List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:com.adaptris.security.certificate.CertRequestHandler.java
License:Apache License
/** * Create a certificate Request./* w w w . j av a2 s . c om*/ */ private static CertificationRequest createCertRequest(Certificate c, PrivateKey key) throws Exception { X509Certificate x509 = (X509Certificate) c; x509.getSigAlgName(); X500Name entityName = new X500Name(x509.getSubjectDN().getName()); KeyPair entityPair = KeyPairGenerator.getInstance("RSA").genKeyPair(); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(x509.getPublicKey().getEncoded()); // Generate the certificate signing request PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(entityName, publicKeyInfo); // // SCEP servers usually require a challenge password // csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(new String( // "password".toCharArray()))); JcaContentSignerBuilder builder = new JcaContentSignerBuilder(x509.getSigAlgName()); PKCS10CertificationRequest csr = csrBuilder.build(builder.build(entityPair.getPrivate())); // CertificateRequest certRequest = new CertificateRequest( // x509.getPublicKey(), (Name) x509.getSubjectDN()); // // certRequest.sign(x509.getSignatureAlgorithm(), key); return csr.toASN1Structure(); }
From source file:com.android.builder.internal.packaging.sign.SignatureTestUtils.java
License:Apache License
/** * Generates a private key / certificate. * * @param sign the asymmetric cypher, <em>e.g.</em>, {@code RSA} * @param full the full signature algorithm name, <em>e.g.</em>, {@code SHA1withRSA} * @return the pair with the private key and certificate * @throws Exception failed to generate the signature data *//*from ww w . j a v a2 s.co m*/ @NonNull public static Pair<PrivateKey, X509Certificate> generateSignature(@NonNull String sign, @NonNull String full) throws Exception { // http://stackoverflow.com/questions/28538785/ // easy-way-to-generate-a-self-signed-certificate-for-java-security-keystore-using KeyPairGenerator generator = null; try { generator = KeyPairGenerator.getInstance(sign); } catch (NoSuchAlgorithmException e) { Assume.assumeNoException("Algorithm " + sign + " not supported.", e); } assertNotNull(generator); KeyPair keyPair = generator.generateKeyPair(); Date notBefore = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date notAfter = new Date(System.currentTimeMillis() + 365L * 24 * 60 * 60 * 1000); X500Name issuer = new X500Name(new X500Principal("cn=Myself").getName()); SubjectPublicKeyInfo publicKeyInfo; if (keyPair.getPublic() instanceof RSAPublicKey) { RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic(); publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo( new RSAKeyParameters(false, rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent())); } else if (keyPair.getPublic() instanceof ECPublicKey) { publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); } else { fail(); publicKeyInfo = null; } X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo); ContentSigner signer = new JcaContentSignerBuilder(full).setProvider(new BouncyCastleProvider()) .build(keyPair.getPrivate()); X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()); return Pair.of(keyPair.getPrivate(), converter.getCertificate(holder)); }
From source file:com.android.ide.common.signing.KeystoreHelper.java
License:Apache License
/** * Generates a key and self-signed certificate pair. * @param asymmetric the asymmetric encryption algorithm (<em>e.g.,</em> {@code RSA}) * @param sign the signature algorithm (<em>e.g.,</em> {@code SHA1withRSA}) * @param validityYears number of years the certificate should be valid, must be greater than * zero/* w w w .j a v a2s . c om*/ * @param dn the distinguished name of the issuer and owner of the certificate * @return a pair with the private key and the corresponding certificate * @throws KeytoolException failed to generate the pair */ private static Pair<PrivateKey, X509Certificate> generateKeyAndCertificate(@NonNull String asymmetric, @NonNull String sign, int validityYears, @NonNull String dn) throws KeytoolException { Preconditions.checkArgument(validityYears > 0, "validityYears <= 0"); KeyPair keyPair; try { keyPair = KeyPairGenerator.getInstance(asymmetric).generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new KeytoolException( "Failed to generate key and certificate pair for " + "algorithm '" + asymmetric + "'.", e); } Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(System.currentTimeMillis() + validityYears * 365L * 24 * 60 * 60 * 1000); X500Name issuer = new X500Name(new X500Principal(dn).getName()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo); ContentSigner signer; try { signer = new JcaContentSignerBuilder(sign).setProvider(new BouncyCastleProvider()) .build(keyPair.getPrivate()); } catch (OperatorCreationException e) { throw new KeytoolException("Failed to build content signer with signature algorithm '" + sign + "'.", e); } X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()); X509Certificate certificate; try { certificate = converter.getCertificate(holder); } catch (CertificateException e) { throw new KeytoolException("Failed to obtain the self-signed certificate.", e); } return Pair.of(keyPair.getPrivate(), certificate); }
From source file:com.aqnote.shared.cryptology.cert.CertificateChainDemo.java
License:Open Source License
public boolean generateX509Certificate(String userCertPath) { try {//from ww w .j a v a2s .c om FileInputStream in = new FileInputStream(keyStorePath); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(in, keyStorePasswd.toCharArray()); in.close(); // Get CA private key. PrivateKey caPrivateKey = (PrivateKey) ks.getKey(caName, caPasswd.toCharArray()); System.out.println("\nCA private key:\n" + caPrivateKey); // Get CA DN. Certificate c = ks.getCertificate(caName); X509Certificate t = (X509Certificate) c; String caDN = t.getIssuerDN().toString(); // CN:???? OU:???? O:?? L:? C:? System.out.println("\nCA DN:\n" + caDN); KeyPair KPair = RSAKeyPairGenDemo.getRSAKeyPair(1024); System.out.println("\nuser private key:\n" + KPair.getPrivate()); System.out.println("\nuser public key:\n" + KPair.getPublic()); JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(new X500Name(caDN), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)), new X500Name(userDN), KPair.getPublic()); X509CertificateHolder certHolder = certBuilder.build(new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA) .setProvider(JCE_PROVIDER).build(KPair.getPrivate())); X509Certificate cert = new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certHolder); cert.checkValidity(new Date()); cert.verify(KPair.getPublic()); ((PKCS12BagAttributeCarrier) cert).setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("x509 cert")); FileOutputStream out = new FileOutputStream(userCertPath); out.write(cert.getEncoded()); out.close(); // Add user entry into keystore ks.setCertificateEntry(userAlias, cert); out = new FileOutputStream(keyStorePath); ks.store(out, caPasswd.toCharArray()); out.close(); } catch (Exception e) { e.printStackTrace(); } return true; }
From source file:com.aqnote.shared.cryptology.cert.gen.SingleX509V1Creator.java
License:Open Source License
public static X509Certificate generate(CertObject certObject, KeyPair keyPair) throws CertException { try {/*ww w.j a v a 2 s . c o m*/ X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.cryptology.cert.gen.SingleX509V3Creator.java
License:Open Source License
public static X509Certificate generate(CertObject certObject, KeyPair keyPair) throws CertException { try {/* w w w.j av a 2s . c om*/ X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "trust_device"))); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (CertIOException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.cryptology.cert.main.AQPKCS10Main.java
License:Open Source License
public static void main(String[] args) throws Exception { createPKCS10(new X500Name("CN=madding.lip"), KeyPairUtil.generateRSAKeyPair()); System.exit(-1);/*from w ww . j a v a 2s. c o m*/ String result = "-----BEGIN CERTIFICATE REQUEST-----\n" + "MIIBpTCCAQ4CAQAwJDEiMCAGCSqGSIb3DQEJAhYTdnBuLmFsaWJhYmEtaW5jLmNv" + "bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAynW6XgYtFH3L2Cp4p5w661Pr" + "4zaOLObVi/9hhmm9oBXnnPYwkwlTLxc/ccaLMn/QDDy65Vcu6dklqubeFdtdEZiT" + "zlxcBtWY5Uloa7C9WyOYdm+tzOUxghsxrnB5IEGQpx/o+JpEejnyhaA9PdnjjXR7" + "6tegmstEkPfQyc3wFmkCAwEAAaBBMD8GCSqGSIb3DQEJDjEyMDAwDgYDVR0PAQH/" + "BAQDAgWgMB4GA1UdEQQXMBWCE3Zwbi5hbGliYWJhLWluYy5jb20wDQYJKoZIhvcN" + "AQEFBQADgYEArkq8F/yioCUP9lWqlE49ziGqCs3xlrX+jNWme6EOkreN/KYr1lCg" + "vGj8V49aNURlZolo6sTFNcOr7BUceWtQnvcvKj6pwnK6Ay/zPymdd9gSixJPBmmm" + "2HlMk5eGKku8RmsUFHMttPmnixrc6S4dQ2IvS7i0JVvgYGoYRXX1khQ=\n" + "-----END CERTIFICATE REQUEST-----"; result = "-----BEGIN CERTIFICATE REQUEST-----\n" + "MIIBwjCCASsCAQAwRTEjMCEGA1UEAxMaTWFkIENlcnQgU2lnbmluZyBBdXRob3Jp" + "dHkxHjAcBgkqhkiG9w0BCQIWD2FsaWJhYmEtaW5jLmNvbTCBnzANBgkqhkiG9w0B" + "AQEFAAOBjQAwgYkCgYEAynW6XgYtFH3L2Cp4p5w661Pr4zaOLObVi/9hhmm9oBXn" + "nPYwkwlTLxc/ccaLMn/QDDy65Vcu6dklqubeFdtdEZiTzlxcBtWY5Uloa7C9WyOY" + "dm+tzOUxghsxrnB5IEGQpx/o+JpEejnyhaA9PdnjjXR76tegmstEkPfQyc3wFmkC" + "AwEAAaA9MDsGCSqGSIb3DQEJDjEuMCwwDgYDVR0PAQH/BAQDAgWgMBoGA1UdEQQT" + "MBGCD2FsaWJhYmEtaW5jLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBMsBXzyBFJYRq3" + "yAskvy0mc1dMbChZhTB0QCaQ0JCHdp+K6yZOQrmyiTGiozc16gI8zTJgiT/sWMg9" + "dWCnTistDODBou61UsPjPm6VjH9NZI9h2SceenIpnU4qF0RUPtE2X4pdTB7iavR0" + "EqCUrKSA5CR7mGNUkUx62dV1H+PfLQ==\n" + "-----END CERTIFICATE REQUEST-----"; result = "-----BEGIN CERTIFICATE REQUEST-----\n" + "MIIBrTCCARYCAQAwKDEmMCQGCSqGSIb3DQEJAhYXYmVpamluZy12cG4uYWxpYmFi" + "YS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALe9oFa1FqWF/8gjIY1B" + "vSnDxMJJF26b3mT9Z2F+iG5y3NZyL3LWF/4x5fc/zSkg2g/XXoepbylGrAXLatAk" + "ilNmIXH2ZA9WsZWXa+oopsELa/Vgf1IritQyXizmOAwVYix5f2rND7IBNHw2sQz+" + "s/23Jp1jRQXWQiu6Z5Se3L8lAgMBAAGgRTBDBgkqhkiG9w0BCQ4xNjA0MA4GA1Ud" + "DwEB/wQEAwIFoDAiBgNVHREEGzAZghdiZWlqaW5nLXZwbi5hbGliYWJhLmNvbTAN" + "BgkqhkiG9w0BAQUFAAOBgQA/+XrgyNdw85qiEC17TQpC9/DhzMDU/GetnYF71rTF" + "pgdavzwCqPUDQ3d1QGRkd6fGm3YE28d+/2D3fr4FiE0pZte9BauYf8Kmn5dcwXXk" + "wdKaqfwl11xiGWM2oboVlIXcWqsm86d09hLNcKXeIHrOrwR9V2+7+xUghTb3t715" + "jg==\n" + "-----END CERTIFICATE REQUEST-----"; byte[] csrByte = result.getBytes(); InputStream istream = new ByteArrayInputStream(csrByte); PKCS10CertificationRequest pkcs10 = PKCSReader.readCSR(istream); signPKCS10(pkcs10); }
From source file:com.aqnote.shared.encrypt.cert.gen.SingleX509V1Creator.java
License:Open Source License
public static X509Certificate generate(MadCertificateObject certObject, KeyPair keyPair) throws CertException { try {// www. j a va 2 s . com X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.encrypt.cert.gen.SingleX509V3Creator.java
License:Open Source License
public static X509Certificate generate(MadCertificateObject certObject, KeyPair keyPair) throws CertException { try {//from w w w . jav a 2 s.co m X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "trust_device"))); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (CertIOException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.encrypt.cert.main.bc.AQPKCS10Creaetor.java
License:Open Source License
public static void main(String[] args) throws Exception { createPKCS10(new X500Name("CN=madding.lip"), KeyPairUtil.generateRSAKeyPair()); System.exit(-1);/*w w w. j av a2 s . co m*/ String result = "-----BEGIN CERTIFICATE REQUEST-----\n" + "MIIBpTCCAQ4CAQAwJDEiMCAGCSqGSIb3DQEJAhYTdnBuLmFsaWJhYmEtaW5jLmNv" + "bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAynW6XgYtFH3L2Cp4p5w661Pr" + "4zaOLObVi/9hhmm9oBXnnPYwkwlTLxc/ccaLMn/QDDy65Vcu6dklqubeFdtdEZiT" + "zlxcBtWY5Uloa7C9WyOYdm+tzOUxghsxrnB5IEGQpx/o+JpEejnyhaA9PdnjjXR7" + "6tegmstEkPfQyc3wFmkCAwEAAaBBMD8GCSqGSIb3DQEJDjEyMDAwDgYDVR0PAQH/" + "BAQDAgWgMB4GA1UdEQQXMBWCE3Zwbi5hbGliYWJhLWluYy5jb20wDQYJKoZIhvcN" + "AQEFBQADgYEArkq8F/yioCUP9lWqlE49ziGqCs3xlrX+jNWme6EOkreN/KYr1lCg" + "vGj8V49aNURlZolo6sTFNcOr7BUceWtQnvcvKj6pwnK6Ay/zPymdd9gSixJPBmmm" + "2HlMk5eGKku8RmsUFHMttPmnixrc6S4dQ2IvS7i0JVvgYGoYRXX1khQ=\n" + "-----END CERTIFICATE REQUEST-----"; result = "-----BEGIN CERTIFICATE REQUEST-----\n" + "MIIBwjCCASsCAQAwRTEjMCEGA1UEAxMaTWFkIENlcnQgU2lnbmluZyBBdXRob3Jp" + "dHkxHjAcBgkqhkiG9w0BCQIWD2FsaWJhYmEtaW5jLmNvbTCBnzANBgkqhkiG9w0B" + "AQEFAAOBjQAwgYkCgYEAynW6XgYtFH3L2Cp4p5w661Pr4zaOLObVi/9hhmm9oBXn" + "nPYwkwlTLxc/ccaLMn/QDDy65Vcu6dklqubeFdtdEZiTzlxcBtWY5Uloa7C9WyOY" + "dm+tzOUxghsxrnB5IEGQpx/o+JpEejnyhaA9PdnjjXR76tegmstEkPfQyc3wFmkC" + "AwEAAaA9MDsGCSqGSIb3DQEJDjEuMCwwDgYDVR0PAQH/BAQDAgWgMBoGA1UdEQQT" + "MBGCD2FsaWJhYmEtaW5jLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBMsBXzyBFJYRq3" + "yAskvy0mc1dMbChZhTB0QCaQ0JCHdp+K6yZOQrmyiTGiozc16gI8zTJgiT/sWMg9" + "dWCnTistDODBou61UsPjPm6VjH9NZI9h2SceenIpnU4qF0RUPtE2X4pdTB7iavR0" + "EqCUrKSA5CR7mGNUkUx62dV1H+PfLQ==\n" + "-----END CERTIFICATE REQUEST-----"; result = "-----BEGIN CERTIFICATE REQUEST-----\n" + "MIIBrTCCARYCAQAwKDEmMCQGCSqGSIb3DQEJAhYXYmVpamluZy12cG4uYWxpYmFi" + "YS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALe9oFa1FqWF/8gjIY1B" + "vSnDxMJJF26b3mT9Z2F+iG5y3NZyL3LWF/4x5fc/zSkg2g/XXoepbylGrAXLatAk" + "ilNmIXH2ZA9WsZWXa+oopsELa/Vgf1IritQyXizmOAwVYix5f2rND7IBNHw2sQz+" + "s/23Jp1jRQXWQiu6Z5Se3L8lAgMBAAGgRTBDBgkqhkiG9w0BCQ4xNjA0MA4GA1Ud" + "DwEB/wQEAwIFoDAiBgNVHREEGzAZghdiZWlqaW5nLXZwbi5hbGliYWJhLmNvbTAN" + "BgkqhkiG9w0BAQUFAAOBgQA/+XrgyNdw85qiEC17TQpC9/DhzMDU/GetnYF71rTF" + "pgdavzwCqPUDQ3d1QGRkd6fGm3YE28d+/2D3fr4FiE0pZte9BauYf8Kmn5dcwXXk" + "wdKaqfwl11xiGWM2oboVlIXcWqsm86d09hLNcKXeIHrOrwR9V2+7+xUghTb3t715" + "jg==\n" + "-----END CERTIFICATE REQUEST-----"; byte[] csrByte = result.getBytes(); ByteInputStream istream = new ByteInputStream(csrByte, csrByte.length); PKCS10CertificationRequest pkcs10 = PKCSReader.readCSR(istream); signPKCS10(pkcs10); }