List of usage examples for org.bouncycastle.asn1.x509 Extension basicConstraints
ASN1ObjectIdentifier basicConstraints
To view the source code for org.bouncycastle.asn1.x509 Extension basicConstraints.
Click Source Link
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
License:Open Source License
private X509Certificate createMiddleCaCert(X500Name subject, PublicKey pubKey, KeyPair pKeyPair, X500Name issuer) throws Exception { BigInteger sno = BigInteger.valueOf(3); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, sno, nb, na, subject, pubKey);// w w w . j a v a2 s . com addSubjectKID(certBuilder, pubKey); addAuthorityKID(certBuilder, pKeyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(3)); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU)); X509Certificate certificate = signCert(certBuilder, pKeyPair.getPrivate()); certificate.checkValidity(new Date()); certificate.verify(pKeyPair.getPublic()); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.cryptology.cert.gen.SingleX509V3Creator.java
License:Open Source License
public static X509Certificate generate(CertObject certObject, KeyPair keyPair) throws CertException { try {//from w w w. j a va 2s. co m X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "trust_device"))); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (CertIOException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
License:Open Source License
public X509Certificate createRootCaCert(final KeyPair keyPair) throws Exception { PublicKey pubKey = keyPair.getPublic(); PrivateKey privKey = keyPair.getPrivate(); X500Name idn = X500NameUtil.createRootPrincipal(); BigInteger sno = BigInteger.valueOf(1); Date nb = new Date(System.currentTimeMillis() - ONE_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, idn, pubKey); addSubjectKID(certBuilder, pubKey);// w w w .ja v a2 s .c o m addAuthorityKID(certBuilder, pubKey); addCRLDistributionPoints(certBuilder); addAuthorityInfoAccess(certBuilder); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(Boolean.TRUE)); X509Certificate certificate = signCert(certBuilder, privKey); certificate.checkValidity(new Date()); certificate.verify(pubKey); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
License:Open Source License
public X509Certificate createClass3RootCert(KeyPair keyPair, PrivateKey ppk, X509Certificate caCert) throws Exception { X500Name idn = CertificateUtil.getSubject(caCert); BigInteger sno = BigInteger.valueOf(5); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X500Name sdn = X500NameUtil.createClass3RootPrincipal(); PublicKey pubKey = keyPair.getPublic(); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, sdn, pubKey); addSubjectKID(certBuilder, pubKey);/*w w w.ja v a 2 s . c o m*/ addAuthorityKID(certBuilder, caCert.getPublicKey()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(Boolean.TRUE)); X509Certificate certificate = signCert(certBuilder, ppk); certificate.checkValidity(new Date()); certificate.verify(caCert.getPublicKey()); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
License:Open Source License
public X509Certificate createClass1CaCert(KeyPair keyPair, PrivateKey ppk, X509Certificate caCert) throws Exception { X500Name idn = CertificateUtil.getSubject(caCert); BigInteger sno = BigInteger.valueOf(3); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X500Name sdn = X500NameUtil.createClass1RootPrincipal(); PublicKey pubKey = keyPair.getPublic(); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, sdn, pubKey); addSubjectKID(certBuilder, pubKey);/*from w ww .j a va 2 s .c o m*/ addAuthorityKID(certBuilder, caCert.getPublicKey()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(3)); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU)); X509Certificate certificate = signCert(certBuilder, ppk); certificate.checkValidity(new Date()); certificate.verify(caCert.getPublicKey()); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.encrypt.cert.gen.SingleX509V3Creator.java
License:Open Source License
public static X509Certificate generate(MadCertificateObject certObject, KeyPair keyPair) throws CertException { try {/*from ww w .ja v a 2 s.c o m*/ X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "trust_device"))); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (CertIOException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.bettertls.nameconstraints.KeyStoreGenerator.java
License:Apache License
public KeyStore build() throws Exception { KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA"); rsa.initialize(2048);//from w ww . j ava 2 s. c om KeyPair kp = rsa.generateKeyPair(); X509CertificateHolder caCertHolder; if (caKeyEntry != null) { caCertHolder = new X509CertificateHolder(caKeyEntry.getCertificate().getEncoded()); } else { caCertHolder = null; } Calendar cal = Calendar.getInstance(); cal.add(Calendar.MONTH, 12); if (caCertHolder != null && cal.getTime().after(caCertHolder.getNotAfter())) { cal.setTime(caCertHolder.getNotAfter()); } byte[] pk = kp.getPublic().getEncoded(); SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk); String subjectNameStr = "C=US, ST=California, L=Los Gatos, O=Netflix Inc, OU=Platform Security (" + System.nanoTime() + ")"; if (commonName != null) { subjectNameStr += ", CN=" + commonName; } X500Name subjectName = new X500Name(subjectNameStr); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder( caCertHolder == null ? subjectName : caCertHolder.getSubject(), BigInteger.valueOf(System.nanoTime()), new Date(), cal.getTime(), subjectName, bcPk); certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(isCa)); if (nameConstraints != null) { certGen.addExtension(Extension.nameConstraints, true, nameConstraints); } if (sans != null) { certGen.addExtension(Extension.subjectAlternativeName, false, sans); } X509CertificateHolder certHolder = certGen.build(new JcaContentSignerBuilder("SHA256withRSA") .build(caKeyEntry == null ? kp.getPrivate() : caKeyEntry.getPrivateKey())); java.security.cert.Certificate certificate; try (ByteArrayInputStream bais = new ByteArrayInputStream(certHolder.getEncoded())) { certificate = CertificateFactory.getInstance("X.509").generateCertificate(bais); } java.security.cert.Certificate[] certificateChain; if (caKeyEntry == null) { certificateChain = new java.security.cert.Certificate[] { certificate }; } else { certificateChain = new java.security.cert.Certificate[caKeyEntry.getCertificateChain().length + 1]; certificateChain[0] = certificate; System.arraycopy(caKeyEntry.getCertificateChain(), 0, certificateChain, 1, caKeyEntry.getCertificateChain().length); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setKeyEntry(DEFAULT_ALIAS, kp.getPrivate(), KEYSTORE_PASSWORD.toCharArray(), certificateChain); return keyStore; }
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
private void generateX509() throws Exception { SecureRandom random = new SecureRandom(); X500Name dnName = new X500Name(Subject); Calendar endValidity = Calendar.getInstance(); endValidity.add(Calendar.YEAR, validityYear); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); X509v3CertificateBuilder gen = new X509v3CertificateBuilder( authorityCertificate == null ? dnName : authorityCertificate.getSubject(), BigIntegers.createRandomInRange(BigInteger.ZERO, BigInteger.valueOf(Long.MAX_VALUE), random), new Date(), endValidity.getTime(), dnName, publicKeyInfo); // Public key ID DigestCalculator digCalc = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); gen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo)); // EKU//from www. j ava 2s . co m gen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU)); // Basic constraints (is CA?) if (authorityCertificate == null) { gen.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); } // Key usage gen.addExtension(Extension.keyUsage, true, new KeyUsage(keyUsage)); // Subject Alt names ? // Authority if (authorityCertificate != null) { gen.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(authorityCertificate.getSubjectPublicKeyInfo())); } // Signer ContentSigner signer = new JcaContentSignerBuilder("SHA512WithRSAEncryption") .setProvider(Constants.JCA_PROVIDER).build(authorityKey == null ? privateKey : authorityKey); // Go holder = gen.build(signer); }
From source file:com.linkedin.mitm.services.CACertificateService.java
License:Open Source License
protected void buildExtensions(X509v3CertificateBuilder x509v3CertificateBuilder, PublicKey publicKey) throws IOException { x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); // The Key Usage, Extended Key Usage, and Basic Constraints extensions act together to define the purposes for // which the certificate is intended to be used x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, BASIC_CONSTRAINTS); x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, KEY_USAGE); x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, EXTERNAL_KEY_USAGE); }
From source file:com.linkedin.mitm.services.IdentityCertificateService.java
License:Open Source License
@Override protected void buildExtensions(X509v3CertificateBuilder x509v3CertificateBuilder, PublicKey publicKey) throws IOException { x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); x509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, BASIC_CONSTRAINTS); }