List of usage examples for org.bouncycastle.asn1.x509 SubjectKeyIdentifier SubjectKeyIdentifier
protected SubjectKeyIdentifier(ASN1OctetString keyid)
From source file:com.mirth.connect.server.controllers.DefaultConfigurationController.java
License:Open Source License
/** * Checks for an existing certificate to use for secure communication between the server and * client. If no certficate exists, this will generate a new one. * //ww w . ja v a2 s .c o m */ private void generateDefaultCertificate(Provider provider, KeyStore keyStore, char[] keyPassword) throws Exception { final String certificateAlias = "mirthconnect"; if (!keyStore.containsAlias(certificateAlias)) { // Common CA and SSL cert attributes Date startDate = new Date(); // time from which certificate is valid Date expiryDate = DateUtils.addYears(startDate, 50); // time after which certificate is not valid KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", provider); keyPairGenerator.initialize(2048); KeyPair caKeyPair = keyPairGenerator.generateKeyPair(); logger.debug("generated new key pair for CA cert using provider: " + provider.getName()); // Generate CA cert X500Name caSubjectName = new X500Name("CN=Mirth Connect Certificate Authority"); SubjectPublicKeyInfo caSubjectKey = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(caKeyPair.getPublic().getEncoded())); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(caSubjectName, BigInteger.ONE, startDate, expiryDate, caSubjectName, caSubjectKey); certBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.basicConstraints, true, new BasicConstraints(0)); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider(provider) .build(caKeyPair.getPrivate()); Certificate caCert = new JcaX509CertificateConverter().setProvider(provider) .getCertificate(certBuilder.build(sigGen)); // Generate SSL cert KeyPair sslKeyPair = keyPairGenerator.generateKeyPair(); logger.debug("generated new key pair for SSL cert using provider: " + provider.getName()); X500Name sslSubjectName = new X500Name("CN=mirth-connect"); SubjectPublicKeyInfo sslSubjectKey = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(sslKeyPair.getPublic().getEncoded())); X509v3CertificateBuilder sslCertBuilder = new X509v3CertificateBuilder(caSubjectName, new BigInteger(50, new SecureRandom()), startDate, expiryDate, sslSubjectName, sslSubjectKey); sslCertBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(caCert.getEncoded())); sslCertBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(sslKeyPair.getPublic().getEncoded())); sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider(provider) .build(caKeyPair.getPrivate()); Certificate sslCert = new JcaX509CertificateConverter().setProvider(provider) .getCertificate(sslCertBuilder.build(sigGen)); logger.debug("generated new certificate with serial number: " + ((X509Certificate) sslCert).getSerialNumber()); // add the generated SSL cert to the keystore using the key password keyStore.setKeyEntry(certificateAlias, sslKeyPair.getPrivate(), keyPassword, new Certificate[] { sslCert }); } else { logger.debug("found certificate in keystore"); } }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param gen/*from w w w.j av a 2 s.c o m*/ * @param pubKey * * @throws IOException */ private static void addSubjectKeyIdentifier(X509V3CertificateGenerator gen, PublicKey pubKey) throws Exception { { ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(pubKey.getEncoded())); try { SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) is.readObject()); SubjectKeyIdentifier ski = new SubjectKeyIdentifier(spki); gen.addExtension(X509Extensions.SubjectKeyIdentifier.getId(), false, ski); } finally { IOUtils.closeQuietly(is); } } }
From source file:com.rcn.service.CertificateService.java
License:Open Source License
public String generateCert(String certName, String password, int validDays, Optional<String> caPem, String caPassword, boolean generateCaCert, Optional<String> pkc10Request) { try {/* w w w.j a v a 2 s.co m*/ Optional<Tuple<KeyPair, X509Certificate>> caTuple = caPem.map(c -> fromPem(c, caPassword)); Optional<KeyPair> ca = caTuple.map(a -> a.getX()); Optional<KeyPair> optKeyPair = Optional.ofNullable(pkc10Request.isPresent() ? null : generateKey()); PublicKey publicKey = pkc10Request.map(this::fromPkcs10).orElseGet(() -> optKeyPair.get().getPublic()); Date now = new Date(); Calendar tenYears = Calendar.getInstance(); tenYears.add(Calendar.DATE, validDays); X500Principal x500Principal = new X500Principal(certName); BigInteger serial = rndBigInt(new BigInteger("8180385048")); //max value for SN X500Principal issuer = caTuple.map(a -> a.getY().getSubjectX500Principal()) .orElseGet(() -> x500Principal); JcaX509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(issuer, serial, now, new Date(tenYears.getTimeInMillis()), x500Principal, publicKey); v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(getSubjectPublicKeyInfo(publicKey))); ca.ifPresent(caKey -> v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(getSubjectPublicKeyInfo(caKey.getPublic())))); if (generateCaCert) { addCaExtension(v3CertGen); } else { addRegularExtension(Optional.empty(), v3CertGen); } KeyPair caKey = ca.orElseGet( () -> optKeyPair.orElseThrow(() -> new SecurityException("no private key for self-sign cert"))); X509Certificate certificate = new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(v3CertGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caKey.getPrivate()))); String certPem = toPem(certificate, Optional.empty()); String keyPem = optKeyPair .map(k -> toPem(k, Optional.ofNullable(password.length() > 0 ? password : null))).orElse(""); return String.format("%s%s", certPem, keyPem); } catch (Exception e) { throw new SecurityException(e); } }
From source file:com.thoughtworks.go.security.PKCS12BagAttributeSetter.java
License:Apache License
public PKCS12BagAttributeSetter setLocalKeyId(PublicKey key) { carrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifier(key.getEncoded())); return this; }
From source file:eu.optimis.ics.Credentials.CACredentials.java
License:Open Source License
protected X509CertificateHolder genCACertificate(KeyPair CAKP) { BigInteger serial = BigInteger.valueOf(new SecureRandom().nextLong()).abs(); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(CAKP.getPublic().getEncoded()); // Same issuer and subject for the self-signed CA certificate X500Name issuer = new X500Name( "C=UK, ST=Suffolk, L=Ipswich, O=BT, OU=R&T, CN=CloudShadow, Name=Ali, emailAddress=ali.sajjad@bt.com"); X500Name subject = new X500Name( "C=UK, ST=Suffolk, L=Ipswich, O=BT, OU=R&T, CN=CloudShadow, Name=Ali, emailAddress=ali.sajjad@bt.com"); X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKeyInfo);/*from w ww . ja v a 2 s.c o m*/ GeneralNames gNames = new GeneralNames(new GeneralName(issuer)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(publicKeyInfo)); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(publicKeyInfo, gNames, serial)); v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true)); ContentSigner sigGen = null; try { sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(CAKP.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); } return v3CertBuilder.build(sigGen); }
From source file:eu.optimis.ics.Credentials.CertificateGenerator.java
License:Open Source License
public static X509CertificateHolder genServerCertificate(PKCS10CertificationRequest certRequest, String credPath) {/*from w w w.j a v a 2 s . c o m*/ X509v3CertificateBuilder v3CertBuilder = null; ContentSigner sigGen = null; try { PEMReader r = new PEMReader(new FileReader(credPath + "ca.crt")); X509Certificate rootCert = (X509Certificate) r.readObject(); r.close(); BigInteger serial = BigInteger.ONE; Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo .getInstance(certRequest.getPublicKey().getEncoded()); X500Name issuer = new X500Name(rootCert.getSubjectDN().toString()); System.out.println(issuer.toString()); @SuppressWarnings("deprecation") X500Name subject = new X500Name(certRequest.getCertificationRequestInfo().getSubject().toString()); v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKeyInfo); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(publicKeyInfo)); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); v3CertBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(loadCAPrivateKey(credPath)); } catch (IOException ioe) { ioe.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (OperatorCreationException e) { e.printStackTrace(); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (CertificateParsingException e) { e.printStackTrace(); } return v3CertBuilder.build(sigGen); }
From source file:eu.optimis.ics.Credentials.CertificateGenerator.java
License:Open Source License
public static X509CertificateHolder genClientCertificate(PKCS10CertificationRequest certRequest, String credPath) throws Exception { PEMReader r = new PEMReader(new FileReader(credPath + "ca.crt")); X509Certificate rootCert = (X509Certificate) r.readObject(); r.close();// w w w .j av a2 s . co m BigInteger serial = BigInteger.valueOf(2).abs(); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo .getInstance(certRequest.getPublicKey().getEncoded()); X500Name issuer = new X500Name(rootCert.getSubjectDN().toString()); @SuppressWarnings("deprecation") X500Name subject = new X500Name(certRequest.getCertificationRequestInfo().getSubject().toString()); X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKeyInfo); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(publicKeyInfo)); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCert)); v3CertBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); v3CertBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); v3CertBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature)); ContentSigner sigGen = null; try { sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(loadCAPrivateKey(credPath)); } catch (OperatorCreationException e) { e.printStackTrace(); } return v3CertBuilder.build(sigGen); }
From source file:net.link.util.common.KeyUtils.java
License:Open Source License
@SuppressWarnings("IOResourceOpenedButNotSafelyClosed") private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) { try {//w w w .j a v a 2s. c om ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded()); SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(bais).readObject()); return new SubjectKeyIdentifier(info); } catch (IOException e) { throw new InternalInconsistencyException("Can't read from a ByteArrayInputStream?", e); } }
From source file:net.link.util.test.pkix.PkiTestUtils.java
License:Open Source License
@SuppressWarnings("IOResourceOpenedButNotSafelyClosed") private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) throws IOException { ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded()); SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(bais).readObject()); return new SubjectKeyIdentifier(info); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DSubjectKeyIdentifier.java
License:Open Source License
private void okPressed() { byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier(); if (keyIdentifier == null) { JOptionPane.showMessageDialog(this, res.getString("DSubjectKeyIdentifier.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return;//w w w. j av a2s. c o m } SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(keyIdentifier); try { value = subjectKeyIdentifier.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }