List of usage examples for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder JcaX509v3CertificateBuilder
public JcaX509v3CertificateBuilder(X509Certificate issuerCert, BigInteger serial, Date notBefore, Date notAfter,
X500Name subject, PublicKey publicKey)
From source file:CAModulePackage.CertificateHelper.java
/** * This method generates a new X.509 Identity Certificate. * This should only really be used for generating a new certificate * for a part of this system (CA's Cert/AA's Cert). For a client, we would * have them generate and send over a Certificate Signing Request. * @param subjectKey - The soon-to-be-holder's Public Key * @param issuerKey - The singing entity's Private Key * @param issuer - Common Name of the signing entity * @param subject - Common Name of the subject (soon-to-be-holder) * @return - New X.509 Identity Certificate. * @throws OperatorCreationException /*www . jav a 2 s . c om*/ */ public static X509CertificateHolder generateCertificate(PublicKey subjectKey, PrivateKey issuerKey, String issuer, String subject) throws OperatorCreationException { //So I am unable to verify that the certificate is valid on my Mac, but the one's //generated by Amanda's app are also "untrusted" through terminal ssl... Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); //Chose to use the JcaBuilder because they use the public key not the PublicKeyInfo... //Although, looking at the specs, it doesn't look like the default publickeyinfo is too bad to make... //TODO: Consider switching to the normal certBuidler. JcaX509v3CertificateBuilder b = new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(subject), //I believe this field is incorrect TODO:Revise. subjectKey); X509CertificateHolder cert = b .build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerKey)); return cert; }
From source file:CAModulePackage.CertificateHelper.java
/** * Generate a new X.509 Certificate based on the input Certificate Signing * Request.//from w ww . j a v a2s . c o m * This is the primary method that should be used for granting a user * credentials on this system. * @param csr - Input Certificate Signing Request * @param issuer - Name of the Issuing Entity * @param issuerPriv - Private Key of the Issuing Entity. * @return X.509 Identity Certificate authenticating the user to this system */ public static X509CertificateHolder signCSR(PKCS10CertificationRequest csr, String issuer, PrivateKey issuerPriv) { Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); PublicKey pub = null; try { pub = KeyFactory.getInstance("RSA") .generatePublic(new X509EncodedKeySpec(csr.getSubjectPublicKeyInfo().getEncoded())); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, csr.getSubject(), pub); X509CertificateHolder newCert = null; try { newCert = builder.build( new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerPriv)); } catch (OperatorCreationException e) { e.printStackTrace(); } return newCert; }
From source file:cdm.api.windows.util.CertificateSigningService.java
License:Open Source License
public static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest, PrivateKey privateKey, X509Certificate caCert) throws Exception { try {/*w w w . j a v a 2 s .co m*/ X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(caCert, BigInteger.valueOf(new SecureRandom().nextInt(Integer.MAX_VALUE)), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=abimaran"), jcaRequest.getPublicKey()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey); X509Certificate theCert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateBuilder.build(signer)); LOGGER.info("Signed Certificate CN : " + theCert.getSubjectDN().getName()); LOGGER.info("Signed CSR's public key : " + theCert.getPublicKey()); return theCert; } catch (Exception e) { throw new Exception("Error in signing the certificate", e); } }
From source file:co.runrightfast.core.security.cert.SelfSignedX509V3CertRequest.java
License:Apache License
public X509v3CertificateBuilder x509v3CertificateBuilder() { final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( x509V3CertRequest.getIssuerPrincipal(), x509V3CertRequest.getSerialNumber(), Date.from(x509V3CertRequest.getNotBefore()), Date.from(x509V3CertRequest.getNotAfter()), x509V3CertRequest.getSubjectPrincipal(), x509V3CertRequest.getSubjectPublicKey()); x509V3CertRequest.getExtensions().stream().forEach(ext -> { try {// www .jav a2 s . c o m builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue()); } catch (final CertIOException ex) { throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex); } }); return builder; }
From source file:co.runrightfast.core.security.cert.X509V3CertRequest.java
License:Apache License
public X509v3CertificateBuilder x509v3CertificateBuilder() { final JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerPrincipal, serialNumber, Date.from(notBefore), Date.from(notAfter), subjectPrincipal, subjectPublicKey); extensions.stream().forEach(ext -> { try {/* w w w .j a va2 s . co m*/ builder.addExtension(ext.getOid(), ext.isCritical(), ext.getValue()); } catch (final CertIOException ex) { throw new ApplicationException(String.format("Failed to add extenstion: %s", ext), ex); } }); return builder; }
From source file:com.aqnote.shared.cryptology.cert.CertificateChainDemo.java
License:Open Source License
public boolean generateX509Certificate(String userCertPath) { try {/*from www . j ava 2 s .co m*/ FileInputStream in = new FileInputStream(keyStorePath); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(in, keyStorePasswd.toCharArray()); in.close(); // Get CA private key. PrivateKey caPrivateKey = (PrivateKey) ks.getKey(caName, caPasswd.toCharArray()); System.out.println("\nCA private key:\n" + caPrivateKey); // Get CA DN. Certificate c = ks.getCertificate(caName); X509Certificate t = (X509Certificate) c; String caDN = t.getIssuerDN().toString(); // CN:???? OU:???? O:?? L:? C:? System.out.println("\nCA DN:\n" + caDN); KeyPair KPair = RSAKeyPairGenDemo.getRSAKeyPair(1024); System.out.println("\nuser private key:\n" + KPair.getPrivate()); System.out.println("\nuser public key:\n" + KPair.getPublic()); JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(new X500Name(caDN), BigInteger.valueOf(1), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)), new X500Name(userDN), KPair.getPublic()); X509CertificateHolder certHolder = certBuilder.build(new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA) .setProvider(JCE_PROVIDER).build(KPair.getPrivate())); X509Certificate cert = new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certHolder); cert.checkValidity(new Date()); cert.verify(KPair.getPublic()); ((PKCS12BagAttributeCarrier) cert).setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("x509 cert")); FileOutputStream out = new FileOutputStream(userCertPath); out.write(cert.getEncoded()); out.close(); // Add user entry into keystore ks.setCertificateEntry(userAlias, cert); out = new FileOutputStream(keyStorePath); ks.store(out, caPasswd.toCharArray()); out.close(); } catch (Exception e) { e.printStackTrace(); } return true; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
License:Open Source License
public X509Certificate createClass3EndCert(long sno, X500Name sdn, Map<String, String> exts, PublicKey pubKey, KeyPair pKeyPair) throws Exception { PublicKey pPubKey = pKeyPair.getPublic(); PrivateKey pPrivKey = pKeyPair.getPrivate(); X500Name idn = X500NameUtil.createClass3CaPrincipal(); BigInteger _sno = BigInteger.valueOf(sno <= 0 ? System.currentTimeMillis() : sno); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + FIVE_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, _sno, nb, na, sdn, pubKey); addSubjectKID(certBuilder, pubKey);//w w w. ja v a 2 s .c o m addAuthorityKID(certBuilder, pPubKey); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(MOST_EKU)); certBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(END_KEY_USAGE)); if (exts != null) { Set<String> key = exts.keySet(); for (Iterator<String> it = key.iterator(); it.hasNext();) { String oid = it.next(); String value = exts.get(oid); if (!StringUtils.isBlank(value)) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, new DEROctetString(value.getBytes())); } } } X509Certificate certificate = signCert(certBuilder, pPrivKey); certificate.checkValidity(new Date()); certificate.verify(pPubKey); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
License:Open Source License
private X509Certificate createRootCaCert(X500Name idn, KeyPair keyPair) throws Exception { PublicKey pubKey = keyPair.getPublic(); PrivateKey privKey = keyPair.getPrivate(); BigInteger sno = BigInteger.valueOf(1); Date nb = new Date(System.currentTimeMillis() - ONE_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, idn, pubKey); addSubjectKID(certBuilder, pubKey);// w w w . jav a2s .c om addAuthorityKID(certBuilder, pubKey); addCRLDistributionPoints(certBuilder); addAuthorityInfoAccess(certBuilder); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(Boolean.TRUE)); X509Certificate certificate = signCert(certBuilder, privKey); certificate.checkValidity(new Date()); certificate.verify(pubKey); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
License:Open Source License
private X509Certificate createMiddleCaCert(X500Name subject, PublicKey pubKey, KeyPair pKeyPair, X500Name issuer) throws Exception { BigInteger sno = BigInteger.valueOf(3); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, sno, nb, na, subject, pubKey);//from w ww .ja v a 2s . c o m addSubjectKID(certBuilder, pubKey); addAuthorityKID(certBuilder, pKeyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(3)); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU)); X509Certificate certificate = signCert(certBuilder, pKeyPair.getPrivate()); certificate.checkValidity(new Date()); certificate.verify(pKeyPair.getPublic()); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
License:Open Source License
private X509Certificate createEndCert(X500Name subject, PublicKey pubKey, KeyPair pKeyPair, X500Name issuer) throws Exception { PublicKey pPubKey = pKeyPair.getPublic(); PrivateKey pPrivKey = pKeyPair.getPrivate(); BigInteger sno = BigInteger.valueOf(System.currentTimeMillis()); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + FIVE_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, sno, nb, na, subject, pubKey);/*from w ww. ja va 2s . co m*/ addSubjectKID(certBuilder, pubKey); addAuthorityKID(certBuilder, pPubKey); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU)); certBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(END_KEY_USAGE)); X509Certificate certificate = signCert(certBuilder, pPrivKey); certificate.checkValidity(new Date()); certificate.verify(pPubKey); setPKCS9Info(certificate); return certificate; }