Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth }));
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
ExtendedKeyUsage keyUsage() { KeyPurposeId[] kpid = new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth}; if (this.ordinal() == 1) { kpid[0] = KeyPurposeId.id_kp_serverAuth; } return new ExtendedKeyUsage(kpid); } }
ExtendedKeyUsage keyUsage() { KeyPurposeId[] kpid = new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth}; if (this.ordinal() == 1) { kpid[0] = KeyPurposeId.id_kp_serverAuth; } return new ExtendedKeyUsage(kpid); } }
@Override public ExtendedKeyUsage buildExtendedKeyUsage( Set<org.qipki.crypto.x509.ExtendedKeyUsage> extendedKeyUsages ) { return new ExtendedKeyUsage( org.qipki.crypto.x509.ExtendedKeyUsage.usage( extendedKeyUsages ) ); }
private static ExtendedKeyUsage listToExtendedKeyUsage(List<String> oidList) { List<KeyPurposeId> usages = new ArrayList<KeyPurposeId>(); for (String oid : oidList) { usages.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(oid))); } return new ExtendedKeyUsage(usages.toArray(new KeyPurposeId[usages.size()])); }
private static ExtendedKeyUsage listToExtendedKeyUsage(List<String> oidList) { List<KeyPurposeId> usages = new ArrayList<KeyPurposeId>(); for (String oid : oidList) { usages.add(KeyPurposeId.getInstance(new ASN1ObjectIdentifier(oid))); } return new ExtendedKeyUsage(usages.toArray(new KeyPurposeId[usages.size()])); }
/** * Return an ExtendedKeyUsage from the passed in object. * * @param obj an ExtendedKeyUsage, some form or encoding of one, or null. * @return an ExtendedKeyUsage object, or null if null is passed in. */ public static ExtendedKeyUsage getInstance( Object obj) { if (obj instanceof ExtendedKeyUsage) { return (ExtendedKeyUsage)obj; } else if (obj != null) { return new ExtendedKeyUsage(ASN1Sequence.getInstance(obj)); } return null; }
/** * Return an ExtendedKeyUsage from the passed in object. * * @param obj an ExtendedKeyUsage, some form or encoding of one, or null. * @return an ExtendedKeyUsage object, or null if null is passed in. */ public static ExtendedKeyUsage getInstance( Object obj) { if (obj instanceof ExtendedKeyUsage) { return (ExtendedKeyUsage)obj; } else if (obj != null) { return new ExtendedKeyUsage(ASN1Sequence.getInstance(obj)); } return null; }
/** * Convert a set of extended key usages to Bouncy Castle extended key usage. * * @param usages the set of authorized usages. * @return a bit mask */ public static ExtendedKeyUsage getExtendedKeyUsage(Set<String> usages) { KeyPurposeId[] keyUsages = new KeyPurposeId[usages.size()]; int i = 0; for (String usage : usages) { keyUsages[i++] = KeyPurposeId.getInstance(new ASN1ObjectIdentifier(usage)); } return new ExtendedKeyUsage(keyUsages); } }
public static ExtendedKeyUsage createExtendedUsage(Collection<ASN1ObjectIdentifier> usages) { if (CollectionUtil.isEmpty(usages)) { return null; } List<ASN1ObjectIdentifier> list = new ArrayList<>(usages); List<ASN1ObjectIdentifier> sortedUsages = sortOidList(list); KeyPurposeId[] kps = new KeyPurposeId[sortedUsages.size()]; int idx = 0; for (ASN1ObjectIdentifier oid : sortedUsages) { kps[idx++] = KeyPurposeId.getInstance(oid); } return new ExtendedKeyUsage(kps); }
public static ExtendedKeyUsage createExtendedUsage( final Collection<ASN1ObjectIdentifier> usages) { if (CollectionUtil.isEmpty(usages)) { return null; } List<ASN1ObjectIdentifier> list = new ArrayList<>(usages); List<ASN1ObjectIdentifier> sortedUsages = sortOidList(list); KeyPurposeId[] kps = new KeyPurposeId[sortedUsages.size()]; int idx = 0; for (ASN1ObjectIdentifier oid : sortedUsages) { kps[idx++] = KeyPurposeId.getInstance(oid); } return new ExtendedKeyUsage(kps); }
private static List<ExtensionHolder> getClientExtensions() { List<ExtensionHolder> extensions = new ArrayList<>(); extensions.add(new ExtensionHolder(Extension.basicConstraints, true, new BasicConstraints(false))); extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth))); return extensions; }
public X509Certificate createSelfSignedCertificate(KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, CertIOException, OperatorCreationException, CertificateException { long serial = System.currentTimeMillis(); SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); X500Name name = new X500Name(createX500NameString()); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(name, BigInteger.valueOf(serial), new Date(System.currentTimeMillis() - 1000000000), new Date(System.currentTimeMillis() + 1000000000), name, keyInfo ); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA"); ContentSigner signer = csBuilder.build(keyPair.getPrivate()); X509CertificateHolder certHolder = certBuilder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder); return cert; } }
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate) throws CertificateEncodingException, NoSuchAlgorithmException, IOException { List<ExtensionHolder> extensions = new ArrayList<>(); // SSO forces us to allow data encipherment extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth))); Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false, new DEROctetString(new JcaX509ExtensionUtils() .createAuthorityKeyIdentifier(issuerCertificate))); extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(), authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue())); return extensions; }
private void addExtKeyUsage(X509ExtensionSet extensionSet, String ekuOid) throws IOException { ExtendedKeyUsage eku = new ExtendedKeyUsage( new KeyPurposeId[] { KeyPurposeId.getInstance(new ASN1ObjectIdentifier(ekuOid)) }); byte[] ekuEncoded = wrapInOctetString(eku.getEncoded()); extensionSet.addExtension(X509ExtensionType.EXTENDED_KEY_USAGE.oid(), false, ekuEncoded); }
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
private X509Certificate generateX509V3Certificate(final KeyPair keyPair, final X500Principal subject, final X500Principal issuer, final Date notBefore, final Date notAfter, final BigInteger serialNumber, final GeneralNames generalNames, final boolean isCA) throws GeneralSecurityException { Security.addProvider(new BouncyCastleProvider()); X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); generator.setSerialNumber(serialNumber); generator.setIssuerDN(issuer); generator.setSubjectDN(subject); generator.setNotBefore(notBefore); generator.setNotAfter(notAfter); generator.setPublicKey(keyPair.getPublic()); generator.setSignatureAlgorithm("SHA256WithRSAEncryption"); generator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(isCA)); generator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(160)); generator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); if (generalNames != null) { generator.addExtension(X509Extensions.SubjectAlternativeName, false, generalNames); } return generator.generateX509Certificate(keyPair.getPrivate(), "BC"); }
private byte[] createCSR() throws IOException, OperatorCreationException { KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair(); X500Name name = new X500NameBuilder() .addRDN(BCStyle.CN, "issuer") .build(); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension( Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); extensionsGenerator.addExtension( Extension.extendedKeyUsage, true, new ExtendedKeyUsage( new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth } )); GeneralNames subAtlNames = new GeneralNames( new GeneralName[]{ new GeneralName(GeneralName.dNSName, "test.com"), new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR), } ); extensionsGenerator.addExtension( Extension.subjectAlternativeName, true, subAtlNames); ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic()) .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); return PEMUtils.toPEM(csrBuilder.build(signer)); }