diff options
Diffstat (limited to 'vespajlib/src/main/java/com/yahoo/security/Pkcs10CsrBuilder.java')
-rw-r--r-- | vespajlib/src/main/java/com/yahoo/security/Pkcs10CsrBuilder.java | 106 |
1 files changed, 0 insertions, 106 deletions
diff --git a/vespajlib/src/main/java/com/yahoo/security/Pkcs10CsrBuilder.java b/vespajlib/src/main/java/com/yahoo/security/Pkcs10CsrBuilder.java deleted file mode 100644 index 0fe6117ef2f..00000000000 --- a/vespajlib/src/main/java/com/yahoo/security/Pkcs10CsrBuilder.java +++ /dev/null @@ -1,106 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.ExtensionsGenerator; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; -import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; - -import javax.security.auth.x500.X500Principal; -import java.io.IOException; -import java.io.UncheckedIOException; -import java.security.KeyPair; -import java.util.ArrayList; -import java.util.List; - -import static com.yahoo.security.SubjectAlternativeName.Type.DNS_NAME; - -/** - * @author bjorncs - */ -public class Pkcs10CsrBuilder { - - private final X500Principal subject; - private final KeyPair keyPair; - private final List<SubjectAlternativeName> subjectAlternativeNames = new ArrayList<>(); - private final SignatureAlgorithm signatureAlgorithm; - private BasicConstraintsExtension basicConstraintsExtension; - - private Pkcs10CsrBuilder(X500Principal subject, - KeyPair keyPair, - SignatureAlgorithm signatureAlgorithm) { - this.subject = subject; - this.keyPair = keyPair; - this.signatureAlgorithm = signatureAlgorithm; - } - - public static Pkcs10CsrBuilder fromKeypair(X500Principal subject, - KeyPair keyPair, - SignatureAlgorithm signatureAlgorithm) { - return new Pkcs10CsrBuilder(subject, keyPair, signatureAlgorithm); - } - - public Pkcs10CsrBuilder addSubjectAlternativeName(String dns) { - this.subjectAlternativeNames.add(new SubjectAlternativeName(DNS_NAME, dns)); - return this; - } - - public Pkcs10CsrBuilder addSubjectAlternativeName(SubjectAlternativeName san) { - this.subjectAlternativeNames.add(san); - return this; - } - - public Pkcs10CsrBuilder addSubjectAlternativeName(SubjectAlternativeName.Type type, String value) { - this.subjectAlternativeNames.add(new SubjectAlternativeName(type, value)); - return this; - } - - public Pkcs10CsrBuilder setBasicConstraints(boolean isCritical, boolean isCertAuthorityCertificate) { - this.basicConstraintsExtension = new BasicConstraintsExtension(isCritical, isCertAuthorityCertificate); - return this; - } - - public Pkcs10CsrBuilder setIsCertAuthority(boolean isCertAuthority) { - return setBasicConstraints(true, isCertAuthority); - } - - public Pkcs10Csr build() { - try { - PKCS10CertificationRequestBuilder requestBuilder = - new JcaPKCS10CertificationRequestBuilder(new X500Name(subject.getName()), keyPair.getPublic()); - ExtensionsGenerator extGen = new ExtensionsGenerator(); - if (basicConstraintsExtension != null) { - extGen.addExtension( - Extension.basicConstraints, - basicConstraintsExtension.isCritical, - new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate)); - } - if (!subjectAlternativeNames.isEmpty()) { - GeneralNames generalNames = new GeneralNames( - subjectAlternativeNames.stream() - .map(SubjectAlternativeName::toGeneralName) - .toArray(GeneralName[]::new)); - extGen.addExtension(Extension.subjectAlternativeName, false, generalNames); - } - requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); - ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()) - .setProvider(BouncyCastleProviderHolder.getInstance()) - .build(keyPair.getPrivate()); - return new Pkcs10Csr(requestBuilder.build(contentSigner)); - } catch (OperatorCreationException e) { - throw new RuntimeException(e); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - - } - -} |