List of usage examples for org.bouncycastle.asn1.x500.style RFC4519Style INSTANCE
X500NameStyle INSTANCE
To view the source code for org.bouncycastle.asn1.x500.style RFC4519Style INSTANCE.
Click Source Link
From source file:mitm.common.security.certificate.X500PrincipalBuilder.java
License:Open Source License
/** * Builds the X500Principal with the specified elements * //from w ww.j av a 2s . c o m * Example DNs: * * CN=DOD CLASS 3 EMAIL CA-9, OU=PKI, OU=DoD, O=U.S. Government, C=US * CN=Thawte Personal Freemail Issuing CA, O=Thawte Consulting (Pty) Ltd., C=ZA * CN=Senter Certification Authority SubCA, OU=Certification Authority, O=Senter, L=Den Haag, ST=Zuid-Holland, * C=NL, EMAILADDRESS=SenterCA@Senter.nl * CN=Intel Corporation Basic Enterprise Issuing CA 1, OU=Information Technology Enterprise Business Computing, * O=Intel Corporation, L=Folsom, ST=CA, C=US, EMAILADDRESS=pki@intel.com * */ public X500Principal buildPrincipal() throws IOException { X500NameBuilder nameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE); add(RFC4519Style.c, countryCode, nameBuilder); add(RFC4519Style.st, state, nameBuilder); add(RFC4519Style.l, locality, nameBuilder); add(RFC4519Style.o, organisation, nameBuilder); add(RFC4519Style.ou, organisationalUnit, nameBuilder); add(RFC4519Style.cn, commonName, nameBuilder); add(RFC4519Style.sn, surname, nameBuilder); add(RFC4519Style.givenName, givenName, nameBuilder); add(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, email, nameBuilder); return X500PrincipalUtils.fromX500Name(nameBuilder.build()); }
From source file:org.apache.accumulo.test.util.CertUtils.java
License:Apache License
private X509CertificateObject generateCert(String keyName, KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException { Calendar startDate = Calendar.getInstance(); Calendar endDate = Calendar.getInstance(); endDate.add(Calendar.YEAR, 100); BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis())); X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE)); JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic()); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic())); certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority)); certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey)); if (isCertAuthority) { certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign)); }//w w w .j a v a2 s. co m X509CertificateHolder cert = certGen .build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey)); return new X509CertificateObject(cert.toASN1Structure()); }
From source file:org.apache.ranger.authorization.kafka.authorizer.KafkaRangerAuthorizerTest.java
License:Apache License
private static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword, String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception { // Create KeyPair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Date currentDate = new Date(); Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); // Create X509Certificate X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); X509Certificate certificate = new JcaX509CertificateConverter() .getCertificate(certBuilder.build(contentSigner)); // Store Private Key + Certificate in Keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePassword.toCharArray()); keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] { certificate }); File keystoreFile = File.createTempFile("kafkakeystore", ".jks"); keystore.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray()); // Now store the Certificate in the truststore trustStore.setCertificateEntry(keystoreAlias, certificate); return keystoreFile.getPath(); }
From source file:org.apache.ranger.authorization.kafka.authorizer.KafkaTestUtils.java
License:Apache License
public static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword, String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception { // Create KeyPair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Date currentDate = new Date(); Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); // Create X509Certificate X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); X509Certificate certificate = new JcaX509CertificateConverter() .getCertificate(certBuilder.build(contentSigner)); // Store Private Key + Certificate in Keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePassword.toCharArray()); keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] { certificate }); File keystoreFile = File.createTempFile("kafkakeystore", ".jks"); try (OutputStream output = new FileOutputStream(keystoreFile)) { keystore.store(output, keystorePassword.toCharArray()); }//from ww w . j a v a 2 s . c o m // Now store the Certificate in the truststore trustStore.setCertificateEntry(keystoreAlias, certificate); return keystoreFile.getPath(); }
From source file:org.apache.syncope.fit.core.SAML2ITCase.java
License:Apache License
private static void createKeystores() throws Exception { // Create KeyPair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Date currentDate = new Date(); Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); // Create X509Certificate String issuerName = "CN=Issuer"; String subjectName = "CN=Subject"; BigInteger serial = new BigInteger("123456"); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); X509Certificate certificate = new JcaX509CertificateConverter() .getCertificate(certBuilder.build(contentSigner)); // Store Private Key + Certificate in Keystore KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "security".toCharArray()); keystore.setKeyEntry("subject", keyPair.getPrivate(), "security".toCharArray(), new Certificate[] { certificate }); File keystoreFile = File.createTempFile("samlkeystore", ".jks"); try (OutputStream output = Files.newOutputStream(keystoreFile.toPath())) { keystore.store(output, "security".toCharArray()); }/*w w w . ja v a 2 s. com*/ keystorePath = keystoreFile.toPath(); // Now store the Certificate in the truststore KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, "security".toCharArray()); trustStore.setCertificateEntry("subject", certificate); File truststoreFile = File.createTempFile("samltruststore", ".jks"); try (OutputStream output = Files.newOutputStream(truststoreFile.toPath())) { trustStore.store(output, "security".toCharArray()); } truststorePath = truststoreFile.toPath(); }
From source file:org.codice.ddf.security.certificate.generator.PkiTools.java
License:Open Source License
/** * Create an X500 name with a single populated attribute, the "common name". An X500 name object details the * identity of a machine, person, or organization. The name object is used as the "subject" of a certificate. * SSL/TLS typically uses a subject's common name as the DNS name for a machine and this name must be correct * or SSl/TLS will not trust the machine's certificate. * <p>/*ww w.j a v a2s . com*/ * TLS can use a different set of attributes to, the Subject Alternative Names. SANs are extensions to the * X509 specification and can include IP addresses, DNS names and other machine information. This package does * not use SANs. * * @param commonName the fully qualified host name of the end entity * @return X500 name object with common name attribute set * @see <a href="https://www.ietf.org/rfc/rfc4514.txt">RFC 4514, section 'LDAP: Distinguished Names'</a> * @see <a href="https://tools.ietf.org/html/rfc4519">RFC 4519 details the exact construction of distinguished names</a> * @see <a href="https://en.wikipedia.org/wiki/SubjectAltName">Subject Alternative Names on Wikipedia'</a> */ public static X500Name makeDistinguishedName(String commonName) { Validate.isTrue(commonName != null, "Certificate common name cannot be null"); assert commonName != null; if (commonName.isEmpty()) { LOGGER.warn( "Setting certificate common name to empty string. This could result in an unusable TLS certificate."); } X500NameBuilder nameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE); //Add more nameBuilder.addRDN(....) statements to support more X500 attributes. nameBuilder.addRDN(RFC4519Style.cn, commonName); return nameBuilder.build(); }
From source file:org.codice.ddf.security.certificate.generator.PkiTools.java
License:Open Source License
public static X500Name convertDistinguishedName(String... tuples) { Validate.isTrue(tuples != null && tuples.length > 0, "Distinguished name must consist of at least one component"); assert tuples != null && tuples.length > 0; Pattern tuplePattern = Pattern.compile(".*[=].*"); Validate.isTrue(Arrays.stream(tuples).allMatch(t -> tuplePattern.matcher(t).matches()), "Distinguished name components must be in the format symbol=value"); AttributeNameChecker style = new AttributeNameChecker(); Validate.isTrue(//from ww w .j av a 2s . com Arrays.stream(tuples).map(t -> t.split("[=]")[0]).map(String::trim).allMatch(style::isValidName)); X500NameBuilder nameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE); Arrays.stream(tuples).map(t -> t.split("[=]")) .forEach(t -> nameBuilder.addRDN(style.lookupByName(t[0].trim()), t[1].trim())); return nameBuilder.build(); }
From source file:org.eclipse.milo.opcua.stack.core.util.CertificateUtil.java
License:Open Source License
/** * Generate a {@link PKCS10CertificationRequest}. * * @param keyPair the {@link KeyPair} containing Public and Private keys. * @param subjectName the subject name, in RFC 4519 style. (CN=foo,O=bar) * @param sanUri the URI to request in the SAN. * @param sanDnsNames the DNS names to request in the SAN. * @param sanIpAddresses the IP addresses to request in the SAN. * @param signatureAlgorithm the signature algorithm to use when generating the signature to validate the * certificate. * @return a {@link PKCS10CertificationRequest}. * @throws Exception if creating the signing request fails for any reason. *//*from w w w .j a v a 2 s .co m*/ public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, String subjectName, String sanUri, List<String> sanDnsNames, List<String> sanIpAddresses, String signatureAlgorithm) throws Exception { X500Name subject = new X500Name(IETFUtils.rDNsFromString(subjectName, RFC4519Style.INSTANCE)); return generateCsr(keyPair, subject, sanUri, sanDnsNames, sanIpAddresses, signatureAlgorithm); }
From source file:org.vesalainen.net.ssl.SSLT.java
License:Open Source License
@Test public void test4() throws IOException { sun.security.x509.X500Name sunName = new sun.security.x509.X500Name("CN=timo, C=FI"); org.bouncycastle.asn1.x500.X500Name bcName = new org.bouncycastle.asn1.x500.X500Name(RFC4519Style.INSTANCE, "CN=timo, C=FI"); byte[] sunEncoded = sunName.getEncoded(); byte[] bcEncoded = bcName.getEncoded(); System.err.println(HexDump.toHex(sunEncoded)); System.err.println(HexDump.toHex(bcEncoded)); //assertArrayEquals(sunEncoded, bcEncoded); // bc uses utf8string for cn sun uses printablestring for both }
From source file:org.vesalainen.security.cert.X509Generator.java
License:Open Source License
/** * Create a signed X.509 Certificate//from w w w. ja va 2 s. c o m * @param subjectDN the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param issuerDN Signers X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param pair the KeyPair * @param privkey Signers private key * @param days how many days from now the Certificate is valid for * @param signingAlgorithm the signing algorithm, e.g. "SHA1withRSA" * @return * @throws java.security.cert.CertificateException */ public X509Certificate generateCertificate(String subjectDN, String issuerDN, KeyPair pair, PrivateKey privkey, int days, String signingAlgorithm) throws CertificateException { if (privkey == null) { privkey = pair.getPrivate(); } X500Name issuer; if (issuerDN == null) { issuer = new X500Name(RFC4519Style.INSTANCE, subjectDN); } else { issuer = new X500Name(RFC4519Style.INSTANCE, issuerDN); } long now = System.currentTimeMillis(); BigInteger serial = BigInteger.probablePrime(64, new SecureRandom(Primitives.writeLong(now))); X500Name subject = new X500Name(RFC4519Style.INSTANCE, subjectDN); PublicKey publicKey = pair.getPublic(); byte[] encoded = publicKey.getEncoded(); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(encoded); X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, new Date(now - 86400000l), new Date(now + days * 86400000l), subject, subjectPublicKeyInfo); X509CertificateHolder holder = builder.build(createSigner(privkey, signingAlgorithm)); return new JcaX509CertificateConverter().getCertificate(holder); }