List of usage examples for org.bouncycastle.asn1.x500 X500Name toString
public String toString()
From source file:CA.java
License:Apache License
private static void signCertificationRequests() throws Exception { Properties p = readProperties(); ContentSigner sigGen = getContentSigner(p); Certificate rootCert = readRootCertificate(p); X500Principal issuer = getIssuer(p); long time = System.currentTimeMillis(); Date notBefore = new Date(time - 50000); long validDays = Integer.parseInt(p.getProperty("jcsi.ca.validityPeriod")); Date notAfter = new Date(time + validDays * 86400000L); /* //ww w. j a v a 2s. c om * Get certificate requests and write chains to file. */ String reqDir = p.getProperty("ca.requests", "requests"); String pattern = p.getProperty("ca.regex.pattern", "request"); File requests = new File(reqDir); if (requests.isDirectory()) { Filter filter = new Filter(pattern); File[] certRequests = requests.listFiles(filter); int l = certRequests.length; for (int i = 0; i < l; i++) { String fileName = certRequests[i].getName(); String chainName = fileName.replaceAll("request", "chain"); Reader input = new InputStreamReader(new BufferedInputStream(new FileInputStream(certRequests[i]))); PEMReader pemRead = new PEMReader(input); PKCS10CertificationRequest certReq = (PKCS10CertificationRequest) pemRead.readObject(); JcaPKCS10CertificationRequestHolder holder = new JcaPKCS10CertificationRequestHolder(certReq); PublicKey publicKey1 = holder.getPublicKey(); X500Name x500Name = holder.getSubject(); X500Principal subject1 = new X500Principal(x500Name.toString()); BigInteger ser = BigInteger.valueOf(System.currentTimeMillis()); Certificate issuedCert = build(sigGen, issuer, ser, notBefore, notAfter, subject1, publicKey1); File f = new File(reqDir + "/" + chainName); OutputStreamWriter out = new OutputStreamWriter(new BufferedOutputStream(new FileOutputStream(f))); PEMWriter pemWrt = new PEMWriter(out); pemWrt.writeObject(issuedCert); pemWrt.writeObject(rootCert); pemWrt.close(); } } }
From source file:com.predic8.membrane.core.transport.ssl.GeneratingSSLContext.java
License:Apache License
public SSLContext getSSLContextForHostname(String hostname) { try {/*from www. j a v a 2 s .c o m*/ KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(2048); KeyPair kp = kpg.generateKeyPair(); org.bouncycastle.asn1.x500.X500Name xn = new org.bouncycastle.asn1.x500.X500Name("CN=" + hostname); X509Certificate[] chain = new X509Certificate[] { sign(xn.toString(), caPublic, caPrivate, kp.getPublic()) }; KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); ks.setKeyEntry("alias", kp.getPrivate(), new char[0], chain); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, new char[0]); javax.net.ssl.SSLContext sslc = javax.net.ssl.SSLContext.getInstance("TLS"); sslc.init(kmf.getKeyManagers(), null, null); return new StaticSSLContext(sslParser, sslc); } catch (Exception e) { throw new RuntimeException(e); } }
From source file:controller.CCInstance.java
License:Open Source License
public String getCertificateProperty(X500Name x500name, String property) { String cn = ""; LdapName ldapDN = null;/*w w w . j a v a 2s . c o m*/ try { ldapDN = new LdapName(x500name.toString()); } catch (InvalidNameException ex) { java.util.logging.Logger.getLogger(MultipleValidationDialog.class.getName()).log(Level.SEVERE, null, ex); } for (Rdn rdn : ldapDN.getRdns()) { if (rdn.getType().equals(property)) { cn = rdn.getValue().toString(); } } return cn; }
From source file:de.thiemann.ssl.report.model.CertificateV3.java
License:Open Source License
@Override public Certificate processCertificateBytes() { this.jseX509Cert = null; if (cf != null) { try {/*from w w w . j a v a 2s.c o m*/ this.jseX509Cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(ec)); } catch (CertificateException e) { e.printStackTrace(); } } // certificate version this.certificateVersion = this.jseX509Cert.getVersion(); // common name X500Principal subject = this.jseX509Cert.getSubjectX500Principal(); X500Name subjectName = new X500Name(subject.getName(X500Principal.RFC2253)); this.subjectName = subjectName.toString(); // alternative names try { Collection<List<?>> alternativeNames = this.jseX509Cert.getSubjectAlternativeNames(); this.alternativeNames = transferAlternativeNames(alternativeNames); } catch (CertificateParsingException e) { e.printStackTrace(); } // not before Date notBefore = this.jseX509Cert.getNotBefore(); if (notBefore != null) this.notBefore = notBefore.getTime(); // not after Date notAfter = this.jseX509Cert.getNotAfter(); if (notAfter != null) this.notAfter = notAfter.getTime(); // public key algorithm & size PublicKey pubKey = this.jseX509Cert.getPublicKey(); if (pubKey != null) this.pubKeyInfo = transferPublicKeyInfo(pubKey.getEncoded()); // issuer X500Principal issuer = this.jseX509Cert.getIssuerX500Principal(); X500Name issuerName = new X500Name(issuer.getName(X500Principal.RFC2253)); this.issuerName = issuerName.toString(); // signature algorithm this.signatureAlgorithm = transferSignatureAlgorithm(this.jseX509Cert.getSigAlgOID()); // fingerprint this.fingerprint = CertificateUtil.computeFingerprint(this.ec); // CRL Distribution Points byte[] extension = this.jseX509Cert .getExtensionValue(ASN1CertificateExtensionsIds.CRLDistributionPoints.getOid()); this.crlDistributionPoints = transferDistributionPoints(extension); return this; }
From source file:eu.europa.ec.markt.dss.signature.xades.XAdESLevelC.java
License:Open Source License
/** * @param completeRevocationRefsDom/*from w w w.ja v a 2s .c o m*/ * @param processedRevocationTokens * @throws eu.europa.ec.markt.dss.exception.DSSException */ private void incorporateOCSPRefs(final Element completeRevocationRefsDom, final Set<RevocationToken> processedRevocationTokens) throws DSSException { if (processedRevocationTokens.isEmpty()) { return; } // ...<xades:CRLRefs/> // ...<xades:OCSPRefs> // ......<xades:OCSPRef> // .........<xades:OCSPIdentifier> // ............<xades:ResponderID> // ...............<xades:ByName>C=AA,O=DSS,CN=OCSP A</xades:ByName> // ............</xades:ResponderID> // ............<xades:ProducedAt>2013-11-25T12:33:34.000+01:00</xades:ProducedAt> // .........</xades:OCSPIdentifier> // .........<xades:DigestAlgAndValue> // ............<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> // ............<ds:DigestValue>O1uHdchN+zFzbGrBg2FP3/idD0k=</ds:DigestValue> final Element ocspRefsDom = DSSXMLUtils.addElement(documentDom, completeRevocationRefsDom, XAdESNamespaces.XAdES, "xades:OCSPRefs"); for (RevocationToken revocationToken : processedRevocationTokens) { if (revocationToken instanceof OCSPToken) { BasicOCSPResp basicOcspResp = ((OCSPToken) revocationToken).getBasicOCSPResp(); final Element ocspRefDom = DSSXMLUtils.addElement(documentDom, ocspRefsDom, XAdESNamespaces.XAdES, "xades:OCSPRef"); final Element ocspIdentifierDom = DSSXMLUtils.addElement(documentDom, ocspRefDom, XAdESNamespaces.XAdES, "xades:OCSPIdentifier"); final Element responderIDDom = DSSXMLUtils.addElement(documentDom, ocspIdentifierDom, XAdESNamespaces.XAdES, "xades:ResponderID"); final RespID responderId = basicOcspResp.getResponderId(); final ResponderID responderIdAsASN1Object = responderId.toASN1Object(); final DERTaggedObject derTaggedObject = (DERTaggedObject) responderIdAsASN1Object.toASN1Primitive(); if (2 == derTaggedObject.getTagNo()) { final ASN1OctetString keyHashOctetString = (ASN1OctetString) derTaggedObject.getObject(); final byte[] keyHashOctetStringBytes = keyHashOctetString.getOctets(); final String base65EncodedKeyHashOctetStringBytes = DSSUtils .base64Encode(keyHashOctetStringBytes); DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByKey", base65EncodedKeyHashOctetStringBytes); } else { final ASN1Primitive derObject = derTaggedObject.getObject(); final X500Name name = X500Name.getInstance(derObject); DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByName", name.toString()); } final Date producedAt = basicOcspResp.getProducedAt(); final XMLGregorianCalendar xmlGregorianCalendar = DSSXMLUtils .createXMLGregorianCalendar(producedAt); final String producedAtXmlEncoded = xmlGregorianCalendar.toXMLFormat(); DSSXMLUtils.addTextElement(documentDom, ocspIdentifierDom, XAdESNamespaces.XAdES, "xades:ProducedAt", producedAtXmlEncoded); final Element digestAlgAndValueDom = DSSXMLUtils.addElement(documentDom, ocspRefDom, XAdESNamespaces.XAdES, "xades:DigestAlgAndValue"); // TODO: to be added as field to eu.europa.ec.markt.dss.parameter.SignatureParameters. DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1; incorporateDigestMethod(digestAlgAndValueDom, digestAlgorithm); final InMemoryDocument inMemoryDocument = new InMemoryDocument(revocationToken.getEncoded()); incorporateDigestValue(digestAlgAndValueDom, digestAlgorithm, inMemoryDocument); } } }
From source file:eu.europa.ec.markt.dss.validation.X500PrincipalMatcher.java
License:Open Source License
private static String getCanonicalName(final org.bouncycastle.asn1.x500.X500Name p1) { return p1.toString(); }
From source file:eu.europa.ec.markt.dss.validation102853.X500PrincipalMatcher.java
License:Open Source License
private static String getCanonicalName(final X500Name p1) { return p1.toString(); }
From source file:eu.europa.esig.dss.xades.signature.XAdESLevelC.java
License:Open Source License
/** * @param completeRevocationRefsDom/*from w ww .ja v a 2s . c om*/ * @param processedRevocationTokens * @throws eu.europa.esig.dss.DSSException */ private void incorporateOCSPRefs(final Element completeRevocationRefsDom, final Set<RevocationToken> processedRevocationTokens) throws DSSException { if (processedRevocationTokens.isEmpty()) { return; } boolean containsOCSPToken = false; for (RevocationToken revocationToken : processedRevocationTokens) { containsOCSPToken = revocationToken instanceof OCSPToken; if (containsOCSPToken) { break; } } if (!containsOCSPToken) { return; } // ...<xades:CRLRefs/> // ...<xades:OCSPRefs> // ......<xades:OCSPRef> // .........<xades:OCSPIdentifier> // ............<xades:ResponderID> // ...............<xades:ByName>C=AA,O=DSS,CN=OCSP A</xades:ByName> // ............</xades:ResponderID> // ............<xades:ProducedAt>2013-11-25T12:33:34.000+01:00</xades:ProducedAt> // .........</xades:OCSPIdentifier> // .........<xades:DigestAlgAndValue> // ............<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> // ............<ds:DigestValue>O1uHdchN+zFzbGrBg2FP3/idD0k=</ds:DigestValue> final Element ocspRefsDom = DSSXMLUtils.addElement(documentDom, completeRevocationRefsDom, XAdESNamespaces.XAdES, "xades:OCSPRefs"); for (RevocationToken revocationToken : processedRevocationTokens) { if (revocationToken instanceof OCSPToken) { BasicOCSPResp basicOcspResp = ((OCSPToken) revocationToken).getBasicOCSPResp(); final Element ocspRefDom = DSSXMLUtils.addElement(documentDom, ocspRefsDom, XAdESNamespaces.XAdES, "xades:OCSPRef"); final Element ocspIdentifierDom = DSSXMLUtils.addElement(documentDom, ocspRefDom, XAdESNamespaces.XAdES, "xades:OCSPIdentifier"); final Element responderIDDom = DSSXMLUtils.addElement(documentDom, ocspIdentifierDom, XAdESNamespaces.XAdES, "xades:ResponderID"); final RespID responderId = basicOcspResp.getResponderId(); final ResponderID responderIdAsASN1Object = responderId.toASN1Primitive(); final DERTaggedObject derTaggedObject = (DERTaggedObject) responderIdAsASN1Object.toASN1Primitive(); if (2 == derTaggedObject.getTagNo()) { final ASN1OctetString keyHashOctetString = (ASN1OctetString) derTaggedObject.getObject(); final byte[] keyHashOctetStringBytes = keyHashOctetString.getOctets(); final String base65EncodedKeyHashOctetStringBytes = Base64 .encodeBase64String(keyHashOctetStringBytes); DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByKey", base65EncodedKeyHashOctetStringBytes); } else { final ASN1Primitive derObject = derTaggedObject.getObject(); final X500Name name = X500Name.getInstance(derObject); DSSXMLUtils.addTextElement(documentDom, responderIDDom, XAdESNamespaces.XAdES, "xades:ByName", name.toString()); } final Date producedAt = basicOcspResp.getProducedAt(); final XMLGregorianCalendar xmlGregorianCalendar = DSSXMLUtils .createXMLGregorianCalendar(producedAt); final String producedAtXmlEncoded = xmlGregorianCalendar.toXMLFormat(); DSSXMLUtils.addTextElement(documentDom, ocspIdentifierDom, XAdESNamespaces.XAdES, "xades:ProducedAt", producedAtXmlEncoded); final Element digestAlgAndValueDom = DSSXMLUtils.addElement(documentDom, ocspRefDom, XAdESNamespaces.XAdES, "xades:DigestAlgAndValue"); // TODO: to be added as field to eu.europa.esig.dss.AbstractSignatureParameters. DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1; incorporateDigestMethod(digestAlgAndValueDom, digestAlgorithm); final InMemoryDocument inMemoryDocument = new InMemoryDocument(revocationToken.getEncoded()); incorporateDigestValue(digestAlgAndValueDom, digestAlgorithm, inMemoryDocument); } } }
From source file:eu.optimis.ics.BrokerVPNCredentials.BrokerCA.java
License:Open Source License
public byte[] getSignedCertificateBytes(byte[] sentCSRBytes) { X509CertificateHolder certHolder = null; byte[] result = null; try {/*from w ww . j a v a 2 s . co m*/ PKCS10CertificationRequest certRequest = new PKCS10CertificationRequest(sentCSRBytes); PEMReader r = new PEMReader(new FileReader(caPath + "ca.crt")); X509Certificate rootCert = (X509Certificate) r.readObject(); r.close(); X500Name subject = certRequest.getSubject(); MessageDigest m = MessageDigest.getInstance("MD5"); m.update(subject.toString().getBytes(), 0, subject.toString().length()); BigInteger serial = new BigInteger(m.digest()); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)); SubjectPublicKeyInfo publicKeyInfo = certRequest.getSubjectPublicKeyInfo(); X500Name issuer = new X500Name(rootCert.getSubjectDN().toString()); X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKeyInfo); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo)); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(rootCert)); v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_ipsecEndSystem)); v3CertBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature)); ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(loadCAPrivateKey(caPath)); certHolder = v3CertBuilder.build(sigGen); result = certHolder.getEncoded(); } catch (Exception e) { e.printStackTrace(); } return result; }
From source file:eu.optimis.ics.Credentials.CertificateGenerator.java
License:Open Source License
public static X509CertificateHolder genServerCertificate(PKCS10CertificationRequest certRequest, String credPath) {//from w w w . j a v a2 s.c o m X509v3CertificateBuilder v3CertBuilder = null; ContentSigner sigGen = null; try { PEMReader r = new PEMReader(new FileReader(credPath + "ca.crt")); X509Certificate rootCert = (X509Certificate) r.readObject(); r.close(); BigInteger serial = BigInteger.ONE; Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo .getInstance(certRequest.getPublicKey().getEncoded()); X500Name issuer = new X500Name(rootCert.getSubjectDN().toString()); System.out.println(issuer.toString()); @SuppressWarnings("deprecation") X500Name subject = new X500Name(certRequest.getCertificationRequestInfo().getSubject().toString()); v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKeyInfo); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(publicKeyInfo)); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); v3CertBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(loadCAPrivateKey(credPath)); } catch (IOException ioe) { ioe.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (OperatorCreationException e) { e.printStackTrace(); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (CertificateParsingException e) { e.printStackTrace(); } return v3CertBuilder.build(sigGen); }