List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:ca.nrc.cadc.beacon.web.view.StorageItem.java
License:Open Source License
public String getOwnerCN() { if (owner == null) { return ""; } else {//from w w w.j a va2 s . co m final X500Name xName = new X500Name(owner); RDN[] cnList = xName.getRDNs(BCStyle.CN); if (cnList.length > 0) { // Parse out any part of the cn that is before a '_' String[] cnStringParts = IETFUtils.valueToString(cnList[0].getFirst().getValue()).split("_"); return cnStringParts[0]; } else { return owner; } } }
From source file:CAModulePackage.CertificateHelper.java
/** * This method generates a new X.509 Identity Certificate. * This should only really be used for generating a new certificate * for a part of this system (CA's Cert/AA's Cert). For a client, we would * have them generate and send over a Certificate Signing Request. * @param subjectKey - The soon-to-be-holder's Public Key * @param issuerKey - The singing entity's Private Key * @param issuer - Common Name of the signing entity * @param subject - Common Name of the subject (soon-to-be-holder) * @return - New X.509 Identity Certificate. * @throws OperatorCreationException // w w w .ja va 2 s .co m */ public static X509CertificateHolder generateCertificate(PublicKey subjectKey, PrivateKey issuerKey, String issuer, String subject) throws OperatorCreationException { //So I am unable to verify that the certificate is valid on my Mac, but the one's //generated by Amanda's app are also "untrusted" through terminal ssl... Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); //Chose to use the JcaBuilder because they use the public key not the PublicKeyInfo... //Although, looking at the specs, it doesn't look like the default publickeyinfo is too bad to make... //TODO: Consider switching to the normal certBuidler. JcaX509v3CertificateBuilder b = new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(subject), //I believe this field is incorrect TODO:Revise. subjectKey); X509CertificateHolder cert = b .build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerKey)); return cert; }
From source file:CAModulePackage.CertificateHelper.java
/** * Generate a new X.509 Certificate based on the input Certificate Signing * Request./* w ww. ja v a 2s . c om*/ * This is the primary method that should be used for granting a user * credentials on this system. * @param csr - Input Certificate Signing Request * @param issuer - Name of the Issuing Entity * @param issuerPriv - Private Key of the Issuing Entity. * @return X.509 Identity Certificate authenticating the user to this system */ public static X509CertificateHolder signCSR(PKCS10CertificationRequest csr, String issuer, PrivateKey issuerPriv) { Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); PublicKey pub = null; try { pub = KeyFactory.getInstance("RSA") .generatePublic(new X509EncodedKeySpec(csr.getSubjectPublicKeyInfo().getEncoded())); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, csr.getSubject(), pub); X509CertificateHolder newCert = null; try { newCert = builder.build( new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerPriv)); } catch (OperatorCreationException e) { e.printStackTrace(); } return newCert; }
From source file:cdm.api.windows.util.CertificateSigningService.java
License:Open Source License
public static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest, PrivateKey privateKey, X509Certificate caCert) throws Exception { try {//from ww w .j a va 2s . c o m X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(caCert, BigInteger.valueOf(new SecureRandom().nextInt(Integer.MAX_VALUE)), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=abimaran"), jcaRequest.getPublicKey()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey); X509Certificate theCert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateBuilder.build(signer)); LOGGER.info("Signed Certificate CN : " + theCert.getSubjectDN().getName()); LOGGER.info("Signed CSR's public key : " + theCert.getPublicKey()); return theCert; } catch (Exception e) { throw new Exception("Error in signing the certificate", e); } }
From source file:chapter9.EnvelopedMailExample.java
/** * * @param args/*from w w w . j a va 2s . c om*/ * @throws Exception */ public static void main(String[] args) throws Exception { KeyStore credentials = Utils.createCredentials(); PrivateKey key = (PrivateKey) credentials.getKey(Utils.END_ENTITY_ALIAS, Utils.KEY_PASSWD); Certificate[] chain = credentials.getCertificateChain(Utils.END_ENTITY_ALIAS); X509Certificate cert = (X509Certificate) chain[0]; //1.- Create the message we want encrypted MimeBodyPart dataPart = new MimeBodyPart(); dataPart.setText("Hello World!!"); //2.- Set up the generator SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator(); gen.addKeyTransRecipient(cert); //3.- Generate the enveloped message MimeBodyPart envPart = gen.generate(dataPart, SMIMEEnvelopedGenerator.AES256_CBC, CryptoDefs.Provider.BC.getName()); //4.- Create the mail message MimeMessage mail = Utils.createMimeMessage("example enveloped message", envPart.getContent(), envPart.getContentType()); //5.- Create the enveloped object from the mail message SMIMEEnveloped enveloped = new SMIMEEnveloped(mail); //6.- Look for our recipient identifier RecipientId recId = new KeyTransRecipientId(new X500Name(cert.getIssuerX500Principal().getName()), cert.getSerialNumber()); RecipientInformationStore recipients = enveloped.getRecipientInfos(); RecipientInformation recipient = recipients.get(recId); if (recipient != null) { //7.- Decryption step MimeBodyPart recoveredPart = SMIMEUtil .toMimeBodyPart(recipient.getContent(key, CryptoDefs.Provider.BC.getName())); //8.- Content display step System.out.print("\t Content:"); System.out.println(recoveredPart.getContent()); } else System.out.println("\t could not find a matching recipient!!"); }
From source file:chapter9.EnvelopedSignedMailExample.java
/** * * @param args/* w ww . jav a 2 s . co m*/ * @throws Exception */ public static void main(String[] args) throws Exception { KeyStore credentials = Utils.createCredentials(); PrivateKey key = (PrivateKey) credentials.getKey(Utils.END_ENTITY_ALIAS, Utils.KEY_PASSWD); Certificate[] chain = credentials.getCertificateChain(Utils.END_ENTITY_ALIAS); CertStore certsAndCRLs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(chain)), CryptoDefs.Provider.BC.getName()); X509Certificate cert = (X509Certificate) chain[0]; //1.- Create the message we want signed MimeBodyPart dataPart = new MimeBodyPart(); dataPart.setText("Hello World!!"); //2.- Create the signed message MimeMultipart signedMulti = SignedMailExample.createMultipartWithSignature(key, cert, certsAndCRLs, dataPart); //3.- Create the body part containing the signed message MimeBodyPart signedPart = new MimeBodyPart(); signedPart.setContent(signedMulti); //4.- Set up the generator SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator(); gen.addKeyTransRecipient(cert); //5.- Generate the enveloped message MimeBodyPart envPart = gen.generate(signedPart, SMIMEEnvelopedGenerator.AES256_CBC, CryptoDefs.Provider.BC.getName()); //6.- Create the mail message MimeMessage mail = Utils.createMimeMessage("example signed and enveloped message", envPart.getContent(), envPart.getContentType()); //7.- Create the enveloped object from the mail message SMIMEEnveloped enveloped = new SMIMEEnveloped(mail); //8.- Look for our recipient identifier RecipientId recId = new KeyTransRecipientId(new X500Name(cert.getIssuerX500Principal().getName()), cert.getSerialNumber()); RecipientInformationStore recipients = enveloped.getRecipientInfos(); RecipientInformation recipient = recipients.get(recId); //9.- Decryption step MimeBodyPart res = SMIMEUtil.toMimeBodyPart(recipient.getContent(key, CryptoDefs.Provider.BC.getName())); //10.- Extract the multipart from the body part if (res.getContent() instanceof MimeMultipart) { SMIMESigned signed = new SMIMESigned((MimeMultipart) res.getContent()); //11.- Verification step X509Certificate rootCert = (X509Certificate) credentials.getCertificate(Utils.ROOT_ALIAS); if (isValid(signed, rootCert)) System.out.println("\t verification succeeded!!"); else System.out.println("\t verification failed!!"); //12.- Content display step MimeBodyPart content = signed.getContent(); System.out.print("\t Content: "); System.out.println(content.getContent()); } else System.out.println("\t wrong content found!!"); }
From source file:chapter9.KeyTransEnvelopedDataExample.java
/** * * @param args/*from ww w .j av a 2 s .c o m*/ * @throws Exception */ public static void main(String[] args) throws Exception { KeyStore credentials = Utils.createCredentials(); PrivateKey key = (PrivateKey) credentials.getKey(Utils.END_ENTITY_ALIAS, Utils.KEY_PASSWD); Certificate[] chain = credentials.getCertificateChain(Utils.END_ENTITY_ALIAS); X509Certificate cert = (X509Certificate) chain[0]; //1.- Set up the generator CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); gen.addKeyTransRecipient(cert); //2.- Create the enveloped-data object CMSProcessable data = new CMSProcessableByteArray("Hello World!!".getBytes()); CMSEnvelopedData enveloped = gen.generate(data, CMSEnvelopedDataGenerator.AES128_CBC, CryptoDefs.Provider.BC.getName()); //3.- Re-create enveloped = new CMSEnvelopedData(enveloped.getEncoded()); //4.- Look for our recipient identifier RecipientId recId = new KeyTransRecipientId(new X500Name(cert.getIssuerX500Principal().getName()), cert.getSerialNumber()); recId.setSerialNumber(cert.getSerialNumber()); recId.setIssuer(cert.getIssuerX500Principal().getEncoded()); RecipientInformationStore recipients = enveloped.getRecipientInfos(); RecipientInformation recipient = recipients.get(recId); if (recipient != null) { //5.- Decrypt the data byte[] recData = recipient.getContent(key, CryptoDefs.Provider.BC.getName()); //6.- Compare recovered data to the original data if (Arrays.equals((byte[]) data.getContent(), recData)) System.out.println("\t data recovery succeeded!!"); else System.out.println("\t data recovery failed!!"); } else System.out.println("\t Could not find a matching recipient!!"); }
From source file:com.aaasec.sigserv.cscommon.EntityKeyStore.java
License:EUPL
public X509Certificate generateV1Certificate(KeyPair pair) throws OperatorCreationException, IOException, CertificateException, KeyStoreException { BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Calendar startTime = Calendar.getInstance(); startTime.setTime(new Date()); startTime.add(Calendar.HOUR, -2); Calendar expiryTime = Calendar.getInstance(); expiryTime.setTime(new Date()); expiryTime.add(Calendar.YEAR, 10); Date notBefore = startTime.getTime(); Date notAfter = expiryTime.getTime(); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();// w w w . j a va 2 s. c o m // set the CA cert as trusted root X509Certificate[] chain = new X509Certificate[] { generateCertificate }; addToKeyStore(pair, chain, ROOT); String certStr = generateCertificate.toString(); return generateCertificate; }
From source file:com.aaasec.sigserv.cssigapp.KeyStoreFactory.java
License:EUPL
public X509Certificate generateV1Certificate(String subject, char[] ksPass, KeyStore keyStore) throws OperatorCreationException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { KeyPair pair = generateKeyPair(); BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Date notBefore = new Date(System.currentTimeMillis() - 10000); Date notAfter = new Date(System.currentTimeMillis() + 10000); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();//w ww. ja va 2s .c o m // set the CA cert as trusted root X509Certificate[] chain = new X509Certificate[] { generateCertificate }; addToKeyStore(pair, chain, K_NAME, keyStore, ksPass); String certStr = generateCertificate.toString(); return generateCertificate; }
From source file:com.aaasec.sigserv.csspsupport.models.SupportModel.java
License:EUPL
public static X509Certificate generateV1Certificate(String subject, KeyPair pair, SigAlgorithms algorithm) throws OperatorCreationException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Calendar startTime = Calendar.getInstance(); startTime.setTime(new Date()); startTime.add(Calendar.HOUR, -2); Calendar expiryTime = Calendar.getInstance(); expiryTime.setTime(new Date()); expiryTime.add(Calendar.YEAR, 10); Date notBefore = startTime.getTime(); Date notAfter = expiryTime.getTime(); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder(algorithm.getDummyCertAlgo()).build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();/* w ww .j a va 2 s.c o m*/ String certStr = generateCertificate.toString(); // strb.append("Certificate:\n").append(certStr).append("\n"); return generateCertificate; }