List of usage examples for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_emailProtection
KeyPurposeId id_kp_emailProtection
To view the source code for org.bouncycastle.asn1.x509 KeyPurposeId id_kp_emailProtection.
Click Source Link
From source file:com.axelor.apps.account.ebics.certificate.X509Generator.java
License:Open Source License
/** * Returns an <code>X509Certificate</code> from a given * <code>KeyPair</code> and limit dates validations * @param keypair the given key pair// ww w . j a v a 2 s. c om * @param issuer the certificate issuer * @param notBefore the begin validity date * @param notAfter the end validity date * @param keyusage the certificate key usage * @return the X509 certificate * @throws GeneralSecurityException * @throws IOException */ public X509Certificate generate(KeyPair keypair, String issuer, Date notBefore, Date notAfter, int keyusage) throws GeneralSecurityException, IOException { X509V3CertificateGenerator generator; BigInteger serial; X509Certificate certificate; ASN1EncodableVector vector; serial = BigInteger.valueOf(generateSerial()); generator = new X509V3CertificateGenerator(); generator.setSerialNumber(serial); generator.setIssuerDN(new X509Principal(issuer)); generator.setNotBefore(notBefore); generator.setNotAfter(notAfter); generator.setSubjectDN(new X509Principal(issuer)); generator.setPublicKey(keypair.getPublic()); generator.setSignatureAlgorithm(X509Constants.SIGNATURE_ALGORITHM); //generator.addExtension(X509Extensions.BasicConstraints, // false, // new BasicConstraints(true)); /* generator.addExtension(X509Extensions.SubjectKeyIdentifier, false, getSubjectKeyIdentifier(keypair.getPublic())); generator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, getAuthorityKeyIdentifier(keypair. getPublic(), issuer, serial));*/ vector = new ASN1EncodableVector(); vector.add(KeyPurposeId.id_kp_emailProtection); //generator.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new DERSequence(vector))); /* switch (keyusage) { case X509Constants.SIGNATURE_KEY_USAGE: generator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.nonRepudiation)); break; case X509Constants.AUTHENTICATION_KEY_USAGE: generator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.digitalSignature)); break; case X509Constants.ENCRYPTION_KEY_USAGE: generator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.keyAgreement)); break; default: generator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature)); break; }*/ certificate = generator.generate(keypair.getPrivate(), "BC", new SecureRandom()); certificate.checkValidity(new Date()); certificate.verify(keypair.getPublic()); return certificate; }
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
public void generateCA(String prettyName) { this.prettyName = prettyName; Subject = "CN=JQM-CA,OU=ServerProducts,O=Oxymores,C=FR"; size = 4096;//from w w w .ja v a 2 s. c o m EKU = new KeyPurposeId[4]; EKU[0] = KeyPurposeId.id_kp_codeSigning; EKU[1] = KeyPurposeId.id_kp_serverAuth; EKU[2] = KeyPurposeId.id_kp_clientAuth; EKU[3] = KeyPurposeId.id_kp_emailProtection; keyUsage = KeyUsage.cRLSign | KeyUsage.keyCertSign; generateAll(); }
From source file:org.cesecore.certificates.certificateprofile.CertificateProfile.java
License:Open Source License
/** * @param type//from www.j a v a2s . co m * one of CertificateProfileConstants.CERTPROFILE_FIXED_XX, for example CertificateConstants.CERTPROFILE_FIXED_ROOTCA */ private void setDefaultValues(int type) { if (type == CertificateProfileConstants.CERTPROFILE_FIXED_ROOTCA) { setType(CertificateConstants.CERTTYPE_ROOTCA); setAllowValidityOverride(true); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.DIGITALSIGNATURE, true); setKeyUsage(CertificateConstants.KEYCERTSIGN, true); setKeyUsage(CertificateConstants.CRLSIGN, true); setKeyUsageCritical(true); setValidity(25 * 365 + 7); // Default validity for this profile is 25 years including 6 or 7 leap days } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_SUBCA) { setType(CertificateConstants.CERTTYPE_SUBCA); setAllowValidityOverride(true); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.DIGITALSIGNATURE, true); setKeyUsage(CertificateConstants.KEYCERTSIGN, true); setKeyUsage(CertificateConstants.CRLSIGN, true); setKeyUsageCritical(true); setValidity(25 * 365 + 7); // Default validity for this profile is 25 years including 6 or 7 leap days } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER) { setType(CertificateConstants.CERTTYPE_ENDENTITY); // Standard key usages for end users are: digitalSignature | nonRepudiation, and/or (keyEncipherment or keyAgreement) // Default key usage is digitalSignature | nonRepudiation | keyEncipherment // Create an array for KeyUsage according to X509Certificate.getKeyUsage() setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.DIGITALSIGNATURE, true); setKeyUsage(CertificateConstants.NONREPUDIATION, true); setKeyUsage(CertificateConstants.KEYENCIPHERMENT, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList<String> eku = new ArrayList<String>(); eku.add(KeyPurposeId.id_kp_clientAuth.getId()); eku.add(KeyPurposeId.id_kp_emailProtection.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_OCSPSIGNER) { setType(CertificateConstants.CERTTYPE_ENDENTITY); // Default key usage for an OCSP signer is digitalSignature // Create an array for KeyUsage acoording to X509Certificate.getKeyUsage() setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.DIGITALSIGNATURE, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList<String> eku = new ArrayList<String>(); eku.add(KeyPurposeId.id_kp_OCSPSigning.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); setUseOcspNoCheck(true); } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_SERVER) { setType(CertificateConstants.CERTTYPE_ENDENTITY); // Standard key usages for server are: digitalSignature | (keyEncipherment or keyAgreement) // Default key usage is digitalSignature | keyEncipherment // Create an array for KeyUsage acoording to X509Certificate.getKeyUsage() setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.DIGITALSIGNATURE, true); setKeyUsage(CertificateConstants.KEYENCIPHERMENT, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList<String> eku = new ArrayList<String>(); eku.add(KeyPurposeId.id_kp_serverAuth.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_HARDTOKENAUTH) { setType(CertificateConstants.CERTTYPE_ENDENTITY); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.DIGITALSIGNATURE, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList<String> eku = new ArrayList<String>(); eku.add(KeyPurposeId.id_kp_clientAuth.getId()); eku.add(KeyPurposeId.id_kp_smartcardlogon.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_HARDTOKENAUTHENC) { setType(CertificateConstants.CERTTYPE_ENDENTITY); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.KEYENCIPHERMENT, true); setKeyUsage(CertificateConstants.DIGITALSIGNATURE, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList<String> eku = new ArrayList<String>(); eku.add(KeyPurposeId.id_kp_clientAuth.getId()); eku.add(KeyPurposeId.id_kp_emailProtection.getId()); eku.add(KeyPurposeId.id_kp_smartcardlogon.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_HARDTOKENENC) { setType(CertificateConstants.CERTTYPE_ENDENTITY); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.KEYENCIPHERMENT, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList<String> eku = new ArrayList<String>(); eku.add(KeyPurposeId.id_kp_emailProtection.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); } else if (type == CertificateProfileConstants.CERTPROFILE_FIXED_HARDTOKENSIGN) { setType(CertificateConstants.CERTTYPE_ENDENTITY); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(CertificateConstants.NONREPUDIATION, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList<String> eku = new ArrayList<String>(); eku.add(KeyPurposeId.id_kp_emailProtection.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); } }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Check the extensions in the certification request * * @throws OperatorCreationException/*from w w w. j ava2 s .c o m*/ * @throws PKICMPMessageException * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertificationWithExtensions() throws OperatorCreationException, PKICMPMessageException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); List<Extension> extensionList = new ArrayList<Extension>(); // KeyUsage extensionList.add(new Extension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation).getEncoded())); // Extended keyUsage List<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_clientAuth)); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_emailProtection)); extensionList.add(new Extension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])).getEncoded())); // Subject alternative names List<GeneralName> generalNames = new ArrayList<GeneralName>(); generalNames.add(new GeneralName(GeneralName.dNSName, "www1.cryptable.org")); generalNames.add(new GeneralName(GeneralName.dNSName, "www2.cryptable.org")); GeneralNames subjectAlternativeName = new GeneralNames( generalNames.toArray(new GeneralName[generalNames.size()])); extensionList.add( new Extension(X509Extension.subjectAlternativeName, false, subjectAlternativeName.getEncoded())); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); pkiMessages.setExtensions(extensionList.toArray(new Extension[extensionList.size()])); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // KeyUsage KeyUsage verifyKeyUsage = KeyUsage.getInstance(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions() .getExtensionParsedValue(Extension.keyUsage)); Assert.assertEquals(KeyUsage.digitalSignature | KeyUsage.nonRepudiation, verifyKeyUsage.getBytes()[0] & 0xFF); // Extended KeyUsage ExtendedKeyUsage verifyExtendedKeyUsage = ExtendedKeyUsage .fromExtensions(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)); // Subject Alternative Name GeneralNames verifyGeneralNames = GeneralNames.fromExtensions( certReqMsgs[0].getCertReq().getCertTemplate().getExtensions(), Extension.subjectAlternativeName); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[0])); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[1])); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException/*w ww . j a v a 2 s . co m*/ * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testKeyUpdateWithLocalKeyWithExtensions() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); KeyPair keyPair = new KeyPair(pki.getTestUser2Cert().getPublicKey(), pki.getTestUser2CertPrivateKey()); List<Extension> extensionList = new ArrayList<Extension>(); // KeyUsage extensionList.add(new Extension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation).getEncoded())); // Extended keyUsage List<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_clientAuth)); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_emailProtection)); extensionList.add(new Extension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])).getEncoded())); pkiMessages.setExtensions(extensionList.toArray(new Extension[extensionList.size()])); byte[] result = pkiMessages.createKeyUpdateMessageWithLocalKey(pki.getRACert(), keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // Extensions check // KeyUsage KeyUsage verifyKeyUsage = KeyUsage.getInstance(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions() .getExtensionParsedValue(Extension.keyUsage)); Assert.assertEquals(KeyUsage.digitalSignature | KeyUsage.nonRepudiation, verifyKeyUsage.getBytes()[0] & 0xFF); // Extended KeyUsage ExtendedKeyUsage verifyExtendedKeyUsage = ExtendedKeyUsage .fromExtensions(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)); }
From source file:org.cryptacular.util.CertUtilTest.java
License:Open Source License
@DataProvider(name = "extended-usage") public Object[][] getExtendedUsage() throws Exception { return new Object[][] { new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"), new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_emailProtection, KeyPurposeId.id_kp_smartcardlogon, }, }, new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"), new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth, }, }, }; }
From source file:org.cryptacular.x509.ExtensionReaderTest.java
License:Open Source License
@DataProvider(name = "extended-key-usage") public Object[][] getExtendedKeyUsage() { return new Object[][] { new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"), new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_emailProtection, KeyPurposeId.id_kp_smartcardlogon, }, }, new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"), new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth, }, }, }; }
From source file:org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile.java
License:Open Source License
/** Creates a certificate with the characteristics of an end user. * General options are set in the superclass's default contructor that is called automatically. * You can override the general options by defining them again with different parameters here. *//*from www . j a v a2 s. c om*/ public EndUserCertificateProfile() { setType(TYPE_ENDENTITY); // Standard key usages for end users are: digitalSignature | nonRepudiation, and/or (keyEncipherment or keyAgreement) // Default key usage is digitalSignature | nonRepudiation | keyEncipherment // Create an array for KeyUsage according to X509Certificate.getKeyUsage() setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(DIGITALSIGNATURE, true); setKeyUsage(NONREPUDIATION, true); setKeyUsage(KEYENCIPHERMENT, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList eku = new ArrayList(); eku.add(KeyPurposeId.id_kp_clientAuth.getId()); eku.add(KeyPurposeId.id_kp_emailProtection.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); }
From source file:org.ejbca.core.model.ca.certificateprofiles.HardTokenAuthEncCertificateProfile.java
License:Open Source License
/** Creates a certificate with the characteristics of an end user. * General options are set in the superclass's default contructor that is called automatically. * You can override the general options by defining them again with different parameters here. *///w w w .j a v a 2s . c om public HardTokenAuthEncCertificateProfile() { setType(TYPE_ENDENTITY); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(KEYENCIPHERMENT, true); setKeyUsage(DIGITALSIGNATURE, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList eku = new ArrayList(); eku.add(KeyPurposeId.id_kp_clientAuth.getId()); eku.add(KeyPurposeId.id_kp_emailProtection.getId()); eku.add(KeyPurposeId.id_kp_smartcardlogon.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); }
From source file:org.ejbca.core.model.ca.certificateprofiles.HardTokenEncCertificateProfile.java
License:Open Source License
/** Creates a certificate with the characteristics of an end user. * General options are set in the superclass's default contructor that is called automatically. * You can override the general options by defining them again with different parameters here. *//*from w ww . ja v a 2 s.c o m*/ public HardTokenEncCertificateProfile() { setType(TYPE_ENDENTITY); setUseKeyUsage(true); setKeyUsage(new boolean[9]); setKeyUsage(KEYENCIPHERMENT, true); setKeyUsageCritical(true); setUseExtendedKeyUsage(true); ArrayList eku = new ArrayList(); eku.add(KeyPurposeId.id_kp_emailProtection.getId()); setExtendedKeyUsage(eku); setExtendedKeyUsageCritical(false); }