List of usage examples for org.bouncycastle.asn1.x509 Extension subjectKeyIdentifier
ASN1ObjectIdentifier subjectKeyIdentifier
To view the source code for org.bouncycastle.asn1.x509 Extension subjectKeyIdentifier.
Click Source Link
From source file:craterdog.security.RsaCertificateManager.java
License:Open Source License
@Override public X509Certificate createCertificateAuthority(PrivateKey privateKey, PublicKey publicKey, String subjectString, BigInteger serialNumber, long lifetime) { try {//from w w w . ja va 2 s .c o m logger.entry(); logger.debug("Initializing the certificate generator..."); Date startDate = new Date(); Date expiryDate = new Date(startDate.getTime() + lifetime); X500Principal issuer = new X500Principal(subjectString); X500Principal subject = new X500Principal(subjectString); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate, expiryDate, subject, publicKey); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(publicKey)); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); // adds CA:TRUE extension builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); ContentSigner signer = new JcaContentSignerBuilder(ASYMMETRIC_SIGNATURE_ALGORITHM) .setProvider(PROVIDER_NAME).build(privateKey); X509Certificate result = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME) .getCertificate(builder.build(signer)); result.checkValidity(new Date()); result.verify(result.getPublicKey()); logger.exit(); return result; } catch (CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | NoSuchProviderException | NoSuchAlgorithmException | SignatureException e) { RuntimeException exception = new RuntimeException( "An unexpected exception occurred while attempting to generate a new certificate authority.", e); throw logger.throwing(exception); } }
From source file:craterdog.security.RsaCertificateManager.java
License:Open Source License
@Override public X509Certificate createCertificate(PrivateKey caPrivateKey, X509Certificate caCertificate, PublicKey publicKey, String subjectString, BigInteger serialNumber, long lifetime) { try {/*from w ww . j av a2 s .c om*/ logger.entry(); logger.debug("Initializing the certificate generator..."); Date startDate = new Date(); Date expiryDate = new Date(startDate.getTime() + lifetime); X509Certificate issuer = caCertificate; X500Principal subject = new X500Principal(subjectString); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate, expiryDate, subject, publicKey); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCertificate)); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); ContentSigner signer = new JcaContentSignerBuilder(ASYMMETRIC_SIGNATURE_ALGORITHM) .setProvider(PROVIDER_NAME).build(caPrivateKey); X509Certificate result = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME) .getCertificate(builder.build(signer)); result.checkValidity(new Date()); result.verify(caCertificate.getPublicKey()); logger.exit(); return result; } catch (CertIOException | OperatorCreationException | CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) { RuntimeException exception = new RuntimeException( "An unexpected exception occurred while attempting to generate a new certificate.", e); throw logger.throwing(exception); } }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private void addKeyIdentifierExtensions(X509v3CertificateBuilder crtBuilder, PublicKey publicKey, PublicKey issuerPublicKey) throws IOException, GeneralSecurityException { JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); crtBuilder.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(publicKey)); if (!publicKey.equals(issuerPublicKey)) { crtBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerPublicKey)); }/*from w w w.ja va2 s.c om*/ }
From source file:de.petendi.commons.crypto.connector.BCConnector.java
License:Apache License
@Override public X509Certificate createCertificate(String dn, String issuer, String crlUri, PublicKey publicKey, PrivateKey privateKey) throws CryptoException { Calendar date = Calendar.getInstance(); // Serial Number BigInteger serialNumber = BigInteger.valueOf(date.getTimeInMillis()); // Subject and Issuer DN X500Name subjectDN = new X500Name(dn); X500Name issuerDN = new X500Name(issuer); // Validity//from ww w. j a v a2s.com Date notBefore = date.getTime(); date.add(Calendar.YEAR, 20); Date notAfter = date.getTime(); // SubjectPublicKeyInfo SubjectPublicKeyInfo subjPubKeyInfo = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(publicKey.getEncoded())); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo); DigestCalculator digCalc = null; try { digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); // Subject Key Identifier certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo)); // Authority Key Identifier certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo)); // Key Usage certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.dataEncipherment)); if (crlUri != null) { // CRL Distribution Points DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlUri))); DistributionPoint[] distPoints = new DistributionPoint[1]; distPoints[0] = new DistributionPoint(distPointOne, null, null); certGen.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(distPoints)); } // Content Signer ContentSigner sigGen = new JcaContentSignerBuilder(getSignAlgorithm()).setProvider(getProviderName()) .build(privateKey); // Certificate return new JcaX509CertificateConverter().setProvider(getProviderName()) .getCertificate(certGen.build(sigGen)); } catch (Exception e) { throw new CryptoException(e); } }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * /* w w w. ja va 2 s . c o m*/ * @param intKey * @param caKey * @param caCert * @return * @throws Exception */ public static X509CertificateHolder buildIntermediateCert(X500Name subject, AsymmetricKeyParameter intKey, AsymmetricKeyParameter caKey, X509CertificateHolder caCert) throws Exception { SubjectPublicKeyInfo intKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(intKey); if (subject == null) subject = new X500Name("CN = BETaaS Instance CA Certificate"); X509v3CertificateBuilder certBldr = new X509v3CertificateBuilder(caCert.getSubject(), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), subject, intKeyInfo); X509ExtensionUtils extUtils = new X509ExtensionUtils(new SHA1DigestCalculator()); certBldr.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)) .addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(intKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(caKey); return certBldr.build(signer); }
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.GWCertificateUtilsBc.java
License:Apache License
/** * // w ww . j a va 2 s .c o m * @param entityKey - public key of the requesting GW * @param caKey * @param caCert * @return * @throws Exception */ public static X509CertificateHolder buildEndEntityCert(X500Name subject, AsymmetricKeyParameter entityKey, AsymmetricKeyParameter caKey, X509CertificateHolder caCert, String ufn) throws Exception { SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(entityKey); if (subject == null) subject = new X500Name("CN = BETaaS Gateway Certificate"); X509v3CertificateBuilder certBldr = new X509v3CertificateBuilder(caCert.getSubject(), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + VALIDITY_PERIOD), subject, entityKeyInfo); X509ExtensionUtils extUtils = new X509ExtensionUtils(new SHA1DigestCalculator()); certBldr.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)) .addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(entityKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(false)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)) .addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, ufn))); AlgorithmIdentifier sigAlg = algFinder.find(ALG_NAME); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); ContentSigner signer = new BcECDSAContentSignerBuilder(sigAlg, digAlg).build(caKey); return certBldr.build(signer); }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
/** * This method returns SKI bytes from certificate. * * @param certificateToken//from w ww . j a v a 2 s . c o m * {@code CertificateToken} * @return ski bytes from the given certificate * @throws DSSException */ public static byte[] getSki(final CertificateToken certificateToken) throws DSSException { try { byte[] sKI = certificateToken.getCertificate() .getExtensionValue(Extension.subjectKeyIdentifier.getId()); ASN1Primitive extension = X509ExtensionUtil.fromExtensionValue(sKI); SubjectKeyIdentifier skiBC = SubjectKeyIdentifier.getInstance(extension); return skiBC.getKeyIdentifier(); } catch (Exception e) { throw new DSSException(e); } }
From source file:fi.aalto.cs.drumbeat.CACertificateCreator.java
License:Open Source License
public X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) { X509Certificate ca_cert = null; try {//w w w. ja va2 s. c o m X500Name issuerName = new X500Name("CN=" + data_store.getCa_certificate().getCommon_name() + ", O=" + data_store.getCa_certificate().getOrganization() + ", L=" + data_store.getCa_certificate().getCity() + ", ST=" + data_store.getCa_certificate().getCountry().getCountry_Name() + ", C=" + data_store.getCa_certificate().getCountry().getCountry_Code()); X500Name subjectName = issuerName; BigInteger serial = BigInteger.valueOf(new Random().nextInt()); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, CertificateCommons.NOT_BEFORE, CertificateCommons.NOT_AFTER, subjectName, publicKey); builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign); builder.addExtension(Extension.keyUsage, false, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); ca_cert = signCertificate(builder, privateKey); ca_cert.checkValidity(new Date()); ca_cert.verify(publicKey); } catch (Exception e) { e.printStackTrace(); } return ca_cert; }
From source file:fi.aalto.cs.drumbeat.ClientCertificateCreator.java
License:Open Source License
public X509Certificate createClientCert(PublicKey publicKey, X509Certificate certificateAuthorityCert, PrivateKey certificateAuthorityPrivateKey, PublicKey certificateAuthorityPublicKey) throws Exception { X500Name issuer = new X509CertificateHolder(certificateAuthorityCert.getEncoded()).getSubject(); X500Name subject = new X500Name("CN=" + data_store.getClient_certificate().getCommon_name() + ", O=" + data_store.getClient_certificate().getOrganization() + ", L=" + data_store.getClient_certificate().getCity() + ", ST=" + data_store.getClient_certificate().getCountry().getCountry_Name() + ", C=" + data_store.getClient_certificate().getCountry().getCountry_Code()); BigInteger serial = BigInteger.valueOf(new Random().nextInt()); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, CertificateCommons.NOT_BEFORE, CertificateCommons.NOT_AFTER, subject, publicKey); addURI(data_store.getCLIENT_SUBJECT_ALT_NAME_URI()); fillInto(builder);/* w w w . j a v a2 s .c o m*/ builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false)); X509Certificate cert = signCertificate(builder, certificateAuthorityPrivateKey); cert.checkValidity(new Date()); cert.verify(certificateAuthorityPublicKey); return cert; }
From source file:KerberosAPI.Certificate.java
public static X509Certificate createSelfSignedCert(KeyPair kp) { Security.addProvider(new BouncyCastleProvider()); System.out.print("Cration d'un Certificat auto-sign : "); X509Certificate x509Cert = null; try {/* w w w .ja v a2s.co m*/ String subject = "SC"; KeyPair keyPair = kp; String issuerName = "SC"; //Issuer le meme que le subject BigInteger serialNumber = BigInteger.ONE; Calendar cal = Calendar.getInstance(); Date notBefore = cal.getTime(); cal.add(Calendar.YEAR, 1); Date notAfter = cal.getTime(); JcaX509v3CertificateBuilder builder = null; X500Name subjectFormated = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, subject).build(); X500Name issuerFormated = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, issuerName).build(); builder = new JcaX509v3CertificateBuilder(issuerFormated, serialNumber, notBefore, notAfter, subjectFormated, keyPair.getPublic()); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(keyPair.getPrivate());//our own key //------------------------- Extensions ------------------------ builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(1)); SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils() .createSubjectKeyIdentifier(keyPair.getPublic()); builder.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier); KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign); builder.addExtension(Extension.keyUsage, true, keyUsage); ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, extendedKeyUsage); X509CertificateHolder holder = builder.build(contentSigner); //cration du certificat java.security.cert.Certificate certificate = java.security.cert.CertificateFactory.getInstance("X.509") .generateCertificate(new ByteArrayInputStream(holder.getEncoded())); //transformation au format X509 CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded()); x509Cert = (X509Certificate) cf.generateCertificate(bais); if (x509Cert != null) { System.out.println("OK"); return x509Cert; } //return (X509Certificate) java.security.cert.CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(holder.getEncoded())); } catch (Exception e) { System.out.println("Echec de cration du certificat auto-sign : " + e); } return null; }