List of usage examples for org.bouncycastle.x509 X509V1CertificateGenerator setNotAfter
public void setNotAfter(Date date)
From source file:at.peppol.commons.security.KeyStoreUtilsTest.java
License:Mozilla Public License
public static X509Certificate createX509V1Certificate(final KeyPair aKeyPair) throws Exception { // generate the certificate final X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=Test Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X500Principal("CN=Test Certificate")); certGen.setPublicKey(aKeyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generate(aKeyPair.getPrivate(), "BC"); }
From source file:be.fedict.eid.pki.ra.xkms.ws.MockXKMSWebService.java
License:Open Source License
private byte[] createCertificate(byte[] csr, ValidityIntervalType validityInterval) { try {//from w ww. ja v a 2 s . c om CSRParserImpl csrParserImpl = new CSRParserImpl(); String dn = csrParserImpl.parseCSR(csr).getSubject(); Date startDate = validityInterval.getNotBefore().toGregorianCalendar().getTime(); Date expiryDate = validityInterval.getNotAfter().toGregorianCalendar().getTime(); BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC"); generator.initialize(512); KeyPair keyPair = generator.generateKeyPair(); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X509Name dnName = new X509Name(dn); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA1withRSA"); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); return cert.getEncoded(); } catch (Exception e) { throw new RuntimeException("Error creating self-signed demo certificate", e); } }
From source file:ch.rgw.crypt.JCEKeyManager.java
License:Open Source License
/** * Generate a certificate from a public key and a signing private key. * /*from w w w . ja v a 2 s . co m*/ * @param pk * the key to make a certficate from * @param signingKey * the signer's private key * @param name * of the issuer * @param name * of the certificate holder * @return the signed certificate. * @throws KeyStoreException * */ public X509Certificate generateCertificate(PublicKey pk, PrivateKey signingKey, String issuer, String subject, TimeTool ttFrom, TimeTool ttUntil) throws InvalidKeyException, NoSuchProviderException, SignatureException, CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, KeyStoreException { // generate the certificate X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=" + issuer)); if (ttFrom == null) { ttFrom = new TimeTool(); } if (ttUntil == null) { ttUntil = new TimeTool(ttFrom); ttUntil.add(TimeTool.YEAR, 2); } certGen.setNotBefore(ttFrom.getTime()); certGen.setNotAfter(ttUntil.getTime()); certGen.setSubjectDN(new X500Principal("CN=" + subject)); certGen.setPublicKey(pk); certGen.setSignatureAlgorithm(CERTIFICATE_SIGNATURE_ALGO); // X509Certificate cert = certGen.generate(signingKey, "BC"); X509Certificate cert = certGen.generate(signingKey); ks.setCertificateEntry(subject, cert); return cert; }
From source file:chapter6.X509V1CreateExample.java
public static X509Certificate generateV1Certificate(KeyPair pair) throws Exception { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=Test Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X500Principal("CN=Test Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generateX509Certificate(pair.getPrivate(), CryptoDefs.Provider.BC.getName()); }
From source file:chapter7.Utils.java
/** * Generate a sample V1 certificate to use as a CA root certificate. * @param pair// ww w .java 2 s . co m * @return * @throws Exception */ public static X509Certificate generateRootCert(final KeyPair pair) throws Exception { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.ONE); certGen.setIssuerDN(new X500Principal("CN=Test CA Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_PERIOD)); certGen.setSubjectDN(new X500Principal("CN=Test CA Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); return certGen.generateX509Certificate(pair.getPrivate(), CryptoDefs.Provider.BC.getName()); }
From source file:com.cyberninjas.xerobillableexpenses.util.RSAx509CertGen.java
License:Open Source License
/** * Generate a self signed X509 certificate with Bouncy Castle. *//*from w w w.j a v a 2 s . co m*/ private void generateSelfSignedX509Certificate(String strDN, Integer daysValid) throws Exception { Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date validityEndDate = new Date(System.currentTimeMillis() + daysValid * 24 * 60 * 60 * 1000); // GENERATE THE PUBLIC/PRIVATE RSAx509CertGen KEY PAIR KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // GENERATE THE X509 CERTIFICATE X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal(strDN); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(dnName); certGen.setIssuerDN(dnName); // use the same certGen.setNotBefore(validityBeginDate); certGen.setNotAfter(validityEndDate); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); StringWriter textWriter = new StringWriter(); PEMWriter pemWriter = new PEMWriter(textWriter); pemWriter.writeObject(cert); pemWriter.flush(); this.publicKey = textWriter.toString(); textWriter = new StringWriter(); pemWriter = new PEMWriter(textWriter); pemWriter.writeObject(keyPair.getPrivate()); pemWriter.flush(); this.privateKey = textWriter.toString(); }
From source file:com.example.androidtest.SslUtil.java
License:Open Source License
/** * Generates a new, self-signed X509 V1 certificate for a KeyPair. * //w w w . ja va 2 s. c om * @param pair the {@link KeyPair} to be used * @param name X.500 distinguished name * @return the new certificate * @throws GeneralSecurityException on error generating the certificate */ @SuppressWarnings("deprecation") public static X509Certificate generateX509V1Certificate(KeyPair pair, String name) throws GeneralSecurityException { java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Calendar calendar = Calendar.getInstance(); calendar.set(2009, 0, 1); Date startDate = new Date(calendar.getTimeInMillis()); calendar.set(2029, 0, 1); Date expiryDate = new Date(calendar.getTimeInMillis()); BigInteger serialNumber = BigInteger.valueOf(Math.abs(System.currentTimeMillis())); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal(name); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); // This method is deprecated, but Android Eclair does not provide the // generate() methods. X509Certificate cert = certGen.generateX509Certificate(pair.getPrivate(), "BC"); return cert; }
From source file:com.igeekinc.indelible.indeliblefs.security.EntityAuthenticationClient.java
License:Open Source License
private void init(File keyStoreFile, char[] keyStorePassPhrase, ObjectIDFactory oidFactory, MonitoredProperties entityAuthenticationClientProperties) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, AuthenticationFailureException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Bouncy, bouncy! this.keyStoreFile = keyStoreFile; this.entityAuthenticationClientProperties = entityAuthenticationClientProperties; if (oidFactory == null) { oidFactory = new ObjectIDFactory(new GeneratorIDFactory().createGeneratorID()); }/*from w ww . j a v a2 s. c om*/ this.oidFactory = oidFactory; if (!keyStoreFile.exists()) { initKeyStoreFile(keyStoreFile, keyStorePassPhrase); } persistentKeyStore = KeyStore.getInstance("JKS"); try { persistentKeyStore.load(new FileInputStream(keyStoreFile), keyStorePassPhrase); } catch (IOException e) { Logger.getLogger(getClass()) .fatal(new ErrorLogMessage( "Could not read keystore file {0}, EntityAuthenticationClient initialization failed", new Serializable[] { keyStoreFile }), e); throw e; } Enumeration<String> aliases = persistentKeyStore.aliases(); while (aliases.hasMoreElements()) { String checkAlias = aliases.nextElement(); if (checkAlias.startsWith(kEntityAuthenticationServerAuthenticationCertAlias)) trustedServerCertificates.put(checkAlias, (X509Certificate) persistentKeyStore.getCertificate(checkAlias)); } if (this.trustedServerCertificates.size() == 0) throw new IOException( "Could not retrieve authentication server certificate from keystore file " + keyStoreFile); id = null; Enumeration<String> ksAliases = persistentKeyStore.aliases(); while (ksAliases.hasMoreElements()) { String curAlias = ksAliases.nextElement(); if (curAlias.startsWith(kPrivateKeyAliasPrefix)) { String serverIDString = curAlias.substring(kPrivateKeyAliasPrefix.length()); id = (EntityID) ObjectIDFactory.reconstituteFromString(serverIDString); break; } } if (id == null) throw new IOException("Could not find public/private keys in keystore file " + keyStoreFile); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal("CN=Indelible FS Client self-signed cert"); certGen.setSerialNumber(id.toBigInteger()); certGen.setIssuerDN(dnName); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10 * 60 * 1000)); // Allow for some clock skew certGen.setNotAfter(new Date(System.currentTimeMillis() + 3600 * 1000)); certGen.setSubjectDN(dnName); // note: same as issuer Certificate[] ssCerts = persistentKeyStore.getCertificateChain(kPrivateKeyAliasPrefix + id.toString()); // Should just be our own self-signed cert publicKey = ssCerts[0].getPublicKey(); certGen.setPublicKey(publicKey); certGen.setSignatureAlgorithm(EntityAuthenticationServer.kCertificateSignatureAlg); mySelfSignedCert = certGen.generate((PrivateKey) persistentKeyStore .getKey(kPrivateKeyAliasPrefix + id.toString(), kDefaultKeyStorePassword.toCharArray()), "BC"); clientIdentity = id; writeKeystore(keyStoreFile, persistentKeyStore); initialized = true; //connectToInitServer(entityAuthenticationClientProperties); Thread connectThread = new Thread(new ConnectToInitServerRunnable(entityAuthenticationClientProperties), "Connect to EntityAuthenticationClient init server"); connectThread.setDaemon(true); connectThread.start(); }
From source file:com.igeekinc.indelible.indeliblefs.security.EntityAuthenticationClient.java
License:Open Source License
public static void initIdentity(File keyStoreFile, EntityID entityAuthenticationClientID, Certificate entityAuthenticationServerCertificate, char[] keyStorePassPhrase) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, NoSuchProviderException { if (keyStoreFile.exists()) throw new IOException("Keystore file '" + keyStoreFile.getAbsolutePath() + "' already exists - refusing to overwrite"); KeyStore initKeyStore = KeyStore.getInstance("JKS"); initKeyStore.load(null);// w w w. j a v a2 s. com KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair keyPair = kpGen.generateKeyPair(); String privateKeyAlias = kPrivateKeyAliasPrefix + entityAuthenticationClientID.toString(); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal("CN=Indelible FS Client self-signed cert"); Date startDate = new Date(System.currentTimeMillis() - 60 * 1000); // time from which certificate is valid Date expiryDate = new Date(startDate.getTime() + (10L * 365L * 24L * 60L * 60L * 1000L)); // time after which certificate is not valid certGen.setSerialNumber(entityAuthenticationClientID.toBigInteger()); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(EntityAuthenticationServer.kCertificateSignatureAlg); X509Certificate mySelfSignedCert; try { mySelfSignedCert = certGen.generate(keyPair.getPrivate(), "BC"); } catch (InvalidKeyException e) { Logger.getLogger(EntityAuthenticationClient.class).error(new ErrorLogMessage("Caught exception"), e); throw new InternalError("Invalid key while initializing"); } catch (IllegalStateException e) { Logger.getLogger(EntityAuthenticationClient.class).error(new ErrorLogMessage("Caught exception"), e); throw new InternalError("Illegal state while initializing"); } catch (SignatureException e) { Logger.getLogger(EntityAuthenticationClient.class).error(new ErrorLogMessage("Caught exception"), e); throw new InternalError("Signature exception while initializing"); } initKeyStore.setKeyEntry(privateKeyAlias, keyPair.getPrivate(), kDefaultKeyStorePassword.toCharArray(), new Certificate[] { mySelfSignedCert }); initKeyStore.setCertificateEntry(kEntityAuthenticationServerAuthenticationCertAlias, entityAuthenticationServerCertificate); initKeyStore.setCertificateEntry(kMyCertAlias, mySelfSignedCert); writeKeystore(keyStoreFile, initKeyStore); }
From source file:com.igeekinc.indelible.indeliblefs.security.EntityAuthenticationServerCore.java
License:Open Source License
public static void initRootSecurity(File securityRootDir, EntityID securityServerID) throws KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException, IllegalStateException, CertificateException, FileNotFoundException, IOException { if (securityRootDir == null) throw new IllegalArgumentException("securityRootDir cannot be null"); if (!securityRootDir.isDirectory()) throw new IllegalArgumentException( "Security root dir '" + securityRootDir.getAbsolutePath() + "' is not a directory"); File keyStoreFile = new File(securityRootDir, kKeyStoreFileName); if (keyStoreFile.exists()) throw new IOException("Keystore file '" + keyStoreFile.getAbsolutePath() + "' already exists - refusing to overwrite"); KeyStore initKeyStore = KeyStore.getInstance("JKS"); initKeyStore.load(null);/*from ww w .j a va2 s .c o m*/ Date startDate = new Date(); // time from which certificate is valid Date expiryDate = new Date(startDate.getTime() + (10L * 365L * 24L * 60L * 60L * 1000L)); // time after which certificate is not valid BigInteger serialNumber = securityServerID.toBigInteger(); // serial number for certificate KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair keyPair = kpGen.generateKeyPair(); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); X500Principal dnName = new X500Principal( "CN=Indelible FS Auto-generated Root, UID=" + securityServerID.toString()); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(kCertificateSignatureAlg); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); initKeyStore.setCertificateEntry(kRootCertAlias, cert); initKeyStore.setKeyEntry(kSigningKeyAlias, keyPair.getPrivate(), kDefaultKeyStorePassword.toCharArray(), new Certificate[] { cert }); FileOutputStream keyStoreOutputStream = new FileOutputStream(keyStoreFile); initKeyStore.store(keyStoreOutputStream, kDefaultKeyStorePassword.toCharArray()); keyStoreOutputStream.close(); }