List of usage examples for org.bouncycastle.cert X509CertificateHolder getNotBefore
public Date getNotBefore()
From source file:esteidhacker.FakeEstEIDCA.java
License:Open Source License
private X509Certificate makeRootCert(KeyPair kp) throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException { // Load real root certificate X509CertificateHolder real = getRealCert("/resources/sk-root.pem"); // Use values from real certificate // TODO/FIXME: GeneralizedTime instead of UTCTime for root JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(), kp.getPublic()); @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions verbatim for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); }/* www . jav a 2 s . c o m*/ // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate()); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(cert); }
From source file:esteidhacker.FakeEstEIDCA.java
License:Open Source License
private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root) throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException { // Load current root certificate X509CertificateHolder real = getRealCert("/resources/sk-esteid.pem"); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(), esteid.getPublic());/*from w w w.j a v a 2 s.c om*/ // Basic constraints @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); } // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate()); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(cert); }
From source file:org.codice.ddf.security.certificate.generator.CertificateSigningRequestTest.java
License:Open Source License
@Test public void testNewCertificateBuilderWithoutSan() throws Exception { final DateTime start = DateTime.now().minusDays(1); final DateTime end = start.plusYears(100); final KeyPair kp = makeKeyPair(); csr.setSerialNumber(1);// w w w.j a v a 2 s. c o m csr.setNotBefore(start); csr.setNotAfter(end); csr.setCommonName("A"); csr.setSubjectKeyPair(kp); final X509Certificate issuerCert = mock(X509Certificate.class); doReturn(new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US")).when(issuerCert) .getSubjectX500Principal(); final JcaX509v3CertificateBuilder builder = csr.newCertificateBuilder(issuerCert); final X509CertificateHolder holder = builder.build(new DemoCertificateAuthority().getContentSigner()); assertThat(holder.getSerialNumber(), equalTo(BigInteger.ONE)); assertThat(holder.getNotBefore(), equalTo(new Time(start.toDate()).getDate())); assertThat(holder.getNotAfter(), equalTo(new Time(end.toDate()).getDate())); assertThat(holder.getSubject().toString(), equalTo("cn=A")); assertThat("Unable to validate public key", holder.getSubjectPublicKeyInfo(), equalTo(SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded()))); assertThat("There should be no subject alternative name extension", holder.getExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName), nullValue(org.bouncycastle.asn1.x509.Extension.class)); }
From source file:org.codice.ddf.security.certificate.generator.CertificateSigningRequestTest.java
License:Open Source License
@Test public void testNewCertificateBuilderWithSan() throws Exception { final DateTime start = DateTime.now().minusDays(1); final DateTime end = start.plusYears(100); final KeyPair kp = makeKeyPair(); csr.setSerialNumber(1);/*from w w w .j ava2 s . c o m*/ csr.setNotBefore(start); csr.setNotAfter(end); csr.setCommonName("A"); csr.setSubjectKeyPair(kp); csr.addSubjectAlternativeNames("IP:1.2.3.4", "DNS:A"); final X509Certificate issuerCert = mock(X509Certificate.class); doReturn(new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US")).when(issuerCert) .getSubjectX500Principal(); final JcaX509v3CertificateBuilder builder = csr.newCertificateBuilder(issuerCert); final X509CertificateHolder holder = builder.build(new DemoCertificateAuthority().getContentSigner()); assertThat(holder.getSerialNumber(), equalTo(BigInteger.ONE)); assertThat(holder.getNotBefore(), equalTo(new Time(start.toDate()).getDate())); assertThat(holder.getNotAfter(), equalTo(new Time(end.toDate()).getDate())); assertThat(holder.getSubject().toString(), equalTo("cn=A")); assertThat("Unable to validate public key", holder.getSubjectPublicKeyInfo(), equalTo(SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded()))); final org.bouncycastle.asn1.x509.Extension csn = holder .getExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName); assertThat(csn.getParsedValue().toASN1Primitive().getEncoded(ASN1Encoding.DER), equalTo(new GeneralNamesBuilder().addName(new GeneralName(GeneralName.iPAddress, "1.2.3.4")) .addName(new GeneralName(GeneralName.dNSName, "A")).build().getEncoded(ASN1Encoding.DER))); }
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Update a certification request with local key generation * * @param certificate to be updated/*from w w w . j a va2 s .c o m*/ * @return return the binary ASN.1 message for a certification request * @throws CertificateEncodingException * @throws CMSException * @throws CRMFException * @throws OperatorCreationException * @throws CMPException * @throws IOException */ public byte[] createKeyUpdateMessageWithLocalKey(X509Certificate certificate, KeyPair keyPair) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO); X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(certificate); certReqBuild.setSubject(x509CertificateHolder.getSubject()); certReqBuild.setIssuer(x509CertificateHolder.getIssuer()); certReqBuild.setSerialNumber(x509CertificateHolder.getSerialNumber()); if (keyPair != null) { certReqBuild.setPublicKey(keyPair.getPublic()); if (keyPair.getPrivate() != null) { certReqBuild.addControl( new JcaPKIArchiveControlBuilder(keyPair.getPrivate(), x509CertificateHolder.getIssuer()) .addRecipientGenerator( new JceKeyTransRecipientInfoGenerator(pkiKeyStore.getRecipientCertificate()) .setProvider(pkiKeyStore.getProvider())) .build(new JceCMSContentEncryptorBuilder( new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.DES_EDE3_CBC)) .setProvider(pkiKeyStore.getProvider()).build())); } } else certReqBuild.setPublicKey(x509CertificateHolder.getSubjectPublicKeyInfo()); if (extensions != null) { for (Extension extension : extensions) certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue()); } else { if (x509CertificateHolder.getExtensions() != null) { for (ASN1ObjectIdentifier oid : x509CertificateHolder.getExtensions().getExtensionOIDs()) { certReqBuild.addExtension(oid, x509CertificateHolder.getExtensions().getExtension(oid).isCritical(), x509CertificateHolder.getExtensions().getExtensionParsedValue(oid)); } } } OptionalValidity tempOptionalValidity; if (optionalValidity != null) { tempOptionalValidity = optionalValidity; } else { tempOptionalValidity = new OptionalValidity(new Time(x509CertificateHolder.getNotBefore()), new Time(x509CertificateHolder.getNotAfter())); } Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder"); field.setAccessible(true); CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild); certTemplateBuilder.setValidity(tempOptionalValidity); CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure()); return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, certReqMsgs)); }
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
/** * Update a certification request with remote key generation * * @param certificate to be updated// www . j ava 2 s .co m * @return return the binary ASN.1 message for a certification request * @throws CertificateEncodingException * @throws CMSException * @throws CRMFException * @throws OperatorCreationException * @throws CMPException * @throws IOException */ public byte[] createKeyUpdateMessageWithRemoteKey(X509Certificate certificate) throws CertificateEncodingException, CMSException, CRMFException, OperatorCreationException, CMPException, IOException, PKICMPMessageException, NoSuchFieldException, IllegalAccessException { JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ZERO); X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(certificate); certReqBuild.setSubject(x509CertificateHolder.getSubject()); certReqBuild.setIssuer(x509CertificateHolder.getIssuer()); certReqBuild.setSerialNumber(x509CertificateHolder.getSerialNumber()); if (extensions != null) { for (Extension extension : extensions) certReqBuild.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue()); } else { if (x509CertificateHolder.getExtensions() != null) { for (ASN1ObjectIdentifier oid : x509CertificateHolder.getExtensions().getExtensionOIDs()) { certReqBuild.addExtension(oid, x509CertificateHolder.getExtensions().getExtension(oid).isCritical(), x509CertificateHolder.getExtensions().getExtensionParsedValue(oid)); } } } OptionalValidity tempOptionalValidity; if (optionalValidity != null) { tempOptionalValidity = optionalValidity; } else { tempOptionalValidity = new OptionalValidity(new Time(x509CertificateHolder.getNotBefore()), new Time(x509CertificateHolder.getNotAfter())); } Field field = certReqBuild.getClass().getSuperclass().getDeclaredField("templateBuilder"); field.setAccessible(true); CertTemplateBuilder certTemplateBuilder = (CertTemplateBuilder) field.get(certReqBuild); certTemplateBuilder.setValidity(tempOptionalValidity); CertReqMessages certReqMsgs = new CertReqMessages(certReqBuild.build().toASN1Structure()); return createProtectedPKIMessage(new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, certReqMsgs)); }