List of usage examples for org.bouncycastle.asn1.x509 Extension subjectAlternativeName
ASN1ObjectIdentifier subjectAlternativeName
To view the source code for org.bouncycastle.asn1.x509 Extension subjectAlternativeName.
Click Source Link
From source file:com.aqnote.shared.cryptology.cert.gen.SingleX509V3Creator.java
License:Open Source License
public static X509Certificate generate(CertObject certObject, KeyPair keyPair) throws CertException { try {//from w ww . j ava2s . c o m X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "trust_device"))); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (CertIOException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.encrypt.cert.gen.SingleX509V3Creator.java
License:Open Source License
public static X509Certificate generate(MadCertificateObject certObject, KeyPair keyPair) throws CertException { try {/* w ww .j av a 2s .c o m*/ X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "trust_device"))); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (CertIOException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.bettertls.nameconstraints.KeyStoreGenerator.java
License:Apache License
public KeyStore build() throws Exception { KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA"); rsa.initialize(2048);/* ww w . jav a 2 s.c om*/ KeyPair kp = rsa.generateKeyPair(); X509CertificateHolder caCertHolder; if (caKeyEntry != null) { caCertHolder = new X509CertificateHolder(caKeyEntry.getCertificate().getEncoded()); } else { caCertHolder = null; } Calendar cal = Calendar.getInstance(); cal.add(Calendar.MONTH, 12); if (caCertHolder != null && cal.getTime().after(caCertHolder.getNotAfter())) { cal.setTime(caCertHolder.getNotAfter()); } byte[] pk = kp.getPublic().getEncoded(); SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk); String subjectNameStr = "C=US, ST=California, L=Los Gatos, O=Netflix Inc, OU=Platform Security (" + System.nanoTime() + ")"; if (commonName != null) { subjectNameStr += ", CN=" + commonName; } X500Name subjectName = new X500Name(subjectNameStr); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder( caCertHolder == null ? subjectName : caCertHolder.getSubject(), BigInteger.valueOf(System.nanoTime()), new Date(), cal.getTime(), subjectName, bcPk); certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(isCa)); if (nameConstraints != null) { certGen.addExtension(Extension.nameConstraints, true, nameConstraints); } if (sans != null) { certGen.addExtension(Extension.subjectAlternativeName, false, sans); } X509CertificateHolder certHolder = certGen.build(new JcaContentSignerBuilder("SHA256withRSA") .build(caKeyEntry == null ? kp.getPrivate() : caKeyEntry.getPrivateKey())); java.security.cert.Certificate certificate; try (ByteArrayInputStream bais = new ByteArrayInputStream(certHolder.getEncoded())) { certificate = CertificateFactory.getInstance("X.509").generateCertificate(bais); } java.security.cert.Certificate[] certificateChain; if (caKeyEntry == null) { certificateChain = new java.security.cert.Certificate[] { certificate }; } else { certificateChain = new java.security.cert.Certificate[caKeyEntry.getCertificateChain().length + 1]; certificateChain[0] = certificate; System.arraycopy(caKeyEntry.getCertificateChain(), 0, certificateChain, 1, caKeyEntry.getCertificateChain().length); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setKeyEntry(DEFAULT_ALIAS, kp.getPrivate(), KEYSTORE_PASSWORD.toCharArray(), certificateChain); return keyStore; }
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Sign the {@link #setKeysForSigning(AsymmetricKeys)} with itself and put it in certificateHolder. * * @param certificateDetails/*from ww w . jav a2 s. c o m*/ * some information to store in the certificate * @return this */ public RSACertificate selfSign(CertificateDetails certificateDetails) { AssertTools.assertNotNull(keysForSigning, "The keysForSigning is not set"); AssertTools.assertNull(certificateHolder, "The certificate already exists"); try { RSAKeyDetails keyDetails = rsaCrypt.retrieveKeyDetails(keysForSigning); PrivateKey privKey = keyDetails.getJcaPrivateKey(); PublicKey publicKey = keyDetails.getJcaPublicKey(); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privKey); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); Date startDate = certificateDetails.getStartDate(); Date endDate = certificateDetails.getEndDate(); BigInteger serial = certificateDetails.getSerial(); // Common Name X500Name issuer = new X500Name("CN=" + certificateDetails.getCommonName()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(issuer, serial, startDate, endDate, issuer, subPubKeyInfo); // Subject Alternative Names (DNS) if (!CollectionsTools.isNullOrEmpty(certificateDetails.getSanDns())) { GeneralName[] altNames = new GeneralName[certificateDetails.getSanDns().size()]; int i = 0; for (String sanDns : certificateDetails.getSanDns()) { altNames[i++] = new GeneralName(GeneralName.dNSName, sanDns); } GeneralNames subjectAltNames = new GeneralNames(altNames); certificateBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); } certificateHolder = certificateBuilder.build(sigGen); return this; } catch (Exception e) { throw new SmallToolsException("Problem signing the key", e); } }
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Sign another public key./*from www. j av a 2s. c om*/ * * @param publicKeyToSign * the public key to sign * @param certificateDetails * some information to store in the certificate * @return the new certificate */ public RSACertificate signPublicKey(AsymmetricKeys publicKeyToSign, CertificateDetails certificateDetails) { try { PrivateKey privKey = rsaCrypt.retrieveKeyDetails(keysForSigning).getJcaPrivateKey(); PublicKey publicKey = rsaCrypt.retrieveKeyDetails(publicKeyToSign).getJcaPublicKey(); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privKey); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); Date startDate = certificateDetails.getStartDate(); Date endDate = certificateDetails.getEndDate(); BigInteger serial = certificateDetails.getSerial(); X500Name issuer = new X500Name("CN=" + getCommonName()); X500Name subject = new X500Name("CN=" + certificateDetails.getCommonName()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(issuer, serial, startDate, endDate, subject, subPubKeyInfo); // Subject Alternative Names (DNS) if (!CollectionsTools.isNullOrEmpty(certificateDetails.getSanDns())) { GeneralName[] altNames = new GeneralName[certificateDetails.getSanDns().size()]; int i = 0; for (String sanDns : certificateDetails.getSanDns()) { altNames[i++] = new GeneralName(GeneralName.dNSName, sanDns); } GeneralNames subjectAltNames = new GeneralNames(altNames); certificateBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); } X509CertificateHolder newCert = certificateBuilder.build(sigGen); return new RSACertificate(newCert, publicKeyToSign); } catch (Exception e) { throw new SmallToolsException("Problem signing the key", e); } }
From source file:com.linkedin.mitm.services.IdentityCertificateService.java
License:Open Source License
/** * Fill subject alternate names in to signedCertificatebuilder to build new certificate * @param sans a list of subject alternate name. * * *//*from w ww . j a v a2s . c om*/ private void fillSans(List<ASN1Encodable> sans, X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException { if (!sans.isEmpty()) { ASN1Encodable[] encodables = sans.toArray(new ASN1Encodable[sans.size()]); x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(encodables)); } }
From source file:com.vmware.identity.openidconnect.client.TestUtils.java
License:Open Source License
static X509Certificate generateCertificate(KeyPair keyPair, String dn, String subjectAltName) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());/* w w w . j a v a 2s . com*/ if (subjectAltName != null) { v3CertGen .addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(subjectAltName)) })))); } X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.sts.auth.impl.UserCertAuthenticatorTest.java
License:Open Source License
private static X509Certificate generateCertificate(KeyPair keyPair, String dn) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//from w ww . j av a2 s . co m v3CertGen.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(upn)) })))); X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static String extractX509CSREmail(PKCS10CertificationRequest certReq) { String rfc822 = null;/*from w w w. ja va 2s .com*/ Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.rfc822Name) { rfc822 = (((DERIA5String) name.getName()).getString()); break; } } } } return rfc822; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest certReq) { List<String> dnsNames = new ArrayList<>(); Attribute[] attributes = certReq.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); for (Attribute attribute : attributes) { for (ASN1Encodable value : attribute.getAttributeValues()) { Extensions extensions = Extensions.getInstance(value); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); for (GeneralName name : gns.getNames()) { if (name.getTagNo() == GeneralName.dNSName) { dnsNames.add(((DERIA5String) name.getName()).getString()); }// w w w . j a v a 2s. co m } } } return dnsNames; }