List of usage examples for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_clientAuth
KeyPurposeId id_kp_clientAuth
To view the source code for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_clientAuth.
Click Source Link
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
public void generateCA(String prettyName) { this.prettyName = prettyName; Subject = "CN=JQM-CA,OU=ServerProducts,O=Oxymores,C=FR"; size = 4096;/* w w w .ja v a2 s . com*/ EKU = new KeyPurposeId[4]; EKU[0] = KeyPurposeId.id_kp_codeSigning; EKU[1] = KeyPurposeId.id_kp_serverAuth; EKU[2] = KeyPurposeId.id_kp_clientAuth; EKU[3] = KeyPurposeId.id_kp_emailProtection; keyUsage = KeyUsage.cRLSign | KeyUsage.keyCertSign; generateAll(); }
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
public void generateClientCert(String prettyName, X509CertificateHolder authority, PrivateKey issuerPrivateKey, String subject) {//from w w w.ja v a 2s .c o m this.prettyName = prettyName; authorityCertificate = authority; authorityKey = issuerPrivateKey; this.Subject = subject; size = 2048; EKU = new KeyPurposeId[1]; EKU[0] = KeyPurposeId.id_kp_clientAuth; keyUsage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment; generateAll(); }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
static private X509V3CertificateGenerator addSSLServerExtensions(X509V3CertificateGenerator gen) { gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); gen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature)); Vector<DERObjectIdentifier> extendedKeyUsageV = new Vector<DERObjectIdentifier>(); extendedKeyUsageV.add(KeyPurposeId.id_kp_serverAuth); extendedKeyUsageV.add(KeyPurposeId.id_kp_clientAuth); // Netscape Server Gated Crypto // extendedKeyUsageV.add(new DERObjectIdentifier("2.16.840.1.113730.4.1")); // Microsoft Server Gated Crypto // extendedKeyUsageV // .add(new DERObjectIdentifier("1.3.6.1.4.1.311.10.3.3")); gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(), new ExtendedKeyUsage(extendedKeyUsageV)); // gen.addExtension(X509Extensions.SubjectAlternativeName, false, // new GeneralNames(new GeneralName(GeneralName.rfc822Name, // "test@test.test"))); // gen.addExtension(netscapeCertType, false, new DERBitString( // new byte[] { 64 })); return gen;//from ww w . j av a 2 s . c o m }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
static private X509V3CertificateGenerator addClientExtensions(X509V3CertificateGenerator gen) throws Exception { gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); gen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyCertSign)); gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(), new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); return gen;/* w w w . jav a 2s . co m*/ }
From source file:com.rcn.service.CertificateService.java
License:Open Source License
private void addRegularExtension(Optional<GeneralNames> generalNames, JcaX509v3CertificateBuilder v3CertGen) { v3CertGen.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); Vector<KeyPurposeId> authTypes = new Vector<>(); authTypes.add(KeyPurposeId.id_kp_clientAuth); authTypes.add(KeyPurposeId.id_kp_serverAuth); v3CertGen.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(authTypes)); generalNames.ifPresent(n -> v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, n)); }
From source file:com.vmware.admiral.common.util.CertificateUtil.java
License:Open Source License
private static List<ExtensionHolder> getClientExtensions() { List<ExtensionHolder> extensions = new ArrayList<>(); extensions.add(new ExtensionHolder(Extension.basicConstraints, true, new BasicConstraints(false))); extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth))); return extensions; }
From source file:com.wandrell.util.ksgen.BouncyCastleKeyStoreFactory.java
License:Open Source License
/** * Returns a certificate builder./*ww w . j a v a 2s . co m*/ * * @param publicKey * public key for the certificate builder * @param issuer * issuer for the certificate builder * @return a certificate builder * @throws IOException * if any format error occurrs while creating the certificate */ private final X509v3CertificateBuilder getCertificateBuilder(final PublicKey publicKey, final String issuer) throws IOException { final X500Name issuerName; // Issuer name final X500Name subjectName; // Subject name final BigInteger serial; // Serial number final X509v3CertificateBuilder builder; // Certificate builder final Date start; // Certificate start date final Date end; // Certificate end date final KeyUsage usage; // Key usage final ASN1EncodableVector purposes; // Certificate purposes issuerName = new X500Name(issuer); subjectName = issuerName; serial = BigInteger.valueOf(getRandom().nextInt()); // Dates for the certificate start = getOneYearBackDate(); end = getOneHundredYearsFutureDate(); builder = new JcaX509v3CertificateBuilder(issuerName, serial, start, end, subjectName, publicKey); builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign); builder.addExtension(Extension.keyUsage, false, usage); purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); return builder; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static X509Certificate generateX509Certificate(PKCS10CertificationRequest certReq, PrivateKey caPrivateKey, X500Name issuer, int validityTimeout, boolean basicConstraints) { // set validity for the given number of minutes from now Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(notBefore);//from w w w . j a v a 2 s . c o m cal.add(Calendar.MINUTE, validityTimeout); Date notAfter = cal.getTime(); // Generate self-signed certificate X509Certificate cert = null; try { JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest( certReq); PublicKey publicKey = jcaPKCS10CertificationRequest.getPublicKey(); X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(System.currentTimeMillis()), notBefore, notAfter, certReq.getSubject(), publicKey) .addExtension(Extension.basicConstraints, false, new BasicConstraints(basicConstraints)) .addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment)) .addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth })); // see if we have the dns/rfc822/ip address extensions specified in the csr ArrayList<GeneralName> altNames = new ArrayList<>(); Attribute[] certAttributes = jcaPKCS10CertificationRequest .getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest); if (certAttributes != null && certAttributes.length > 0) { for (Attribute attribute : certAttributes) { Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName); if (gns == null) { continue; } GeneralName[] names = gns.getNames(); for (int i = 0; i < names.length; i++) { switch (names[i].getTagNo()) { case GeneralName.dNSName: case GeneralName.iPAddress: case GeneralName.rfc822Name: altNames.add(names[i]); break; } } } if (!altNames.isEmpty()) { caBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(altNames.toArray(new GeneralName[altNames.size()]))); } } String signatureAlgorithm = getSignatureAlgorithm(caPrivateKey.getAlgorithm(), SHA256); ContentSigner caSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC_PROVIDER) .build(caPrivateKey); JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC_PROVIDER); cert = converter.getCertificate(caBuilder.build(caSigner)); } catch (CertificateException ex) { LOG.error("generateX509Certificate: Caught CertificateException when generating certificate: " + ex.getMessage()); throw new CryptoException(ex); } catch (OperatorCreationException ex) { LOG.error( "generateX509Certificate: Caught OperatorCreationException when creating JcaContentSignerBuilder: " + ex.getMessage()); throw new CryptoException(ex); } catch (InvalidKeyException ex) { LOG.error("generateX509Certificate: Caught InvalidKeySpecException, invalid key spec is being used: " + ex.getMessage()); throw new CryptoException(ex); } catch (NoSuchAlgorithmException ex) { LOG.error( "generateX509Certificate: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider: " + ex.getMessage()); throw new CryptoException(ex); } catch (Exception ex) { LOG.error("generateX509Certificate: unable to generate X509 Certificate: " + ex.getMessage()); throw new CryptoException("Unable to generate X509 Certificate"); } return cert; }
From source file:de.mendelson.util.clientserver.ClientServer.java
private KeyGenerationResult generateSSLKey() throws Exception { KeyGenerator generator = new KeyGenerator(); KeyGenerationValues parameter = new KeyGenerationValues(); //generating a longer key takes some time. In the current test (09/2012): 1024bit 140ms, 2048bit 1250ms parameter.setKeySize(1024);// ww w .j a v a2 s . co m parameter.setKeyType(KeyGenerationValues.KEYTYPE_RSA); //one shutdown every 10 years should be ok parameter.setKeyValidInDays(365 * 10); parameter.setSignatureAlgorithm(KeyGenerationValues.SIGNATUREALGORITHM_SHA1_WITH_RSA); parameter.setOrganisationName(this.productName); parameter.setOrganisationUnit("Server"); try { String hostName = InetAddress.getLocalHost().getHostName(); parameter.setCommonName(hostName); } catch (Throwable e) { //ignore, no entry found in hosts file } parameter.setEmailAddress("nomail@nomail.to"); parameter.setLocalityName(Locale.getDefault().getDisplayLanguage()); //add SSL extended key usage KeyPurposeId[] extKeyUsage = new KeyPurposeId[2]; extKeyUsage[0] = KeyPurposeId.id_kp_serverAuth; extKeyUsage[1] = KeyPurposeId.id_kp_clientAuth; parameter.setExtendedKeyExtension(new ExtendedKeyUsage(extKeyUsage)); return (generator.generateKeyPair(parameter)); }
From source file:de.mendelson.util.security.cert.gui.keygeneration.JDialogGenerateKey.java
/** * Stores the actual gui values in an object that could be accessed from * outside/*from www . j a v a2 s .co m*/ */ private void captureGUIValues() { this.getValues().setCommonName(this.jTextFieldCommonName.getText()); this.getValues().setCountryCode(this.jTextFieldCountryCode.getText()); this.getValues().setEmailAddress(this.jTextFieldMailAddress.getText()); this.getValues().setKeySize(Integer.valueOf(this.jComboBoxSize.getSelectedItem().toString())); this.getValues().setKeyType(this.jComboBoxKeyType.getSelectedItem().toString()); this.getValues().setKeyValidInDays(Integer.valueOf(this.jTextFieldValidity.getText())); this.getValues().setLocalityName(this.jTextFieldLocality.getText()); this.getValues().setOrganisationName(this.jTextFieldOrganisationName.getText()); this.getValues().setOrganisationUnit(this.jTextFieldOrganisationUnit.getText()); this.getValues() .setSignatureAlgorithm(this.signature2OID(this.jComboBoxSignature.getSelectedItem().toString())); this.getValues().setStateName(this.jTextFieldState.getText()); if (this.jCheckBoxPurposeSignEncrypt.isSelected() || this.jCheckBoxPurposeSSL.isSelected()) { this.getValues().setKeyExtension(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); } if (this.jCheckBoxPurposeSSL.isSelected()) { Vector<KeyPurposeId> extKeyUsage = new Vector<KeyPurposeId>(); extKeyUsage.add(KeyPurposeId.id_kp_serverAuth); extKeyUsage.add(KeyPurposeId.id_kp_clientAuth); this.getValues().setExtendedKeyExtension(new ExtendedKeyUsage(extKeyUsage)); } }