List of usage examples for org.bouncycastle.x509 X509V1CertificateGenerator generate
public X509Certificate generate(PrivateKey key, String provider) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
From source file:at.peppol.commons.security.KeyStoreUtilsTest.java
License:Mozilla Public License
public static X509Certificate createX509V1Certificate(final KeyPair aKeyPair) throws Exception { // generate the certificate final X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=Test Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X500Principal("CN=Test Certificate")); certGen.setPublicKey(aKeyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generate(aKeyPair.getPrivate(), "BC"); }
From source file:be.fedict.eid.pki.ra.xkms.ws.MockXKMSWebService.java
License:Open Source License
private byte[] createCertificate(byte[] csr, ValidityIntervalType validityInterval) { try {//from w w w .j a v a2 s .co m CSRParserImpl csrParserImpl = new CSRParserImpl(); String dn = csrParserImpl.parseCSR(csr).getSubject(); Date startDate = validityInterval.getNotBefore().toGregorianCalendar().getTime(); Date expiryDate = validityInterval.getNotAfter().toGregorianCalendar().getTime(); BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC"); generator.initialize(512); KeyPair keyPair = generator.generateKeyPair(); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X509Name dnName = new X509Name(dn); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA1withRSA"); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); return cert.getEncoded(); } catch (Exception e) { throw new RuntimeException("Error creating self-signed demo certificate", e); } }
From source file:com.cyberninjas.xerobillableexpenses.util.RSAx509CertGen.java
License:Open Source License
/** * Generate a self signed X509 certificate with Bouncy Castle. *//*from w w w . ja v a 2s . c om*/ private void generateSelfSignedX509Certificate(String strDN, Integer daysValid) throws Exception { Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date validityEndDate = new Date(System.currentTimeMillis() + daysValid * 24 * 60 * 60 * 1000); // GENERATE THE PUBLIC/PRIVATE RSAx509CertGen KEY PAIR KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // GENERATE THE X509 CERTIFICATE X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal(strDN); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(dnName); certGen.setIssuerDN(dnName); // use the same certGen.setNotBefore(validityBeginDate); certGen.setNotAfter(validityEndDate); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); StringWriter textWriter = new StringWriter(); PEMWriter pemWriter = new PEMWriter(textWriter); pemWriter.writeObject(cert); pemWriter.flush(); this.publicKey = textWriter.toString(); textWriter = new StringWriter(); pemWriter = new PEMWriter(textWriter); pemWriter.writeObject(keyPair.getPrivate()); pemWriter.flush(); this.privateKey = textWriter.toString(); }
From source file:com.igeekinc.indelible.indeliblefs.security.EntityAuthenticationClient.java
License:Open Source License
private void init(File keyStoreFile, char[] keyStorePassPhrase, ObjectIDFactory oidFactory, MonitoredProperties entityAuthenticationClientProperties) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, AuthenticationFailureException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Bouncy, bouncy! this.keyStoreFile = keyStoreFile; this.entityAuthenticationClientProperties = entityAuthenticationClientProperties; if (oidFactory == null) { oidFactory = new ObjectIDFactory(new GeneratorIDFactory().createGeneratorID()); }/*from w w w . ja va2 s .c o m*/ this.oidFactory = oidFactory; if (!keyStoreFile.exists()) { initKeyStoreFile(keyStoreFile, keyStorePassPhrase); } persistentKeyStore = KeyStore.getInstance("JKS"); try { persistentKeyStore.load(new FileInputStream(keyStoreFile), keyStorePassPhrase); } catch (IOException e) { Logger.getLogger(getClass()) .fatal(new ErrorLogMessage( "Could not read keystore file {0}, EntityAuthenticationClient initialization failed", new Serializable[] { keyStoreFile }), e); throw e; } Enumeration<String> aliases = persistentKeyStore.aliases(); while (aliases.hasMoreElements()) { String checkAlias = aliases.nextElement(); if (checkAlias.startsWith(kEntityAuthenticationServerAuthenticationCertAlias)) trustedServerCertificates.put(checkAlias, (X509Certificate) persistentKeyStore.getCertificate(checkAlias)); } if (this.trustedServerCertificates.size() == 0) throw new IOException( "Could not retrieve authentication server certificate from keystore file " + keyStoreFile); id = null; Enumeration<String> ksAliases = persistentKeyStore.aliases(); while (ksAliases.hasMoreElements()) { String curAlias = ksAliases.nextElement(); if (curAlias.startsWith(kPrivateKeyAliasPrefix)) { String serverIDString = curAlias.substring(kPrivateKeyAliasPrefix.length()); id = (EntityID) ObjectIDFactory.reconstituteFromString(serverIDString); break; } } if (id == null) throw new IOException("Could not find public/private keys in keystore file " + keyStoreFile); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal("CN=Indelible FS Client self-signed cert"); certGen.setSerialNumber(id.toBigInteger()); certGen.setIssuerDN(dnName); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10 * 60 * 1000)); // Allow for some clock skew certGen.setNotAfter(new Date(System.currentTimeMillis() + 3600 * 1000)); certGen.setSubjectDN(dnName); // note: same as issuer Certificate[] ssCerts = persistentKeyStore.getCertificateChain(kPrivateKeyAliasPrefix + id.toString()); // Should just be our own self-signed cert publicKey = ssCerts[0].getPublicKey(); certGen.setPublicKey(publicKey); certGen.setSignatureAlgorithm(EntityAuthenticationServer.kCertificateSignatureAlg); mySelfSignedCert = certGen.generate((PrivateKey) persistentKeyStore .getKey(kPrivateKeyAliasPrefix + id.toString(), kDefaultKeyStorePassword.toCharArray()), "BC"); clientIdentity = id; writeKeystore(keyStoreFile, persistentKeyStore); initialized = true; //connectToInitServer(entityAuthenticationClientProperties); Thread connectThread = new Thread(new ConnectToInitServerRunnable(entityAuthenticationClientProperties), "Connect to EntityAuthenticationClient init server"); connectThread.setDaemon(true); connectThread.start(); }
From source file:com.igeekinc.indelible.indeliblefs.security.EntityAuthenticationClient.java
License:Open Source License
public static void initIdentity(File keyStoreFile, EntityID entityAuthenticationClientID, Certificate entityAuthenticationServerCertificate, char[] keyStorePassPhrase) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, NoSuchProviderException { if (keyStoreFile.exists()) throw new IOException("Keystore file '" + keyStoreFile.getAbsolutePath() + "' already exists - refusing to overwrite"); KeyStore initKeyStore = KeyStore.getInstance("JKS"); initKeyStore.load(null);/* w w w .jav a2 s. c om*/ KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair keyPair = kpGen.generateKeyPair(); String privateKeyAlias = kPrivateKeyAliasPrefix + entityAuthenticationClientID.toString(); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal("CN=Indelible FS Client self-signed cert"); Date startDate = new Date(System.currentTimeMillis() - 60 * 1000); // time from which certificate is valid Date expiryDate = new Date(startDate.getTime() + (10L * 365L * 24L * 60L * 60L * 1000L)); // time after which certificate is not valid certGen.setSerialNumber(entityAuthenticationClientID.toBigInteger()); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(EntityAuthenticationServer.kCertificateSignatureAlg); X509Certificate mySelfSignedCert; try { mySelfSignedCert = certGen.generate(keyPair.getPrivate(), "BC"); } catch (InvalidKeyException e) { Logger.getLogger(EntityAuthenticationClient.class).error(new ErrorLogMessage("Caught exception"), e); throw new InternalError("Invalid key while initializing"); } catch (IllegalStateException e) { Logger.getLogger(EntityAuthenticationClient.class).error(new ErrorLogMessage("Caught exception"), e); throw new InternalError("Illegal state while initializing"); } catch (SignatureException e) { Logger.getLogger(EntityAuthenticationClient.class).error(new ErrorLogMessage("Caught exception"), e); throw new InternalError("Signature exception while initializing"); } initKeyStore.setKeyEntry(privateKeyAlias, keyPair.getPrivate(), kDefaultKeyStorePassword.toCharArray(), new Certificate[] { mySelfSignedCert }); initKeyStore.setCertificateEntry(kEntityAuthenticationServerAuthenticationCertAlias, entityAuthenticationServerCertificate); initKeyStore.setCertificateEntry(kMyCertAlias, mySelfSignedCert); writeKeystore(keyStoreFile, initKeyStore); }
From source file:com.igeekinc.indelible.indeliblefs.security.EntityAuthenticationServerCore.java
License:Open Source License
public static void initRootSecurity(File securityRootDir, EntityID securityServerID) throws KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException, IllegalStateException, CertificateException, FileNotFoundException, IOException { if (securityRootDir == null) throw new IllegalArgumentException("securityRootDir cannot be null"); if (!securityRootDir.isDirectory()) throw new IllegalArgumentException( "Security root dir '" + securityRootDir.getAbsolutePath() + "' is not a directory"); File keyStoreFile = new File(securityRootDir, kKeyStoreFileName); if (keyStoreFile.exists()) throw new IOException("Keystore file '" + keyStoreFile.getAbsolutePath() + "' already exists - refusing to overwrite"); KeyStore initKeyStore = KeyStore.getInstance("JKS"); initKeyStore.load(null);//www .j a va2s.c o m Date startDate = new Date(); // time from which certificate is valid Date expiryDate = new Date(startDate.getTime() + (10L * 365L * 24L * 60L * 60L * 1000L)); // time after which certificate is not valid BigInteger serialNumber = securityServerID.toBigInteger(); // serial number for certificate KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair keyPair = kpGen.generateKeyPair(); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal( "CN=Indelible FS Auto-generated Root, UID=" + securityServerID.toString()); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(kCertificateSignatureAlg); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); initKeyStore.setCertificateEntry(kRootCertAlias, cert); initKeyStore.setKeyEntry(kSigningKeyAlias, keyPair.getPrivate(), kDefaultKeyStorePassword.toCharArray(), new Certificate[] { cert }); FileOutputStream keyStoreOutputStream = new FileOutputStream(keyStoreFile); initKeyStore.store(keyStoreOutputStream, kDefaultKeyStorePassword.toCharArray()); keyStoreOutputStream.close(); }
From source file:com.jaspersoft.jasperserver.api.security.encryption.EncryptionManager.java
License:Open Source License
/** * Certificate (version 1) generated using Bouncy Castle lib. * * Reference: http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation * * @param keyPair/*ww w. j a v a 2s .c om*/ * @return */ private static Certificate createCertificate(KeyPair keyPair) { try { Calendar expiry = Calendar.getInstance(); expiry.add(Calendar.YEAR, 100); X509V1CertificateGenerator certGenerator = new X509V1CertificateGenerator(); final X509Principal dnName = new X509Principal("CN=Jaspersoft Inc."); certGenerator.setSubjectDN(dnName); certGenerator.setIssuerDN(dnName); certGenerator.setNotAfter(expiry.getTime()); certGenerator.setNotBefore(new Date()); certGenerator.setPublicKey(keyPair.getPublic()); certGenerator.setSerialNumber(BigInteger.valueOf(expiry.getTimeInMillis())); certGenerator.setSignatureAlgorithm("MD5withRSA"); return certGenerator.generate(keyPair.getPrivate(), BouncyCastleProvider.PROVIDER_NAME); } catch (Exception e) { logger.error("Error creating certificate.", e); throw new RuntimeException("Error creating certificate.", e); } }
From source file:com.thoughtworks.go.security.X509CertificateGenerator.java
License:Apache License
private X509Certificate createTypeOneX509Certificate(Date startDate, String principalDn, KeyPair keyPair) { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal principal = new X500Principal(principalDn); certGen.setSerialNumber(serialNumber()); certGen.setIssuerDN(principal);/*from w w w . ja v a 2s .c o m*/ certGen.setNotBefore(startDate); DateTime now = new DateTime(new Date()); certGen.setNotAfter(now.plusYears(YEARS).toDate()); certGen.setSubjectDN(principal); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(new SystemEnvironment().get(GO_SSL_CERTS_ALGORITHM)); try { return certGen.generate(keyPair.getPrivate(), "BC"); } catch (Exception e) { throw bomb(e); } }
From source file:fr.xebia.cloud.amazon.aws.iam.AmazonAwsIamAccountCreator.java
License:Apache License
/** * Generates a self signed x509 certificate identified by the given * <code>userName</code> and the given <code>keyPair</code>. * * @param userName common name of {@link X500Principal} ("CN={userName}") used as * subjectDN and issuerDN. * @param keyPair used for the certificate public and private key * @return self signed X509 certificate/* w ww.ja v a 2 s.c o m*/ */ @SuppressWarnings("deprecation") @Nonnull public X509Certificate generateSelfSignedX509Certificate(@Nonnull String userName, @Nonnull java.security.KeyPair keyPair) { try { DateTime startDate = new DateTime().minusDays(1); DateTime expiryDate = new DateTime().plusYears(2); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal("CN=" + userName); certGen.setSubjectDN(dnName); // same as subject : self signed certificate certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate.toDate()); certGen.setNotAfter(expiryDate.toDate()); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generate(keyPair.getPrivate(), BOUNCY_CASTLE_PROVIDER_NAME); } catch (Exception e) { throw Throwables.propagate(e); } }
From source file:fr.xebia.demo.amazon.aws.AmazonAwsIamAccountCreatorV2.java
License:Apache License
public X509Certificate createX509Certificate(String userName, java.security.KeyPair keyPair) { try {/*from ww w . j av a 2s . c o m*/ DateTime startDate = new DateTime().minusDays(1); DateTime expiryDate = new DateTime().plusYears(2); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal("CN=" + userName); certGen.setSubjectDN(dnName); // same as subject : self signed certificate certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate.toDate()); certGen.setNotAfter(expiryDate.toDate()); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generate(keyPair.getPrivate(), "BC"); } catch (Exception e) { throw Throwables.propagate(e); } }