainAlternativeNamesExtensions(List<String> domainAlternativeNames, String requestedDn) throws IOException {
List<GeneralName> namesList = new ArrayList<>();
try {
final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue());
namesList.add(new GeneralName(GeneralName.dNSName, cn));
} catch (Exception e) {
throw new IOException("Failed to extract CN from request DN: " + requestedDn, e);
}
if (domainAlternativeNames != null) {
for (String alternativeName : domainAlternativeNames) {
namesList.add(new GeneralName(IPAddress.isValid(alternativeName) ? GeneralName.iPAddress : GeneralName.dNSName, alternativeName));
}
}
GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[]{}));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
return extGen.generate();
}
Example 2
| Source File: TestDefaultProfile.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
/**
* Generate an Extension with rfc822Name.
* @param extensionCode - Extension Code.
* @param value - email to be added to the certificate
* @param critical - boolean value that marks the extension as critical.
* @return - An Extension list with email address.
* @throws IOException
*/
private Extensions getSANExtension(int extensionCode, String value,
boolean critical) throws IOException {
GeneralName extn = new GeneralName(extensionCode,
value);
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.subjectAlternativeName, critical,
new GeneralNames(extn));
return extensionsGenerator.generate();
}
Example 3
| Source File: TestDefaultProfile.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
/**
* Returns a extension with Extended Key usage.
* @param purposeId - Usage that we want to encode.
* @param critical - makes the extension critical.
* @return Extensions.
*/
private Extensions getKeyUsageExtension(KeyPurposeId purposeId,
boolean critical) throws IOException {
ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(purposeId);
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(
Extension.extendedKeyUsage, critical, extendedKeyUsage);
return extensionsGenerator.generate();
}
Example 4
| Source File: TlsHelper.java From localization_nifi with Apache License 2.0 | 5 votes |
|
public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames) throws IOException {
List<GeneralName> namesList = new ArrayList<>();
for(String alternativeName : domainAlternativeNames.split(",")) {
namesList.add(new GeneralName(GeneralName.dNSName, alternativeName));
}
GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName [] {}));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
return extGen.generate();
}
Example 5
| Source File: TLSArtifactsGenerator.java From dcos-commons with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("checkstyle:ThrowsCount")
private static byte[] generateCSR(
KeyPair keyPair,
CertificateNamesGenerator certificateNamesGenerator)
throws IOException, OperatorCreationException
{
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator
.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(
Extension.extendedKeyUsage,
true,
new ExtendedKeyUsage(
new KeyPurposeId[]{
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth,
}
));
extensionsGenerator.addExtension(
Extension.subjectAlternativeName,
true,
certificateNamesGenerator.getSANs()
);
PKCS10CertificationRequest csr =
new JcaPKCS10CertificationRequestBuilder(
certificateNamesGenerator.getSubject(),
keyPair.getPublic())
.addAttribute(
PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extensionsGenerator.generate()
)
.build(
new JcaContentSignerBuilder("SHA256withRSA")
.build(keyPair.getPrivate())
);
return PEMUtils.toPEM(csr);
}
Example 6
| Source File: Crypto.java From athenz with Apache License 2.0 | 5 votes |
|
public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey,
String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
// Create Distinguished Name
X500Principal subject = new X500Principal(x500Principal);
// Create ContentSigner
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
ContentSigner signer = csBuilder.build(privateKey);
// Create the CSR
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey);
// Add SubjectAlternativeNames (SAN) if specified
///CLOVER:OFF
if (sanArray != null) {
///CLOVER:ON
ExtensionsGenerator extGen = new ExtensionsGenerator();
GeneralNames subjectAltNames = new GeneralNames(sanArray);
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
PKCS10CertificationRequest csr = p10Builder.build(signer);
// write to openssl PEM format
PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
StringWriter strWriter;
try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
pemWriter.writeObject(pemObject);
}
return strWriter.toString();
}
Example 7
| Source File: X509Utils.java From acme-client with Apache License 2.0 | 5 votes |
|
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException {
X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
namebuilder.addRDN(BCStyle.CN, commonNames[0]);
List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length);
for (String cn:commonNames)
subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn));
GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0]));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
PKCS10CertificationRequest request = p10Builder.build(signer);
return request;
}
Example 8
| Source File: PkiUtil.java From cloudbreak with Apache License 2.0 | 5 votes |
|
private static PKCS10CertificationRequestBuilder addSubjectAlternativeNames(PKCS10CertificationRequestBuilder p10Builder, List<String> sanList)
throws IOException {
GeneralName[] generalNames = sanList
.stream()
.map(address -> new GeneralName(GeneralName.dNSName, address))
.toArray(GeneralName[]::new);
GeneralNames subjectAltNames = new GeneralNames(generalNames);
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
return p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
