List of usage examples for org.bouncycastle.asn1.x500 X500Name X500Name
public X500Name(X500NameStyle style, String dirName)
From source file:net.sf.keystore_explorer.gui.crypto.DDistinguishedNameChooser.java
License:Open Source License
private void populate() { if (distinguishedName != null) { populateRdnField(distinguishedName, jtfCommonName, BCStyle.CN); populateRdnField(distinguishedName, jtfOrganisationUnit, BCStyle.OU); populateRdnField(distinguishedName, jtfOrganisationName, BCStyle.O); populateRdnField(distinguishedName, jtfLocalityName, BCStyle.L); populateRdnField(distinguishedName, jtfStateName, BCStyle.ST); populateRdnField(distinguishedName, jtfCountryCode, BCStyle.C); populateRdnField(distinguishedName, jtfEmailAddress, BCStyle.E); } else {//from www. j a va 2s . c om // use default DN for populating DN fields? String defaultDN = applicationSettings.getDefaultDN(); if (!StringUtils.isBlank(defaultDN)) { X500Name defaultX500Name = new X500Name(KseX500NameStyle.INSTANCE, defaultDN); populateRdnField(defaultX500Name, jtfCommonName, BCStyle.CN); populateRdnField(defaultX500Name, jtfOrganisationUnit, BCStyle.OU); populateRdnField(defaultX500Name, jtfOrganisationName, BCStyle.O); populateRdnField(defaultX500Name, jtfLocalityName, BCStyle.L); populateRdnField(defaultX500Name, jtfStateName, BCStyle.ST); populateRdnField(defaultX500Name, jtfCountryCode, BCStyle.C); populateRdnField(defaultX500Name, jtfEmailAddress, BCStyle.E); } } }
From source file:net.sf.keystore_explorer.gui.crypto.JDistinguishedName.java
License:Open Source License
/** * Set distinguished name.// w w w . ja v a2s. c o m * * @param distinguishedName * Distinguished name */ public void setDistinguishedName(X500Name distinguishedName) { if (distinguishedName == null) { this.distinguishedName = new X500Name(KseX500NameStyle.INSTANCE, new RDN[0]); } else { this.distinguishedName = new X500Name(KseX500NameStyle.INSTANCE, distinguishedName.getRDNs()); } populate(); }
From source file:org.apache.ranger.authorization.kafka.authorizer.KafkaRangerAuthorizerTest.java
License:Apache License
private static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword, String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception { // Create KeyPair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Date currentDate = new Date(); Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); // Create X509Certificate X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); X509Certificate certificate = new JcaX509CertificateConverter() .getCertificate(certBuilder.build(contentSigner)); // Store Private Key + Certificate in Keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePassword.toCharArray()); keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] { certificate }); File keystoreFile = File.createTempFile("kafkakeystore", ".jks"); keystore.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray()); // Now store the Certificate in the truststore trustStore.setCertificateEntry(keystoreAlias, certificate); return keystoreFile.getPath(); }
From source file:org.apache.ranger.authorization.kafka.authorizer.KafkaTestUtils.java
License:Apache License
public static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword, String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception { // Create KeyPair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Date currentDate = new Date(); Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); // Create X509Certificate X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); X509Certificate certificate = new JcaX509CertificateConverter() .getCertificate(certBuilder.build(contentSigner)); // Store Private Key + Certificate in Keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePassword.toCharArray()); keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] { certificate }); File keystoreFile = File.createTempFile("kafkakeystore", ".jks"); try (OutputStream output = new FileOutputStream(keystoreFile)) { keystore.store(output, keystorePassword.toCharArray()); }//from ww w. j av a 2 s.c o m // Now store the Certificate in the truststore trustStore.setCertificateEntry(keystoreAlias, certificate); return keystoreFile.getPath(); }
From source file:org.apache.syncope.fit.core.SAML2ITCase.java
License:Apache License
private static void createKeystores() throws Exception { // Create KeyPair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Date currentDate = new Date(); Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L); // Create X509Certificate String issuerName = "CN=Issuer"; String subjectName = "CN=Subject"; BigInteger serial = new BigInteger("123456"); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .build(keyPair.getPrivate()); X509Certificate certificate = new JcaX509CertificateConverter() .getCertificate(certBuilder.build(contentSigner)); // Store Private Key + Certificate in Keystore KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "security".toCharArray()); keystore.setKeyEntry("subject", keyPair.getPrivate(), "security".toCharArray(), new Certificate[] { certificate }); File keystoreFile = File.createTempFile("samlkeystore", ".jks"); try (OutputStream output = Files.newOutputStream(keystoreFile.toPath())) { keystore.store(output, "security".toCharArray()); }/*from w w w. jav a 2 s .co m*/ keystorePath = keystoreFile.toPath(); // Now store the Certificate in the truststore KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, "security".toCharArray()); trustStore.setCertificateEntry("subject", certificate); File truststoreFile = File.createTempFile("samltruststore", ".jks"); try (OutputStream output = Files.newOutputStream(truststoreFile.toPath())) { trustStore.store(output, "security".toCharArray()); } truststorePath = truststoreFile.toPath(); }
From source file:org.cesecore.certificates.certificate.certextensions.standard.NameConstraint.java
License:Open Source License
/** * Converts a list of encoded strings of Name Constraints into ASN1 GeneralSubtree objects. * This is needed when creating an BouncyCastle ASN1 NameConstraint object for inclusion * in a certificate./* w w w. ja v a2s .c o m*/ */ public static GeneralSubtree[] toGeneralSubtrees(List<String> list) { if (list == null) { return new GeneralSubtree[0]; } GeneralSubtree[] ret = new GeneralSubtree[list.size()]; int i = 0; for (String entry : list) { int type = getNameConstraintType(entry); Object data = getNameConstraintData(entry); GeneralName genname; switch (type) { case GeneralName.dNSName: case GeneralName.rfc822Name: genname = new GeneralName(type, (String) data); break; case GeneralName.directoryName: genname = new GeneralName(new X500Name(CeSecoreNameStyle.INSTANCE, (String) data)); break; case GeneralName.iPAddress: genname = new GeneralName(type, new DEROctetString((byte[]) data)); break; default: throw new UnsupportedOperationException( "Encoding of name constraint type " + type + " is not implemented."); } ret[i++] = new GeneralSubtree(genname); } return ret; }
From source file:org.cesecore.certificates.certificate.certextensions.standard.NameConstraint.java
License:Open Source License
/** * Parses a single name constraint entry in human-readable form into * an encoded string for database storage etc. The intention is to make it possible * to change the human readable form at a later point. * /* ww w . j ava2 s. com*/ * This format is essentially a hex string representation of a RFC 5280 GeneralName, * but only DNS Names and IP Addresses are supported so far. * * @throws CertificateExtensionException if the string can not be parsed. */ private static String parseNameConstraintEntry(String str) throws CertificateExtensionException { if (str.matches("^([0-9]+\\.){3,3}([0-9]+)/[0-9]+$") || str.matches("^[0-9a-fA-F]{0,4}:[0-9a-fA-F]{0,4}:[0-9a-fA-F:]*/[0-9]+$")) { // IPv4 or IPv6 address try { String[] pieces = str.split("/", 2); byte[] addr = InetAddress.getByName(pieces[0]).getAddress(); byte[] encoded = new byte[2 * addr.length]; // will hold address and netmask System.arraycopy(addr, 0, encoded, 0, addr.length); // The second half in the encoded form is the netmask int netmask = Integer.parseInt(pieces[1]); if (netmask > 8 * addr.length) { throw new CertificateExtensionException("Netmask is too large: " + str); } for (int i = 0; i < netmask; i++) { encoded[addr.length + i / 8] |= 1 << (7 - i % 8); } // Clear host part from IP address for (int i = netmask; i < 8 * addr.length; i++) { encoded[i / 8] &= ~(1 << (7 - i % 8)); } return "iPAddress:" + Hex.encodeHexString(encoded); } catch (UnknownHostException e) { throw new CertificateExtensionException("Failed to parse IP address in name constraint: " + str, e); } } else if (str.matches("^([0-9]+\\.){3,3}([0-9]+)$")) { // IP address without netmask. This is not a valid DNS name, so catch it here. throw new CertificateExtensionException("Name constraint entry with IP address is missing a netmask: " + str + ". Use /32 to match only this address."); } else if (str.matches("^\\.?([a-zA-Z0-9_-]+\\.)*[a-zA-Z0-9_-]+$")) { // DNS name (it can start with a ".", this means "all subdomains") return "dNSName:" + str; } else if (str.matches("^[^=,]*@[a-zA-Z0-9_.\\[\\]:-]+$")) { // RFC 822 Name (i.e. e-mail) if (str.startsWith("@")) { // In EJBCA, rfc822Names without a user part start with @ to distinguish them from domain names. // This is not the case in the encoded form. str = str.substring(1); } return "rfc822Name:" + str; } else if (str.contains("=")) { // Directory name return "directoryName:" + new X500Name(CeSecoreNameStyle.INSTANCE, str).toString(); } else { throw new CertificateExtensionException( "Cannot parse name constraint entry (only DNS Name, RFC 822 Name, Directory Name, IPv4/Netmask and IPv6/Netmask are supported): " + str); } }
From source file:org.cesecore.certificates.certificate.request.PKCS10RequestMessage.java
License:Open Source License
@Override public X500Name getRequestX500Name() { try {/* w ww .ja va2 s .co m*/ if (pkcs10 == null) { init(); } } catch (NullPointerException e) { log.error("PKCS10 not inited: " + e.getMessage()); return null; } return new X500Name(new CeSecoreNameStyle(), pkcs10.getSubject()); }
From source file:org.cesecore.certificates.certificate.request.SimpleRequestMessage.java
License:Open Source License
@Override public X500Name getRequestX500Name() { if (this.requestDN == null) { return null; }/*from w w w. j ava 2s.com*/ return new X500Name(new CeSecoreNameStyle(), this.requestDN); }
From source file:org.ejbca.core.model.ca.publisher.LdapPublisher.java
License:Open Source License
/** * Constructs the LDAP DN for a certificate to be published. Only DN objects defined by the publisher is used. * For each DN object to be published://from w w w.java 2 s . co m * First the certificate DN is search for this object. * If no such certificate object then the userdata DN is searched. * If no such userdata object either the object will not be a part of the LDAP DN. * @param certDN certificate DN * @param userDataDN user data DN * @return LDAP DN to be used. */ protected String constructLDAPDN(String certDN, String userDataDN) { if (log.isDebugEnabled()) { log.debug("DN in certificate '" + certDN + "'. DN in user data '" + userDataDN + "'."); } final DNFieldExtractor certExtractor = new DNFieldExtractor(certDN, DNFieldExtractor.TYPE_SUBJECTDN); final DNFieldExtractor userDataExtractor = userDataDN != null ? new DNFieldExtractor(userDataDN, DNFieldExtractor.TYPE_SUBJECTDN) : null; Collection<Integer> usefields = getUseFieldInLdapDN(); if (usefields instanceof List<?>) { Collections.sort((List<Integer>) usefields); } final X500NameBuilder nameBuilder = new X500NameBuilder(LdapNameStyle.INSTANCE); for (Integer fieldNum : usefields) { // There must be at least one String dnField = certExtractor.getFieldString(fieldNum); if (StringUtils.isEmpty(dnField) && userDataExtractor != null) { dnField = userDataExtractor.getFieldString(fieldNum); } if (StringUtils.isNotEmpty(dnField)) { RDN rdn = new X500Name(LdapNameStyle.INSTANCE, dnField).getRDNs()[0]; nameBuilder.addRDN(rdn.getFirst()); } } String retval = nameBuilder.build().toString() + "," + this.getBaseDN(); if (log.isDebugEnabled()) { log.debug("LdapPublisher: constructed DN: " + retval); } return retval; }