Example usage for org.bouncycastle.asn1.x500 X500Name X500Name

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x500 X500Name X500Name.

Prototype

public X500Name(String dirName) 

Source Link

Usage

From source file:eu.optimis.ics.BrokerVPNCredentials.BrokerCA.java

License:Open Source License

public byte[] getSignedCertificateBytes(byte[] sentCSRBytes) {
    X509CertificateHolder certHolder = null;
    byte[] result = null;

    try {//w  w w  .j  a  va 2 s  .  c om
        PKCS10CertificationRequest certRequest = new PKCS10CertificationRequest(sentCSRBytes);
        PEMReader r = new PEMReader(new FileReader(caPath + "ca.crt"));
        X509Certificate rootCert = (X509Certificate) r.readObject();
        r.close();

        X500Name subject = certRequest.getSubject();

        MessageDigest m = MessageDigest.getInstance("MD5");
        m.update(subject.toString().getBytes(), 0, subject.toString().length());

        BigInteger serial = new BigInteger(m.digest());

        Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30);
        Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365));

        SubjectPublicKeyInfo publicKeyInfo = certRequest.getSubjectPublicKeyInfo();

        X500Name issuer = new X500Name(rootCert.getSubjectDN().toString());

        X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore,
                notAfter, subject, publicKeyInfo);

        v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false,
                new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo));
        v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false,
                new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(rootCert));
        v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
        v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false,
                new ExtendedKeyUsage(KeyPurposeId.id_kp_ipsecEndSystem));
        v3CertBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature));

        ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC")
                .build(loadCAPrivateKey(caPath));
        certHolder = v3CertBuilder.build(sigGen);
        result = certHolder.getEncoded();
    } catch (Exception e) {
        e.printStackTrace();
    }
    return result;
}

---

From source file:eu.optimis.ics.BrokerVPNCredentials.CACredentials.java

License:Open Source License

public X509CertificateHolder genCACertificate(KeyPair CAKP) throws CertIOException, NoSuchAlgorithmException {
    BigInteger serial = BigInteger.valueOf(42);

    Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30);
    Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365));

    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(CAKP.getPublic().getEncoded());

    // Same issuer and subject for the self-signed CA certificate
    X500Name issuer = new X500Name(
            "C=UK, ST=Suffolk, L=Ipswich, O=BT, OU=R&T, CN=CloudShadow, Name=Ali, emailAddress=ali.sajjad@bt.com");
    X500Name subject = new X500Name(
            "C=UK, ST=Suffolk, L=Ipswich, O=BT, OU=R&T, CN=CloudShadow, Name=Ali, emailAddress=ali.sajjad@bt.com");

    X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter,
            subject, publicKeyInfo);//from w w  w  .  j a v a  2  s .  c o  m

    GeneralNames gNames = new GeneralNames(new GeneralName(issuer));
    v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false,
            new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo));
    v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false,
            new AuthorityKeyIdentifier(publicKeyInfo, gNames, serial));
    v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));

    ContentSigner sigGen = null;

    try {
        sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(CAKP.getPrivate());
    } catch (OperatorCreationException e) {
        e.printStackTrace();
    }
    return v3CertBuilder.build(sigGen);
}

---

From source file:eu.optimis.ics.BrokerVPNCredentials.PeerCredManager.java

License:Open Source License

public PKCS10CertificationRequest genCertificationRequest(KeyPair peerKP) {

    X500Name name = new X500Name("CN=" + peerName + ", OU=ARSES, O=ARSES, L=Madrid, C=ES");
    SubjectPublicKeyInfo publicKeyInfo = null;
    PKCS10CertificationRequest certRequest = null;
    ContentSigner sigGen = null;/* www .j  av  a2s  . c  om*/

    try {
        publicKeyInfo = new SubjectPublicKeyInfo(
                (ASN1Sequence) ASN1ObjectIdentifier.fromByteArray(peerKP.getPublic().getEncoded()));
    } catch (IOException e1) {
        e1.printStackTrace();
    }

    PKCS10CertificationRequestBuilder pb = new PKCS10CertificationRequestBuilder(name, publicKeyInfo);

    try {
        sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(peerKP.getPrivate());

    } catch (OperatorCreationException e) {
        e.printStackTrace();
    }

    certRequest = pb.build(sigGen);
    return certRequest;
}

---

From source file:eu.optimis.ics.BrokerVPNCredentials.PeerCredManagerTest.java

License:Open Source License

@Test
public void testGenCertificationRequest() {
    assertNotNull("Certificate request is NULL", certReq);
    X500Name name = new X500Name("CN=" + pcm.peerName + ", OU=ARSES, O=ARSES, L=Madrid, C=ES");
    assertEquals("CSR Subject is not same", name, certReq.getSubject());
}

---

From source file:eu.optimis.ics.Credentials.CACredentials.java

License:Open Source License

protected X509CertificateHolder genCACertificate(KeyPair CAKP) {
    BigInteger serial = BigInteger.valueOf(new SecureRandom().nextLong()).abs();

    Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30);
    Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365));

    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(CAKP.getPublic().getEncoded());

    // Same issuer and subject for the self-signed CA certificate
    X500Name issuer = new X500Name(
            "C=UK, ST=Suffolk, L=Ipswich, O=BT, OU=R&T, CN=CloudShadow, Name=Ali, emailAddress=ali.sajjad@bt.com");
    X500Name subject = new X500Name(
            "C=UK, ST=Suffolk, L=Ipswich, O=BT, OU=R&T, CN=CloudShadow, Name=Ali, emailAddress=ali.sajjad@bt.com");

    X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter,
            subject, publicKeyInfo);//from  w w  w  .  j  a va  2  s.c o m

    GeneralNames gNames = new GeneralNames(new GeneralName(issuer));
    v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false,
            new SubjectKeyIdentifier(publicKeyInfo));
    v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false,
            new AuthorityKeyIdentifier(publicKeyInfo, gNames, serial));
    v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));

    ContentSigner sigGen = null;

    try {
        sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(CAKP.getPrivate());
    } catch (OperatorCreationException e) {
        e.printStackTrace();
    }
    return v3CertBuilder.build(sigGen);
}

---

From source file:eu.optimis.ics.Credentials.CertificateGenerator.java

License:Open Source License

public static X509CertificateHolder genServerCertificate(PKCS10CertificationRequest certRequest,
        String credPath) {//from w w  w .ja  v a 2 s .c  om
    X509v3CertificateBuilder v3CertBuilder = null;
    ContentSigner sigGen = null;
    try {

        PEMReader r = new PEMReader(new FileReader(credPath + "ca.crt"));
        X509Certificate rootCert = (X509Certificate) r.readObject();
        r.close();

        BigInteger serial = BigInteger.ONE;

        Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30);
        Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10));

        SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo
                .getInstance(certRequest.getPublicKey().getEncoded());

        X500Name issuer = new X500Name(rootCert.getSubjectDN().toString());
        System.out.println(issuer.toString());
        @SuppressWarnings("deprecation")
        X500Name subject = new X500Name(certRequest.getCertificationRequestInfo().getSubject().toString());

        v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject,
                publicKeyInfo);

        v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false,
                new SubjectKeyIdentifier(publicKeyInfo));
        v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false,
                new AuthorityKeyIdentifierStructure(rootCert));
        v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
        v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false,
                new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
        v3CertBuilder.addExtension(X509Extension.keyUsage, false,
                new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

        sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(loadCAPrivateKey(credPath));

    } catch (IOException ioe) {
        ioe.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (NoSuchProviderException e) {
        e.printStackTrace();
    } catch (OperatorCreationException e) {
        e.printStackTrace();
    } catch (InvalidKeySpecException e) {
        e.printStackTrace();
    } catch (CertificateParsingException e) {
        e.printStackTrace();
    }

    return v3CertBuilder.build(sigGen);
}

---

From source file:eu.optimis.ics.Credentials.CertificateGenerator.java

License:Open Source License

public static X509CertificateHolder genClientCertificate(PKCS10CertificationRequest certRequest,
        String credPath) throws Exception {
    PEMReader r = new PEMReader(new FileReader(credPath + "ca.crt"));
    X509Certificate rootCert = (X509Certificate) r.readObject();
    r.close();/*from w w w  .  ja  v  a  2 s .c  o m*/

    BigInteger serial = BigInteger.valueOf(2).abs();

    Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30);
    Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10));

    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo
            .getInstance(certRequest.getPublicKey().getEncoded());

    X500Name issuer = new X500Name(rootCert.getSubjectDN().toString());

    @SuppressWarnings("deprecation")
    X500Name subject = new X500Name(certRequest.getCertificationRequestInfo().getSubject().toString());

    X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter,
            subject, publicKeyInfo);

    v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false,
            new SubjectKeyIdentifier(publicKeyInfo));
    v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(rootCert));
    v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
    v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false,
            new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
    v3CertBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature));

    ContentSigner sigGen = null;

    try {
        sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(loadCAPrivateKey(credPath));
    } catch (OperatorCreationException e) {
        e.printStackTrace();
    }

    return v3CertBuilder.build(sigGen);
}

---

From source file:eu.peppol.security.x509.CertificateTest.java

License:EUPL

/**
 * Creates a X509 V3 certificate using Bouncy Castle
 *
 * @throws NoSuchAlgorithmException//from   www.j  ava 2 s  . c o m
 * @throws OperatorCreationException
 * @throws CertificateException
 * @throws NoSuchProviderException
 */
@Test(enabled = false)
public void createSampleCertificate() throws NoSuchAlgorithmException, OperatorCreationException,
        CertificateException, NoSuchProviderException {
    KeyPair keyPair = generateKeyPair();

    ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());

    Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
    Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);

    SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo
            .getInstance(keyPair.getPublic().getEncoded());

    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(
            new X500Name("CN=AP_UNIT_TEST"), BigInteger.ONE, startDate, endDate,
            new X500Name("CN=AP_UNIT_TEST"), subjectPublicKeyInfo);
    X509CertificateHolder x509CertificateHolder = x509v3CertificateBuilder.build(sigGen);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(x509CertificateHolder);

}

---

From source file:fathom.x509.X509Utils.java

License:Apache License

/**
 * Creates a new SSL certificate signed by the CA private key and stored in
 * keyStore.//from   w ww. java  2  s . c  om
 *
 * @param sslMetadata
 * @param caPrivateKey
 * @param caCert
 * @param targetStoreFile
 * @param x509log
 */
public static X509Certificate newSSLCertificate(X509Metadata sslMetadata, PrivateKey caPrivateKey,
        X509Certificate caCert, File targetStoreFile, X509Log x509log) {
    try {
        KeyPair pair = newKeyPair();

        X500Name webDN = buildDistinguishedName(sslMetadata);
        X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());

        X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerDN,
                BigInteger.valueOf(System.currentTimeMillis()), sslMetadata.notBefore, sslMetadata.notAfter,
                webDN, pair.getPublic());

        JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
        certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false,
                extUtils.createSubjectKeyIdentifier(pair.getPublic()));
        certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
        certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false,
                extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));

        // support alternateSubjectNames for SSL certificates
        List<GeneralName> altNames = new ArrayList<GeneralName>();
        if (isIpAddress(sslMetadata.commonName)) {
            altNames.add(new GeneralName(GeneralName.iPAddress, sslMetadata.commonName));
        }
        if (altNames.size() > 0) {
            GeneralNames subjectAltName = new GeneralNames(altNames.toArray(new GeneralName[altNames.size()]));
            certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
        }

        ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC)
                .build(caPrivateKey);
        X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
                .getCertificate(certBuilder.build(caSigner));

        cert.checkValidity(new Date());
        cert.verify(caCert.getPublicKey());

        // Save to keystore
        KeyStore serverStore = openKeyStore(targetStoreFile, sslMetadata.password);
        serverStore.setKeyEntry(sslMetadata.commonName, pair.getPrivate(), sslMetadata.password.toCharArray(),
                new Certificate[] { cert, caCert });
        saveKeyStore(targetStoreFile, serverStore, sslMetadata.password);

        x509log.log(MessageFormat.format("New SSL certificate {0,number,0} [{1}]", cert.getSerialNumber(),
                cert.getSubjectDN().getName()));

        // update serial number in metadata object
        sslMetadata.serialNumber = cert.getSerialNumber().toString();

        return cert;
    } catch (Throwable t) {
        throw new RuntimeException("Failed to generate SSL certificate!", t);
    }
}

---

From source file:fathom.x509.X509Utils.java

License:Apache License

/**
 * Creates a new certificate revocation list (CRL).  This function will
 * destroy any existing CRL file./*w ww  . j a  v a2 s . c  om*/
 *
 * @param caRevocationList
 * @param caKeystoreFile
 * @param caKeystorePassword
 * @return
 */
public static void newCertificateRevocationList(File caRevocationList, File caKeystoreFile,
        String caKeystorePassword) {
    try {
        // read the Fathom CA key and certificate
        KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
        PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_ALIAS, caKeystorePassword.toCharArray());
        X509Certificate caCert = (X509Certificate) store.getCertificate(CA_ALIAS);

        X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName());
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());

        // build and sign CRL with CA private key
        ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC)
                .build(caPrivateKey);
        X509CRLHolder crl = crlBuilder.build(signer);

        File tmpFile = new File(caRevocationList.getParentFile(),
                Long.toHexString(System.currentTimeMillis()) + ".tmp");
        FileOutputStream fos = null;
        try {
            fos = new FileOutputStream(tmpFile);
            fos.write(crl.getEncoded());
            fos.flush();
            fos.close();
            if (caRevocationList.exists()) {
                caRevocationList.delete();
            }
            tmpFile.renameTo(caRevocationList);
        } finally {
            if (fos != null) {
                fos.close();
            }
            if (tmpFile.exists()) {
                tmpFile.delete();
            }
        }
    } catch (Exception e) {
        throw new RuntimeException("Failed to create new certificate revocation list " + caRevocationList, e);
    }
}

---

• «
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• »