List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:org.ejbca.ui.cmpclient.commands.RevocationRequestCommand.java
License:Open Source License
@Override public PKIMessage generatePKIMessage(ParameterContainer parameters) throws Exception { boolean verbose = parameters.containsKey(VERBOSE_KEY); final X500Name userDN = new X500Name("CN=foo"); final X500Name issuerDN = new X500Name(parameters.get(ISSUERDN_KEY)); BigInteger serno = new BigInteger(parameters.get(SERNO_KEY), 16); if (verbose) { log.info("Creating revocation request with: SubjectDN=" + userDN.toString()); log.info("Creating revocation request with: IssuerDN=" + issuerDN.toString()); log.info("Creating revocation request with: CertSerno=" + serno.toString(16)); }// w w w . j av a 2 s. c om byte[] nonce = CmpClientMessageHelper.getInstance().createSenderNonce(); byte[] transid = CmpClientMessageHelper.getInstance().createSenderNonce(); CertTemplateBuilder myCertTemplate = new CertTemplateBuilder(); myCertTemplate.setIssuer(issuerDN); myCertTemplate.setSubject(userDN); myCertTemplate.setSerialNumber(new ASN1Integer(serno)); ExtensionsGenerator extgen = new ExtensionsGenerator(); extgen.addExtension(Extension.reasonCode, false, getCRLReason(parameters.get(REVOCATION_REASON_KEY))); Extensions exts = extgen.generate(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(myCertTemplate.build()); v.add(exts); ASN1Sequence seq = new DERSequence(v); RevDetails myRevDetails = RevDetails.getInstance(seq); RevReqContent myRevReqContent = new RevReqContent(myRevDetails); PKIHeaderBuilder myPKIHeader = new PKIHeaderBuilder(2, new GeneralName(userDN), new GeneralName(issuerDN)); myPKIHeader.setMessageTime(new ASN1GeneralizedTime(new Date())); // senderNonce myPKIHeader.setSenderNonce(new DEROctetString(nonce)); // TransactionId myPKIHeader.setTransactionID(new DEROctetString(transid)); myPKIHeader.setProtectionAlg(null); myPKIHeader.setSenderKID(new byte[0]); PKIBody myPKIBody = new PKIBody(PKIBody.TYPE_REVOCATION_REQ, myRevReqContent); // revocation request PKIMessage myPKIMessage = new PKIMessage(myPKIHeader.build(), myPKIBody); return myPKIMessage; }
From source file:org.ejbca.util.keystore.KeyStoreContainerBase.java
License:Open Source License
private X509Certificate getSelfCertificate(String myname, long validity, String sigAlg, KeyPair keyPair) throws Exception { final long currentTime = new Date().getTime(); final Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000); final Date lastDate = new Date(currentTime + validity * 1000); // Add all mandatory attributes log.debug("keystore signing algorithm " + sigAlg); final PublicKey publicKey = keyPair.getPublic(); if (publicKey == null) { throw new Exception("Public key is null"); }// w w w . ja v a2s.c om final SubjectPublicKeyInfo pkinfo = new SubjectPublicKeyInfo( (ASN1Sequence) ASN1Primitive.fromByteArray(publicKey.getEncoded())); X509v3CertificateBuilder certbuilder = new X509v3CertificateBuilder(new X500Name(myname), BigInteger.valueOf(firstDate.getTime()), firstDate, lastDate, new X500Name(myname), pkinfo); final ContentSigner signer = new BufferingContentSigner( new JcaContentSignerBuilder(sigAlg).setProvider(this.providerName).build(keyPair.getPrivate()), 20480); final X509CertificateHolder certHolder = certbuilder.build(signer); return (X509Certificate) CertTools.getCertfromByteArray(certHolder.getEncoded()); }
From source file:org.ejbca.util.keystore.KeyStoreContainerBase.java
License:Open Source License
@Override public void generateCertReq(String alias, String sDN, boolean explicitEccParameters) throws Exception { PublicKey publicKey = getCertificate(alias).getPublicKey(); final PrivateKey privateKey = getPrivateKey(alias); if (log.isDebugEnabled()) { log.debug("alias: " + alias + " SHA1 of public key: " + CertTools.getFingerprintAsString(publicKey.getEncoded())); }//from ww w .j av a2s . com String sigAlg = (String) AlgorithmTools.getSignatureAlgorithms(publicKey).iterator().next(); if (sigAlg == null) { sigAlg = "SHA1WithRSA"; } if (sigAlg.contains("ECDSA") && explicitEccParameters) { log.info("Using explicit parameter encoding for ECC key."); publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } else { log.info("Using named curve parameter encoding for ECC key."); } X500Name sDNName = sDN != null ? new X500Name(sDN) : new X500Name("CN=" + alias); final PKCS10CertificationRequest certReq = CertTools.genPKCS10CertificationRequest(sigAlg, sDNName, publicKey, new DERSet(), privateKey, this.keyStore.getProvider().getName()); ContentVerifierProvider verifier = CertTools.genContentVerifierProvider(publicKey); if (!certReq.isSignatureValid(verifier)) { String msg = intres.getLocalizedMessage("token.errorcertreqverify", alias); throw new Exception(msg); } String filename = alias + ".pem"; final Writer writer = new FileWriter(filename); writer.write(CertTools.BEGIN_CERTIFICATE_REQUEST + "\n"); writer.write(new String(Base64.encode(certReq.getEncoded()))); writer.write("\n" + CertTools.END_CERTIFICATE_REQUEST + "\n"); writer.close(); log.info("Wrote csr to file: " + filename); }
From source file:org.fuin.esmp.EventStoreCertificateMojo.java
License:Open Source License
private static X509Certificate generateCertificate(final String domain, final KeyPair pair) { try {//from ww w . j a va 2 s. co m final X500Name issuerName = new X500Name("CN=" + domain); final X500Name subjectName = issuerName; final BigInteger serial = BigInteger.valueOf(new Random().nextInt()); final Date notBefore = Date.from(LocalDateTime.of(2016, 1, 1, 0, 0).toInstant(ZoneOffset.UTC)); final Date notAfter = Date.from(LocalDateTime.of(2099, 1, 1, 0, 0).toInstant(ZoneOffset.UTC)); final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, notBefore, notAfter, subjectName, pair.getPublic()); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); final ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); return signCertificate(builder, pair.getPrivate()); } catch (final CertIOException ex) { throw new RuntimeException("Couldn't generate certificate", ex); } }
From source file:org.gluu.oxtrust.action.UpdateTrustRelationshipAction.java
License:MIT License
/** * If there is no certificate selected, or certificate is invalid - * generates one./*from www.j av a 2 s .com*/ * * @author Oleksiy Tataryn * @return certificate for generated SP * @throws CertificateEncodingException */ private String getCertForGeneratedSP() { X509Certificate cert = SSLService.instance().getCertificate(certWrapper.getStream()); if (cert == null) { facesMessages.add(Severity.INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate."); if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } try { JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA(); keyPairGen.initialize(2048); KeyPair pair = keyPairGen.generateKeyPair(); StringWriter keyWriter = new StringWriter(); PEMWriter pemFormatWriter = new PEMWriter(keyWriter); pemFormatWriter.writeObject(pair.getPrivate()); pemFormatWriter.close(); String url = trustRelationship.getUrl().replaceFirst(".*//", ""); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder( new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"), BigInteger.valueOf(new SecureRandom().nextInt()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"), pair.getPublic()); cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build( new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(pair.getPrivate()))); org.apache.commons.codec.binary.Base64 encoder = new org.apache.commons.codec.binary.Base64(64); byte[] derCert = cert.getEncoded(); String pemCertPre = new String(encoder.encode(derCert)); log.debug(Shibboleth2ConfService.PUBLIC_CERTIFICATE_START_LINE); log.debug(pemCertPre); log.debug(Shibboleth2ConfService.PUBLIC_CERTIFICATE_END_LINE); saveCert(trustRelationship, pemCertPre); saveKey(trustRelationship, keyWriter.toString()); } catch (Exception e) { e.printStackTrace(); } // String certName = applicationConfiguration.getCertDir() + File.separator + StringHelper.removePunctuation(applicationConfiguration.getOrgInum()) // + "-shib.crt"; // File certFile = new File(certName); // if (certFile.exists()) { // cert = SSLService.instance().getCertificate(certName); // } } String certificate = null; if (cert != null) { try { certificate = new String(Base64.encode(cert.getEncoded())); } catch (CertificateEncodingException e) { certificate = null; facesMessages.add(Severity.ERROR, "Failed to encode provided certificate. Please notify Gluu support about this."); log.error("Failed to encode certificate to DER", e); } } else { facesMessages.add(Severity.INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate."); } return certificate; }
From source file:org.icepdf.ri.common.utility.signatures.SignatureTreeNode.java
License:Apache License
/** * Validates the signatures represented by this tree node. This method is called by a worker thread * and once validation is complete the notes states is updated with a call to {@link #refreshSignerNode()} * * @throws SignatureIntegrityException//ww w . j ava 2s . co m */ public void validateSignatureNode() throws SignatureIntegrityException { SignatureFieldDictionary fieldDictionary = signatureWidgetAnnotation.getFieldDictionary(); SignatureDictionary signatureDictionary = signatureWidgetAnnotation.getSignatureDictionary(); if (fieldDictionary != null) { // grab some signer properties right from the annotations dictionary. name = signatureDictionary.getName(); location = signatureDictionary.getLocation(); reason = signatureDictionary.getReason(); contact = signatureDictionary.getContactInfo(); date = signatureDictionary.getDate(); // getting a signatureValidator should give us a pointer the to the signer cert if all goes well. signatureValidator = signatureWidgetAnnotation.getSignatureValidator(); // try and parse out the signer info. X509Certificate certificate = signatureValidator.getSignerCertificate(); X500Principal principal = certificate.getIssuerX500Principal(); X500Name x500name = new X500Name(principal.getName()); if (x500name.getRDNs() != null) { commonName = SignatureUtilities.parseRelativeDistinguishedName(x500name, BCStyle.CN); organization = SignatureUtilities.parseRelativeDistinguishedName(x500name, BCStyle.O); emailAddress = SignatureUtilities.parseRelativeDistinguishedName(x500name, BCStyle.EmailAddress); } // Start validation process. setVerifyingSignature(true); signatureValidator.validate(); setVerifyingSignature(true); } }
From source file:org.icepdf.ri.common.views.annotations.signatures.CertificatePropertiesDialog.java
License:Apache License
/** * Method to reflect table data based on the certificate *//*from w w w. j av a2s . c om*/ private void showCertificateInfo(X509Certificate cert, JTable certInfoTable, JTextArea textArea) { MessageFormat formatter = new MessageFormat( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.version.value")); String certVersion = formatter.format(new Object[] { String.valueOf(cert.getVersion()) }); formatter.applyPattern( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.serialNumber.value")); String serialNumber = formatter.format(new Object[] { String.valueOf(cert.getSerialNumber()) }); formatter.applyPattern( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.signatureAlgorithm.value")); String signatureAlgorithm = formatter.format(new Object[] { cert.getSigAlgName() }); formatter.applyPattern( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.issuer.value")); String issuer = formatter.format(formatDNString(new X500Name(cert.getIssuerDN().toString()))); formatter.applyPattern( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.validity.value")); String validity = formatter.format(new Object[] { cert.getNotBefore(), cert.getNotAfter() }); formatter.applyPattern( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.subject.value")); String subject = formatter.format(formatDNString(new X500Name(cert.getSubjectDN().toString()))); String signature = new HexDumper().dump(cert.getSignature()); String md5 = null; String sha1 = null; try { formatter.applyPattern( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.md5.value")); md5 = formatter.format(new Object[] { getCertFingerPrint("MD5", cert) }); formatter.applyPattern( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.sha1.value")); sha1 = formatter.format(new Object[] { getCertFingerPrint("SHA1", cert) }); } catch (Throwable e) { // eat any errors. } Object[][] data = { { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.version.label"), certVersion }, { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.serialNumber.label"), serialNumber }, { messageBundle .getString("viewer.utilityPane.signatures.cert.dialog.info.signatureAlgorithm.label"), signatureAlgorithm }, { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.issuer.label"), issuer }, { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.validity.label"), validity }, { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.subject.label"), subject }, { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.signature.label"), signature }, { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.md5.label"), md5 }, { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.sha1.label"), sha1 } }; String[] columnNames = { messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.column1.label"), messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.column2.label") }; certInfoTable.setModel(new DefaultTableModel(data, columnNames) { public boolean isCellEditable(int row, int col) { return false; } }); // Select last row by default certInfoTable.setRowSelectionInterval(8, 8); certInfoTable.repaint(); textArea.repaint(); }
From source file:org.icepdf.ri.common.views.annotations.signatures.CertificatePropertiesDialog.java
License:Apache License
/** * Extrace CN from DN in the certificate. * * @param cert X509 certificate//from w w w .j ava 2 s. c om * @return CN */ private String extractAliasName(X509Certificate cert) { String subjectName = messageBundle .getString("viewer.utilityPane.signatures.cert.dialog.info.unknownSubject.label"); String issuerName = messageBundle .getString("viewer.utilityPane.signatures.cert.dialog.info.unknownIssuer.label"); // Extract CN from the DN for each certificate try { X500Name principal = new X500Name(cert.getSubjectDN().toString()); X500Name principalIssuer = new X500Name(cert.getIssuerDN().toString()); // Extract subject name subjectName = CertificatePropertiesDialog.parseRelativeDistinguishedName(principal, BCStyle.CN); if (subjectName == null) { subjectName = CertificatePropertiesDialog.parseRelativeDistinguishedName(principal, BCStyle.O); } if (subjectName == null) { subjectName = messageBundle .getString("viewer.utilityPane.signatures.cert.dialog.info.unknownSubject.label"); } // Extract issuer name issuerName = CertificatePropertiesDialog.parseRelativeDistinguishedName(principalIssuer, BCStyle.CN); if (issuerName == null) { issuerName = CertificatePropertiesDialog.parseRelativeDistinguishedName(principalIssuer, BCStyle.O); } if (issuerName == null) { issuerName = messageBundle .getString("viewer.utilityPane.signatures.cert.dialog.info.unknownIssuer.label"); } } catch (Exception e) { e.printStackTrace(); } // Add Subject name and Issuer name in the return string MessageFormat messageFormat = new MessageFormat( messageBundle.getString("viewer.utilityPane.signatures.cert.dialog.info.certificateInfo.label")); Object[] args = { subjectName, issuerName }; return messageFormat.format(args); }
From source file:org.icepdf.ri.common.views.annotations.signatures.SignatureValidationStatus.java
License:Apache License
private void validateSignatureNode(SignatureWidgetAnnotation signatureWidgetAnnotation, SignatureValidator signatureValidator) throws SignatureIntegrityException { SignatureFieldDictionary fieldDictionary = signatureWidgetAnnotation.getFieldDictionary(); if (fieldDictionary != null) { // try and parse out the signer info. X509Certificate certificate = signatureValidator.getSignerCertificate(); X500Principal principal = certificate.getIssuerX500Principal(); X500Name x500name = new X500Name(principal.getName()); if (x500name.getRDNs() != null) { commonName = SignatureUtilities.parseRelativeDistinguishedName(x500name, BCStyle.CN); organization = SignatureUtilities.parseRelativeDistinguishedName(x500name, BCStyle.O); emailAddress = SignatureUtilities.parseRelativeDistinguishedName(x500name, BCStyle.EmailAddress); }//www . ja va 2 s . c o m } }
From source file:org.jboss.capedwarf.appidentity.CertificateGenerator.java
License:Open Source License
public X509Certificate generateCertificate(KeyPair pair, String dn) { try {//from w w w. j a va2 s. co m X509v3CertificateBuilder builder = new X509v3CertificateBuilder(new X500Name("CN=" + dn), BigInteger.valueOf(new SecureRandom().nextLong()), new Date(System.currentTimeMillis() - 10000), new Date(System.currentTimeMillis() + 24L * 3600 * 1000), new X500Name("CN=" + dn), SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); builder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false)); builder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); builder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); X509CertificateHolder holder = builder.build(createContentSigner(pair)); Certificate certificate = holder.toASN1Structure(); return convertToJavaCertificate(certificate); } catch (CertificateEncodingException e) { throw new RuntimeException("Cannot generate X509 certificate", e); } catch (OperatorCreationException e) { throw new RuntimeException("Cannot generate X509 certificate", e); } catch (CertIOException e) { throw new RuntimeException("Cannot generate X509 certificate", e); } catch (IOException e) { throw new RuntimeException("Cannot generate X509 certificate", e); } catch (CertificateException e) { throw new RuntimeException("Cannot generate X509 certificate", e); } }