List of usage examples for org.bouncycastle.asn1.x509 Extension keyUsage
ASN1ObjectIdentifier keyUsage
To view the source code for org.bouncycastle.asn1.x509 Extension keyUsage.
Click Source Link
From source file:craterdog.security.RsaCertificateManager.java
License:Open Source License
@Override public X509Certificate createCertificateAuthority(PrivateKey privateKey, PublicKey publicKey, String subjectString, BigInteger serialNumber, long lifetime) { try {/*from w w w . ja va 2 s. c om*/ logger.entry(); logger.debug("Initializing the certificate generator..."); Date startDate = new Date(); Date expiryDate = new Date(startDate.getTime() + lifetime); X500Principal issuer = new X500Principal(subjectString); X500Principal subject = new X500Principal(subjectString); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate, expiryDate, subject, publicKey); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(publicKey)); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); // adds CA:TRUE extension builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); ContentSigner signer = new JcaContentSignerBuilder(ASYMMETRIC_SIGNATURE_ALGORITHM) .setProvider(PROVIDER_NAME).build(privateKey); X509Certificate result = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME) .getCertificate(builder.build(signer)); result.checkValidity(new Date()); result.verify(result.getPublicKey()); logger.exit(); return result; } catch (CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | NoSuchProviderException | NoSuchAlgorithmException | SignatureException e) { RuntimeException exception = new RuntimeException( "An unexpected exception occurred while attempting to generate a new certificate authority.", e); throw logger.throwing(exception); } }
From source file:craterdog.security.RsaCertificateManager.java
License:Open Source License
@Override public X509Certificate createCertificate(PrivateKey caPrivateKey, X509Certificate caCertificate, PublicKey publicKey, String subjectString, BigInteger serialNumber, long lifetime) { try {/* w w w .ja v a 2 s .c o m*/ logger.entry(); logger.debug("Initializing the certificate generator..."); Date startDate = new Date(); Date expiryDate = new Date(startDate.getTime() + lifetime); X509Certificate issuer = caCertificate; X500Principal subject = new X500Principal(subjectString); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate, expiryDate, subject, publicKey); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCertificate)); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); ContentSigner signer = new JcaContentSignerBuilder(ASYMMETRIC_SIGNATURE_ALGORITHM) .setProvider(PROVIDER_NAME).build(caPrivateKey); X509Certificate result = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME) .getCertificate(builder.build(signer)); result.checkValidity(new Date()); result.verify(caCertificate.getPublicKey()); logger.exit(); return result; } catch (CertIOException | OperatorCreationException | CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) { RuntimeException exception = new RuntimeException( "An unexpected exception occurred while attempting to generate a new certificate.", e); throw logger.throwing(exception); } }
From source file:de.petendi.commons.crypto.connector.BCConnector.java
License:Apache License
@Override public X509Certificate createCertificate(String dn, String issuer, String crlUri, PublicKey publicKey, PrivateKey privateKey) throws CryptoException { Calendar date = Calendar.getInstance(); // Serial Number BigInteger serialNumber = BigInteger.valueOf(date.getTimeInMillis()); // Subject and Issuer DN X500Name subjectDN = new X500Name(dn); X500Name issuerDN = new X500Name(issuer); // Validity//w ww . j a v a 2 s . co m Date notBefore = date.getTime(); date.add(Calendar.YEAR, 20); Date notAfter = date.getTime(); // SubjectPublicKeyInfo SubjectPublicKeyInfo subjPubKeyInfo = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(publicKey.getEncoded())); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo); DigestCalculator digCalc = null; try { digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); // Subject Key Identifier certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo)); // Authority Key Identifier certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo)); // Key Usage certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.dataEncipherment)); if (crlUri != null) { // CRL Distribution Points DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlUri))); DistributionPoint[] distPoints = new DistributionPoint[1]; distPoints[0] = new DistributionPoint(distPointOne, null, null); certGen.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(distPoints)); } // Content Signer ContentSigner sigGen = new JcaContentSignerBuilder(getSignAlgorithm()).setProvider(getProviderName()) .build(privateKey); // Certificate return new JcaX509CertificateConverter().setProvider(getProviderName()) .getCertificate(certGen.build(sigGen)); } catch (Exception e) { throw new CryptoException(e); } }
From source file:de.rub.nds.tlsattacker.tlsserver.KeyStoreGenerator.java
License:Apache License
public static KeyStore createKeyStore(KeyPair keyPair) throws CertificateException, IOException, InvalidKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, OperatorCreationException { PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); X500Name issuerName = new X500Name("CN=127.0.0.1, O=TLS-Attacker, L=RUB, ST=NRW, C=DE"); X500Name subjectName = issuerName; BigInteger serial = BigInteger.valueOf(new SecureRandom().nextInt()); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, BEFORE, AFTER, subjectName, publicKey);//from www . j av a 2s .co m builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment); builder.addExtension(Extension.keyUsage, false, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); String algorithm = createSigningAlgorithm(keyPair); X509Certificate cert = signCertificate(algorithm, builder, privateKey); cert.checkValidity(new Date()); cert.verify(publicKey); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); keyStore.setKeyEntry(ALIAS, privateKey, PASSWORD.toCharArray(), new java.security.cert.Certificate[] { cert }); return keyStore; }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * /*w w w. j a v a 2 s. c o m*/ * @param intKey * @param caKey * @param caCert * @return * @throws Exception */ public static X509CertificateHolder buildIntermediateCert(X500Name subject, AsymmetricKeyParameter intKey, AsymmetricKeyParameter caKey, X509CertificateHolder caCert) throws Exception { SubjectPublicKeyInfo intKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(intKey); if (subject == null) subject = new X500Name("CN = BETaaS Instance CA Certificate"); X509v3CertificateBuilder certBldr = new X509v3CertificateBuilder(caCert.getSubject(), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), subject, intKeyInfo); X509ExtensionUtils extUtils = new X509ExtensionUtils(new SHA1DigestCalculator()); certBldr.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)) .addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(intKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(caKey); return certBldr.build(signer); }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * /*from w w w .ja v a 2s . com*/ * @param entityKey - public key of the requesting GW * @param caKey * @param caCert * @return * @throws Exception */ public static X509CertificateHolder buildEndEntityCert(X500Name subject, AsymmetricKeyParameter entityKey, AsymmetricKeyParameter caKey, X509CertificateHolder caCert, String ufn) throws Exception { SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(entityKey); if (subject == null) subject = new X500Name("CN = BETaaS Gateway Certificate"); X509v3CertificateBuilder certBldr = new X509v3CertificateBuilder(caCert.getSubject(), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), subject, entityKeyInfo); X509ExtensionUtils extUtils = new X509ExtensionUtils(new SHA1DigestCalculator()); certBldr.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)) .addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(entityKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(false)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)) .addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, ufn))); AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(caKey); return certBldr.build(signer); }
From source file:eu.europa.esig.dss.test.gen.CertificateService.java
License:Open Source License
public CertificateToken generateRootCertificateWithCrl(SignatureAlgorithm algorithm, X500Name subject, X500Name issuer, PrivateKey issuerPrivateKey, PublicKey publicKey, Date notBefore, Date notAfter) throws Exception { // generate certificate final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer, new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);// w ww . j av a 2 s.c o m certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); // Sign the new certificate with the private key of the trusted third final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerPrivateKey); final X509CertificateHolder holder = certBuilder.build(signer); final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509") .generateCertificate(new ByteArrayInputStream(holder.getEncoded())); return new CertificateToken(cert); }
From source file:eu.europa.esig.dss.test.gen.CertificateService.java
License:Open Source License
public CertificateToken generateRootCertificateWithoutCrl(SignatureAlgorithm algorithm, X500Name subject, X500Name issuer, PrivateKey issuerPrivateKey, PublicKey publicKey, Date notBefore, Date notAfter) throws Exception { // generate certificate final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); final X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer, new BigInteger("" + new Random().nextInt(10) + System.currentTimeMillis()), notBefore, notAfter, subject, keyInfo);//from ww w . j a v a 2 s . co m certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign)); // Sign the new certificate with the private key of the trusted third final ContentSigner signer = new JcaContentSignerBuilder(algorithm.getJCEId()) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerPrivateKey); final X509CertificateHolder holder = certBuilder.build(signer); final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X509") .generateCertificate(new ByteArrayInputStream(holder.getEncoded())); return new CertificateToken(cert); }
From source file:fi.aalto.cs.drumbeat.CACertificateCreator.java
License:Open Source License
public X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) { X509Certificate ca_cert = null; try {// ww w . j a v a 2 s . c om X500Name issuerName = new X500Name("CN=" + data_store.getCa_certificate().getCommon_name() + ", O=" + data_store.getCa_certificate().getOrganization() + ", L=" + data_store.getCa_certificate().getCity() + ", ST=" + data_store.getCa_certificate().getCountry().getCountry_Name() + ", C=" + data_store.getCa_certificate().getCountry().getCountry_Code()); X500Name subjectName = issuerName; BigInteger serial = BigInteger.valueOf(new Random().nextInt()); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, CertificateCommons.NOT_BEFORE, CertificateCommons.NOT_AFTER, subjectName, publicKey); builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign); builder.addExtension(Extension.keyUsage, false, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); ca_cert = signCertificate(builder, privateKey); ca_cert.checkValidity(new Date()); ca_cert.verify(publicKey); } catch (Exception e) { e.printStackTrace(); } return ca_cert; }
From source file:io.kodokojo.commons.utils.ssl.SSLUtils.java
License:Open Source License
private static void addASN1AndKeyUsageExtensions(JcaX509v3CertificateBuilder certificateBuilder) throws CertIOException { ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); certificateBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); KeyUsage keyUsage = new KeyUsage( keyCertSign | digitalSignature | keyEncipherment | dataEncipherment | cRLSign); certificateBuilder.addExtension(Extension.keyUsage, false, keyUsage); }