List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:conectors.CertDetails.java
private boolean getIstance(String alias) { ks = LocalSignedCertKeyStore.getIstance(); try {//from w ww . j a v a2s . co m X509Certificate cert = (X509Certificate) ks.getCertificate(alias); if (cert == null) { return false; } details.setSigner(new X500Name(cert.getSigAlgName())); details.setIssuer(new X500Name(cert.getIssuerX500Principal().getName())); details.setSubject(new X500Name(cert.getSubjectX500Principal().getName())); details.setValidFrom(cert.getNotBefore()); details.setValidTo(cert.getNotBefore()); details.setPubKey(cert.getPublicKey()); details.setVersion(cert.getVersion()); details.setCriticalExt(cert.getCriticalExtensionOIDs()); details.setNonCriticalExt(cert.getNonCriticalExtensionOIDs()); details.setSerialNum(cert.getSerialNumber()); details.setSigAlg(cert.getSigAlgOID()); } catch (KeyStoreException e) { e.printStackTrace(); } return true; }
From source file:cz.etruhla.mailsigner.Helpers.java
License:Apache License
/** * vybere z certifikatu vsechny emaily ktere muze podepsat * /*from ww w .j a v a 2s.c om*/ * @param cert * @return * @throws CertificateParsingException * @throws AddressException */ public static Set<InternetAddress> getEmailAddresses(X509Certificate cert) throws CertificateParsingException, AddressException { HashSet<InternetAddress> addresses = new HashSet<InternetAddress>(); X500Name x500name = new X500Name(cert.getSubjectDN().getName()); RDN[] ems; ems = x500name.getRDNs(BCStyle.EmailAddress);// Email address (RSA // PKCS#9 extension) - // IA5String. if (ems != null && ems.length > 0) { for (RDN em : ems) { addresses.add(new InternetAddress(IETFUtils.valueToString(em.getFirst().getValue()))); } } ems = x500name.getRDNs(BCStyle.E);// email address in Verisign // certificates if (ems != null && ems.length > 0) { for (RDN em : ems) { addresses.add(new InternetAddress(IETFUtils.valueToString(em.getFirst().getValue()))); } } // projeti subject alternative name if (cert.getSubjectAlternativeNames() != null) { for (List<?> l : cert.getSubjectAlternativeNames()) { if ((Integer) (l.get(0)) == SUBALTNAME_RFC822NAME) { addresses.add(new InternetAddress((String) (l.get(1)))); } } } return addresses; }
From source file:ddf.security.pdp.realm.xacml.XacmlPdp.java
License:Open Source License
protected String getXacmlDataType(String curPermValue) { if ("false".equalsIgnoreCase(curPermValue) || "true".equalsIgnoreCase(curPermValue)) { return XACMLConstants.BOOLEAN_DATA_TYPE; } else if (IntegerValidator.getInstance().validate(curPermValue) != null) { return XACMLConstants.INTEGER_DATA_TYPE; } else if (DoubleValidator.getInstance().validate(curPermValue) != null) { return XACMLConstants.DOUBLE_DATA_TYPE; } else if (TimeValidator.getInstance().validate(curPermValue, "H:mm:ss") != null || TimeValidator.getInstance().validate(curPermValue, "H:mm:ss.SSS") != null || TimeValidator.getInstance().validate(curPermValue, "H:mm:ssXXX") != null || TimeValidator.getInstance().validate(curPermValue, "H:mm:ss.SSSXXX") != null) { return XACMLConstants.TIME_DATA_TYPE; } else if (DateValidator.getInstance().validate(curPermValue, "yyyy-MM-dd") != null || DateValidator.getInstance().validate(curPermValue, "yyyy-MM-ddXXX") != null) { return XACMLConstants.DATE_DATA_TYPE; } else if (CalendarValidator.getInstance().validate(curPermValue, "yyyy-MM-dd:ss'T'H:mm") != null || CalendarValidator.getInstance().validate(curPermValue, "yyyy-MM-dd'T'H:mm:ssXXX") != null || CalendarValidator.getInstance().validate(curPermValue, "yyyy-MM-dd'T'H:mm:ss.SSS") != null || CalendarValidator.getInstance().validate(curPermValue, "yyyy-MM-dd'T'H:mm:ss.SSSXXX") != null || CalendarValidator.getInstance().validate(curPermValue, "yyyy-MM-dd'T'H:mm:ss") != null) { return XACMLConstants.DATE_TIME_DATA_TYPE; } else if (EmailValidator.getInstance().isValid(curPermValue)) { return XACMLConstants.RFC822_NAME_DATA_TYPE; } else if (new UrlValidator().isValid(curPermValue)) { return XACMLConstants.URI_DATA_TYPE; } else if (InetAddresses.isUriInetAddress(curPermValue)) { return XACMLConstants.IP_ADDRESS_DATA_TYPE; } else {//from w w w . j a v a 2s . c o m try { if (new X500Name(curPermValue).getRDNs().length > 0) { return XACMLConstants.X500_NAME_DATA_TYPE; } } catch (IllegalArgumentException e) { } } return XACMLConstants.STRING_DATA_TYPE; }
From source file:ddf.security.SubjectUtils.java
License:Open Source License
public static String getCommonName(X500Principal principal) { return new X500Name(principal.getName()).getRDNs(BCStyle.CN)[0].getFirst().getValue().toString(); }
From source file:ddf.security.SubjectUtils.java
License:Open Source License
public static String filterDN(X500Principal principal, Predicate<RDN> predicate) { RDN[] rdns = Arrays.stream(new X500Name(principal.getName()).getRDNs()).filter(predicate) .toArray(RDN[]::new); return new X500Name(rdns).toString(); }
From source file:de.petendi.commons.crypto.connector.BCConnector.java
License:Apache License
@Override public X509Certificate createCertificate(String dn, String issuer, String crlUri, PublicKey publicKey, PrivateKey privateKey) throws CryptoException { Calendar date = Calendar.getInstance(); // Serial Number BigInteger serialNumber = BigInteger.valueOf(date.getTimeInMillis()); // Subject and Issuer DN X500Name subjectDN = new X500Name(dn); X500Name issuerDN = new X500Name(issuer); // Validity//from w w w .j a v a 2 s . com Date notBefore = date.getTime(); date.add(Calendar.YEAR, 20); Date notAfter = date.getTime(); // SubjectPublicKeyInfo SubjectPublicKeyInfo subjPubKeyInfo = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(publicKey.getEncoded())); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo); DigestCalculator digCalc = null; try { digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); // Subject Key Identifier certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo)); // Authority Key Identifier certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo)); // Key Usage certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.dataEncipherment)); if (crlUri != null) { // CRL Distribution Points DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlUri))); DistributionPoint[] distPoints = new DistributionPoint[1]; distPoints[0] = new DistributionPoint(distPointOne, null, null); certGen.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(distPoints)); } // Content Signer ContentSigner sigGen = new JcaContentSignerBuilder(getSignAlgorithm()).setProvider(getProviderName()) .build(privateKey); // Certificate return new JcaX509CertificateConverter().setProvider(getProviderName()) .getCertificate(certGen.build(sigGen)); } catch (Exception e) { throw new CryptoException(e); } }
From source file:de.r2soft.empires.framework.security.CertificateUtil.java
License:Open Source License
public void generateCertificate(String username) throws OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeySpecException, CertificateException, InvalidKeyException, SignatureException { X500Name name = new X500Name(username); // Generate RSA key pair /**//from ww w. j a v a 2 s . co m * Auto corrected changes. Do they break it? Please take a look at it :) */ AsymmetricCipherKeyPair keyPair = generateKeypair(); PublicKey publicKey = generatePublicKey((AsymmetricKeyParameter) keyPair.getPublic()); PrivateKey privateKey = generatePrivateKey(keyPair.getPrivate(), keyPair.getPublic()); // Generate usage time and serial number Date notBefore = TimeUtil.getTimeNow(); Date notAfter = TimeUtil.getTimeThen(CERTIFICATE_VALIDITY, 0, 0, 0); BigInteger serial = BigInteger.valueOf(TimeUtil.getTimeNow().getTime()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(name, serial, notBefore, notAfter, name, publicKey); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); // Verify success of creation cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); }
From source file:de.rub.nds.tlsattacker.tlsserver.KeyStoreGenerator.java
License:Apache License
public static KeyStore createKeyStore(KeyPair keyPair) throws CertificateException, IOException, InvalidKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, OperatorCreationException { PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); X500Name issuerName = new X500Name("CN=127.0.0.1, O=TLS-Attacker, L=RUB, ST=NRW, C=DE"); X500Name subjectName = issuerName; BigInteger serial = BigInteger.valueOf(new SecureRandom().nextInt()); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, BEFORE, AFTER, subjectName, publicKey);// ww w .j a v a2 s . co m builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment); builder.addExtension(Extension.keyUsage, false, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); String algorithm = createSigningAlgorithm(keyPair); X509Certificate cert = signCertificate(algorithm, builder, privateKey); cert.checkValidity(new Date()); cert.verify(publicKey); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); keyStore.setKeyEntry(ALIAS, privateKey, PASSWORD.toCharArray(), new java.security.cert.Certificate[] { cert }); return keyStore; }
From source file:de.thiemann.ssl.report.model.CertificateV3.java
License:Open Source License
@Override public Certificate processCertificateBytes() { this.jseX509Cert = null; if (cf != null) { try {//w ww .ja v a 2 s . c o m this.jseX509Cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(ec)); } catch (CertificateException e) { e.printStackTrace(); } } // certificate version this.certificateVersion = this.jseX509Cert.getVersion(); // common name X500Principal subject = this.jseX509Cert.getSubjectX500Principal(); X500Name subjectName = new X500Name(subject.getName(X500Principal.RFC2253)); this.subjectName = subjectName.toString(); // alternative names try { Collection<List<?>> alternativeNames = this.jseX509Cert.getSubjectAlternativeNames(); this.alternativeNames = transferAlternativeNames(alternativeNames); } catch (CertificateParsingException e) { e.printStackTrace(); } // not before Date notBefore = this.jseX509Cert.getNotBefore(); if (notBefore != null) this.notBefore = notBefore.getTime(); // not after Date notAfter = this.jseX509Cert.getNotAfter(); if (notAfter != null) this.notAfter = notAfter.getTime(); // public key algorithm & size PublicKey pubKey = this.jseX509Cert.getPublicKey(); if (pubKey != null) this.pubKeyInfo = transferPublicKeyInfo(pubKey.getEncoded()); // issuer X500Principal issuer = this.jseX509Cert.getIssuerX500Principal(); X500Name issuerName = new X500Name(issuer.getName(X500Principal.RFC2253)); this.issuerName = issuerName.toString(); // signature algorithm this.signatureAlgorithm = transferSignatureAlgorithm(this.jseX509Cert.getSigAlgOID()); // fingerprint this.fingerprint = CertificateUtil.computeFingerprint(this.ec); // CRL Distribution Points byte[] extension = this.jseX509Cert .getExtensionValue(ASN1CertificateExtensionsIds.CRLDistributionPoints.getOid()); this.crlDistributionPoints = transferDistributionPoints(extension); return this; }
From source file:dk.itst.oiosaml.security.SecurityHelper.java
License:Mozilla Public License
public static X509Certificate generateCertificate(Credential credential, String entityId) throws Exception { X500Name issuer = new X500Name("o=keymanager, ou=oiosaml-sp"); BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); Date notBefore = new Date(); Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L * 24L * 365L * 10L); X500Name subject = new X500Name("cn=" + entityId + ", ou=oiosaml-sp"); ByteArrayInputStream bIn = new ByteArrayInputStream(credential.getPublicKey().getEncoded()); SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(bIn).readObject()); X509v3CertificateBuilder gen = new X509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKeyInfo);// w w w. jav a 2s.c o m gen.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(credential.getPublicKey())); gen.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(credential.getPublicKey())); ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(credential.getPrivateKey()); X509CertificateHolder certificateHolder = gen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateHolder); return x509Certificate; }