List of usage examples for org.bouncycastle.jce X509Principal X509Principal
public X509Principal(boolean reverse, String dirName)
From source file:com.jlocksmith.util.CertificateUtil.java
License:Open Source License
/** * Generate Certificate/* www .ja v a 2 s.com*/ * * @param commonName Common Name * @param organizationUnit Organization Unit * @param organization Organization * @param locality Locality * @param state State * @param countryCode Country Code * @param emailAddress Email Address * @param validity Validity (Days) * @param publicKey Public Key * @param privateKey Private Key * @param signatureType Signature Type * * @return X509Certificate * * @throws Exception */ public static X509Certificate generateCertificate(String commonName, String organizationUnit, String organization, String locality, String state, String countryCode, String emailAddress, int validity, PublicKey publicKey, PrivateKey privateKey, String signatureType) throws Exception { // Holds certificate attributes Hashtable<Object, Object> attrs = new Hashtable<Object, Object>(); Vector<Object> order = new Vector<Object>(); // Set certificate attributes if (commonName != null) { attrs.put(X509Principal.CN, commonName); order.add(0, X509Principal.CN); } if (organizationUnit != null) { attrs.put(X509Principal.OU, organizationUnit); order.add(0, X509Principal.OU); } if (organization != null) { attrs.put(X509Principal.O, organization); order.add(0, X509Principal.O); } if (locality != null) { attrs.put(X509Principal.L, locality); order.add(0, X509Principal.L); } if (state != null) { attrs.put(X509Principal.ST, state); order.add(0, X509Principal.ST); } if (countryCode != null) { attrs.put(X509Principal.C, countryCode); order.add(0, X509Principal.C); } if (emailAddress != null) { attrs.put(X509Principal.E, emailAddress); order.add(0, X509Principal.E); } // Get an X509 Version 1 Certificate generator X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setIssuerDN(new X509Principal(order, attrs)); // Valid before and after dates now to iValidity days in the future certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + ((long) validity * 24 * 60 * 60 * 1000))); certGen.setSubjectDN(new X509Principal(order, attrs)); certGen.setPublicKey(publicKey); certGen.setSignatureAlgorithm(signatureType); certGen.setSerialNumber(generateX509SerialNumber()); // Generate an X.509 certificate, based on the current issuer and // subject X509Certificate cert = certGen.generateX509Certificate(privateKey); // Return the certificate return cert; }
From source file:com.thoughtworks.go.security.X509PrincipalGenerator.java
License:Apache License
private X509Principal principal() { return new X509Principal(order, attrs); }
From source file:de.mendelson.util.security.keygeneration.KeyGenerator.java
/** * Generates a self-signed X509 Version 3 certificate * *//*ww w . jav a 2 s .c o m*/ private X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, KeyGenerationValues generationValues) throws Exception { //Stores certificate attributes Hashtable<ASN1ObjectIdentifier, String> attributes = new Hashtable<ASN1ObjectIdentifier, String>(); Vector<ASN1ObjectIdentifier> order = new Vector<ASN1ObjectIdentifier>(); attributes.put(X509Name.CN, generationValues.getCommonName()); order.add(0, X509Name.CN); attributes.put(X509Name.OU, generationValues.getOrganisationUnit()); order.add(0, X509Name.OU); attributes.put(X509Name.O, generationValues.getOrganisationName()); order.add(0, X509Name.O); attributes.put(X509Name.L, generationValues.getLocalityName()); order.add(0, X509Name.L); attributes.put(X509Name.ST, generationValues.getStateName()); order.add(0, X509Name.ST); attributes.put(X509Name.C, generationValues.getCountryCode()); order.add(0, X509Name.C); attributes.put(X509Name.E, generationValues.getEmailAddress()); order.add(0, X509Name.E); X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // Set the issuer distinguished name certificateGenerator.setIssuerDN(new X509Principal(order, attributes)); //add a key extension if this is requested if (generationValues.getKeyExtension() != null) { certificateGenerator.addExtension(X509Extensions.KeyUsage, true, generationValues.getKeyExtension()); } //add a extended key extension if this is requested if (generationValues.getExtendedKeyExtension() != null) { certificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, false, generationValues.getExtendedKeyExtension()); } // Valid before and after dates now to iValidity days in the future Date startDate = new Date(System.currentTimeMillis()); long duration = TimeUnit.DAYS.toMillis(generationValues.getKeyValidInDays()); Date endDate = new Date(startDate.getTime() + duration); certificateGenerator.setNotBefore(startDate); certificateGenerator.setNotAfter(endDate); certificateGenerator.setSubjectDN(new X509Principal(order, attributes)); certificateGenerator.setPublicKey(publicKey); certificateGenerator.setSignatureAlgorithm(generationValues.getSignatureAlgorithm()); BigInteger serialNumber = new BigInteger(Long.toString(System.currentTimeMillis() / 1000)); certificateGenerator.setSerialNumber(serialNumber); // Generate an X.509 certificate, based on the current issuer and subject X509Certificate cert = certificateGenerator.generate(privateKey, "BC"); // Return the certificate return cert; }
From source file:gov.nih.nci.firebird.service.signing.DigitalSigningHelper.java
License:Open Source License
private X509V1CertificateGenerator buildX509V1CertificateGenerator(PublicKey publicKey, DigitalSigningDistinguishedName distinguishedName, long serialNumber, int validDays) { X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator(); // Calculate Expiration Date Calendar notBeforeCal = Calendar.getInstance(); Date notBeforeDate = notBeforeCal.getTime(); Calendar notAfterCal = Calendar.getInstance(); notAfterCal.add(Calendar.DAY_OF_YEAR, validDays); Date notAfterDate = notAfterCal.getTime(); ///*from w ww. ja v a2s.co m*/ // create the certificate - version 1 // v1CertGen.setSerialNumber(BigInteger.valueOf(serialNumber)); v1CertGen.setIssuerDN(new X509Principal(getAttributeOrder(), buildAttributes(distinguishedName))); v1CertGen.setNotBefore(notBeforeDate); v1CertGen.setNotAfter(notAfterDate); // subjects name - the same as we are self signed. v1CertGen.setSubjectDN(new X509Principal(getAttributeOrder(), buildAttributes(distinguishedName))); v1CertGen.setPublicKey(publicKey); v1CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return v1CertGen; }
From source file:gov.nih.nci.firebird.service.signing.DigitalSigningHelper.java
License:Open Source License
private X509V3CertificateGenerator buildX509V3CertificateGenerator(PublicKey publicKey, X509Certificate caCert, DigitalSigningDistinguishedName distinguishedName, long serialNumber, int validDays) throws CertificateEncodingException, CertificateParsingException { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); // Calculate Expiration Date Calendar notBeforeCal = Calendar.getInstance(); Date notBeforeDate = notBeforeCal.getTime(); Calendar notAfterCal = Calendar.getInstance(); notAfterCal.add(Calendar.DAY_OF_YEAR, validDays); Date notAfterDate = notAfterCal.getTime(); ////ww w . j a v a2 s .co m // create the certificate - version 3 // v3CertGen.reset(); v3CertGen.setSerialNumber(BigInteger.valueOf(serialNumber)); v3CertGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); v3CertGen.setNotBefore(notBeforeDate); v3CertGen.setNotAfter(notAfterDate); v3CertGen.setSubjectDN(new X509Principal(getAttributeOrder(), buildAttributes(distinguishedName))); v3CertGen.setPublicKey(publicKey); v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); // // extensions // v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey)); v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); return v3CertGen; }
From source file:lt.bsprendimai.ddesk.servlets.CertGenerator.java
License:Apache License
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * * @param request/*from w w w . j a va2 s . c om*/ * servlet request * @param response * servlet response */ @SuppressWarnings("unchecked") protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { UserHandler uh = (UserHandler) request.getSession().getAttribute("userHandler"); ClientAccessor ca = (ClientAccessor) request.getSession().getAttribute("clientAccessor"); if (uh == null || !uh.isLoggedIn() || uh.getUser().getCompany() != 0 || uh.getUser().getLoginLevel() != 0) { response.sendRedirect(request.getContextPath()); return; } if (request.getParameter("X509Principal.PWD") == null) { request.setAttribute("T", ca.getPerson().getName()); request.setAttribute("USER", ca.getPerson().getLoginCode()); request.setAttribute("EMAIL", ca.getPerson().getEmail()); RequestDispatcher rd = request.getRequestDispatcher("/intranet/generation.jsp"); rd.forward(request, response); return; } Security.addProvider(new BouncyCastleProvider()); Hashtable attrs = new Hashtable(); Vector order = new Vector(); InputStreamReader rd = new InputStreamReader(CertGenerator.class.getResourceAsStream("/desk.pem")); PEMReader reader = new PEMReader(rd); Object oo = (KeyPair) reader.readObject(); KeyPair myKey = (KeyPair) oo; reader.close(); rd = new InputStreamReader(CertGenerator.class.getResourceAsStream("/desk.crt")); reader = new PEMReader(rd); X509Certificate root = (X509Certificate) reader.readObject(); reader.close(); KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "BC"); kpg.initialize(1024); KeyPair kp = kpg.generateKeyPair(); PublicKey users = kp.getPublic(); String issuer = root.getSubjectDN().getName(); attrs.put(X509Principal.T, request.getParameter("X509Principal.T")); attrs.put(X509Principal.C, request.getParameter("X509Principal.C")); attrs.put(X509Principal.O, request.getParameter("X509Principal.O")); attrs.put(X509Principal.OU, request.getParameter("X509Principal.OU")); attrs.put(X509Principal.L, request.getParameter("X509Principal.L")); attrs.put(X509Principal.CN, request.getParameter("X509Principal.CN")); attrs.put(X509Principal.EmailAddress, request.getParameter("X509Principal.EmailAddress")); order.addElement(X509Principal.T); order.addElement(X509Principal.C); order.addElement(X509Principal.O); order.addElement(X509Principal.OU); order.addElement(X509Principal.L); order.addElement(X509Principal.CN); order.addElement(X509Principal.EmailAddress); X509Principal subjectDn = new X509Principal(order, attrs); Session sess = SessionHolder.currentSession().getSess(); CertificateEntry ce = new CertificateEntry(); ce.setCert(""); ce.setMd5Key(""); ce.setName(subjectDn.getName()); ce.setPerson(null); ce.setValid(false); sess.save(ce); sess.flush(); X509V3CertificateGenerator v3c = new X509V3CertificateGenerator(); v3c.reset(); v3c.setSerialNumber(BigInteger.valueOf(ce.getId())); v3c.setIssuerDN(new X509Principal(issuer)); v3c.setNotBefore(new Date()); v3c.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30))); v3c.setSubjectDN(subjectDn); v3c.setPublicKey(users); v3c.setSignatureAlgorithm("MD5WithRSAEncryption"); // // add the extensions // v3c.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslClient | NetscapeCertType.objectSigning)); X509Certificate cert = v3c.generate(myKey.getPrivate(), "BC"); cert.getSignature(); cert.checkValidity(new Date()); cert.verify(myKey.getPublic()); KeyStore store = KeyStore.getInstance("PKCS12", "BC"); store.load(null, null); store.setKeyEntry(request.getParameter("X509Principal.T"), kp.getPrivate(), null, new Certificate[] { cert, root }); StringWriter sr = new StringWriter(); sr.write("-----BEGIN CERTIFICATE-----\n"); sr.write(new String(Base64.encode(cert.getEncoded()))); sr.write("\n"); sr.write("-----END CERTIFICATE-----"); byte[] pwdMD5 = Hex.encode(MessageDigest.getInstance("MD5").digest(cert.getEncoded())); String code = new String(pwdMD5); if (code.length() < 32) { for (int i = (32 - code.length()); i > 0; i--) { code = "0" + code; } } List<CertificateEntry> lce = (List<CertificateEntry>) sess .createQuery("FROM " + CertificateEntry.class.getName() + " WHERE person = ? AND valid = true ") .setInteger(0, ca.getPersonId()).list(); for (CertificateEntry cea : lce) { ce.setValid(false); sess.update(cea); sess.flush(); } ce.setCert(sr.toString().trim()); ce.setMd5Key(code.trim()); ce.setPerson(ca.getPersonId()); ce.setValid(true); sess.update(ce); sess.flush(); SessionHolder.closeSession(); System.out.println("Writing certificate"); response.setContentType("application/pkcs-12"); response.setHeader("Content-disposition", "inline;filename=" + request.getParameter("X509Principal.T").trim() + ".p12"); OutputStream out = response.getOutputStream(); store.store(out, request.getParameter("X509Principal.PWD").trim().toCharArray()); out.close(); } catch (Exception ex) { try { SessionHolder.endSession(); } catch (Exception ejx) { } ex.printStackTrace(); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<head>"); out.println("<title>Error</title>"); out.println("</head>"); out.println("<body>"); out.println("<h1>Error: "); out.println(ex.getMessage()); out.println("</h1>"); out.println("<br/>"); out.println("</body>"); out.println("</html>"); out.close(); } }
From source file:net.jxta.impl.shell.bin.pse.signcsr.java
License:Open Source License
/** * {@inheritDoc}/*from ww w.j a v a 2 s . c o m*/ */ public int startApp(String[] argv) { ShellEnv env = getEnv(); String issuerEnvName; String duration; String csrEnvName; GetOpt options = new GetOpt(argv, 0, ""); while (true) { int option; try { option = options.getNextOption(); } catch (IllegalArgumentException badopt) { consoleMessage("Illegal argument :" + badopt); return syntaxError(); } if (-1 == option) { break; } switch (option) { default: consoleMessage("Unrecognized option"); return syntaxError(); } } issuerEnvName = options.getNextParameter(); if (null == issuerEnvName) { consoleMessage("Missing <issuer> parameter"); return syntaxError(); } duration = options.getNextParameter(); if (null == duration) { consoleMessage("Missing <duration> parameter"); return syntaxError(); } csrEnvName = options.getNextParameter(); if (null == csrEnvName) { consoleMessage("Missing <csr> parameter"); return syntaxError(); } if (null != options.getNextParameter()) { consoleMessage("Unsupported parameter"); return syntaxError(); } MembershipService membership = getGroup().getMembershipService(); if (!(membership instanceof PSEMembershipService)) { ModuleImplAdvertisement mia = (ModuleImplAdvertisement) membership.getImplAdvertisement(); consoleMessage("Group membership service is not PSE. (" + mia.getDescription() + ")"); return ShellApp.appMiscError; } PSEMembershipService pse = (PSEMembershipService) membership; if (null == pse.getDefaultCredential()) { consoleMessage("Key store has not been opened."); return ShellApp.appMiscError; } PSEUtils.IssuerInfo issuer; X509Certificate[] issuerChain; ShellObject issuerEnv = env.get(issuerEnvName); if (null == issuerEnv) { consoleMessage("Issuer environment variable '" + issuerEnvName + "' not found."); return ShellApp.appMiscError; } if (!PSECredential.class.isAssignableFrom(issuerEnv.getObjectClass())) { consoleMessage("'" + issuerEnvName + "' is not a is not a PSE credential."); return ShellApp.appMiscError; } PSECredential cred = (PSECredential) issuerEnv.getObject(); issuerChain = cred.getCertificateChain(); PrivateKey issuerKey = null; try { issuerKey = cred.getPrivateKey(); } catch (IllegalStateException notLocal) { //ignored } if (null == issuerKey) { consoleMessage("Credential is not a local login credential."); return ShellApp.appMiscError; } issuer = new PSEUtils.IssuerInfo(); issuer.cert = issuerChain[0]; issuer.subjectPkey = issuerKey; ShellObject csrEnv = env.get(csrEnvName); if (null == csrEnv) { consoleMessage("CSR environment variable not found."); return ShellApp.appMiscError; } if (!StructuredDocument.class.isAssignableFrom(csrEnv.getObjectClass())) { consoleMessage("'" + csrEnvName + "' is not a Certificate Signing Request."); return ShellApp.appMiscError; } net.jxta.impl.protocol.CertificateSigningRequest csr_msg = new net.jxta.impl.protocol.CertificateSigningRequest( (Element) csrEnv.getObject()); org.bouncycastle.jce.PKCS10CertificationRequest csr = csr_msg.getCSR(); // set validity 10 years from today Date today = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(today); cal.add(Calendar.DATE, Integer.parseInt(duration)); Date until = cal.getTime(); // generate cert try { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(new X509Principal(true, issuer.cert.getSubjectX500Principal().getName())); certGen.setSubjectDN(csr.getCertificationRequestInfo().getSubject()); certGen.setNotBefore(today); certGen.setNotAfter(until); certGen.setPublicKey(csr.getPublicKey()); //certGen.setSignatureAlgorithm("SHA1withDSA"); certGen.setSignatureAlgorithm("SHA1withRSA"); // FIXME bondolo 20040317 needs fixing. certGen.setSerialNumber(BigInteger.valueOf(1)); // return issuer info for generating service cert // the cert X509Certificate newCert = certGen.generateX509Certificate(issuer.subjectPkey); net.jxta.impl.protocol.Certificate cert_msg = new net.jxta.impl.protocol.Certificate(); List<X509Certificate> newChain = new ArrayList<X509Certificate>(Arrays.asList(issuerChain)); newChain.add(0, newCert); cert_msg.setCertificates(newChain); XMLDocument asXML = (XMLDocument) cert_msg.getDocument(MimeMediaType.XMLUTF8); ShellObject<XMLDocument> newObj = new ShellObject<XMLDocument>("Certificate", asXML); env.add(getReturnVariable(), newObj); } catch (Exception failed) { printStackTrace("Failed to generate certificate", failed); } return ShellApp.appNoError; }
From source file:org.ebayopensource.fido.uaf.crypto.X509.java
License:Apache License
public static X509Certificate generateV3Cert(KeyPair pair) { X509Certificate cert = null;//from w w w. ja v a 2s. c o m try { X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setPublicKey(pair.getPublic()); gen.setSerialNumber(new BigInteger(Long.toString(System.currentTimeMillis() / 1000))); Hashtable<ASN1ObjectIdentifier, String> attrs = new Hashtable<ASN1ObjectIdentifier, String>(); Vector<ASN1ObjectIdentifier> vOrder = new Vector<ASN1ObjectIdentifier>(); attrs.put(X509Principal.E, "npesic@ebay.com"); vOrder.add(0, X509Principal.E); attrs.put(X509Principal.CN, "eBay, Inc"); vOrder.add(0, X509Principal.CN); attrs.put(X509Principal.OU, "TNS"); vOrder.add(0, X509Principal.OU); attrs.put(X509Principal.O, "eBay, Inc."); vOrder.add(0, X509Principal.O); attrs.put(X509Principal.L, "San Jose"); vOrder.add(0, X509Principal.L); attrs.put(X509Principal.ST, "CA"); vOrder.add(0, X509Principal.ST); attrs.put(X509Principal.C, "US"); vOrder.add(0, X509Principal.C); gen.setIssuerDN(new X509Principal(vOrder, attrs)); gen.setSubjectDN(new X509Principal(vOrder, attrs)); gen.setNotBefore(new Date(System.currentTimeMillis())); gen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD)); gen.setSignatureAlgorithm("SHA1WithECDSA"); cert = gen.generate(pair.getPrivate(), "BC"); } catch (Exception e) { System.out.println("Unable to generate a X509Certificate." + e); } return cert; }
From source file:org.glite.security.util.DNHandlerTest.java
License:Apache License
public void testDNsWithEscapedChars() { X509Principal x509Principal = new X509Principal(true, "CN=\\ test\\, test,L=Bologna,OU=cas server,O=INFN"); Vector<String> iterat = x509Principal.getValues(); assertEquals(" test, test", iterat.get(3)); DN testDN = DNHandler.getDNRFC2253("CN=\\ test\\, test,L=Bologna,OU=cas server,O=INFN"); assertEquals("CN=\\ test\\, test,L=Bologna,OU=cas server,O=INFN", testDN.getRFCDN()); }
From source file:org.glite.security.util.DNImplRFC2253.java
License:Apache License
/** * Parses the RFC2253 format string and puts the fields into the internal structure. * //from w w w. ja v a 2 s .c o m * @param inputDN the string that contains the DN to parse. * @param reversed Whether the given DN is to be considered reversed or not. */ @SuppressWarnings("unchecked") private void parse(String inputDN, boolean reversed) { X509Principal x509Principal = new X509Principal(reversed, inputDN); m_oids = (DERObjectIdentifier[]) x509Principal.getOIDs().toArray(new DERObjectIdentifier[] {}); m_rdns = (String[]) x509Principal.getValues().toArray(new String[0]); m_count = m_oids.length; }