List of usage examples for org.bouncycastle.asn1.x500.style BCStyle C
ASN1ObjectIdentifier C
To view the source code for org.bouncycastle.asn1.x500.style BCStyle C.
Click Source Link
From source file:beta01.CertSigningRequest.java
private void genaretKeyPairDsa() throws Exception { String signatureAlg = "SHA1withDSA"; KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "BC"); kpg.initialize(2048);/*from w w w. j a va2s . c om*/ KeyPair kp = kpg.genKeyPair(); X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); x500NameBuilder.addRDN(BCStyle.C, "ID"); x500NameBuilder.addRDN(BCStyle.CN, "Pizaini"); //x500NameBuilder.addRDN(BCStyle.O, "Institut Pertanian Bogor"); X500Name subject = x500NameBuilder.build(); PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic()); try { PKCS10CertificationRequest request = requestBuilder .build(new JcaContentSignerBuilder(signatureAlg).setProvider("BC").build(kp.getPrivate())); //verify signature if (request.isSignatureValid( new JcaContentVerifierProviderBuilder().setProvider("BC").build(kp.getPublic()))) { System.out.println(signatureAlg + ": PKCS#10 request verified."); //CSR Output ByteArrayOutputStream baos = new ByteArrayOutputStream(); //PemWriter pemWrtb = new PemWriter(new OutputStreamWriter(baos)); JcaPEMWriter jcaPem = new JcaPEMWriter(new OutputStreamWriter(baos)); jcaPem.writeObject(request); jcaPem.close(); try { File file = new File("D:\\CSR_" + kpg.getAlgorithm() + ".p10"); FileOutputStream fos = new FileOutputStream(file); baos.close(); fos.write(baos.toByteArray()); fos.flush(); fos.close(); } catch (IOException ex) { } //store Private Key p8 try { File file = new File("D:\\PrivateKey_" + kpg.getAlgorithm() + ".p8"); FileOutputStream fos = new FileOutputStream(file); fos.write(kp.getPrivate().getEncoded()); fos.flush(); fos.close(); System.out.println("Privated key stored as " + kp.getPrivate().getFormat()); } catch (IOException ex) { } //p12 /*KeyStore pkcs12 = KeyStore.getInstance("PKCS12", "BC"); pkcs12.load(null, null); //pkcs12.setCertificateEntry("r2oot", holderRoot); pkcs12.setKeyEntry("PIZAINI_ECDSA", kp.getPrivate(), null, null); char[] password = "pass".toCharArray(); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); pkcs12.store(bOut, password); ASN1InputStream asnInput = new ASN1InputStream(bOut.toByteArray()); bOut.reset(); DEROutputStream derOut = new DEROutputStream(bOut); derOut.writeObject(asnInput.readObject()); byte[] derFormat = bOut.toByteArray(); try{ File file = new File("D:\\Pizaini_ECDSA_Private.p12"); FileOutputStream fos = new FileOutputStream(file); bOut.close(); fos.write(derFormat); fos.flush(); fos.close(); }catch(IOException ex){ }*/ } else { System.out.println(signatureAlg + ": Failed verify check."); } } catch (OperatorCreationException | PKCSException ex) { } }
From source file:ca.trustpoint.m2m.M2mTrustAnchor.java
License:Apache License
/** * Creates a new instance./*from ww w . j a v a2 s. co m*/ * * @param x509Certificate X.509 certificate to use as trust anchor. * @throws IllegalArgumentException if x509Certificate is null. */ public M2mTrustAnchor(X509Certificate x509Certificate) throws IllegalArgumentException { if (x509Certificate == null) { throw new IllegalArgumentException("x509Certificate cannot be null."); } X500Name x500Name = JcaX500NameUtil.getSubject(x509Certificate); EntityName caName = new EntityName(); int attributeCount = 0; for (RDN rdn : x500Name.getRDNs()) { AttributeTypeAndValue attr = rdn.getFirst(); EntityNameAttributeId attributeId; if (BCStyle.C.equals(attr.getType())) { attributeId = EntityNameAttributeId.Country; } else if (BCStyle.O.equals(attr.getType())) { attributeId = EntityNameAttributeId.Organization; } else if (BCStyle.OU.equals(attr.getType())) { attributeId = EntityNameAttributeId.OrganizationalUnit; } else if (BCStyle.DN_QUALIFIER.equals(attr.getType())) { attributeId = EntityNameAttributeId.DistinguishedNameQualifier; } else if (BCStyle.ST.equals(attr.getType())) { attributeId = EntityNameAttributeId.StateOrProvince; } else if (BCStyle.L.equals(attr.getType())) { attributeId = EntityNameAttributeId.Locality; } else if (BCStyle.CN.equals(attr.getType())) { attributeId = EntityNameAttributeId.CommonName; } else if (BCStyle.SN.equals(attr.getType())) { attributeId = EntityNameAttributeId.SerialNumber; } else if (BCStyle.DC.equals(attr.getType())) { attributeId = EntityNameAttributeId.DomainComponent; } else { // Unsupported attribute. continue; } caName.addAttribute(new EntityNameAttribute(attributeId, IETFUtils.valueToString(attr.getValue()))); attributeCount++; if (attributeCount == EntityName.MAXIMUM_ATTRIBUTES) { // We have reached the maximum number of attributes for an EntityName, so stop here. break; } } this.caName = caName; this.publicKey = x509Certificate.getPublicKey(); certificate = null; }
From source file:ch.ge.ve.offlineadmin.services.KeyGenerator.java
License:Open Source License
private X509v3CertificateBuilder createCertificateBuilder(KeyPair keyPair) throws PropertyConfigurationException, CertIOException { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, propertyConfigurationService.getConfigValue(CERT_COMMON_NAME_PROPERTY)); nameBuilder.addRDN(BCStyle.O, propertyConfigurationService.getConfigValue(CERT_ORGANISATION_PROPERTY)); nameBuilder.addRDN(BCStyle.OU,/*from w w w. j a v a2 s.com*/ propertyConfigurationService.getConfigValue(CERT_ORGANISATIONAL_UNIT_PROPERTY)); nameBuilder.addRDN(BCStyle.C, propertyConfigurationService.getConfigValue(CERT_COUNTRY_PROPERTY)); X500Name x500Name = nameBuilder.build(); BigInteger serial = new BigInteger(CERT_SERIAL_NUMBER_BIT_SIZE, SecureRandomFactory.createPRNG()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); Date startDate = new Date(); Date endDate = Date.from(startDate.toInstant().plus( propertyConfigurationService.getConfigValueAsInt(CERT_VALIDITY_DAYS_PROPERTY), ChronoUnit.DAYS)); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, serial, startDate, endDate, x500Name, publicKeyInfo); String certFriendlyName = propertyConfigurationService.getConfigValue(CERT_PRIVATE_FRIENDLY_NAME_PROPERTY); certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, false, new DERBMPString(certFriendlyName)); return certificateBuilder; }
From source file:com.aqnote.shared.cryptology.cert.util.X500NameUtil.java
License:Open Source License
public static X500Name createClass1EndPrincipal(String cn, String email) { X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); x500NameBuilder.addRDN(BCStyle.E, email); x500NameBuilder.addRDN(BCStyle.CN, cn); x500NameBuilder.addRDN(BCStyle.OU, DN_OU); x500NameBuilder.addRDN(BCStyle.O, DN_O); x500NameBuilder.addRDN(BCStyle.L, DN_L); x500NameBuilder.addRDN(BCStyle.ST, DN_ST); x500NameBuilder.addRDN(BCStyle.C, DN_C); return x500NameBuilder.build(); }
From source file:com.aqnote.shared.cryptology.cert.util.X500NameUtil.java
License:Open Source License
public static X500Name createClass3EndPrincipal(String cn, String email) { X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); x500NameBuilder.addRDN(BCStyle.E, email); x500NameBuilder.addRDN(BCStyle.CN, cn); x500NameBuilder.addRDN(BCStyle.OU, DN_OU); x500NameBuilder.addRDN(BCStyle.O, DN_O); x500NameBuilder.addRDN(BCStyle.L, DN_L); x500NameBuilder.addRDN(BCStyle.ST, DN_ST); x500NameBuilder.addRDN(BCStyle.C, DN_C); return x500NameBuilder.build(); }
From source file:com.aqnote.shared.cryptology.cert.util.X500NameUtil.java
License:Open Source License
public static X500Name createClass3EndPrincipal(List<String> cnList, String email) { X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); x500NameBuilder.addRDN(BCStyle.E, email); for (String cn : cnList) { x500NameBuilder.addRDN(BCStyle.CN, cn); }//from ww w .j a v a 2s. c o m x500NameBuilder.addRDN(BCStyle.OU, DN_OU); x500NameBuilder.addRDN(BCStyle.O, DN_O); x500NameBuilder.addRDN(BCStyle.L, DN_L); x500NameBuilder.addRDN(BCStyle.ST, DN_ST); x500NameBuilder.addRDN(BCStyle.C, DN_C); return x500NameBuilder.build(); }
From source file:com.motorolamobility.studio.android.certmanager.core.KeyStoreUtils.java
License:Apache License
/** * Create a new X509 certificate for a given KeyPair * @param keyPair the {@link KeyPair} used to create the certificate, * RSAPublicKey and RSAPrivateKey are mandatory on keyPair, IllegalArgumentExeption will be thrown otherwise. * @param issuerName The issuer name to be used on the certificate * @param ownerName The owner name to be used on the certificate * @param expireDate The expire date// ww w . j ava 2 s .com * @return The {@link X509Certificate} * @throws IOException * @throws OperatorCreationException * @throws CertificateException */ public static X509Certificate createX509Certificate(KeyPair keyPair, CertificateDetailsInfo certDetails) throws IOException, OperatorCreationException, CertificateException { PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); if (!(publicKey instanceof RSAPublicKey) || !(privateKey instanceof RSAPrivateKey)) { throw new IllegalArgumentException(CertificateManagerNLS.KeyStoreUtils_RSA_Keys_Expected); } RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey; RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) privateKey; //Transform the PublicKey into the BouncyCastle expected format ASN1InputStream asn1InputStream = null; X509Certificate x509Certificate = null; try { asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(rsaPublicKey.getEncoded())); SubjectPublicKeyInfo pubKey = new SubjectPublicKeyInfo((ASN1Sequence) asn1InputStream.readObject()); X500NameBuilder nameBuilder = new X500NameBuilder(new BCStrictStyle()); addField(BCStyle.C, certDetails.getCountry(), nameBuilder); addField(BCStyle.ST, certDetails.getState(), nameBuilder); addField(BCStyle.L, certDetails.getLocality(), nameBuilder); addField(BCStyle.O, certDetails.getOrganization(), nameBuilder); addField(BCStyle.OU, certDetails.getOrganizationUnit(), nameBuilder); addField(BCStyle.CN, certDetails.getCommonName(), nameBuilder); X500Name subjectName = nameBuilder.build(); X500Name issuerName = subjectName; X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerName, BigInteger.valueOf(new SecureRandom().nextInt()), GregorianCalendar.getInstance().getTime(), certDetails.getExpirationDate(), subjectName, pubKey); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"); //$NON-NLS-1$ AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); BcContentSignerBuilder sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId); //Create RSAKeyParameters, the private key format expected by Bouncy Castle RSAKeyParameters keyParams = new RSAKeyParameters(true, rsaPrivateKey.getPrivateExponent(), rsaPrivateKey.getModulus()); ContentSigner contentSigner = sigGen.build(keyParams); X509CertificateHolder certificateHolder = certBuilder.build(contentSigner); //Convert the X509Certificate from BouncyCastle format to the java.security format JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter(); x509Certificate = certConverter.getCertificate(certificateHolder); } finally { if (asn1InputStream != null) { try { asn1InputStream.close(); } catch (IOException e) { StudioLogger.error("Could not close stream while creating X509 certificate. " + e.getMessage()); } } } return x509Certificate; }
From source file:com.motorolamobility.studio.android.certmanager.ui.dialogs.CertificateInfoDialog.java
License:Apache License
@Override protected Control createDialogArea(Composite parent) { Composite newComposite = (Composite) super.createDialogArea(parent); X509Certificate cert = null;// ww w . j a va 2 s . c o m try { cert = entry.getX509Certificate(); if (cert != null) { X500Name x500name = new JcaX509CertificateHolder(cert).getSubject(); RDN commonName = x500name.getRDNs(BCStyle.CN).length >= 1 ? x500name.getRDNs(BCStyle.CN)[0] : null; RDN organization = x500name.getRDNs(BCStyle.O).length >= 1 ? x500name.getRDNs(BCStyle.O)[0] : null; RDN organizationUnit = x500name.getRDNs(BCStyle.OU).length >= 1 ? x500name.getRDNs(BCStyle.OU)[0] : null; RDN country = x500name.getRDNs(BCStyle.C).length >= 1 ? x500name.getRDNs(BCStyle.C)[0] : null; RDN state = x500name.getRDNs(BCStyle.ST).length >= 1 ? x500name.getRDNs(BCStyle.ST)[0] : null; RDN locality = x500name.getRDNs(BCStyle.L).length >= 1 ? x500name.getRDNs(BCStyle.L)[0] : null; block.createInfoBlock(newComposite, entry.getAlias(), printCertInfo(commonName), printCertInfo(organization), printCertInfo(organizationUnit), printCertInfo(country), printCertInfo(state), printCertInfo(locality), cert.getNotAfter(), cert.getNotBefore()); } else { //not found Android certificate expected (X509Certificate) EclipseUtils.showErrorDialog( CertificateManagerNLS.CertificateInfoDialog_UnknownCertificateKeypairType, CertificateManagerNLS.CertificatePropertiesHandler_ErrorGettingCertificateOrKeypairProperties); } } catch (Exception e) { EclipseUtils.showErrorDialog( CertificateManagerNLS.CertificatePropertiesHandler_ErrorGettingCertificateOrKeypairProperties, e.getMessage()); StudioLogger.error(CertificateInfoDialog.class, CertificateManagerNLS.CertificatePropertiesHandler_ErrorGettingCertificateOrKeypairProperties, e); } return newComposite; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createMasterCert(KeystoreConfig.Entry en, Keys keys) throws Exception { String label = en.getLabel() + "_CA"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);/*from w w w . ja v a2 s .co m*/ ContentSigner signer = new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV) .build(keys.caPrivate); X509CertificateHolder holder = new JcaX509v3CertificateBuilder(subject.build(), BigInteger.valueOf(1), en.getValidFrom(), en.getValidTo(), subject.build(), keys.caPublic).build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(keys.caPublic); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); return cert; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createIntermediateCert(KeystoreConfig.Entry en, Keys keys, X509Certificate caCert) throws Exception { String label = en.getLabel() + "_INTERMEDIATE"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);/*from w ww . j a va 2 s. c o m*/ X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(caCert, BigInteger.valueOf(2), en.getValidFrom(), en.getValidTo(), subject.build(), keys.intPublic); JcaX509ExtensionUtils eu = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, eu.createSubjectKeyIdentifier(keys.intPublic)); builder.addExtension(Extension.authorityKeyIdentifier, false, eu.createAuthorityKeyIdentifier(caCert)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); X509CertificateHolder holder = builder .build(new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV).build(keys.caPrivate)); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(caCert.getPublicKey()); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); return cert; }