public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException { List<GeneralName> namesList = new ArrayList<>(); try { final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue()); namesList.add(new GeneralName(GeneralName.dNSName, cn)); } catch (Exception e) { throw new IOException("Failed to extract CN from request DN: " + requestedDn, e); } if (StringUtils.isNotBlank(domainAlternativeNames)) { for (String alternativeName : domainAlternativeNames.split(",")) { namesList.add(new GeneralName(GeneralName.dNSName, alternativeName)); } } GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[]{})); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); return extGen.generate(); }
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); csrBuilder.addAttribute( PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
/** * Add a given extension field for the standard extensions tag (tag 3) * * @param oid the OID defining the extension type. * @param isCritical true if the extension is critical, false otherwise. * @param value the ASN.1 structure that forms the extension's value. * @return this builder object. * @throws IOException IO exception */ public X509v3CertificateBuilder addExtension(ASN1ObjectIdentifier oid, boolean isCritical, ASN1Object value) throws IOException { extGenerator.addExtension(oid, isCritical, value); return this; }
@Override public X509ExtensionBuilder addExtension(String oid, boolean critical, byte[] value) throws IOException { this.extensions.addExtension(new ASN1ObjectIdentifier(oid), critical, value); return this; }
ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); genReq.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException { String principal = "CN=" + Utils.getCertificateCommonName() + ", O=" + Utils.getCertificateOrganization(); AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(Extension.keyUsage, true, keyUsage); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer); return csr; }
/** * Add an extension. * * @param oid the extension oid. * @param critical true if the extension is critical. * @param value the value of the extension. * @return this extensions builder to allow chaining. */ public X509ExtensionBuilder addExtension(ASN1ObjectIdentifier oid, boolean critical, ASN1Encodable value) { try { this.extensions.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); } catch (IOException e) { // Very unlikely throw new IllegalArgumentException("Invalid extension value, it could not be properly DER encoded."); } return this; }
private static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair) throws IOException, OperatorCreationException { String principal = "CN=company1, OU=company1, O=company1, C=GB"; AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name( principal), keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer); return csr; }
String principal = "CN=company1, OU=company1, O=company1, C=GB"; AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name( principal), pair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); csr = csrBuilder.build(signer);
/** * Add an extension with the given oid and the passed in value to be included * in the OCTET STRING associated with the extension. * * @param oid OID for the extension. * @param critical true if critical, false otherwise. * @param value the ASN.1 object to be included in the extension. */ public void addExtension( ASN1ObjectIdentifier oid, boolean critical, ASN1Encodable value) throws IOException { this.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); }
/** * Add an extension with the given oid and the passed in value to be included * in the OCTET STRING associated with the extension. * * @param oid OID for the extension. * @param critical true if critical, false otherwise. * @param value the ASN.1 object to be included in the extension. */ public void addExtension( ASN1ObjectIdentifier oid, boolean critical, ASN1Encodable value) throws IOException { this.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER)); }
extnsnGenr.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, subjectAltName); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, subjectAltName); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
public Pkcs10Csr build() { try { PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(subject.getName()), keyPair.getPublic()); ExtensionsGenerator extGen = new ExtensionsGenerator(); if (basicConstraintsExtension != null) { extGen.addExtension( Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate)); } if (!subjectAlternativeNames.isEmpty()) { GeneralNames generalNames = new GeneralNames( subjectAlternativeNames.stream() .map(SubjectAlternativeName::toGeneralName) .toArray(GeneralName[]::new)); extGen.addExtension(Extension.subjectAlternativeName, false, generalNames); } requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()) .setProvider(BouncyCastleProviderHolder.getInstance()) .build(keyPair.getPrivate()); return new Pkcs10Csr(requestBuilder.build(contentSigner)); } catch (OperatorCreationException e) { throw new RuntimeException(e); } catch (IOException e) { throw new UncheckedIOException(e); } }
@Override public X509ExtensionBuilder addExtensions(X509Extensions extensionSet) throws IOException { if (extensionSet == null) { return this; } // Optimisation if (extensionSet instanceof BcX509Extensions) { Extensions exts = ((BcX509Extensions) extensionSet).getExtensions(); @SuppressWarnings("unchecked") Enumeration<ASN1ObjectIdentifier> oids = exts.oids(); while (oids.hasMoreElements()) { ASN1ObjectIdentifier oid = oids.nextElement(); Extension ext = exts.getExtension(oid); this.extensions.addExtension(ext.getExtnId(), ext.isCritical(), ext.getParsedValue()); } } else { // Fallback for (String oid : extensionSet.getExtensionOID()) { this.extensions.addExtension(new ASN1ObjectIdentifier(oid), extensionSet.isCritical(oid), extensionSet.getExtensionValue(oid)); } } return this; }
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException { X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle()); namebuilder.addRDN(BCStyle.CN, commonNames[0]); List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length); for (String cn:commonNames) subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn)); GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0])); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive()); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic()); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA"); ContentSigner signer = csBuilder.build(pair.getPrivate()); PKCS10CertificationRequest request = p10Builder.build(signer); return request; }
.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); extensionsGenerator.addExtension( Extension.extendedKeyUsage, true, extensionsGenerator.addExtension( Extension.subjectAlternativeName, true,
rand.nextBytes(nonce); extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)); gen.setRequestExtensions(extGen.generate());
private byte[] createCSR() throws IOException, OperatorCreationException { KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair(); X500Name name = new X500NameBuilder() .addRDN(BCStyle.CN, "issuer") .build(); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension( Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); extensionsGenerator.addExtension( Extension.extendedKeyUsage, true, new ExtendedKeyUsage( new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth } )); GeneralNames subAtlNames = new GeneralNames( new GeneralName[]{ new GeneralName(GeneralName.dNSName, "test.com"), new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR), } ); extensionsGenerator.addExtension( Extension.subjectAlternativeName, true, subAtlNames); ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic()) .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); return PEMUtils.toPEM(csrBuilder.build(signer)); }