Example usage for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder JcaX509v3CertificateBuilder

List of usage examples for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder JcaX509v3CertificateBuilder

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.jcajce.*
  5. JcaX509v3CertificateBuilder
  6. JcaX509v3CertificateBuilder

Introduction

In this page you can find the example usage for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder JcaX509v3CertificateBuilder.

Prototype

public JcaX509v3CertificateBuilder(X509Certificate issuerCert, BigInteger serial, Date notBefore, Date notAfter,
        X500Name subject, PublicKey publicKey)

Source Link

Document

Initialise the builder using the subject from the passed in issuerCert as the issuer, as well as passing through and converting the other objects provided.

Usage

From source file:CAModulePackage.CertificateHelper.java

/**
 * This method generates a new X.509 Identity Certificate.
 * This should only really be used for generating a new certificate
 * for a part of this system (CA's Cert/AA's Cert). For a client, we would
 * have them generate and send over a Certificate Signing Request.
 * @param subjectKey - The soon-to-be-holder's Public Key
 * @param issuerKey - The singing entity's Private Key
 * @param issuer - Common Name of the signing entity
 * @param subject - Common Name of the subject (soon-to-be-holder)
 * @return - New X.509 Identity Certificate.
 * @throws OperatorCreationException /*www .  jav  a  2 s .  c  om*/
 */
public static X509CertificateHolder generateCertificate(PublicKey subjectKey, PrivateKey issuerKey,
        String issuer, String subject) throws OperatorCreationException {

    //So I am unable to verify that the certificate is valid on my Mac, but the one's
    //generated by Amanda's app are also "untrusted" through terminal ssl...
    Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
    Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);

    //Chose to use the JcaBuilder because they use the public key not the PublicKeyInfo...
    //Although, looking at the specs, it doesn't look like the default publickeyinfo is too bad to make...
    //TODO: Consider switching to the normal certBuidler.
    JcaX509v3CertificateBuilder b = new JcaX509v3CertificateBuilder(new X500Name(issuer),
            BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(subject), //I believe this field is incorrect TODO:Revise.
            subjectKey);

    X509CertificateHolder cert = b
            .build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerKey));
    return cert;
}

From source file:CAModulePackage.CertificateHelper.java

/**
 * Generate a new X.509 Certificate based on the input Certificate Signing
 * Request.//from  w  ww .  j a v a2s .  c  o  m
 * This is the primary method that should be used for granting a user 
 * credentials on this system.
 * @param csr - Input Certificate Signing Request
 * @param issuer - Name of the Issuing Entity
 * @param issuerPriv - Private Key of the Issuing Entity.
 * @return X.509 Identity Certificate authenticating the user to this system
 */
public static X509CertificateHolder signCSR(PKCS10CertificationRequest csr, String issuer,
        PrivateKey issuerPriv) {
    Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
    Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);

    PublicKey pub = null;
    try {
        pub = KeyFactory.getInstance("RSA")
                .generatePublic(new X509EncodedKeySpec(csr.getSubjectPublicKeyInfo().getEncoded()));
    } catch (InvalidKeySpecException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(new X500Name(issuer),
            BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, csr.getSubject(), pub);

    X509CertificateHolder newCert = null;
    try {
        newCert = builder.build(
                new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerPriv));
    } catch (OperatorCreationException e) {
        e.printStackTrace();
    }

    return newCert;
}

From source file:cdm.api.windows.util.CertificateSigningService.java

License:Open Source License

public static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest, PrivateKey privateKey,
        X509Certificate caCert) throws Exception {
    try {/*w w w  .  j a  v  a  2  s .co  m*/

        X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(caCert,
                BigInteger.valueOf(new SecureRandom().nextInt(Integer.MAX_VALUE)),
                new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
                new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)),
                new X500Name("CN=abimaran"), jcaRequest.getPublicKey());

        JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();

        ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);

        X509Certificate theCert = new JcaX509CertificateConverter().setProvider("BC")
                .getCertificate(certificateBuilder.build(signer));

        LOGGER.info("Signed Certificate CN : " + theCert.getSubjectDN().getName());

        LOGGER.info("Signed CSR's public key : " + theCert.getPublicKey());

        return theCert;

    } catch (Exception e) {
        throw new Exception("Error in signing the certificate", e);
    }
}

From source file:co.runrightfast.core.security.cert.SelfSignedX509V3CertRequest.java

License:Apache License

public X509v3CertificateBuilder x509v3CertificateBuilder() {
    final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
            x509V3CertRequest.getIssuerPrincipal(), x509V3CertRequest.getSerialNumber(),
            Date.from(x509V3CertRequest.getNotBefore()), Date.from(x509V3CertRequest.getNotAfter()),
            x509V3CertRequest.getSubjectPrincipal(), x509V3CertRequest.getSubjectPublicKey());

    x509V3CertRequest.getExtensions().stream().forEach(ext -> {
        try {// www .jav  a2  s . c  o m
            builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue());
        } catch (final CertIOException ex) {
            throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex);
        }
    });

    return builder;
}

From source file:co.runrightfast.core.security.cert.X509V3CertRequest.java

License:Apache License

public X509v3CertificateBuilder x509v3CertificateBuilder() {
    final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerPrincipal, serialNumber,
            Date.from(notBefore), Date.from(notAfter), subjectPrincipal, subjectPublicKey);

    extensions.stream().forEach(ext -> {
        try {/* w  w  w  .j  a  va2  s . co m*/
            builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue());
        } catch (final CertIOException ex) {
            throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex);
        }
    });

    return builder;
}

From source file:com.aqnote.shared.cryptology.cert.CertificateChainDemo.java

License:Open Source License

public boolean generateX509Certificate(String userCertPath) {
    try {/*from  www .  j ava 2 s .co  m*/
        FileInputStream in = new FileInputStream(keyStorePath);
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(in, keyStorePasswd.toCharArray());
        in.close();

        // Get CA private key.
        PrivateKey caPrivateKey = (PrivateKey) ks.getKey(caName, caPasswd.toCharArray());
        System.out.println("\nCA private key:\n" + caPrivateKey);

        // Get CA DN.
        Certificate c = ks.getCertificate(caName);
        X509Certificate t = (X509Certificate) c;
        String caDN = t.getIssuerDN().toString();
        // CN:???? OU:???? O:?? L:? C:?
        System.out.println("\nCA DN:\n" + caDN);

        KeyPair KPair = RSAKeyPairGenDemo.getRSAKeyPair(1024);
        System.out.println("\nuser private key:\n" + KPair.getPrivate());
        System.out.println("\nuser public key:\n" + KPair.getPublic());
        JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(new X500Name(caDN),
                BigInteger.valueOf(1), new Date(System.currentTimeMillis()),
                new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)), new X500Name(userDN),
                KPair.getPublic());

        X509CertificateHolder certHolder = certBuilder.build(new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA)
                .setProvider(JCE_PROVIDER).build(KPair.getPrivate()));
        X509Certificate cert = new JcaX509CertificateConverter().setProvider(JCE_PROVIDER)
                .getCertificate(certHolder);

        cert.checkValidity(new Date());
        cert.verify(KPair.getPublic());

        ((PKCS12BagAttributeCarrier) cert).setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName,
                new DERBMPString("x509 cert"));

        FileOutputStream out = new FileOutputStream(userCertPath);
        out.write(cert.getEncoded());
        out.close();

        // Add user entry into keystore
        ks.setCertificateEntry(userAlias, cert);
        out = new FileOutputStream(keyStorePath);
        ks.store(out, caPasswd.toCharArray());
        out.close();

    } catch (Exception e) {
        e.printStackTrace();
    }
    return true;
}

From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java

License:Open Source License

public X509Certificate createClass3EndCert(long sno, X500Name sdn, Map<String, String> exts, PublicKey pubKey,
        KeyPair pKeyPair) throws Exception {
    PublicKey pPubKey = pKeyPair.getPublic();
    PrivateKey pPrivKey = pKeyPair.getPrivate();

    X500Name idn = X500NameUtil.createClass3CaPrincipal();
    BigInteger _sno = BigInteger.valueOf(sno <= 0 ? System.currentTimeMillis() : sno);
    Date nb = new Date(System.currentTimeMillis() - HALF_DAY);
    Date na = new Date(nb.getTime() + FIVE_YEAR);

    X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, _sno, nb, na, sdn, pubKey);

    addSubjectKID(certBuilder, pubKey);//w w  w.  ja v a  2  s .c  o  m
    addAuthorityKID(certBuilder, pPubKey);
    certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(MOST_EKU));
    certBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(END_KEY_USAGE));
    if (exts != null) {
        Set<String> key = exts.keySet();
        for (Iterator<String> it = key.iterator(); it.hasNext();) {
            String oid = it.next();
            String value = exts.get(oid);
            if (!StringUtils.isBlank(value)) {
                certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false,
                        new DEROctetString(value.getBytes()));
            }
        }
    }

    X509Certificate certificate = signCert(certBuilder, pPrivKey);
    certificate.checkValidity(new Date());
    certificate.verify(pPubKey);

    setPKCS9Info(certificate);

    return certificate;
}

From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java

License:Open Source License

private X509Certificate createRootCaCert(X500Name idn, KeyPair keyPair) throws Exception {

    PublicKey pubKey = keyPair.getPublic();
    PrivateKey privKey = keyPair.getPrivate();

    BigInteger sno = BigInteger.valueOf(1);
    Date nb = new Date(System.currentTimeMillis() - ONE_DAY);
    Date na = new Date(nb.getTime() + TWENTY_YEAR);

    X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, idn, pubKey);

    addSubjectKID(certBuilder, pubKey);// w w  w  . jav  a2s  .c om
    addAuthorityKID(certBuilder, pubKey);
    addCRLDistributionPoints(certBuilder);
    addAuthorityInfoAccess(certBuilder);
    certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(Boolean.TRUE));

    X509Certificate certificate = signCert(certBuilder, privKey);
    certificate.checkValidity(new Date());
    certificate.verify(pubKey);

    setPKCS9Info(certificate);

    return certificate;
}

From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java

License:Open Source License

private X509Certificate createMiddleCaCert(X500Name subject, PublicKey pubKey, KeyPair pKeyPair,
        X500Name issuer) throws Exception {

    BigInteger sno = BigInteger.valueOf(3);
    Date nb = new Date(System.currentTimeMillis() - HALF_DAY);
    Date na = new Date(nb.getTime() + TWENTY_YEAR);

    X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, sno, nb, na, subject,
            pubKey);//from w  ww  .ja v  a  2s  .  c  o  m

    addSubjectKID(certBuilder, pubKey);
    addAuthorityKID(certBuilder, pKeyPair.getPublic());
    certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(3));
    certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU));

    X509Certificate certificate = signCert(certBuilder, pKeyPair.getPrivate());
    certificate.checkValidity(new Date());
    certificate.verify(pKeyPair.getPublic());

    setPKCS9Info(certificate);

    return certificate;
}

From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java

License:Open Source License

private X509Certificate createEndCert(X500Name subject, PublicKey pubKey, KeyPair pKeyPair, X500Name issuer)
        throws Exception {

    PublicKey pPubKey = pKeyPair.getPublic();
    PrivateKey pPrivKey = pKeyPair.getPrivate();

    BigInteger sno = BigInteger.valueOf(System.currentTimeMillis());
    Date nb = new Date(System.currentTimeMillis() - HALF_DAY);
    Date na = new Date(nb.getTime() + FIVE_YEAR);

    X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, sno, nb, na, subject,
            pubKey);/*from  w  ww.  ja  va  2s  .  co m*/

    addSubjectKID(certBuilder, pubKey);
    addAuthorityKID(certBuilder, pPubKey);
    certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU));
    certBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(END_KEY_USAGE));

    X509Certificate certificate = signCert(certBuilder, pPrivKey);
    certificate.checkValidity(new Date());
    certificate.verify(pPubKey);

    setPKCS9Info(certificate);

    return certificate;
}