List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator generate
public X509Certificate generate(PrivateKey key, String provider) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
From source file:com.igeekinc.indelible.indeliblefs.security.EntityAuthenticationServerCore.java
License:Open Source License
public EntityAuthentication authenticateServer(EntityID serverID, byte[] encodedCertReq) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateParsingException, ServerNotRegisteredException, AuthenticationFailureException { Date startDate = new Date(System.currentTimeMillis() - (60L * 60L * 1000L)); // time from which certificate is valid Date expiryDate = new Date(startDate.getTime() + (30L * 24L * 60L * 60L * 1000L)); // time after which certificate is not valid BigInteger serialNumber = serverID.toBigInteger(); // serial number for certificate EntityAuthentication returnAuthentication = null; Certificate registeredCertificate = keyStore.getCertificate(serverID.toString()); if (registeredCertificate != null) { PublicKey checkKey = registeredCertificate.getPublicKey(); PKCS10CertificationRequest certReq = new PKCS10CertificationRequest(encodedCertReq); if (checkKey != null) { byte[] encodedCheckKey = checkKey.getEncoded(); byte[] encodedCertKey = certReq.getPublicKey().getEncoded(); if (Arrays.equals(encodedCheckKey, encodedCertKey)) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal( EntityAuthenticationClient.kEntityIDCNPrefix + serverID.toString()); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(rootCertificate.getSubjectX500Principal()); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(certReq.getPublicKey()); certGen.setSignatureAlgorithm(kCertificateSignatureAlg); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(rootCertificate)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(certReq.getPublicKey())); X509Certificate cert = certGen.generate(signingKey, "BC"); returnAuthentication = new EntityAuthentication(cert); } else { logger.error(new ErrorLogMessage( "Server {0} requesting authentication, but registered key does not match", serverID)); throw new AuthenticationFailureException(); }/*from w w w.j a va2 s . c o m*/ } else { logger.error(new ErrorLogMessage( "Server {0} requesting authentication, no check key found in registered certificate", serverID)); throw new AuthenticationFailureException(); } } else { logger.error(new ErrorLogMessage("Server {0} requesting authentication, but not registered", serverID)); throw new ServerNotRegisteredException(); } return returnAuthentication; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param certificatePublicKey/* ww w . j av a2s .c o m*/ * @param caPrivateKey * @param issuer * @param subject * * @return */ public static X509Certificate generateClientCertificate(PublicKey certificatePublicKey, PrivateKey caPrivateKey, X509Name issuer, X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); setNotBeforeNotAfter(gen, 10); // validity from 48 hours in the past until 10 years in the future gen.setSubjectDN(subject); gen.setPublicKey(certificatePublicKey); gen.setSignatureAlgorithm(getSignatureAlgorithm()); gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addClientExtensions(gen); cert = gen.generate(caPrivateKey, "BC"); return cert; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param certificatePublicKey// www . ja va2s . co m * @param caPrivateKey * @param issuer * @param subject * * @return */ public static X509Certificate generateServerCertificate(PublicKey certificatePublicKey, PrivateKey caPrivateKey, X509Name issuer, X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); gen.setSubjectDN(subject); setNotBeforeNotAfter(gen, 10); // validity from 48 hours in the past until 10 years in the future gen.setPublicKey(certificatePublicKey); gen.setSignatureAlgorithm(getSignatureAlgorithm()); gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addSSLServerExtensions(gen); cert = gen.generate(caPrivateKey, "BC"); return cert; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param kp//from w w w .j a va 2 s . c om * @param issuer * @param subject * * @return */ public static X509Certificate generateCaCertificate(final String friendlyName, final KeyPair kp, final BigInteger serial, final X509Name issuer, final X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); setNotBeforeNotAfter(gen, 20); // The CA certificate is valid for 20 years gen.setSubjectDN(subject); gen.setPublicKey(kp.getPublic()); gen.setSignatureAlgorithm(getSignatureAlgorithm()); if (serial != null) gen.setSerialNumber(serial); else gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addCaExtensions(gen, kp.getPublic()); // gen.addExtension(X509Extensions.SubjectKeyIdentifier, false, // new SubjectKeyIdentifierStructure(kp.getPublic())); cert = gen.generate(kp.getPrivate(), "BC"); cert.checkValidity(); cert.verify(kp.getPublic(), "BC"); if (friendlyName != null) { PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(friendlyName)); } return cert; }
From source file:com.raphfrk.bukkit.eventlink.SSLUtils.java
License:Open Source License
static boolean generateCertificateFile(File file, int keySize, String password, String algorithm, String certificateAlgorithm, String certificateName, boolean forceWrite) { KeyPair keyPair;//w w w. j a v a2s. c om X509Certificate cert; X509V3CertificateGenerator certGen = null; String providerName = "BC"; if (Security.getProvider(providerName) == null) { Security.addProvider(new BouncyCastleProvider()); if (Security.getProvider(providerName) == null) { EventLink.logger.log("Crypt libray (" + providerName + ") provider not installed"); return false; } } try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm); synchronized (randomLock) { keyPairGenerator.initialize(keySize, random); } keyPair = KeyPairGenerator.getInstance(algorithm).generateKeyPair(); certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal(certificateName)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000)); certGen.setSubjectDN(new X500Principal(certificateName)); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(certificateAlgorithm); cert = certGen.generate(keyPair.getPrivate(), "BC"); } catch (IllegalArgumentException iae) { EventLink.logger.log("Unable to find provider (BC)"); iae.printStackTrace(); if (certGen != null) { Iterator itr = certGen.getSignatureAlgNames(); while (itr.hasNext()) { System.out.println("Algorithm: " + itr.next()); } } return false; } catch (NoSuchProviderException nspe) { EventLink.logger.log("Unable to find provider (BC)"); nspe.printStackTrace(); return false; } catch (NoSuchAlgorithmException nsa) { EventLink.logger.log("Unable to implement algorithm (" + certificateAlgorithm + ")"); if (certGen != null) { Iterator<String> itr = certGen.getSignatureAlgNames(); while (itr.hasNext()) { String algName = itr.next(); System.out.println("Algorithm: " + algName + " " + (algName.equals(certificateAlgorithm))); } } nsa.printStackTrace(); return false; } catch (InvalidKeyException ike) { EventLink.logger.log("Unable to generate key"); ike.printStackTrace(); return false; } catch (SignatureException se) { EventLink.logger.log("Signature error"); se.printStackTrace(); return false; } catch (CertificateEncodingException cee) { EventLink.logger.log("Encoding error"); cee.printStackTrace(); return false; } return createKeyFile(file, password, keyPair, cert, forceWrite); }
From source file:cybervillains.ca.CertificateCreator.java
License:Open Source License
/** * Creates a typical Certification Authority (CA) certificate. * //from www . j av a 2 s . c o m * @throws SecurityException * @throws InvalidKeyException * @throws NoSuchProviderException * @throws NoSuchAlgorithmException * @throws CertificateException */ @SuppressWarnings("deprecation") public static X509Certificate createTypicalMasterCert(final KeyPair keyPair) throws SignatureException, InvalidKeyException, SecurityException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); X509Principal issuer = new X509Principal( "O=CyberVillians.com,OU=CyberVillians Certification Authority,C=US"); // Create v3CertGen.setSerialNumber(BigInteger.valueOf(1)); v3CertGen.setIssuerDN(issuer); v3CertGen.setSubjectDN(issuer); // Set validity period v3CertGen .setNotBefore(new Date(System.currentTimeMillis() - 12 /* months */ * (1000L * 60 * 60 * 24 * 30))); v3CertGen .setNotAfter(new Date(System.currentTimeMillis() + 240 /* months */ * (1000L * 60 * 60 * 24 * 30))); // Set signature algorithm & public key v3CertGen.setPublicKey(keyPair.getPublic()); v3CertGen.setSignatureAlgorithm(CertificateCreator.SIGN_ALGO); // Add typical extensions for signing cert v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic())); v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); v3CertGen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.cRLSign | KeyUsage.keyCertSign)); DERSequence typicalCAExtendedKeyUsages = new DERSequence( new ASN1Encodable[] { new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth), new DERObjectIdentifier(ExtendedKeyUsageConstants.OCSPSigning), new DERObjectIdentifier(ExtendedKeyUsageConstants.verisignUnknown) }); v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, typicalCAExtendedKeyUsages); X509Certificate cert = v3CertGen.generate(keyPair.getPrivate(), "BC"); cert.checkValidity(new Date()); cert.verify(keyPair.getPublic()); return cert; }
From source file:de.mendelson.util.security.keygeneration.KeyGenerator.java
/** * Generates a self-signed X509 Version 3 certificate * *///w w w.ja va 2s.c o m private X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, KeyGenerationValues generationValues) throws Exception { //Stores certificate attributes Hashtable<ASN1ObjectIdentifier, String> attributes = new Hashtable<ASN1ObjectIdentifier, String>(); Vector<ASN1ObjectIdentifier> order = new Vector<ASN1ObjectIdentifier>(); attributes.put(X509Name.CN, generationValues.getCommonName()); order.add(0, X509Name.CN); attributes.put(X509Name.OU, generationValues.getOrganisationUnit()); order.add(0, X509Name.OU); attributes.put(X509Name.O, generationValues.getOrganisationName()); order.add(0, X509Name.O); attributes.put(X509Name.L, generationValues.getLocalityName()); order.add(0, X509Name.L); attributes.put(X509Name.ST, generationValues.getStateName()); order.add(0, X509Name.ST); attributes.put(X509Name.C, generationValues.getCountryCode()); order.add(0, X509Name.C); attributes.put(X509Name.E, generationValues.getEmailAddress()); order.add(0, X509Name.E); X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // Set the issuer distinguished name certificateGenerator.setIssuerDN(new X509Principal(order, attributes)); //add a key extension if this is requested if (generationValues.getKeyExtension() != null) { certificateGenerator.addExtension(X509Extensions.KeyUsage, true, generationValues.getKeyExtension()); } //add a extended key extension if this is requested if (generationValues.getExtendedKeyExtension() != null) { certificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, false, generationValues.getExtendedKeyExtension()); } // Valid before and after dates now to iValidity days in the future Date startDate = new Date(System.currentTimeMillis()); long duration = TimeUnit.DAYS.toMillis(generationValues.getKeyValidInDays()); Date endDate = new Date(startDate.getTime() + duration); certificateGenerator.setNotBefore(startDate); certificateGenerator.setNotAfter(endDate); certificateGenerator.setSubjectDN(new X509Principal(order, attributes)); certificateGenerator.setPublicKey(publicKey); certificateGenerator.setSignatureAlgorithm(generationValues.getSignatureAlgorithm()); BigInteger serialNumber = new BigInteger(Long.toString(System.currentTimeMillis() / 1000)); certificateGenerator.setSerialNumber(serialNumber); // Generate an X.509 certificate, based on the current issuer and subject X509Certificate cert = certificateGenerator.generate(privateKey, "BC"); // Return the certificate return cert; }
From source file:edu.ucsb.eucalyptus.keys.KeyTool.java
License:Open Source License
public X509Certificate getCertificate(KeyPair keyPair, String certDn) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal(certDn); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(dnName);//from w ww .ja va 2 s . c om certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); Calendar cal = Calendar.getInstance(); certGen.setNotBefore(cal.getTime()); cal.add(Calendar.YEAR, 5); certGen.setNotAfter(cal.getTime()); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(this.keySigningAlgorithm); try { X509Certificate cert = certGen.generate(keyPair.getPrivate(), PROVIDER); return cert; } catch (Exception e) { LOG.fatal(e, e); System.exit(1); return null; } }
From source file:gov.nih.nci.firebird.service.signing.DigitalSigningHelper.java
License:Open Source License
/** * Generate intermediate certificate signed by CA. * * @param publicKey/*from w w w . j a va 2 s . c om*/ * Public key. * @param caPrivateKey * Private key. * @param caDistinguishedName * Issuer's Distinguished Name.. * @param distinguishedName * User's Distinguished Name. * @param serialNumber * Unique serial number. * @param validDays * valid Days. * @param friendName * Set a friendly name for the certificate. Can be null. * * @throws DigitalSigningException * Customized exception with error message. * * @return a Certificate. */ @SuppressWarnings({ "PMD.ExcessiveParameterList", "PMD.AvoidCatchingGenericException" }) // This is minimal parameter list. // same handling for multiple exception types Certificate generateUserCert(PublicKey publicKey, PrivateKey caPrivateKey, X509Certificate caCert, DigitalSigningDistinguishedName distinguishedName, long serialNumber, int validDays) throws DigitalSigningException { try { X509V3CertificateGenerator v3CertGen = buildX509V3CertificateGenerator(publicKey, caCert, distinguishedName, serialNumber, validDays); X509Certificate cert = v3CertGen.generate(caPrivateKey, BOUNCY_CASTLE_PROVIDER); cert.checkValidity(new Date()); cert.verify(caCert.getPublicKey()); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("User Certificate")); bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(publicKey)); return cert; } catch (Exception e) { throw new DigitalSigningException(CERT_GENERATION_ERROR_MESSAGE, e); } }
From source file:krypto.KryptoService.java
License:Apache License
/** * Erzeugt ein x509 v3-Zertifikat, das 1 Tag lang gltig ist. * @return//w w w .ja v a 2 s . co m * @throws Exception */ public static X509Certificate generateCertificate(String algorithm) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); KeyPair pair = null; try { pair = generateKeyPair(algorithm, 1024); } catch (Exception e) { try { pair = generateKeyPair(algorithm, 512); } catch (Exception e2) { System.out.println(e2.getMessage()); } } long day = 24 * 60 * 60 * 1000; // 1 Tag gltig certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X509Name(new X500Principal("CN=Test Certificate").getName())); certGen.setNotBefore(new Date(System.currentTimeMillis() - 500000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + day)); certGen.setSubjectDN(new X509Name(new X500Principal("CN=Test Certificate").getName())); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); X509Certificate cert = null; try { cert = certGen.generate(pair.getPrivate(), "BC"); } catch (CertificateEncodingException e) { System.out.println("CertificateEncodingException"); } catch (InvalidKeyException e2) { System.out.println("InvalidKeyException: " + e2.getMessage()); } catch (Exception e3) { // do nothing } return cert; }