private static GeneralName dnsGeneralName(String name) { return new GeneralName(GeneralName.dNSName, name); }
public void addIpAddress(String ipAddress) { sans.add(new GeneralName(GeneralName.iPAddress, ipAddress)); }
public void addDomainName(String subjectAlternativeName) { sans.add(new GeneralName(GeneralName.dNSName, subjectAlternativeName)); }
private ASN1Encodable parseGeneralName(List<?> nameEntry) { if (nameEntry == null || nameEntry.size() != 2) { throw new IllegalArgumentException(nameEntry != null ? String.valueOf(nameEntry) : "nameEntry is null"); } String tag = String.valueOf(nameEntry.get(0)); Matcher m = TAGS_PATTERN.matcher(tag); if (m.matches()) { return new GeneralName(Integer.valueOf(tag), String.valueOf(nameEntry.get(1))); } throw new IllegalArgumentException(String.valueOf(nameEntry)); } }
/** * Converts a list of domain name Subject Alternative Names into ASN1Encodable GeneralNames objects, for use with * the Bouncy Castle certificate builder. * * @param subjectAlternativeNames domain name SANs to convert * @return a GeneralNames instance that includes the specifie dsubjectAlternativeNames as DNS name fields */ private static GeneralNames getDomainNameSANsAsASN1Encodable(List<String> subjectAlternativeNames) { List<GeneralName> encodedSANs = new ArrayList<>(subjectAlternativeNames.size()); for (String subjectAlternativeName : subjectAlternativeNames) { // IP addresses use the IP Address tag instead of the DNS Name tag in the SAN list boolean isIpAddress = InetAddresses.isInetAddress(subjectAlternativeName); GeneralName generalName = new GeneralName(isIpAddress ? GeneralName.iPAddress : GeneralName.dNSName, subjectAlternativeName); encodedSANs.add(generalName); } return new GeneralNames(encodedSANs.toArray(new GeneralName[encodedSANs.size()])); }
private static GeneralName ipGeneralName(InetAddress hostAddress) { return new GeneralName(GeneralName.iPAddress, new DEROctetString(hostAddress.getAddress())); }
public CertificateBuilder sanDnsName(String hostName) throws IOException { subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, hostName)).getEncoded(); return this; }
public void createSelfSignedCertificate( File certificatePath, File privateKeyPath, String hostName ) throws GeneralSecurityException, IOException, OperatorCreationException { installCleanupHook( certificatePath, privateKeyPath ); KeyPairGenerator keyGen = KeyPairGenerator.getInstance( DEFAULT_ENCRYPTION ); keyGen.initialize( 2048, random ); KeyPair keypair = keyGen.generateKeyPair(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name( "CN=" + hostName ); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger( 64, random ), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic() ); // Subject alternative name (part of SNI extension, used for hostname verification) GeneralNames subjectAlternativeName = new GeneralNames( new GeneralName( GeneralName.dNSName, hostName ) ); builder.addExtension( Extension.subjectAlternativeName, false, subjectAlternativeName ); PrivateKey privateKey = keypair.getPrivate(); ContentSigner signer = new JcaContentSignerBuilder( "SHA512WithRSAEncryption" ).build( privateKey ); X509CertificateHolder certHolder = builder.build( signer ); X509Certificate cert = new JcaX509CertificateConverter().setProvider( PROVIDER ).getCertificate( certHolder ); //check so that cert is valid cert.verify( keypair.getPublic() ); //write to disk writePem( "CERTIFICATE", cert.getEncoded(), certificatePath ); writePem( "PRIVATE KEY", privateKey.getEncoded(), privateKeyPath ); // Mark as done so we don't clean up certificates cleanupRequired = false; }
public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException { List<GeneralName> namesList = new ArrayList<>(); try { final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue()); namesList.add(new GeneralName(GeneralName.dNSName, cn)); } catch (Exception e) { throw new IOException("Failed to extract CN from request DN: " + requestedDn, e); } if (StringUtils.isNotBlank(domainAlternativeNames)) { for (String alternativeName : domainAlternativeNames.split(",")) { namesList.add(new GeneralName(GeneralName.dNSName, alternativeName)); } } GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[]{})); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); return extGen.generate(); }
? GeneralName.iPAddress : GeneralName.dNSName; encodableAltNames[i] = new GeneralName(tag, altName);
public CertificateBuilder sanIpAddress(InetAddress hostAddress) throws IOException { subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, new DEROctetString(hostAddress.getAddress()))).getEncoded(); return this; }
subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, domain)); for (String subjectAlternativeNameDomain : subjectAlternativeNameDomains) { subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, subjectAlternativeNameDomain)); || IPAddress.isValidIPv4WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv4(subjectAlternativeNameIp)) { subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, subjectAlternativeNameIp));
/** * Returns subject alternative names for "localhost". * @return the subject alternative names for "localhost". */ private static GeneralNames getLocalhostSubjectAltNames() throws UnknownHostException { InetAddress[] localAddresses = InetAddress.getAllByName("localhost"); GeneralName[] generalNames = new GeneralName[localAddresses.length + 1]; for (int i = 0; i < localAddresses.length; i++) { generalNames[i] = new GeneralName(GeneralName.iPAddress, new DEROctetString(localAddresses[i].getAddress())); } generalNames[generalNames.length - 1] = new GeneralName(GeneralName.dNSName, new DERIA5String("localhost")); return new GeneralNames(generalNames); }
protected static GeneralNames getSubjectAlternativeNames( Set<String> sanDnsNames ) { final ASN1EncodableVector subjectAlternativeNames = new ASN1EncodableVector(); if ( sanDnsNames != null ) { for ( final String dnsNameValue : sanDnsNames ) { subjectAlternativeNames.add( new GeneralName( GeneralName.dNSName, dnsNameValue ) ); } } return GeneralNames.getInstance( new DERSequence( subjectAlternativeNames ) ); }
private X509Certificate[] createSelfSignedCertifcateChain(String ipAddress, String hostname) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, "NOT_LOCALHOST"); Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(notBefore); cal.add(Calendar.YEAR, 1); Date notAfter = cal.getTime(); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); List<GeneralName> generalNames = new ArrayList<>(); if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); } if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); return new X509Certificate[] { new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)) }; }
case 2: subjectAlternativeNames.add( new GeneralName( GeneralName.dNSName, (String) value ) ); break; case 6: subjectAlternativeNames.add( new GeneralName( GeneralName.uniformResourceIdentifier, (String) value ) ); break; default:
generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); new GeneralName(GeneralName.uniformResourceIdentifier,"file://" + crlPath))); certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort)));
private void addSAN(X509v3CertificateBuilder certBuilder, String san) throws CertIOException { ASN1Encodable[] subjectAlternativeNames = new ASN1Encodable[]{new GeneralName(GeneralName.dNSName, san)}; certBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(subjectAlternativeNames)); }
continue; subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, publicIPAddress)); continue; subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, dnsName));
public IssuerSerial( GeneralNames issuer, BigInteger serial) { this(issuer, new ASN1Integer(serial)); }