List of usage examples for org.bouncycastle.cert.jcajce JcaX500NameUtil getSubject
public static X500Name getSubject(X509Certificate certificate)
From source file:ca.trustpoint.m2m.M2mTrustAnchor.java
License:Apache License
/** * Creates a new instance./*from w w w. ja v a 2s . co m*/ * * @param x509Certificate X.509 certificate to use as trust anchor. * @throws IllegalArgumentException if x509Certificate is null. */ public M2mTrustAnchor(X509Certificate x509Certificate) throws IllegalArgumentException { if (x509Certificate == null) { throw new IllegalArgumentException("x509Certificate cannot be null."); } X500Name x500Name = JcaX500NameUtil.getSubject(x509Certificate); EntityName caName = new EntityName(); int attributeCount = 0; for (RDN rdn : x500Name.getRDNs()) { AttributeTypeAndValue attr = rdn.getFirst(); EntityNameAttributeId attributeId; if (BCStyle.C.equals(attr.getType())) { attributeId = EntityNameAttributeId.Country; } else if (BCStyle.O.equals(attr.getType())) { attributeId = EntityNameAttributeId.Organization; } else if (BCStyle.OU.equals(attr.getType())) { attributeId = EntityNameAttributeId.OrganizationalUnit; } else if (BCStyle.DN_QUALIFIER.equals(attr.getType())) { attributeId = EntityNameAttributeId.DistinguishedNameQualifier; } else if (BCStyle.ST.equals(attr.getType())) { attributeId = EntityNameAttributeId.StateOrProvince; } else if (BCStyle.L.equals(attr.getType())) { attributeId = EntityNameAttributeId.Locality; } else if (BCStyle.CN.equals(attr.getType())) { attributeId = EntityNameAttributeId.CommonName; } else if (BCStyle.SN.equals(attr.getType())) { attributeId = EntityNameAttributeId.SerialNumber; } else if (BCStyle.DC.equals(attr.getType())) { attributeId = EntityNameAttributeId.DomainComponent; } else { // Unsupported attribute. continue; } caName.addAttribute(new EntityNameAttribute(attributeId, IETFUtils.valueToString(attr.getValue()))); attributeCount++; if (attributeCount == EntityName.MAXIMUM_ATTRIBUTES) { // We have reached the maximum number of attributes for an EntityName, so stop here. break; } } this.caName = caName; this.publicKey = x509Certificate.getPublicKey(); certificate = null; }
From source file:com.thoughtworks.go.security.X509CertificateGenerator.java
License:Apache License
private X509Certificate createIntermediateCertificate(PrivateKey caPrivKey, X509Certificate caCert, Date startDate, KeyPair keyPair) throws Exception { X500Name issuerDn = JcaX500NameUtil.getSubject(caCert); X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE); subjectBuilder.addRDN(BCStyle.OU, INTERMEDIATE_CERT_OU); subjectBuilder.addRDN(BCStyle.EmailAddress, CERT_EMAIL); X500Name subjectDn = subjectBuilder.build(); X509CertificateGenerator.V3X509CertificateGenerator v3CertGen = new V3X509CertificateGenerator(startDate, issuerDn, subjectDn, keyPair.getPublic(), serialNumber()); // extensions v3CertGen.addSubjectKeyIdExtension(keyPair.getPublic()); v3CertGen.addAuthorityKeyIdExtension(caCert); v3CertGen.addBasicConstraintsExtension(); X509Certificate cert = v3CertGen.generate(caPrivKey); Date now = new Date(); cert.checkValidity(now);//from w w w . j a v a 2 s . c o m cert.verify(caCert.getPublicKey()); PKCS12BagAttributeSetter.usingBagAttributeCarrier(cert).setFriendlyName(INTERMEDIATE_CERT_OU); PKCS12BagAttributeSetter.usingBagAttributeCarrier(keyPair.getPrivate()).setFriendlyName(FRIENDLY_NAME) .setLocalKeyId(keyPair.getPublic()); return cert; }
From source file:net.solarnetwork.node.setup.test.DefaultSetupServiceTest.java
License:Open Source License
@Test public void handleRenewCertificateInstruction() throws Exception { SetupIdentityInfo info = new SetupIdentityInfo(1L, TEST_CONF_VALUE, "localhost", 80, false, TEST_PW_VALUE); expect(setupIdentityDao.getSetupIdentityInfo()).andReturn(info).atLeastOnce(); replayAll();/*from w ww .ja v a2 s .c o m*/ keystoreService.saveCACertificate(CA_CERT); keystoreService.generateNodeSelfSignedCertificate(TEST_DN); String csr = keystoreService.generateNodePKCS10CertificateRequestString(); X509Certificate originalCert; PemReader pemReader = new PemReader(new StringReader(csr)); try { PemObject pem = pemReader.readPemObject(); PKCS10CertificationRequest req = new PKCS10CertificationRequest(pem.getContent()); originalCert = PKITestUtils.sign(req, CA_CERT, CA_KEY_PAIR.getPrivate()); String signedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { originalCert }); keystoreService.saveNodeSignedCertificate(signedPem); log.debug("Saved signed node certificate {}:\n{}", originalCert.getSerialNumber(), signedPem); assertThat("Generated CSR", csr, notNullValue()); } finally { pemReader.close(); } // now let's renew! KeyStore keyStore = loadKeyStore(); PrivateKey nodeKey = (PrivateKey) keyStore.getKey("node", TEST_PW_VALUE.toCharArray()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA"); ContentSigner signer = signerBuilder.build(nodeKey); PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder( JcaX500NameUtil.getSubject(originalCert), SubjectPublicKeyInfo.getInstance(originalCert.getPublicKey().getEncoded())); X509Certificate renewedCert = PKITestUtils.sign(builder.build(signer), CA_CERT, CA_KEY_PAIR.getPrivate()); String renewedSignedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { renewedCert }); BasicInstruction instr = new BasicInstruction(DefaultSetupService.INSTRUCTION_TOPIC_RENEW_CERTIFICATE, new Date(), "123", "456", new BasicInstructionStatus(456L, InstructionState.Received, new Date())); for (int i = 0; i < renewedSignedPem.length(); i += 256) { int end = i + (i + 256 < renewedSignedPem.length() ? 256 : renewedSignedPem.length() - i); instr.addParameter(DefaultSetupService.INSTRUCTION_PARAM_CERTIFICATE, renewedSignedPem.substring(i, end)); } InstructionState state = service.processInstruction(instr); assertThat("Instruction state", state, equalTo(InstructionState.Completed)); X509Certificate nodeCert = keystoreService.getNodeCertificate(); assertThat("Node cert is now renewed cert", nodeCert, equalTo(renewedCert)); }
From source file:net.solarnetwork.node.setup.test.PKITestUtils.java
License:Open Source License
public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception { final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer)); final X500Name subjectDn = new X500Name(subject); final BigInteger serial = getNextSerialNumber(); final Date notBefore = new Date(); final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);// w w w . j a v a2 s . c om // add "CA" extension BasicConstraints basicConstraints; if (issuer == null) { basicConstraints = new BasicConstraints(true); } else { int issuerPathLength = issuer.getBasicConstraints(); basicConstraints = new BasicConstraints(issuerPathLength - 1); } builder.addExtension(X509Extension.basicConstraints, true, basicConstraints); // add subjectKeyIdentifier JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey); builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski); // add authorityKeyIdentifier GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN)); AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey); aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial); builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki); // add keyUsage X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation); builder.addExtension(X509Extension.keyUsage, true, keyUsage); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA"); ContentSigner signer = signerBuilder.build(issuerKey); X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); return converter.getCertificate(holder); }
From source file:net.solarnetwork.node.setup.test.PKITestUtils.java
License:Open Source License
public static X509Certificate sign(PKCS10CertificationRequest csr, X509Certificate issuer, PrivateKey issuerPrivateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException, CertificateException, java.security.cert.CertificateException { final BigInteger serial = getNextSerialNumber(); final Date notBefore = new Date(); final Date notAfter = new Date(System.currentTimeMillis() + 24L * 60L * 60L * 1000L); X500Name issuerName = JcaX500NameUtil.getSubject(issuer); X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(issuerName, serial, notBefore, notAfter, csr.getSubject(), csr.getSubjectPublicKeyInfo()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA"); ContentSigner signer = signerBuilder.build(issuerPrivateKey); X509CertificateHolder holder = myCertificateGenerator.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); return converter.getCertificate(holder); }
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
private byte[] createProtectedPKIMessage(PKIBody pkiBody) throws CMPException, OperatorCreationException, IOException, CertificateEncodingException, PKICMPMessageException { senderNonce = new byte[64]; pkiKeyStore.getSecureRandom().nextBytes(senderNonce); if (transactionId == null) { transactionId = new byte[64]; pkiKeyStore.getSecureRandom().nextBytes(transactionId); }//from www . j a v a 2 s . c om ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSAEncryption") .setProvider(pkiKeyStore.getProvider()).build(pkiKeyStore.getSenderPrivateKey()); ProtectedPKIMessage message = new ProtectedPKIMessageBuilder( new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStore.getSenderCertificate())), new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStore.getRecipientCertificate()))) .setMessageTime(new Date()).setSenderNonce(senderNonce).setTransactionID(transactionId) .addCMPCertificate( new X509CertificateHolder(pkiKeyStore.getSenderCertificate().getEncoded())) .setBody(pkiBody).build(signer); return message.toASN1Structure().getEncoded(); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
private byte[] createProtectedPKIMessage(byte[] senderNonce, byte[] transactionId, PKIBody pkiBody) throws CMPException, OperatorCreationException, IOException, CertificateEncodingException, PKICMPMessageException {//w ww . jav a 2s .c o m byte[] recipientNonce = new byte[64]; pkiKeyStoreCA.getSecureRandom().nextBytes(recipientNonce); ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSAEncryption") .setProvider(pkiKeyStoreCA.getProvider()).build(pkiKeyStoreCA.getSenderPrivateKey()); ProtectedPKIMessage message = new ProtectedPKIMessageBuilder( new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStoreCA.getSenderCertificate())), new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStoreCA.getRecipientCertificate()))) .setMessageTime(new Date()).setSenderNonce(recipientNonce).setRecipNonce(senderNonce) .setTransactionID(transactionId) .addCMPCertificate( new X509CertificateHolder(pkiKeyStoreCA.getSenderCertificate().getEncoded())) .setBody(pkiBody).build(signer); return message.toASN1Structure().getEncoded(); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate an intermediate certificate signed by our CA * @throws OperatorCreationException //w w w . j av a2 s.c o m * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createIntermediateCert(PublicKey pubKey, PrivateKey caPrivKey, X509Certificate caCert) throws OperatorCreationException, CertIOException, NoSuchAlgorithmException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(caPrivKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getSubject(caCert), // Serial Number BigInteger.valueOf(2), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=Class 0 SubCA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(caCert)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); v3CertBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(0)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a certificate signed by our CA's intermediate certficate * @throws OperatorCreationException /*from w w w .j av a 2 s . c o m*/ * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createRACert(PublicKey pubKey, PrivateKey caPrivKey, X509Certificate caCert) throws OperatorCreationException, CertIOException, NoSuchAlgorithmException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(caPrivKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getSubject(caCert), // Serial Number BigInteger.valueOf(2), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=RA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(caCert)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.opendaylight.snbi.southplugin.SNBICAInterfaces.java
License:Open Source License
public X509Certificate generateX509Certificate(PKCS10CertificationRequest request, ContentSigner signer) { X509Certificate rootCert = CertificateMgmt.getSavedCertificate(CertManagerConstants.BC, CertManagerConstants.SELF_SIGNED_CERT_FILE); KeyPair rootPair = KeyPairMgmt.getKeyPairFromStore(CertManagerConstants.KEY_STORE_ALIAS, CertManagerConstants.KEY_STORE_CERT_ALIAS, CertManagerConstants.STORE_TYPE.JKS); // X500Name x500Name = request.getSubject(); // RDN cn = x500Name.getRDNs(BCStyle.SN)[0]; // AttributeTypeAndValue[] values = cn.getTypesAndValues(); //BigInteger serial = BigInteger.valueOf(new Long(values[0].getValue().toString()).longValue()); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); Calendar now = Calendar.getInstance(); now.add(Calendar.YEAR, -1);/*w ww.ja va2 s. c o m*/ Date notBefore = now.getTime(); now.add(Calendar.YEAR, 4); Date notAfter = now.getTime(); org.bouncycastle.asn1.x500.X500Name issuername = JcaX500NameUtil.getSubject(rootCert); JcaPKCS10CertificationRequest jpkcsreq = new JcaPKCS10CertificationRequest(request); X509v3CertificateBuilder certGen; try { certGen = new JcaX509v3CertificateBuilder(issuername, serial, notBefore, notAfter, request.getSubject(), jpkcsreq.getPublicKey()); } catch (InvalidKeyException | NoSuchAlgorithmException e1) { e1.printStackTrace(); return null; } if (signer == null) { try { signer = new JcaContentSignerBuilder(CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()) .setProvider(CertManagerConstants.BC).build(rootPair.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } } try { X509Certificate issuedCert = new JcaX509CertificateConverter().setProvider(CertManagerConstants.BC) .getCertificate(certGen.build(signer)); return issuedCert; } catch (CertificateException e) { e.printStackTrace(); return null; } }