List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(String dirName)
From source file:ee.ria.xroad.common.util.FISubjectClientIdDecoder.java
License:Open Source License
/** * @param cert certificate from which to construct the client ID * @return a fully constructed Client identifier from DN of the certificate. */// ww w. ja v a2s .c o m public static ClientId getSubjectClientId(X509Certificate cert) { X500Principal principal = cert.getSubjectX500Principal(); X500Name x500name = new X500Name(principal.getName()); if (getRDNValue(x500name, BCStyle.SERIALNUMBER) == null) { if (getRDNValue(x500name, BCStyle.OU) == null) { return CertUtils.getSubjectClientId(cert); } return parseClientIdFromLegacyName(x500name); } return parseClientId(x500name); }
From source file:ee.ria.xroad.common.util.FISubjectClientIdDecoderTest.java
License:Open Source License
private X509Certificate generateSelfSignedCertificate(String dn, KeyPair pair) throws OperatorCreationException, CertificateException { ContentSigner signer = new JcaContentSignerBuilder(CryptoUtils.SHA256WITHRSA_ID).build(pair.getPrivate()); X500Name name = new X500Name(dn); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(name, BigInteger.ONE, new Date(), new Date(), name, pair.getPublic()); return new JcaX509CertificateConverter().getCertificate(builder.build(signer)); }
From source file:ee.ria.xroad.common.util.SkCprKlass3.java
License:Open Source License
/** * Extracts subject identifier from a certificate. * @param cert the certificate/*from ww w . j av a2s . c om*/ * @return String array containing member class and serial number * @throws Exception if any errors occur */ public static String[] getSubjectIdentifier(X509Certificate cert) throws Exception { X500Principal p = cert.getSubjectX500Principal(); return getSubjectIdentifier(new X500Name(p.getName())); }
From source file:ee.ria.xroad.common.util.SkCprKlass3Test.java
License:Open Source License
private static String[] parts(String dirName) throws Exception { return getSubjectIdentifier(new X500Name(dirName)); }
From source file:ee.ria.xroad.signer.protocol.handler.GenerateCertRequestRequestHandler.java
License:Open Source License
@Override protected Object handle(GenerateCertRequest message) throws Exception { TokenAndKey tokenAndKey = TokenManager.findTokenAndKey(message.getKeyId()); if (!TokenManager.isKeyAvailable(tokenAndKey.getKeyId())) { throw keyNotAvailable(tokenAndKey.getKeyId()); }//from w w w. j a v a2s . c om if (message.getKeyUsage() == KeyUsageInfo.AUTHENTICATION && !SoftwareTokenType.ID.equals(tokenAndKey.getTokenId())) { throw CodedException.tr(X_WRONG_CERT_USAGE, "auth_cert_under_softtoken", "Authentication certificate requests can only be created under software tokens"); } if (tokenAndKey.getKey().getPublicKey() == null) { throw new CodedException(X_INTERNAL_ERROR, "Key '%s' has no public key", message.getKeyId()); } PublicKey publicKey = readPublicKey(tokenAndKey.getKey().getPublicKey()); JcaPKCS10CertificationRequestBuilder certRequestBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(message.getSubjectName()), publicKey); ContentSigner signer = new TokenContentSigner(tokenAndKey); PKCS10CertificationRequest generatedRequest = certRequestBuilder.build(signer); String certReqId = TokenManager.addCertRequest(tokenAndKey.getKeyId(), message.getMemberId(), message.getSubjectName(), message.getKeyUsage()); return new GenerateCertRequestResponse(certReqId, convert(generatedRequest, message.getFormat()), message.getFormat()); }
From source file:ee.ria.xroad.signer.util.SignerUtil.java
License:Open Source License
/** * Creates a certificate. The certificate is valid for 2 years. * @param commonName the common name attribute * @param keyPair the key pair containing the public key * @param signer the signer of the certificate * @return the certificate/* w w w. ja v a 2s. co m*/ * @throws Exception if an error occurs */ public static X509Certificate createCertificate(String commonName, KeyPair keyPair, ContentSigner signer) throws Exception { Calendar cal = GregorianCalendar.getInstance(); cal.add(Calendar.YEAR, -1); Date notBefore = cal.getTime(); cal.add(Calendar.YEAR, 2); Date notAfter = cal.getTime(); X500Name subject = new X500Name("CN=" + commonName); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(subject, BigInteger.ONE, notBefore, notAfter, subject, keyPair.getPublic()); X509CertificateHolder holder = builder.build(signer); return new JcaX509CertificateConverter().getCertificate(holder); }
From source file:esteidhacker.FakeEstEIDCA.java
License:Open Source License
public X509Certificate generateUserCertificate(RSAPublicKey pubkey, boolean signature, String firstname, String lastname, String idcode, String email) throws InvalidKeyException, ParseException, IOException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException { Date startDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2015-01-01"); Date endDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2015-12-31"); String template = "C=EE,O=ESTEID,OU=%s,CN=%s\\,%s\\,%s,SURNAME=%s,GIVENNAME=%s,SERIALNUMBER=%s"; // Normalize. lastname = lastname.toUpperCase();/*from ww w .j a va 2 s . co m*/ firstname = firstname.toUpperCase(); idcode = idcode.toUpperCase(); email = email.toLowerCase(); String subject = String.format(template, (signature ? "digital signature" : "authentication"), lastname, firstname, idcode, lastname, firstname, idcode); byte[] serialBytes = new byte[16]; SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG"); rnd.nextBytes(serialBytes); serialBytes[0] &= 0x7F; // Can't be negative BigInteger serial = new BigInteger(serialBytes); X509CertificateHolder real; if (signature) { real = getRealCert("/resources/sk-sign.pem"); } else { real = getRealCert("/resources/sk-auth.pem"); } serial = real.getSerialNumber(); System.out.println("Generating from subject: " + real.getSubject()); System.out.println("Generating subject: " + new X500Name(subject).toString()); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), serial, startDate, endDate, new X500Name(subject), pubkey); @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions, except altName for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); if (ext.getExtnId().equals(Extension.subjectAlternativeName)) { // altName must be changed builder.addExtension(ext.getExtnId(), ext.isCritical(), new GeneralNames(new GeneralName(GeneralName.rfc822Name, email))); } else { builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); } } // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(cert); }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * /*from w w w .j av a 2 s.c o m*/ * @param keyPair * @return * @throws Exception */ public static X509CertificateHolder buildRootCert(X500Name subject, AsymmetricCipherKeyPair keyPair) throws Exception { if (subject == null) subject = new X500Name("CN = BETaaS Instance Root Certificate"); X509v1CertificateBuilder certBldr = new X509v1CertificateBuilder(subject, BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), subject, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(keyPair.getPublic())); AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(keyPair.getPrivate()); return certBldr.build(signer); }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * // w w w . j a v a2 s .c o m * @param intKey * @param caKey * @param caCert * @return * @throws Exception */ public static X509CertificateHolder buildIntermediateCert(X500Name subject, AsymmetricKeyParameter intKey, AsymmetricKeyParameter caKey, X509CertificateHolder caCert) throws Exception { SubjectPublicKeyInfo intKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(intKey); if (subject == null) subject = new X500Name("CN = BETaaS Instance CA Certificate"); X509v3CertificateBuilder certBldr = new X509v3CertificateBuilder(caCert.getSubject(), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), subject, intKeyInfo); X509ExtensionUtils extUtils = new X509ExtensionUtils(new SHA1DigestCalculator()); certBldr.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)) .addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(intKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(caKey); return certBldr.build(signer); }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * //from w w w.ja v a 2 s .c o m * @param entityKey - public key of the requesting GW * @param caKey * @param caCert * @return * @throws Exception */ public static X509CertificateHolder buildEndEntityCert(X500Name subject, AsymmetricKeyParameter entityKey, AsymmetricKeyParameter caKey, X509CertificateHolder caCert, String ufn) throws Exception { SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(entityKey); if (subject == null) subject = new X500Name("CN = BETaaS Gateway Certificate"); X509v3CertificateBuilder certBldr = new X509v3CertificateBuilder(caCert.getSubject(), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), subject, entityKeyInfo); X509ExtensionUtils extUtils = new X509ExtensionUtils(new SHA1DigestCalculator()); certBldr.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)) .addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(entityKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(false)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)) .addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, ufn))); AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(caKey); return certBldr.build(signer); }