Refine search
public void createSelfSignedCertificate( File certificatePath, File privateKeyPath, String hostName ) throws GeneralSecurityException, IOException, OperatorCreationException { installCleanupHook( certificatePath, privateKeyPath ); KeyPairGenerator keyGen = KeyPairGenerator.getInstance( DEFAULT_ENCRYPTION ); keyGen.initialize( 2048, random ); KeyPair keypair = keyGen.generateKeyPair(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name( "CN=" + hostName ); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger( 64, random ), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic() ); // Subject alternative name (part of SNI extension, used for hostname verification) GeneralNames subjectAlternativeName = new GeneralNames( new GeneralName( GeneralName.dNSName, hostName ) ); builder.addExtension( Extension.subjectAlternativeName, false, subjectAlternativeName ); PrivateKey privateKey = keypair.getPrivate(); ContentSigner signer = new JcaContentSignerBuilder( "SHA512WithRSAEncryption" ).build( privateKey ); X509CertificateHolder certHolder = builder.build( signer ); X509Certificate cert = new JcaX509CertificateConverter().setProvider( PROVIDER ).getCertificate( certHolder ); //check so that cert is valid cert.verify( keypair.getPublic() ); //write to disk writePem( "CERTIFICATE", cert.getEncoded(), certificatePath ); writePem( "PRIVATE KEY", privateKey.getEncoded(), privateKeyPath ); // Mark as done so we don't clean up certificates cleanupRequired = false; }
protected static GeneralNames getSubjectAlternativeNames( Set<String> sanDnsNames ) { final ASN1EncodableVector subjectAlternativeNames = new ASN1EncodableVector(); if ( sanDnsNames != null ) { for ( final String dnsNameValue : sanDnsNames ) { subjectAlternativeNames.add( new GeneralName( GeneralName.dNSName, dnsNameValue ) ); } } return GeneralNames.getInstance( new DERSequence( subjectAlternativeNames ) ); }
public CertificateBuilder sanDnsName(String hostName) throws IOException { subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, hostName)).getEncoded(); return this; }
private byte[] san() throws IOException { List<GeneralName> names = dnsNames.stream() .map(CertificateBuilder::dnsGeneralName) .collect(toList()); names.addAll(ipAddresses.stream() .map(CertificateBuilder::ipGeneralName) .collect(toList())); return names.isEmpty() ? null : new GeneralNames(names.toArray(new GeneralName[] {})).getEncoded(); }
for (GeneralName genName : GeneralNames.getInstance(dpn.getName()).getNames()) if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) String url = DERIA5String.getInstance(genName.getName()).getString(); crlUrls.add(url);
/** * Converts a list of domain name Subject Alternative Names into ASN1Encodable GeneralNames objects, for use with * the Bouncy Castle certificate builder. * * @param subjectAlternativeNames domain name SANs to convert * @return a GeneralNames instance that includes the specifie dsubjectAlternativeNames as DNS name fields */ private static GeneralNames getDomainNameSANsAsASN1Encodable(List<String> subjectAlternativeNames) { List<GeneralName> encodedSANs = new ArrayList<>(subjectAlternativeNames.size()); for (String subjectAlternativeName : subjectAlternativeNames) { // IP addresses use the IP Address tag instead of the DNS Name tag in the SAN list boolean isIpAddress = InetAddresses.isInetAddress(subjectAlternativeName); GeneralName generalName = new GeneralName(isIpAddress ? GeneralName.iPAddress : GeneralName.dNSName, subjectAlternativeName); encodedSANs.add(generalName); } return new GeneralNames(encodedSANs.toArray(new GeneralName[encodedSANs.size()])); }
GeneralNames reqNames = (extValue == null) ? null : GeneralNames.getInstance(extValue); if (subjectAltNameModes == null && subjectToSubjectAltNameModes == null) { return reqNames; GeneralNameTag tag = subjectToSubjectAltNameModes.get(attrType); RDN[] rdns = grantedSubject.getRDNs(attrType); if (rdns == null) { rdns = requestedSubject.getRDNs(attrType); case directoryName: case registeredID: grantedNames.add(new GeneralName(tag.getTag(), rdnValue)); break; default: GeneralName[] reqL = reqNames.getNames(); for (int i = 0; i < reqL.length; i++) { grantedNames.add( new GeneralNames(grantedNames.toArray(new GeneralName[0]));
public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException { List<GeneralName> namesList = new ArrayList<>(); try { final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue()); namesList.add(new GeneralName(GeneralName.dNSName, cn)); } catch (Exception e) { throw new IOException("Failed to extract CN from request DN: " + requestedDn, e); } if (StringUtils.isNotBlank(domainAlternativeNames)) { for (String alternativeName : domainAlternativeNames.split(",")) { namesList.add(new GeneralName(GeneralName.dNSName, alternativeName)); } } GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[]{})); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); return extGen.generate(); }
subject = new X500Name("CN = BETaaS Gateway Certificate"); .addExtension(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment)) .addExtension(Extension.subjectAlternativeName, false, new GeneralNames( new GeneralName(GeneralName.rfc822Name, ufn)));
/** * Creates SHA1 string representation of {@link #getSANs()}. */ public String getSANsHash() { String allSans = Arrays.stream(getSANs().getNames()) .map(name -> name.getName().toString()) .collect(Collectors.joining(";")); byte[] digest = SHA1_HASHER.digest(allSans.getBytes(StandardCharsets.UTF_8)); return new String(Hex.encode(digest), StandardCharsets.UTF_8); } }
new X500Name(subject), serial, now.minusHours(12).toDate(), now.plusDays(validityDays).toDate(), new X500Name(subject), clientPublicKey); continue; subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, publicIPAddress)); continue; subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, dnsName)); final GeneralNames subjectAltNames = GeneralNames.getInstance(new DERSequence(subjectAlternativeNames.toArray(new ASN1Encodable[] {}))); certBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
public GeneralNames build() { GeneralName[] tmp = new GeneralName[names.size()]; for (int i = 0; i != tmp.length; i++) { tmp[i] = (GeneralName)names.elementAt(i); } return new GeneralNames(tmp); } }
/** * Parses the information in the byte array (GeneralNames ASN1 sequence * of GeneralName) into a proxy tracing extension object. * * @param bytes * The bytes of ASN1 encoded proxy tracing extension. * @throws IOException * In case the byte array does not contain a valid ASN1 * encoded proxy tracing extension. */ public ProxyTracingExtension(byte[] bytes) throws IOException { names = GeneralNames.getInstance(ASN1Primitive.fromByteArray(bytes)); name = names.getNames()[0]; }
final String subject = request.getSubject().toString(); for (final Attribute attribute : request.getAttributes()) { if (attribute == null) { final GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); if (gns != null && gns.getNames() != null && gns.getNames().length > 0) { for (final GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.dNSName) { dnsNames.add(name.getName().toString()); if (name.getTagNo() == GeneralName.iPAddress) { final InetAddress address = InetAddress.getByAddress(DatatypeConverter.parseHexBinary(name.getName().toString().substring(1))); ipAddresses.add(address.toString().replace("/", ""));
public static CRLDistPoint createCrlDistributionPoints(List<String> crlUris, X500Name caSubject, X500Name crlSignerSubject) { Args.notEmpty(crlUris, "crlUris"); int size = crlUris.size(); DistributionPoint[] points = new DistributionPoint[1]; GeneralName[] names = new GeneralName[size]; for (int i = 0; i < size; i++) { names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, crlUris.get(i)); } // Distribution Point GeneralNames gns = new GeneralNames(names); DistributionPointName pointName = new DistributionPointName(gns); GeneralNames crlIssuer = null; if (crlSignerSubject != null && !crlSignerSubject.equals(caSubject)) { GeneralName crlIssuerName = new GeneralName(crlSignerSubject); crlIssuer = new GeneralNames(crlIssuerName); } points[0] = new DistributionPoint(pointName, null, crlIssuer); return new CRLDistPoint(points); }
@Test public void testSlashesInServiceName() throws Exception { String serviceNameWithSlashes = "service/name/with/slashes"; String serviceNameWithoutSlashes = "servicenamewithslashes"; CertificateNamesGenerator certificateNamesGenerator = new CertificateNamesGenerator(serviceNameWithSlashes, mockTaskSpec, mockPodInstance, SCHEDULER_CONFIG); Assert.assertEquals(String.format("%s-%s.%s", POD_NAME, TestConstants.TASK_NAME, serviceNameWithoutSlashes), certificateNamesGenerator.getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue().toString()); List<String> names = Arrays.stream(certificateNamesGenerator.getSANs().getNames()) .map(name -> name.getName().toString()) .collect(Collectors.toList()); Assert.assertEquals(1, names.size()); Assert.assertTrue(names.toString(), names.contains(taskDnsName(TestConstants.TASK_NAME, serviceNameWithoutSlashes))); Assert.assertFalse(names.contains(taskDnsName("*", serviceNameWithoutSlashes))); Assert.assertFalse(names.contains(taskVipName("*", serviceNameWithoutSlashes))); Assert.assertEquals( toSansHash("some-pod-test-task-name.servicenamewithslashes." + SCHEDULER_CONFIG.getAutoipTLD()), certificateNamesGenerator.getSANsHash()); }
private X509Certificate generateCertificate(final KeyPair keypair) throws Exception { val dn = new X500Name("CN=" + hostname); val notBefore = new GregorianCalendar(); val notOnOrAfter = new GregorianCalendar(); notOnOrAfter.set(GregorianCalendar.YEAR, notOnOrAfter.get(GregorianCalendar.YEAR) + certificateLifetimeInYears); val builder = new JcaX509v3CertificateBuilder( dn, new BigInteger(X509_CERT_BITS_SIZE, RandomUtils.getNativeInstance()), notBefore.getTime(), notOnOrAfter.getTime(), dn, keypair.getPublic() ); val extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keypair.getPublic())); builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(buildSubjectAltNames()))); val certHldr = builder.build(new JcaContentSignerBuilder(certificateAlgorithm).build(keypair.getPrivate())); val cert = new JcaX509CertificateConverter().getCertificate(certHldr); cert.checkValidity(new Date()); cert.verify(keypair.getPublic()); return cert; }
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException { X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle()); namebuilder.addRDN(BCStyle.CN, commonNames[0]); List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length); for (String cn:commonNames) subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn)); GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0])); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive()); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic()); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA"); ContentSigner signer = csBuilder.build(pair.getPrivate()); PKCS10CertificationRequest request = p10Builder.build(signer); return request; }
private void prepopulateWithValue(byte[] value) throws IOException { GeneralNames issuerAlternativeName = GeneralNames.getInstance(value); if (issuerAlternativeName != null) { jgnAlternativeName.setGeneralNames(issuerAlternativeName); } }
public GeneralNamesBuilder addNames(GeneralNames names) { GeneralName[] n = names.getNames(); for (int i = 0; i != n.length; i++) { this.names.addElement(n[i]); } return this; }