List of usage examples for org.bouncycastle.asn1.x500 X500NameBuilder X500NameBuilder
public X500NameBuilder()
From source file:com.adaptris.core.security.JunitSecurityHelper.java
License:Apache License
private static CertificateBuilder getBuilder(String commonName) throws Exception { CertificateBuilder builder = CertificateBuilderFactory.getInstance().createBuilder(); CertificateParameter cp = new CertificateParameter(); X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(X509ObjectIdentifiers.countryName, "GB"); subject.addRDN(X509ObjectIdentifiers.stateOrProvinceName, "Middlesex"); subject.addRDN(X509ObjectIdentifiers.localityName, "Uxbridge"); subject.addRDN(X509ObjectIdentifiers.organization, "Adaptris"); subject.addRDN(X509ObjectIdentifiers.organizationalUnitName, "JUNIT"); subject.addRDN(X509ObjectIdentifiers.commonName, commonName); subject.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "myname@adaptris.com"); cp.setSignatureAlgorithm("SHA256WithRSAEncryption"); // Changed to 1024 as the key size, otherwise jdk8_66 appears to have a fit // wrt to java.security limiting the certpath algorithms // jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 (it was like this in _40, but doesn't // apparently break things cp.setKeyAlgorithm("RSA", 1024); cp.setSubjectInfo(subject.build());/*from w ww . j ava 2s .c om*/ builder.setCertificateParameters(cp); return builder; }
From source file:com.adaptris.security.Config.java
License:Apache License
public CertificateBuilder getBuilder(String commonName) throws Exception { CertificateBuilder builder = CertificateBuilderFactory.getInstance().createBuilder(); CertificateParameter cp = new CertificateParameter(); X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(X509ObjectIdentifiers.countryName, config.getProperty(CERTIFICATE_C)); subject.addRDN(X509ObjectIdentifiers.stateOrProvinceName, config.getProperty(CERTIFICATE_ST)); subject.addRDN(X509ObjectIdentifiers.localityName, config.getProperty(CERTIFICATE_L)); subject.addRDN(X509ObjectIdentifiers.organization, config.getProperty(CERTIFICATE_O)); subject.addRDN(X509ObjectIdentifiers.organizationalUnitName, config.getProperty(CERTIFICATE_OU)); subject.addRDN(X509ObjectIdentifiers.commonName, commonName); subject.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, config.getProperty(CERTIFICATE_EMAIL)); cp.setSignatureAlgorithm(config.getProperty(CERTIFICATE_SIGALG)); cp.setKeyAlgorithm(config.getProperty(CERTIFICATE_KEYALG), Integer.parseInt(config.getProperty(CERTIFICATE_KEYSIZE))); cp.setSubjectInfo(subject.build());/*from w ww .j a v a 2s . c om*/ builder.setCertificateParameters(cp); return builder; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createMasterCert(KeystoreConfig.Entry en, Keys keys) throws Exception { String label = en.getLabel() + "_CA"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);/*from w ww . ja v a2s .c o m*/ ContentSigner signer = new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV) .build(keys.caPrivate); X509CertificateHolder holder = new JcaX509v3CertificateBuilder(subject.build(), BigInteger.valueOf(1), en.getValidFrom(), en.getValidTo(), subject.build(), keys.caPublic).build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(keys.caPublic); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); return cert; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createIntermediateCert(KeystoreConfig.Entry en, Keys keys, X509Certificate caCert) throws Exception { String label = en.getLabel() + "_INTERMEDIATE"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);//from ww w.j a va 2 s . c o m X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(caCert, BigInteger.valueOf(2), en.getValidFrom(), en.getValidTo(), subject.build(), keys.intPublic); JcaX509ExtensionUtils eu = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, eu.createSubjectKeyIdentifier(keys.intPublic)); builder.addExtension(Extension.authorityKeyIdentifier, false, eu.createAuthorityKeyIdentifier(caCert)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); X509CertificateHolder holder = builder .build(new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV).build(keys.caPrivate)); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(caCert.getPublicKey()); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); return cert; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createCert(KeystoreConfig.Entry en, Keys keys) throws Exception { X500NameBuilder issuer = new X500NameBuilder(); issuer.addRDN(BCStyle.C, en.getX500_C()); issuer.addRDN(BCStyle.O, en.getX500_O()); issuer.addRDN(BCStyle.OU, en.getX500_OU()); issuer.addRDN(BCStyle.CN, en.getLabel() + "_INTERMEDIATE"); String label = en.getLabel() + "_CERT"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);// w w w. j a v a 2 s . co m X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer.build(), BigInteger.valueOf(3), en.getValidFrom(), en.getValidTo(), subject.build(), keys.certPublic); JcaX509ExtensionUtils eu = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, eu.createSubjectKeyIdentifier(keys.certPublic)); builder.addExtension(Extension.authorityKeyIdentifier, false, eu.createAuthorityKeyIdentifier(keys.caPublic)); X509CertificateHolder holder = builder .build(new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV).build(keys.caPrivate)); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(keys.caPublic); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, eu.createSubjectKeyIdentifier(keys.certPublic)); return cert; }
From source file:com.spotify.helios.client.tls.X509CertificateFactory.java
License:Apache License
private CertificateAndPrivateKey generate(final AgentProxy agentProxy, final Identity identity, final String username) { final UUID uuid = new UUID(); final Calendar calendar = Calendar.getInstance(); final X500Name issuerDN = new X500Name("C=US,O=Spotify,CN=helios-client"); final X500Name subjectDN = new X500NameBuilder().addRDN(BCStyle.UID, username).build(); calendar.add(Calendar.MILLISECOND, -validBeforeMilliseconds); final Date notBefore = calendar.getTime(); calendar.add(Calendar.MILLISECOND, validBeforeMilliseconds + validAfterMilliseconds); final Date notAfter = calendar.getTime(); // Reuse the UUID time as a SN final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs(); try {/*from w w w .j a v a 2s . co m*/ final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(KEY_SIZE, new SecureRandom()); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded())); final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjectPublicKeyInfo); final DigestCalculator digestCalculator = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator); final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo); final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier()); log.info("generating an X509 certificate for {} with key ID={} and identity={}", username, keyIdHex, identity.getComment()); builder.addExtension(Extension.subjectKeyIdentifier, false, keyId); builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo)); builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); final X509CertificateHolder holder = builder.build(new SshAgentContentSigner(agentProxy, identity)); final X509Certificate certificate = CERTIFICATE_CONVERTER.getCertificate(holder); log.debug("generated certificate:\n{}", asPEMString(certificate)); return new CertificateAndPrivateKey(certificate, keyPair.getPrivate()); } catch (Exception e) { throw Throwables.propagate(e); } }
From source file:com.spotify.sshagenttls.X509CertKeyCreator.java
License:Apache License
@Override public CertKey createCertKey(final String username, final X500Principal x500Principal) { final Calendar calendar = Calendar.getInstance(); final BigInteger serialNumber = BigInteger.valueOf(calendar.getTimeInMillis()).abs(); final X500Name issuerDn = new X500Name(x500Principal.getName(X500Principal.RFC1779)); final X500Name subjectDn = new X500NameBuilder().addRDN(BCStyle.UID, username).build(); calendar.add(Calendar.MILLISECOND, -validBeforeMillis); final Date notBefore = calendar.getTime(); calendar.add(Calendar.MILLISECOND, validBeforeMillis + validAfterMillis); final Date notAfter = calendar.getTime(); try {/* w w w . jav a2 s. c o m*/ final KeyPair keyPair = generateRandomKeyPair(); final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded())); final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerDn, serialNumber, notBefore, notAfter, subjectDn, subjectPublicKeyInfo); final DigestCalculator digestCalculator = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator); final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo); final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier()); LOG.info("generating an X.509 certificate for {} with key ID={}", username, keyIdHex); builder.addExtension(Extension.subjectKeyIdentifier, false, keyId); builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo)); builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); final X509CertificateHolder holder = builder.build(contentSigner); final X509Certificate cert = CERT_CONVERTER.getCertificate(holder); LOG.debug("generated certificate:\n{}", Utils.asPemString(cert)); return CertKey.create(cert, keyPair.getPrivate()); } catch (Exception e) { throw new RuntimeException(e); } }
From source file:com.spotify.sshtlsclient.X509CertificateFactory.java
License:Apache License
static Certificate get(final SshAgentContentSigner signer, final Identity identity, final String username) { final UUID uuid = new UUID(); final Calendar calendar = Calendar.getInstance(); final X500Name issuerDN = new X500Name("C=US,O=Spotify,CN=helios-client"); final X500Name subjectDN = new X500NameBuilder().addRDN(BCStyle.UID, username).build(); final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(ASN1Sequence.getInstance(identity.getPublicKey().getEncoded())); calendar.add(Calendar.HOUR, -HOURS_BEFORE); final Date notBefore = calendar.getTime(); calendar.add(Calendar.HOUR, HOURS_BEFORE + HOURS_AFTER); final Date notAfter = calendar.getTime(); // Reuse the UUID time as a SN final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs(); final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjectPublicKeyInfo); try {/*from w ww .j av a 2 s . c o m*/ final DigestCalculator digestCalculator = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator); builder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(subjectPublicKeyInfo)); builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo)); builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); final X509CertificateHolder holder = builder.build(signer); return new Certificate(new org.bouncycastle.asn1.x509.Certificate[] { holder.toASN1Structure(), }); } catch (Exception e) { throw Throwables.propagate(e); } }
From source file:org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator.java
License:Open Source License
public X509Certificate generateSelfSigned(KeyPair keyPair, Date notBefore, Date notAfter, @Nullable String commonName, @Nullable String organization, @Nullable String organizationalUnit, @Nullable String localityName, @Nullable String stateName, @Nullable String countryCode, @Nullable String applicationUri, List<String> dnsNames, List<String> ipAddresses, String signatureAlgorithm) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(); if (commonName != null) { nameBuilder.addRDN(BCStyle.CN, commonName); }/*from ww w . j a v a2 s . c o m*/ if (organization != null) { nameBuilder.addRDN(BCStyle.O, organization); } if (organizationalUnit != null) { nameBuilder.addRDN(BCStyle.OU, organizationalUnit); } if (localityName != null) { nameBuilder.addRDN(BCStyle.L, localityName); } if (stateName != null) { nameBuilder.addRDN(BCStyle.ST, stateName); } if (countryCode != null) { nameBuilder.addRDN(BCStyle.C, countryCode); } X500Name name = nameBuilder.build(); // Using the current timestamp as the certificate serial number BigInteger certSerialNumber = new BigInteger(Long.toString(System.currentTimeMillis())); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(keyPair.getPublic().getEncoded()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name, certSerialNumber, notBefore, notAfter, name, subjectPublicKeyInfo); BasicConstraints basicConstraints = new BasicConstraints(true); // Authority Key Identifier addAuthorityKeyIdentifier(certificateBuilder, keyPair); // Basic Constraints addBasicConstraints(certificateBuilder, basicConstraints); // Key Usage addKeyUsage(certificateBuilder); // Extended Key Usage addExtendedKeyUsage(certificateBuilder); // Subject Alternative Name addSubjectAlternativeNames(certificateBuilder, keyPair, applicationUri, dnsNames, ipAddresses); ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm) .setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate()); X509CertificateHolder certificateHolder = certificateBuilder.build(contentSigner); return new JcaX509CertificateConverter().getCertificate(certificateHolder); }
From source file:org.kontalk.certgen.X509Bridge.java
License:Open Source License
public static X509Certificate createCertificate(PGPPublicKeyRing publicKeyRing, PGPPrivateKey privateKey, String subjectAltName)/*from w ww . j av a 2s .c o m*/ throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, PGPException, IOException, OperatorCreationException { X500NameBuilder x500NameBuilder = new X500NameBuilder(); /* * The X.509 Name to be the subject DN is prepared. * The CN is extracted from the Secret Key user ID. */ x500NameBuilder.addRDN(BCStyle.O, DN_COMMON_PART_O); PGPPublicKey publicKey = publicKeyRing.getPublicKey(); for (@SuppressWarnings("unchecked") Iterator<Object> it = publicKey.getUserIDs(); it.hasNext();) { Object attrib = it.next(); x500NameBuilder.addRDN(BCStyle.CN, attrib.toString()); } X500Name x509name = x500NameBuilder.build(); /* * To check the signature from the certificate on the recipient side, * the creation time needs to be embedded in the certificate. * It seems natural to make this creation time be the "not-before" * date of the X.509 certificate. * Unlimited PGP keys have a validity of 0 second. In this case, * the "not-after" date will be the same as the not-before date. * This is something that needs to be checked by the service * receiving this certificate. */ Date creationTime = publicKey.getCreationTime(); Date validTo = null; if (publicKey.getValidSeconds() > 0) validTo = new Date(creationTime.getTime() + 1000L * publicKey.getValidSeconds()); return createCertificate(PGP.convertPublicKey(publicKey), PGP.convertPrivateKey(privateKey), x509name, creationTime, validTo, subjectAltName, publicKeyRing.getEncoded()); }