public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException { List<GeneralName> namesList = new ArrayList<>(); try { final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue()); namesList.add(new GeneralName(GeneralName.dNSName, cn)); } catch (Exception e) { throw new IOException("Failed to extract CN from request DN: " + requestedDn, e); } if (StringUtils.isNotBlank(domainAlternativeNames)) { for (String alternativeName : domainAlternativeNames.split(",")) { namesList.add(new GeneralName(GeneralName.dNSName, alternativeName)); } } GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[]{})); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); return extGen.generate(); }
/** * Add a given extension field for the standard extensions tag (tag 3) * * @param oid the OID defining the extension type. * @param isCritical true if the extension is critical, false otherwise. * @param value the ASN.1 structure that forms the extension's value. * @return this builder object. * @throws IOException IO exception */ public X509v3CertificateBuilder addExtension(ASN1ObjectIdentifier oid, boolean isCritical, ASN1Object value) throws IOException { extGenerator.addExtension(oid, isCritical, value); return this; }
/** * Create a builder for a version 3 certificate. * * @param issuer the certificate issuer * @param serial the certificate serial number * @param notBefore the date before which the certificate is not valid * @param notAfter the date after which the certificate is not valid * @param subject the certificate subject * @param publicKeyInfo the info structure for the public key to be associated * with this certificate. */ public X509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, SubjectPublicKeyInfo publicKeyInfo) { tbsGen = new V3TBSCertificateGenerator(); tbsGen.setSubject(subject); tbsGen.setSerialNumber(new ASN1Integer(serial)); tbsGen.setIssuer(issuer); tbsGen.setStartDate(new Time(notBefore)); tbsGen.setEndDate(new Time(notAfter)); tbsGen.setSubject(subject); tbsGen.setSubjectPublicKeyInfo(publicKeyInfo); extGenerator = new ExtensionsGenerator(); }
@Override public boolean isEmpty() { return this.extensions.isEmpty(); } }
@Override public X509ExtensionBuilder addExtension(String oid, boolean critical, byte[] value) throws IOException { this.extensions.addExtension(new ASN1ObjectIdentifier(oid), critical, value); return this; }
); final ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); csrBuilder.addAttribute( PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
/** * Add an extension. * * @param oid the extension oid. * @param critical true if the extension is critical. * @param value the value of the extension. * @return this extensions builder to allow chaining. */ public X509ExtensionBuilder addExtension(ASN1ObjectIdentifier oid, boolean critical, ASN1Encodable value) { try { this.extensions.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); } catch (IOException e) { // Very unlikely throw new IllegalArgumentException("Invalid extension value, it could not be properly DER encoded."); } return this; }
ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); genReq.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
/** * Add an extension with the given oid and the passed in value to be included * in the OCTET STRING associated with the extension. * * @param oid OID for the extension. * @param critical true if critical, false otherwise. * @param value the ASN.1 object to be included in the extension. */ public void addExtension( ASN1ObjectIdentifier oid, boolean critical, ASN1Encodable value) throws IOException { this.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); }
String principal = "CN=company1, OU=company1, O=company1, C=GB"; AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name( principal), pair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); csr = csrBuilder.build(signer);
/** * Add an extension with the given oid and the passed in value to be included * in the OCTET STRING associated with the extension. * * @param oid OID for the extension. * @param critical true if critical, false otherwise. * @param value the ASN.1 object to be included in the extension. */ public void addExtension( ASN1ObjectIdentifier oid, boolean critical, ASN1Encodable value) throws IOException { this.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); }
public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException { String principal = "CN=" + Utils.getCertificateCommonName() + ", O=" + Utils.getCertificateOrganization(); AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(Extension.keyUsage, true, keyUsage); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer); return csr; }
@Override public X509ExtensionBuilder addExtensions(X509Extensions extensionSet) throws IOException { if (extensionSet == null) { return this; } // Optimisation if (extensionSet instanceof BcX509Extensions) { Extensions exts = ((BcX509Extensions) extensionSet).getExtensions(); @SuppressWarnings("unchecked") Enumeration<ASN1ObjectIdentifier> oids = exts.oids(); while (oids.hasMoreElements()) { ASN1ObjectIdentifier oid = oids.nextElement(); Extension ext = exts.getExtension(oid); this.extensions.addExtension(ext.getExtnId(), ext.isCritical(), ext.getParsedValue()); } } else { // Fallback for (String oid : extensionSet.getExtensionOID()) { this.extensions.addExtension(new ASN1ObjectIdentifier(oid), extensionSet.isCritical(oid), extensionSet.getExtensionValue(oid)); } } return this; }
private static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair) throws IOException, OperatorCreationException { String principal = "CN=company1, OU=company1, O=company1, C=GB"; AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name( principal), keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer); return csr; }
ExtensionsGenerator extnsnGenr = new ExtensionsGenerator(); extnsnGenr.addExtension(Extension.subjectAlternativeName, false, subjectAltName); .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extnsnGenr.generate());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints( true)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer);
new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), keypair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, subjectAltName); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), keypair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, subjectAltName); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());