Example usage for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_clientAuth

List of usage examples for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_clientAuth

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. KeyPurposeId
  6. id_kp_clientAuth

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_clientAuth.

Prototype

KeyPurposeId id_kp_clientAuth

To view the source code for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_clientAuth.

Click Source Link

Document

{ id-kp 2 }

Usage

From source file:com.enioka.jqm.pki.CertificateRequest.java

License:Open Source License

public void generateCA(String prettyName) {
    this.prettyName = prettyName;

    Subject = "CN=JQM-CA,OU=ServerProducts,O=Oxymores,C=FR";
    size = 4096;/* w  w w  .ja v a2  s  .  com*/

    EKU = new KeyPurposeId[4];
    EKU[0] = KeyPurposeId.id_kp_codeSigning;
    EKU[1] = KeyPurposeId.id_kp_serverAuth;
    EKU[2] = KeyPurposeId.id_kp_clientAuth;
    EKU[3] = KeyPurposeId.id_kp_emailProtection;

    keyUsage = KeyUsage.cRLSign | KeyUsage.keyCertSign;

    generateAll();
}

From source file:com.enioka.jqm.pki.CertificateRequest.java

License:Open Source License

public void generateClientCert(String prettyName, X509CertificateHolder authority, PrivateKey issuerPrivateKey,
        String subject) {//from  w w  w.ja v a  2s  .c  o  m
    this.prettyName = prettyName;

    authorityCertificate = authority;
    authorityKey = issuerPrivateKey;

    this.Subject = subject;

    size = 2048;

    EKU = new KeyPurposeId[1];
    EKU[0] = KeyPurposeId.id_kp_clientAuth;

    keyUsage = KeyUsage.digitalSignature | KeyUsage.keyEncipherment;

    generateAll();
}

From source file:com.peterphi.std.crypto.keygen.CaHelper.java

License:Open Source License

static private X509V3CertificateGenerator addSSLServerExtensions(X509V3CertificateGenerator gen) {
    gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
    gen.addExtension(X509Extensions.KeyUsage, false,
            new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature));
    Vector<DERObjectIdentifier> extendedKeyUsageV = new Vector<DERObjectIdentifier>();
    extendedKeyUsageV.add(KeyPurposeId.id_kp_serverAuth);
    extendedKeyUsageV.add(KeyPurposeId.id_kp_clientAuth);
    // Netscape Server Gated Crypto
    // extendedKeyUsageV.add(new DERObjectIdentifier("2.16.840.1.113730.4.1"));
    // Microsoft Server Gated Crypto
    // extendedKeyUsageV
    // .add(new DERObjectIdentifier("1.3.6.1.4.1.311.10.3.3"));
    gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(),
            new ExtendedKeyUsage(extendedKeyUsageV));
    // gen.addExtension(X509Extensions.SubjectAlternativeName, false,
    // new GeneralNames(new GeneralName(GeneralName.rfc822Name,
    // "test@test.test")));
    // gen.addExtension(netscapeCertType, false, new DERBitString(
    // new byte[] { 64 }));

    return gen;//from ww w  .  j av  a  2 s . c o  m
}

From source file:com.peterphi.std.crypto.keygen.CaHelper.java

License:Open Source License

static private X509V3CertificateGenerator addClientExtensions(X509V3CertificateGenerator gen) throws Exception {
    gen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
    gen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
            | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyCertSign));
    gen.addExtension(X509Extensions.ExtendedKeyUsage, getExtendedKeyUsageCriticality(),
            new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));

    return gen;/* w  w  w  . jav a 2s  .  co m*/
}

From source file:com.rcn.service.CertificateService.java

License:Open Source License

private void addRegularExtension(Optional<GeneralNames> generalNames, JcaX509v3CertificateBuilder v3CertGen) {
    v3CertGen.addExtension(X509Extension.keyUsage, false,
            new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));

    Vector<KeyPurposeId> authTypes = new Vector<>();
    authTypes.add(KeyPurposeId.id_kp_clientAuth);
    authTypes.add(KeyPurposeId.id_kp_serverAuth);

    v3CertGen.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(authTypes));

    generalNames.ifPresent(n -> v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, n));
}

From source file:com.vmware.admiral.common.util.CertificateUtil.java

License:Open Source License

private static List<ExtensionHolder> getClientExtensions() {
    List<ExtensionHolder> extensions = new ArrayList<>();

    extensions.add(new ExtensionHolder(Extension.basicConstraints, true, new BasicConstraints(false)));
    extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)));
    extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)));

    return extensions;
}

From source file:com.wandrell.util.ksgen.BouncyCastleKeyStoreFactory.java

License:Open Source License

/**
 * Returns a certificate builder./*ww  w . j  a  v a  2s . co m*/
 *
 * @param publicKey
 *            public key for the certificate builder
 * @param issuer
 *            issuer for the certificate builder
 * @return a certificate builder
 * @throws IOException
 *             if any format error occurrs while creating the certificate
 */
private final X509v3CertificateBuilder getCertificateBuilder(final PublicKey publicKey, final String issuer)
        throws IOException {
    final X500Name issuerName; // Issuer name
    final X500Name subjectName; // Subject name
    final BigInteger serial; // Serial number
    final X509v3CertificateBuilder builder; // Certificate builder
    final Date start; // Certificate start date
    final Date end; // Certificate end date
    final KeyUsage usage; // Key usage
    final ASN1EncodableVector purposes; // Certificate purposes

    issuerName = new X500Name(issuer);
    subjectName = issuerName;
    serial = BigInteger.valueOf(getRandom().nextInt());

    // Dates for the certificate
    start = getOneYearBackDate();
    end = getOneHundredYearsFutureDate();

    builder = new JcaX509v3CertificateBuilder(issuerName, serial, start, end, subjectName, publicKey);

    builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
    builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));

    usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
            | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
    builder.addExtension(Extension.keyUsage, false, usage);

    purposes = new ASN1EncodableVector();
    purposes.add(KeyPurposeId.id_kp_serverAuth);
    purposes.add(KeyPurposeId.id_kp_clientAuth);
    purposes.add(KeyPurposeId.anyExtendedKeyUsage);
    builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));

    return builder;

}

From source file:com.yahoo.athenz.auth.util.Crypto.java

License:Apache License

public static X509Certificate generateX509Certificate(PKCS10CertificationRequest certReq,
        PrivateKey caPrivateKey, X500Name issuer, int validityTimeout, boolean basicConstraints) {

    // set validity for the given number of minutes from now

    Date notBefore = new Date();
    Calendar cal = Calendar.getInstance();
    cal.setTime(notBefore);//from w w  w  .  j  a  v a 2  s .  c o  m
    cal.add(Calendar.MINUTE, validityTimeout);
    Date notAfter = cal.getTime();

    // Generate self-signed certificate

    X509Certificate cert = null;
    try {
        JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest(
                certReq);
        PublicKey publicKey = jcaPKCS10CertificationRequest.getPublicKey();

        X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(issuer,
                BigInteger.valueOf(System.currentTimeMillis()), notBefore, notAfter, certReq.getSubject(),
                publicKey)
                        .addExtension(Extension.basicConstraints, false, new BasicConstraints(basicConstraints))
                        .addExtension(Extension.keyUsage, true,
                                new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment))
                        .addExtension(Extension.extendedKeyUsage, true,
                                new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth,
                                        KeyPurposeId.id_kp_serverAuth }));

        // see if we have the dns/rfc822/ip address extensions specified in the csr

        ArrayList<GeneralName> altNames = new ArrayList<>();
        Attribute[] certAttributes = jcaPKCS10CertificationRequest
                .getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        if (certAttributes != null && certAttributes.length > 0) {
            for (Attribute attribute : certAttributes) {
                Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
                GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
                if (gns == null) {
                    continue;
                }
                GeneralName[] names = gns.getNames();
                for (int i = 0; i < names.length; i++) {
                    switch (names[i].getTagNo()) {
                    case GeneralName.dNSName:
                    case GeneralName.iPAddress:
                    case GeneralName.rfc822Name:
                        altNames.add(names[i]);
                        break;
                    }
                }
            }
            if (!altNames.isEmpty()) {
                caBuilder.addExtension(Extension.subjectAlternativeName, false,
                        new GeneralNames(altNames.toArray(new GeneralName[altNames.size()])));
            }
        }

        String signatureAlgorithm = getSignatureAlgorithm(caPrivateKey.getAlgorithm(), SHA256);
        ContentSigner caSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC_PROVIDER)
                .build(caPrivateKey);

        JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC_PROVIDER);
        cert = converter.getCertificate(caBuilder.build(caSigner));

    } catch (CertificateException ex) {
        LOG.error("generateX509Certificate: Caught CertificateException when generating certificate: "
                + ex.getMessage());
        throw new CryptoException(ex);
    } catch (OperatorCreationException ex) {
        LOG.error(
                "generateX509Certificate: Caught OperatorCreationException when creating JcaContentSignerBuilder: "
                        + ex.getMessage());
        throw new CryptoException(ex);
    } catch (InvalidKeyException ex) {
        LOG.error("generateX509Certificate: Caught InvalidKeySpecException, invalid key spec is being used: "
                + ex.getMessage());
        throw new CryptoException(ex);
    } catch (NoSuchAlgorithmException ex) {
        LOG.error(
                "generateX509Certificate: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider: "
                        + ex.getMessage());
        throw new CryptoException(ex);
    } catch (Exception ex) {
        LOG.error("generateX509Certificate: unable to generate X509 Certificate: " + ex.getMessage());
        throw new CryptoException("Unable to generate X509 Certificate");
    }

    return cert;
}

From source file:de.mendelson.util.clientserver.ClientServer.java

private KeyGenerationResult generateSSLKey() throws Exception {
    KeyGenerator generator = new KeyGenerator();
    KeyGenerationValues parameter = new KeyGenerationValues();
    //generating a longer key takes some time. In the current test (09/2012): 1024bit 140ms, 2048bit 1250ms
    parameter.setKeySize(1024);//  ww  w .j a v a2  s . co m
    parameter.setKeyType(KeyGenerationValues.KEYTYPE_RSA);
    //one shutdown every 10 years should be ok
    parameter.setKeyValidInDays(365 * 10);
    parameter.setSignatureAlgorithm(KeyGenerationValues.SIGNATUREALGORITHM_SHA1_WITH_RSA);
    parameter.setOrganisationName(this.productName);
    parameter.setOrganisationUnit("Server");
    try {
        String hostName = InetAddress.getLocalHost().getHostName();
        parameter.setCommonName(hostName);
    } catch (Throwable e) {
        //ignore, no entry found in hosts file
    }
    parameter.setEmailAddress("nomail@nomail.to");
    parameter.setLocalityName(Locale.getDefault().getDisplayLanguage());
    //add SSL extended key usage
    KeyPurposeId[] extKeyUsage = new KeyPurposeId[2];
    extKeyUsage[0] = KeyPurposeId.id_kp_serverAuth;
    extKeyUsage[1] = KeyPurposeId.id_kp_clientAuth;
    parameter.setExtendedKeyExtension(new ExtendedKeyUsage(extKeyUsage));
    return (generator.generateKeyPair(parameter));
}

From source file:de.mendelson.util.security.cert.gui.keygeneration.JDialogGenerateKey.java

/**
 * Stores the actual gui values in an object that could be accessed from
 * outside/*from  www  . j a  v  a2  s  .co m*/
 */
private void captureGUIValues() {
    this.getValues().setCommonName(this.jTextFieldCommonName.getText());
    this.getValues().setCountryCode(this.jTextFieldCountryCode.getText());
    this.getValues().setEmailAddress(this.jTextFieldMailAddress.getText());
    this.getValues().setKeySize(Integer.valueOf(this.jComboBoxSize.getSelectedItem().toString()));
    this.getValues().setKeyType(this.jComboBoxKeyType.getSelectedItem().toString());
    this.getValues().setKeyValidInDays(Integer.valueOf(this.jTextFieldValidity.getText()));
    this.getValues().setLocalityName(this.jTextFieldLocality.getText());
    this.getValues().setOrganisationName(this.jTextFieldOrganisationName.getText());
    this.getValues().setOrganisationUnit(this.jTextFieldOrganisationUnit.getText());
    this.getValues()
            .setSignatureAlgorithm(this.signature2OID(this.jComboBoxSignature.getSelectedItem().toString()));
    this.getValues().setStateName(this.jTextFieldState.getText());
    if (this.jCheckBoxPurposeSignEncrypt.isSelected() || this.jCheckBoxPurposeSSL.isSelected()) {
        this.getValues().setKeyExtension(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    }
    if (this.jCheckBoxPurposeSSL.isSelected()) {
        Vector<KeyPurposeId> extKeyUsage = new Vector<KeyPurposeId>();
        extKeyUsage.add(KeyPurposeId.id_kp_serverAuth);
        extKeyUsage.add(KeyPurposeId.id_kp_clientAuth);
        this.getValues().setExtendedKeyExtension(new ExtendedKeyUsage(extKeyUsage));
    }
}