Java Code Examples for org.bouncycastle.asn1.x509.Extensions#getInstance()
The following examples show how to use
org.bouncycastle.asn1.x509.Extensions#getInstance() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TlsHelperTest.java From localization_nifi with Apache License 2.0 | 6 votes |
private List<String> extractSanFromCsr(JcaPKCS10CertificationRequest csr) { List<String> sans = new ArrayList<>(); Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); GeneralName[] names = gns.getNames(); for (GeneralName name : names) { logger.info("Type: " + name.getTagNo() + " | Name: " + name.getName()); String title = ""; if (name.getTagNo() == GeneralName.dNSName) { title = "DNS"; } else if (name.getTagNo() == GeneralName.iPAddress) { title = "IP Address"; // name.toASN1Primitive(); } else if (name.getTagNo() == GeneralName.otherName) { title = "Other Name"; } sans.add(title + ": " + name.getName()); } } } return sans; }
Example 2
Source File: CertificateUtils.java From localization_nifi with Apache License 2.0 | 6 votes |
/** * Extract extensions from CSR object */ public static Extensions getExtensionsFromCSR(JcaPKCS10CertificationRequest csr) { Attribute[] attributess = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributess) { ASN1Set attValue = attribute.getAttrValues(); if (attValue != null) { ASN1Encodable extension = attValue.getObjectAt(0); if (extension instanceof Extensions) { return (Extensions) extension; } else if (extension instanceof DERSequence) { return Extensions.getInstance(extension); } } } return null; }
Example 3
Source File: CertificateUtils.java From nifi-registry with Apache License 2.0 | 6 votes |
/** * Extract extensions from CSR object */ public static Extensions getExtensionsFromCSR(JcaPKCS10CertificationRequest csr) { Attribute[] attributess = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributess) { ASN1Set attValue = attribute.getAttrValues(); if (attValue != null) { ASN1Encodable extension = attValue.getObjectAt(0); if (extension instanceof Extensions) { return (Extensions) extension; } else if (extension instanceof DERSequence) { return Extensions.getInstance(extension); } } } return null; }
Example 4
Source File: Crypto.java From athenz with Apache License 2.0 | 6 votes |
public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest certReq) { List<String> ipAddresses = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); ///CLOVER:OFF if (gns == null) { continue; } ///CLOVER:ON for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.iPAddress) { try { InetAddress addr = InetAddress.getByAddress(((DEROctetString) name.getName()).getOctets()); ipAddresses.add(addr.getHostAddress()); } catch (UnknownHostException ignored) { } } } } } return ipAddresses; }
Example 5
Source File: TlsHelperTest.java From nifi with Apache License 2.0 | 6 votes |
private List<String> extractSanFromCsr(JcaPKCS10CertificationRequest csr) { List<String> sans = new ArrayList<>(); Attribute[] certAttributes = csr.getAttributes(); for (Attribute attribute : certAttributes) { if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); GeneralName[] names = gns.getNames(); for (GeneralName name : names) { logger.info("Type: " + name.getTagNo() + " | Name: " + name.getName()); String title = ""; if (name.getTagNo() == GeneralName.dNSName) { title = "DNS"; } else if (name.getTagNo() == GeneralName.iPAddress) { title = "IP Address"; // name.toASN1Primitive(); } else if (name.getTagNo() == GeneralName.otherName) { title = "Other Name"; } sans.add(title + ": " + name.getName()); } } } return sans; }
Example 6
Source File: CertificateUtils.java From nifi with Apache License 2.0 | 6 votes |
/** * Extract extensions from CSR object */ public static Extensions getExtensionsFromCSR(JcaPKCS10CertificationRequest csr) { Attribute[] attributess = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributess) { ASN1Set attValue = attribute.getAttrValues(); if (attValue != null) { ASN1Encodable extension = attValue.getObjectAt(0); if (extension instanceof Extensions) { return (Extensions) extension; } else if (extension instanceof DERSequence) { return Extensions.getInstance(extension); } } } return null; }
Example 7
Source File: BaseApprover.java From hadoop-ozone with Apache License 2.0 | 5 votes |
/** * Returns a list of Extensions encoded in a given attribute. * * @param attribute - Attribute to decode. * @return - List of Extensions. */ List<Extensions> getExtensionsList(Attribute attribute) { Objects.requireNonNull(attribute); List<Extensions> extensionsList = new ArrayList<>(); for (ASN1Encodable value : attribute.getAttributeValues()) { if(value != null) { Extensions extensions = Extensions.getInstance(value); extensionsList.add(extensions); } } return extensionsList; }
Example 8
Source File: SecurityUtil.java From hadoop-ozone with Apache License 2.0 | 5 votes |
public static Extensions getPkcs9Extensions(PKCS10CertificationRequest csr) throws CertificateException { ASN1Set pkcs9ExtReq = getPkcs9ExtRequest(csr); Object extReqElement = pkcs9ExtReq.getObjects().nextElement(); if (extReqElement instanceof Extensions) { return (Extensions) extReqElement; } else { if (extReqElement instanceof ASN1Sequence) { return Extensions.getInstance((ASN1Sequence) extReqElement); } else { throw new CertificateException("Unknown element type :" + extReqElement .getClass().getSimpleName()); } } }
Example 9
Source File: Crypto.java From athenz with Apache License 2.0 | 5 votes |
private static List<String> extractX509CSRSANField(PKCS10CertificationRequest certReq, int tagNo) { List<String> values = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); ///CLOVER:OFF if (gns == null) { continue; } ///CLOVER:ON for (GeneralName name : gns.getNames()) { // GeneralName ::= CHOICE { // otherName [0] OtherName, // rfc822Name [1] IA5String, // dNSName [2] IA5String, // x400Address [3] ORAddress, // directoryName [4] Name, // ediPartyName [5] EDIPartyName, // uniformResourceIdentifier [6] IA5String, // iPAddress [7] OCTET STRING, // registeredID [8] OBJECT IDENTIFIER} if (name.getTagNo() == tagNo) { values.add(((DERIA5String) name.getName()).getString()); } } } } return values; }
Example 10
Source File: CaUtil.java From xipki with Apache License 2.0 | 5 votes |
public static Extensions getExtensions(CertificationRequestInfo csr) { Args.notNull(csr, "csr"); ASN1Set attrs = csr.getAttributes(); for (int i = 0; i < attrs.size(); i++) { Attribute attr = Attribute.getInstance(attrs.getObjectAt(i)); if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attr.getAttrType())) { return Extensions.getInstance(attr.getAttributeValues()[0]); } } return null; }
Example 11
Source File: RootCAProvider.java From cloudstack with Apache License 2.0 | 4 votes |
private Certificate generateCertificateUsingCsr(final String csr, final List<String> names, final List<String> ips, final int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, CertificateException, SignatureException, IOException, OperatorCreationException { final List<String> dnsNames = new ArrayList<>(); final List<String> ipAddresses = new ArrayList<>(); if (names != null) { dnsNames.addAll(names); } if (ips != null) { ipAddresses.addAll(ips); } PemObject pemObject = null; try { final PemReader pemReader = new PemReader(new StringReader(csr)); pemObject = pemReader.readPemObject(); } catch (IOException e) { LOG.error("Failed to read provided CSR string as a PEM object", e); } if (pemObject == null) { throw new CloudRuntimeException("Unable to read/process CSR: " + csr); } final JcaPKCS10CertificationRequest request = new JcaPKCS10CertificationRequest(pemObject.getContent()); final String subject = request.getSubject().toString(); for (final Attribute attribute : request.getAttributes()) { if (attribute == null) { continue; } if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { final Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); final GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); if (gns != null && gns.getNames() != null && gns.getNames().length > 0) { for (final GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.dNSName) { dnsNames.add(name.getName().toString()); } if (name.getTagNo() == GeneralName.iPAddress) { final InetAddress address = InetAddress.getByAddress(DatatypeConverter.parseHexBinary(name.getName().toString().substring(1))); ipAddresses.add(address.toString().replace("/", "")); } } } } } final X509Certificate clientCertificate = CertUtils.generateV3Certificate( caCertificate, caKeyPair, request.getPublicKey(), subject, CAManager.CertSignatureAlgorithm.value(), validityDays, dnsNames, ipAddresses); return new Certificate(clientCertificate, null, Collections.singletonList(caCertificate)); }