List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Creates a certification request/*w w w .j av a2s .c o m*/ * * @param distinguishedName the distinguished name for the certificate * @param keyPair the key pair to certify, you have to remove the private key so the CA won't archive it * @return return the binary ASN.1 message for a certification request * @throws CertificateEncodingException * @throws CMSException * @throws CRMFException * @throws OperatorCreationException * @throws CMPException * @throws IOException */ private byte[] createCertificateMessage(String distinguishedName, KeyPair keyPair, int requestType) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO); // Basic certificate requests certReqBuild.setSubject(new X500Name(distinguishedName)); // Add key pair if (keyPair != null) { byte[] bRSAKey = keyPair.getPublic().getEncoded(); certReqBuild.setPublicKey(new SubjectPublicKeyInfo(ASN1Sequence.getInstance(bRSAKey))); if (keyPair.getPrivate() != null) { certReqBuild.addControl( new JcaPKIArchiveControlBuilder(keyPair.getPrivate(), new X500Principal(distinguishedName)) .addRecipientGenerator( new JceKeyTransRecipientInfoGenerator(pkiKeyStore.getRecipientCertificate()) .setProvider(pkiKeyStore.getProvider())) .build(new JceCMSContentEncryptorBuilder( new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.DES_EDE3_CBC)) .setProvider(pkiKeyStore.getProvider()).build())); } } if (optionalValidity != null) { Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder"); field.setAccessible(true); CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild); certTemplateBuilder.setValidity(optionalValidity); } if (extensions != null) { for (Extension extension : extensions) certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue()); } CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure()); return createProtectedPKIMessage(new PKIBody(requestType, certReqMsgs)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate the CA's certificate//from w w w .jav a 2 s . c o m * @throws OperatorCreationException * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createMasterCert(PublicKey pubKey, PrivateKey privKey) throws OperatorCreationException, NoSuchAlgorithmException, CertificateException, CertIOException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=Class 0 CA"), // Serial Number BigInteger.valueOf(1), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=Class 0 CA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(pubKey)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); BasicConstraints extBasicConstraints = new BasicConstraints(1); v3CertBuilder.addExtension(X509Extension.basicConstraints, true, extBasicConstraints); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate an intermediate certificate signed by our CA * @throws OperatorCreationException // w ww .j a va2s. c o m * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createIntermediateCert(PublicKey pubKey, PrivateKey caPrivKey, X509Certificate caCert) throws OperatorCreationException, CertIOException, NoSuchAlgorithmException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(caPrivKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getSubject(caCert), // Serial Number BigInteger.valueOf(2), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=Class 0 SubCA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(caCert)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); v3CertBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(0)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a certificate signed by our CA's intermediate certficate * @throws OperatorCreationException //from w w w . j av a 2s . co m * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createRACert(PublicKey pubKey, PrivateKey caPrivKey, X509Certificate caCert) throws OperatorCreationException, CertIOException, NoSuchAlgorithmException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(caPrivKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getSubject(caCert), // Serial Number BigInteger.valueOf(2), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=RA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(caCert)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a certificate signed by our CA's intermediate certficate * @throws OperatorCreationException/* ww w. j av a 2 s .co m*/ * @throws CertificateException */ private static Certificate createSelfSignedCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name new X500Name(distinguishedNmae), // Serial Number BigInteger.valueOf(new Random(100).nextLong()), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a certificate signed by our CA's intermediate certficate * @throws OperatorCreationException/*from ww w.ja v a2 s. c o m*/ * @throws CertificateException */ private static Certificate createCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey, X509Certificate caCert, BigInteger serNum) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getIssuer(caCert), // Serial Number serNum, // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate an expired certificate signed by our CA's intermediate certficate * @throws OperatorCreationException// w ww. ja v a2 s . c o m * @throws CertificateException */ private static Certificate createExpiredCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey, X509Certificate caCert, BigInteger serNum) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getIssuer(caCert), // Serial Number serNum, // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a not yet valid certificate signed by our CA's intermediate certficate * @throws OperatorCreationException// w ww .j av a2 s .co m * @throws CertificateException */ private static Certificate createNotYetValidCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey, X509Certificate caCert, BigInteger serNum) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getIssuer(caCert), // Serial Number serNum, // Not Before new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptoworkshop.ximix.node.crypto.key.BLSKeyManager.java
License:Apache License
private X509CertificateHolder createCertificate(String keyID, int sequenceNo, PrivateKey privKey) throws GeneralSecurityException, OperatorCreationException, IOException { String name = "C=AU, O=Ximix Network Node, OU=" + nodeContext.getName(); ///*w ww. ja v a2 s.c om*/ // create the certificate - version 3 // X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(new X500Name(name), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)), new X500Name(name), this.fetchPublicKey(keyID)); // we use keyUsage extension to distinguish between signing and encryption keys if (signingKeys.contains(keyID)) { v3CertBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); } else { v3CertBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.dataEncipherment)); } v3CertBuilder.addExtension(XimixObjectIdentifiers.ximixShareIdExtension, true, new ASN1Integer(sequenceNo)); return v3CertBuilder.build(new JcaContentSignerBuilder("SHA256withECDSA").setProvider("BC").build(privKey)); }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.impl.CertificateRefs.java
License:Open Source License
@Override public Attribute getValue() throws SignerException { try {/*from w w w . j av a 2s. com*/ int chainSize = certificates.length - 1; OtherCertID[] arrayOtherCertID = new OtherCertID[chainSize]; for (int i = 1; i <= chainSize; i++) { X509Certificate issuerCert = null; X509Certificate cert = (X509Certificate) certificates[i]; if (i < chainSize) { issuerCert = (X509Certificate) certificates[i + 1]; } else { // raiz issuerCert = (X509Certificate) certificates[i]; } Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_256); byte[] certHash = digest.digest(cert.getEncoded()); X500Name dirName = new X500Name(issuerCert.getSubjectX500Principal().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); ASN1Integer serialNumber = new ASN1Integer(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serialNumber); AlgorithmIdentifier algId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256); OtherCertID otherCertID = new OtherCertID(algId, certHash, issuerSerial); arrayOtherCertID[i - 1] = otherCertID; } return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new ASN1Encodable[] { new DERSequence(arrayOtherCertID) })); } catch (CertificateEncodingException e) { throw new SignerException(e.getMessage()); } }