Example usage for org.bouncycastle.asn1.x500 X500Name X500Name

List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x500.*
  5. X500Name
  6. X500Name

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x500 X500Name X500Name.

Prototype

public X500Name(X500NameStyle style, String dirName)

Source Link

Usage

From source file:net.sf.keystore_explorer.gui.crypto.DDistinguishedNameChooser.java

License:Open Source License

private void populate() {

    if (distinguishedName != null) {
        populateRdnField(distinguishedName, jtfCommonName, BCStyle.CN);
        populateRdnField(distinguishedName, jtfOrganisationUnit, BCStyle.OU);
        populateRdnField(distinguishedName, jtfOrganisationName, BCStyle.O);
        populateRdnField(distinguishedName, jtfLocalityName, BCStyle.L);
        populateRdnField(distinguishedName, jtfStateName, BCStyle.ST);
        populateRdnField(distinguishedName, jtfCountryCode, BCStyle.C);
        populateRdnField(distinguishedName, jtfEmailAddress, BCStyle.E);
    } else {//from  www. j a  va  2s  .  c  om

        // use default DN for populating DN fields?
        String defaultDN = applicationSettings.getDefaultDN();
        if (!StringUtils.isBlank(defaultDN)) {
            X500Name defaultX500Name = new X500Name(KseX500NameStyle.INSTANCE, defaultDN);
            populateRdnField(defaultX500Name, jtfCommonName, BCStyle.CN);
            populateRdnField(defaultX500Name, jtfOrganisationUnit, BCStyle.OU);
            populateRdnField(defaultX500Name, jtfOrganisationName, BCStyle.O);
            populateRdnField(defaultX500Name, jtfLocalityName, BCStyle.L);
            populateRdnField(defaultX500Name, jtfStateName, BCStyle.ST);
            populateRdnField(defaultX500Name, jtfCountryCode, BCStyle.C);
            populateRdnField(defaultX500Name, jtfEmailAddress, BCStyle.E);
        }
    }
}

From source file:net.sf.keystore_explorer.gui.crypto.JDistinguishedName.java

License:Open Source License

/**
 * Set distinguished name.//  w  w w . ja v  a2s.  c o  m
 *
 * @param distinguishedName
 *            Distinguished name
 */
public void setDistinguishedName(X500Name distinguishedName) {

    if (distinguishedName == null) {
        this.distinguishedName = new X500Name(KseX500NameStyle.INSTANCE, new RDN[0]);
    } else {
        this.distinguishedName = new X500Name(KseX500NameStyle.INSTANCE, distinguishedName.getRDNs());
    }
    populate();
}

From source file:org.apache.ranger.authorization.kafka.authorizer.KafkaRangerAuthorizerTest.java

License:Apache License

private static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial,
        String keystorePassword, String keystoreAlias, String keyPassword, KeyStore trustStore)
        throws Exception {

    // Create KeyPair
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048, new SecureRandom());
    KeyPair keyPair = keyPairGenerator.generateKeyPair();

    Date currentDate = new Date();
    Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);

    // Create X509Certificate
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
            new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate,
            new X500Name(RFC4519Style.INSTANCE, subjectName),
            SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
            .build(keyPair.getPrivate());
    X509Certificate certificate = new JcaX509CertificateConverter()
            .getCertificate(certBuilder.build(contentSigner));

    // Store Private Key + Certificate in Keystore
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(null, keystorePassword.toCharArray());
    keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(),
            new Certificate[] { certificate });

    File keystoreFile = File.createTempFile("kafkakeystore", ".jks");
    keystore.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray());

    // Now store the Certificate in the truststore
    trustStore.setCertificateEntry(keystoreAlias, certificate);

    return keystoreFile.getPath();

}

From source file:org.apache.ranger.authorization.kafka.authorizer.KafkaTestUtils.java

License:Apache License

public static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial,
        String keystorePassword, String keystoreAlias, String keyPassword, KeyStore trustStore)
        throws Exception {

    // Create KeyPair
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048, new SecureRandom());
    KeyPair keyPair = keyPairGenerator.generateKeyPair();

    Date currentDate = new Date();
    Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);

    // Create X509Certificate
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
            new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate,
            new X500Name(RFC4519Style.INSTANCE, subjectName),
            SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
            .build(keyPair.getPrivate());
    X509Certificate certificate = new JcaX509CertificateConverter()
            .getCertificate(certBuilder.build(contentSigner));

    // Store Private Key + Certificate in Keystore
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(null, keystorePassword.toCharArray());
    keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(),
            new Certificate[] { certificate });

    File keystoreFile = File.createTempFile("kafkakeystore", ".jks");
    try (OutputStream output = new FileOutputStream(keystoreFile)) {
        keystore.store(output, keystorePassword.toCharArray());
    }//from   ww  w. j av  a  2  s.c o m

    // Now store the Certificate in the truststore
    trustStore.setCertificateEntry(keystoreAlias, certificate);

    return keystoreFile.getPath();

}

From source file:org.apache.syncope.fit.core.SAML2ITCase.java

License:Apache License

private static void createKeystores() throws Exception {
    // Create KeyPair
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(1024, new SecureRandom());
    KeyPair keyPair = keyPairGenerator.generateKeyPair();

    Date currentDate = new Date();
    Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);

    // Create X509Certificate
    String issuerName = "CN=Issuer";
    String subjectName = "CN=Subject";
    BigInteger serial = new BigInteger("123456");
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
            new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate,
            new X500Name(RFC4519Style.INSTANCE, subjectName),
            SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
            .build(keyPair.getPrivate());
    X509Certificate certificate = new JcaX509CertificateConverter()
            .getCertificate(certBuilder.build(contentSigner));

    // Store Private Key + Certificate in Keystore
    KeyStore keystore = KeyStore.getInstance("JKS");
    keystore.load(null, "security".toCharArray());
    keystore.setKeyEntry("subject", keyPair.getPrivate(), "security".toCharArray(),
            new Certificate[] { certificate });

    File keystoreFile = File.createTempFile("samlkeystore", ".jks");
    try (OutputStream output = Files.newOutputStream(keystoreFile.toPath())) {
        keystore.store(output, "security".toCharArray());
    }/*from  w  w w. jav  a 2 s .co m*/
    keystorePath = keystoreFile.toPath();

    // Now store the Certificate in the truststore
    KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
    trustStore.load(null, "security".toCharArray());

    trustStore.setCertificateEntry("subject", certificate);

    File truststoreFile = File.createTempFile("samltruststore", ".jks");
    try (OutputStream output = Files.newOutputStream(truststoreFile.toPath())) {
        trustStore.store(output, "security".toCharArray());
    }
    truststorePath = truststoreFile.toPath();
}

From source file:org.cesecore.certificates.certificate.certextensions.standard.NameConstraint.java

License:Open Source License

/**
 * Converts a list of encoded strings of Name Constraints into ASN1 GeneralSubtree objects.
 * This is needed when creating an BouncyCastle ASN1 NameConstraint object for inclusion
 * in a certificate./* w w  w.  ja  v a2s .c  o  m*/
 */
public static GeneralSubtree[] toGeneralSubtrees(List<String> list) {
    if (list == null) {
        return new GeneralSubtree[0];
    }

    GeneralSubtree[] ret = new GeneralSubtree[list.size()];
    int i = 0;
    for (String entry : list) {
        int type = getNameConstraintType(entry);
        Object data = getNameConstraintData(entry);
        GeneralName genname;
        switch (type) {
        case GeneralName.dNSName:
        case GeneralName.rfc822Name:
            genname = new GeneralName(type, (String) data);
            break;
        case GeneralName.directoryName:
            genname = new GeneralName(new X500Name(CeSecoreNameStyle.INSTANCE, (String) data));
            break;
        case GeneralName.iPAddress:
            genname = new GeneralName(type, new DEROctetString((byte[]) data));
            break;
        default:
            throw new UnsupportedOperationException(
                    "Encoding of name constraint type " + type + " is not implemented.");
        }
        ret[i++] = new GeneralSubtree(genname);
    }
    return ret;
}

From source file:org.cesecore.certificates.certificate.certextensions.standard.NameConstraint.java

License:Open Source License

/**
 * Parses a single name constraint entry in human-readable form into
 * an encoded string for database storage etc. The intention is to make it possible
 * to change the human readable form at a later point.
 * /*  ww w . j  ava2  s.  com*/
 * This format is essentially a hex string representation of a RFC 5280 GeneralName,
 * but only DNS Names and IP Addresses are supported so far.
 * 
 * @throws CertificateExtensionException if the string can not be parsed.
 */
private static String parseNameConstraintEntry(String str) throws CertificateExtensionException {
    if (str.matches("^([0-9]+\\.){3,3}([0-9]+)/[0-9]+$")
            || str.matches("^[0-9a-fA-F]{0,4}:[0-9a-fA-F]{0,4}:[0-9a-fA-F:]*/[0-9]+$")) {
        // IPv4 or IPv6 address
        try {
            String[] pieces = str.split("/", 2);
            byte[] addr = InetAddress.getByName(pieces[0]).getAddress();
            byte[] encoded = new byte[2 * addr.length]; // will hold address and netmask
            System.arraycopy(addr, 0, encoded, 0, addr.length);

            // The second half in the encoded form is the netmask
            int netmask = Integer.parseInt(pieces[1]);
            if (netmask > 8 * addr.length) {
                throw new CertificateExtensionException("Netmask is too large: " + str);
            }
            for (int i = 0; i < netmask; i++) {
                encoded[addr.length + i / 8] |= 1 << (7 - i % 8);
            }
            // Clear host part from IP address
            for (int i = netmask; i < 8 * addr.length; i++) {
                encoded[i / 8] &= ~(1 << (7 - i % 8));
            }
            return "iPAddress:" + Hex.encodeHexString(encoded);
        } catch (UnknownHostException e) {
            throw new CertificateExtensionException("Failed to parse IP address in name constraint: " + str, e);
        }
    } else if (str.matches("^([0-9]+\\.){3,3}([0-9]+)$")) {
        // IP address without netmask. This is not a valid DNS name, so catch it here.
        throw new CertificateExtensionException("Name constraint entry with IP address is missing a netmask: "
                + str + ". Use /32 to match only this address.");
    } else if (str.matches("^\\.?([a-zA-Z0-9_-]+\\.)*[a-zA-Z0-9_-]+$")) {
        // DNS name (it can start with a ".", this means "all subdomains")
        return "dNSName:" + str;
    } else if (str.matches("^[^=,]*@[a-zA-Z0-9_.\\[\\]:-]+$")) {
        // RFC 822 Name (i.e. e-mail)
        if (str.startsWith("@")) {
            // In EJBCA, rfc822Names without a user part start with @ to distinguish them from domain names.
            // This is not the case in the encoded form.
            str = str.substring(1);
        }
        return "rfc822Name:" + str;
    } else if (str.contains("=")) {
        // Directory name
        return "directoryName:" + new X500Name(CeSecoreNameStyle.INSTANCE, str).toString();
    } else {
        throw new CertificateExtensionException(
                "Cannot parse name constraint entry (only DNS Name, RFC 822 Name, Directory Name, IPv4/Netmask and IPv6/Netmask are supported): "
                        + str);
    }
}

From source file:org.cesecore.certificates.certificate.request.PKCS10RequestMessage.java

License:Open Source License

@Override
public X500Name getRequestX500Name() {
    try {/*  w ww  .ja va2 s .co m*/
        if (pkcs10 == null) {
            init();
        }
    } catch (NullPointerException e) {
        log.error("PKCS10 not inited: " + e.getMessage());
        return null;
    }
    return new X500Name(new CeSecoreNameStyle(), pkcs10.getSubject());
}

From source file:org.cesecore.certificates.certificate.request.SimpleRequestMessage.java

License:Open Source License

@Override
public X500Name getRequestX500Name() {
    if (this.requestDN == null) {
        return null;
    }/*from  w w w.  j ava  2s.com*/
    return new X500Name(new CeSecoreNameStyle(), this.requestDN);
}

From source file:org.ejbca.core.model.ca.publisher.LdapPublisher.java

License:Open Source License

/**
 * Constructs the LDAP DN for a certificate to be published. Only DN objects defined by the publisher is used.
 * For each DN object to be published://from w w w.java 2  s  . co m
 *  First the certificate DN is search for this object.
 *  If no such certificate object then the userdata DN is searched.
 *  If no such userdata object either the object will not be a part of the LDAP DN.
 * @param certDN certificate DN
 * @param userDataDN user data DN
 * @return LDAP DN to be used.
 */
protected String constructLDAPDN(String certDN, String userDataDN) {
    if (log.isDebugEnabled()) {
        log.debug("DN in certificate '" + certDN + "'. DN in user data '" + userDataDN + "'.");
    }
    final DNFieldExtractor certExtractor = new DNFieldExtractor(certDN, DNFieldExtractor.TYPE_SUBJECTDN);
    final DNFieldExtractor userDataExtractor = userDataDN != null
            ? new DNFieldExtractor(userDataDN, DNFieldExtractor.TYPE_SUBJECTDN)
            : null;

    Collection<Integer> usefields = getUseFieldInLdapDN();
    if (usefields instanceof List<?>) {
        Collections.sort((List<Integer>) usefields);
    }
    final X500NameBuilder nameBuilder = new X500NameBuilder(LdapNameStyle.INSTANCE);
    for (Integer fieldNum : usefields) { // There must be at least one
        String dnField = certExtractor.getFieldString(fieldNum);
        if (StringUtils.isEmpty(dnField) && userDataExtractor != null) {
            dnField = userDataExtractor.getFieldString(fieldNum);
        }

        if (StringUtils.isNotEmpty(dnField)) {
            RDN rdn = new X500Name(LdapNameStyle.INSTANCE, dnField).getRDNs()[0];
            nameBuilder.addRDN(rdn.getFirst());
        }
    }

    String retval = nameBuilder.build().toString() + "," + this.getBaseDN();
    if (log.isDebugEnabled()) {
        log.debug("LdapPublisher: constructed DN: " + retval);
    }
    return retval;
}