private byte[] san() throws IOException { List<GeneralName> names = dnsNames.stream() .map(CertificateBuilder::dnsGeneralName) .collect(toList()); names.addAll(ipAddresses.stream() .map(CertificateBuilder::ipGeneralName) .collect(toList())); return names.isEmpty() ? null : new GeneralNames(names.toArray(new GeneralName[] {})).getEncoded(); }
/** * Converts a list of domain name Subject Alternative Names into ASN1Encodable GeneralNames objects, for use with * the Bouncy Castle certificate builder. * * @param subjectAlternativeNames domain name SANs to convert * @return a GeneralNames instance that includes the specifie dsubjectAlternativeNames as DNS name fields */ private static GeneralNames getDomainNameSANsAsASN1Encodable(List<String> subjectAlternativeNames) { List<GeneralName> encodedSANs = new ArrayList<>(subjectAlternativeNames.size()); for (String subjectAlternativeName : subjectAlternativeNames) { // IP addresses use the IP Address tag instead of the DNS Name tag in the SAN list boolean isIpAddress = InetAddresses.isInetAddress(subjectAlternativeName); GeneralName generalName = new GeneralName(isIpAddress ? GeneralName.iPAddress : GeneralName.dNSName, subjectAlternativeName); encodedSANs.add(generalName); } return new GeneralNames(encodedSANs.toArray(new GeneralName[encodedSANs.size()])); }
public void createSelfSignedCertificate( File certificatePath, File privateKeyPath, String hostName ) throws GeneralSecurityException, IOException, OperatorCreationException { installCleanupHook( certificatePath, privateKeyPath ); KeyPairGenerator keyGen = KeyPairGenerator.getInstance( DEFAULT_ENCRYPTION ); keyGen.initialize( 2048, random ); KeyPair keypair = keyGen.generateKeyPair(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name( "CN=" + hostName ); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger( 64, random ), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic() ); // Subject alternative name (part of SNI extension, used for hostname verification) GeneralNames subjectAlternativeName = new GeneralNames( new GeneralName( GeneralName.dNSName, hostName ) ); builder.addExtension( Extension.subjectAlternativeName, false, subjectAlternativeName ); PrivateKey privateKey = keypair.getPrivate(); ContentSigner signer = new JcaContentSignerBuilder( "SHA512WithRSAEncryption" ).build( privateKey ); X509CertificateHolder certHolder = builder.build( signer ); X509Certificate cert = new JcaX509CertificateConverter().setProvider( PROVIDER ).getCertificate( certHolder ); //check so that cert is valid cert.verify( keypair.getPublic() ); //write to disk writePem( "CERTIFICATE", cert.getEncoded(), certificatePath ); writePem( "PRIVATE KEY", privateKey.getEncoded(), privateKeyPath ); // Mark as done so we don't clean up certificates cleanupRequired = false; }
public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException { List<GeneralName> namesList = new ArrayList<>(); try { final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue()); namesList.add(new GeneralName(GeneralName.dNSName, cn)); } catch (Exception e) { throw new IOException("Failed to extract CN from request DN: " + requestedDn, e); } if (StringUtils.isNotBlank(domainAlternativeNames)) { for (String alternativeName : domainAlternativeNames.split(",")) { namesList.add(new GeneralName(GeneralName.dNSName, alternativeName)); } } GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[]{})); ExtensionsGenerator extGen = new ExtensionsGenerator(); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); return extGen.generate(); }
public CertificateBuilder sanDnsName(String hostName) throws IOException { subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, hostName)).getEncoded(); return this; }
/** * Returns subject alternative names for "localhost". * @return the subject alternative names for "localhost". */ private static GeneralNames getLocalhostSubjectAltNames() throws UnknownHostException { InetAddress[] localAddresses = InetAddress.getAllByName("localhost"); GeneralName[] generalNames = new GeneralName[localAddresses.length + 1]; for (int i = 0; i < localAddresses.length; i++) { generalNames[i] = new GeneralName(GeneralName.iPAddress, new DEROctetString(localAddresses[i].getAddress())); } generalNames[generalNames.length - 1] = new GeneralName(GeneralName.dNSName, new DERIA5String("localhost")); return new GeneralNames(generalNames); }
public CertificateBuilder sanIpAddress(InetAddress hostAddress) throws IOException { subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, new DEROctetString(hostAddress.getAddress()))).getEncoded(); return this; }
private X509Certificate[] createSelfSignedCertifcateChain(String ipAddress, String hostname) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, "NOT_LOCALHOST"); Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(notBefore); cal.add(Calendar.YEAR, 1); Date notAfter = cal.getTime(); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); List<GeneralName> generalNames = new ArrayList<>(); if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); } if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); return new X509Certificate[] { new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)) }; }
new GeneralNames(generalNames.toArray(new GeneralName[] {}))); DistributionPointName distPointOne = new DistributionPointName(new GeneralNames( new GeneralName(GeneralName.uniformResourceIdentifier,"file://" + crlPath)));
public GeneralNames build() { GeneralName[] tmp = new GeneralName[names.size()]; for (int i = 0; i != tmp.length; i++) { tmp[i] = (GeneralName)names.elementAt(i); } return new GeneralNames(tmp); } }
public void setDVCS(GeneralNames dvcs) { // RFC 3029, 9.1: The DVCS MAY modify the fields // 'dvcs', 'requester', 'dataLocations', and 'nonce' of the ReqInfo structure this.dvcs = dvcs; }
/** * Generates a new proxy tracing item from the URL. * * @param url * The URL to identify the issuer or the subject. */ public ProxyTracingExtension(String url) { name = new GeneralName(GeneralName.uniformResourceIdentifier, url); names = new GeneralNames(name); }
public void setRequester(GeneralNames requester) { // RFC 3029, 9.1: The DVCS MAY modify the fields // 'dvcs', 'requester', 'dataLocations', and 'nonce' of the ReqInfo structure this.requester = requester; }
public void setDataLocations(GeneralNames dataLocations) { // RFC 3029, 9.1: The DVCS MAY modify the fields // 'dvcs', 'requester', 'dataLocations', and 'nonce' of the ReqInfo structure this.dataLocations = dataLocations; }
ASN1EncodableVector alternativeNames = new ASN1EncodableVector(); for( String domainName : domainNames ) { alternativeNames.add( new GeneralName( GeneralName.dNSName, domainName ) ); } certGenerator.addExtension( X509Extensions.SubjectAlternativeName, false, new GeneralNames( new DERSequence( alternativeNames ) ) );
public static GeneralNames createGeneralNames(List<String> taggedValues) throws BadInputException { if (CollectionUtil.isEmpty(taggedValues)) { return null; } int len = taggedValues.size(); GeneralName[] names = new GeneralName[len]; for (int i = 0; i < len; i++) { names[i] = createGeneralName(taggedValues.get(i)); } return new GeneralNames(names); }
public static GeneralNames createGeneralNames(final List<String> taggedValues) throws BadInputException { if (CollectionUtil.isEmpty(taggedValues)) { return null; } int len = taggedValues.size(); GeneralName[] names = new GeneralName[len]; for (int i = 0; i < len; i++) { names[i] = createGeneralName(taggedValues.get(i)); } return new GeneralNames(names); }
/** * Get general names. * * @return General names */ public GeneralNames getGeneralNames() { return new GeneralNames(getGeneralNamesTableModel().getData().toArray(new GeneralName[0])); }
private static Extension createCertificateIssuerExtension(X500Name certificateIssuer) { try { GeneralNames generalNames = new GeneralNames(new GeneralName(certificateIssuer)); return new Extension(Extension.certificateIssuer, true, generalNames.getEncoded()); } catch (IOException ex) { throw new IllegalArgumentException("error encoding reason: " + ex.getMessage(), ex); } }
public IssuerSerial( GeneralNames issuer, BigInteger serial) { this(issuer, new ASN1Integer(serial)); }