List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator generate
public X509Certificate generate(PrivateKey key, String provider) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
From source file:org.silvertunnel.netlib.layer.tor.util.PrivateKeyHandler.java
License:Open Source License
public java.security.cert.X509Certificate[] getCertificateChain(String alias) { try {/*www . jav a2s. co m*/ org.bouncycastle.x509.X509V3CertificateGenerator generator = new org.bouncycastle.x509.X509V3CertificateGenerator(); generator.reset(); generator.setSerialNumber(BigInteger.valueOf(42)); generator.setNotBefore(new Date(System.currentTimeMillis() - 24L * 3600 * 1000)); generator.setNotAfter(new Date(System.currentTimeMillis() + 365L * 24 * 3600 * 1000)); generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name("CN=" + Util.MYNAME)); generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name("CN=" + Util.MYNAME)); generator.setPublicKey(keypair.getPublic()); generator.setSignatureAlgorithm("SHA1WITHRSA"); java.security.cert.X509Certificate x509 = generator.generate(keypair.getPrivate(), "BC"); java.security.cert.X509Certificate[] x509s = new java.security.cert.X509Certificate[2]; // send the same certificate twice works fine with the default implementation of tor! // myself: x509s[0] = x509; // a certificate for myself: x509s[1] = x509; return x509s; } catch (Exception e) { log.severe("Caught exception: " + e.getMessage()); } return null; }
From source file:org.structr.function.CreateJarFileFunction.java
License:Open Source License
private KeyStore getOrCreateKeystore(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) { final String keystorePath = "test.keystore"; final String keystorePass = "test"; final java.io.File keystoreFile = new java.io.File(keystorePath); if (keystoreFile.exists()) { try (final FileInputStream fis = new FileInputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fis, keystorePass.toCharArray()); return keystore; } catch (Throwable t) { t.printStackTrace();/*from w ww .ja va2 s. c o m*/ } } else { try (final FileOutputStream fos = new FileOutputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePass.toCharArray()); final KeyPairGenerator gen = KeyPairGenerator.getInstance(keygenAlgorithm); gen.initialize(1024, SecureRandom.getInstance(srngAlgorithm)); final KeyPair keyPair = gen.generateKeyPair(); final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy"); final Date startDate = dateFormat.parse("01.01.2015"); final Date expiryDate = dateFormat.parse("01.01.2017"); final BigInteger serialNumber = BigInteger.valueOf(1234); final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); final X500Principal dnName = new X500Principal("CN=Test CA Certificate"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signAlgorithm); final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); keystore.setCertificateEntry("cert", cert); keystore.setKeyEntry("priv", keyPair.getPrivate(), keystorePass.toCharArray(), new Certificate[] { cert }); keystore.store(fos, keystorePass.toCharArray()); fos.flush(); return keystore; } catch (Throwable t) { t.printStackTrace(); } } return null; }
From source file:org.structr.jar.CreateJarFileFunction.java
License:Open Source License
private KeyStore getOrCreateKeystore(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) { final String keystorePath = "test.keystore"; final String keystorePass = "test"; final java.io.File keystoreFile = new java.io.File(keystorePath); if (keystoreFile.exists()) { try (final FileInputStream fis = new FileInputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fis, keystorePass.toCharArray()); return keystore; } catch (Throwable t) { logger.log(Level.WARNING, "", t); }//from w w w. j av a 2 s . c o m } else { try (final FileOutputStream fos = new FileOutputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePass.toCharArray()); final KeyPairGenerator gen = KeyPairGenerator.getInstance(keygenAlgorithm); gen.initialize(1024, SecureRandom.getInstance(srngAlgorithm)); final KeyPair keyPair = gen.generateKeyPair(); final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy"); final Date startDate = dateFormat.parse("01.01.2015"); final Date expiryDate = dateFormat.parse("01.01.2017"); final BigInteger serialNumber = BigInteger.valueOf(1234); final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); final X500Principal dnName = new X500Principal("CN=Test CA Certificate"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signAlgorithm); final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); keystore.setCertificateEntry("cert", cert); keystore.setKeyEntry("priv", keyPair.getPrivate(), keystorePass.toCharArray(), new Certificate[] { cert }); keystore.store(fos, keystorePass.toCharArray()); fos.flush(); return keystore; } catch (Throwable t) { logger.log(Level.WARNING, "", t); } } return null; }
From source file:org.tramaci.onionmail.LibSTLS.java
License:Open Source License
public static X509Certificate CreateCert(KeyPair KP, String onion, long Dfrom, long Dto, String info, String[] AltName) throws Exception { //OK byte[] bi = Stdio.md5(onion.getBytes()); byte[] bx = new byte[bi.length + 9]; System.arraycopy(bi, 0, bx, 1, bi.length); bx[0] = 0x7C;//from www . j av a 2 s . c o m byte[] tmp = Stdio.Stosx(new long[] { Dfrom / 1000L, Dto / 1000L }, 4); int bp = 17; for (int ax = 0; ax < 8; ax++) bx[bp++] = tmp[ax]; Date startDate = new Date(Dfrom); // time from which certificate is valid Date expiryDate = new Date(Dto); // time after which certificate is not valid BigInteger serialNumber = new BigInteger(bx); // serial number for certificate KeyPair keyPair = KP; // EC public/private key pair X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); if (info != null && info.length() > 0) info = ", " + info; else info = ""; X500Principal dnName = new X500Principal("CN=" + onion + info); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(KP.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); if (AltName != null) { int cx = AltName.length; for (int ax = 0; ax < cx; ax++) try { GeneralName generalName = new GeneralName(GeneralName.dNSName, new DERIA5String(AltName[ax].toLowerCase().trim())); GeneralNames subjectAltNames = new GeneralNames(generalName); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new DEROctetString(subjectAltNames)); } catch (Exception EI) { Main.echo("CreateCert Error: " + EI.getMessage() + " (altName=`" + AltName[ax] + "`)\n"); } } X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); return cert; }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 certificate for users/* w w w .ja v a2s. c o m*/ */ public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert, Date dateBegin, Date dateFinish, String endEntitySubjectDN) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); certGen.setSubjectDN(new X500Principal(endEntitySubjectDN)); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); return certGen.generate(caKey, ContextVS.PROVIDER); }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 certificate for root CA Authority *///from w w w . j av a 2 s .c om public static X509Certificate generateV3RootCert(KeyPair pair, Date dateBegin, Date dateFinish, String strSubjectDN) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); log.info("strSubjectDN: " + strSubjectDN); X509Principal x509Principal = new X509Principal(strSubjectDN); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); certGen.setIssuerDN(x509Principal); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); log.info("dateBegin: " + dateBegin.toString() + " - dateFinish: " + dateFinish.toString()); certGen.setSubjectDN(x509Principal); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); //The following fragment shows how to create one which indicates that //the certificate containing it is a CA and that only one certificate can follow in the certificate path. certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true, 0)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(pair.getPublic())); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); return certGen.generate(pair.getPrivate(), ContextVS.PROVIDER); }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 certificate for TimeStamp signing *///from w ww . j ava2 s .c o m public static X509Certificate generateTimeStampingCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert, long begin, long period, String endEntitySubjectDN) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(new Date(begin)); certGen.setNotAfter(new Date(begin + period)); certGen.setSubjectDN(new X500Principal(endEntitySubjectDN)); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(new DERSequence(KeyPurposeId.id_kp_timeStamping))); return certGen.generate(caKey, ContextVS.PROVIDER); }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 Certificate from CSR/* w ww.j a v a 2s . c o m*/ */ public static X509Certificate generateV3EndEntityCertFromCsr(PKCS10CertificationRequest csr, PrivateKey caKey, X509Certificate caCert, Date dateBegin, Date dateFinish, String strSubjectDN, DERTaggedObject... certExtensions) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); PublicKey requestPublicKey = csr.getPublicKey(); X509Principal x509Principal = new X509Principal(strSubjectDN); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); log.info("generateV3EndEntityCertFromCsr - SubjectX500Principal(): " + caCert.getSubjectX500Principal()); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); certGen.setSubjectDN(x509Principal); certGen.setPublicKey(requestPublicKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(requestPublicKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));//Certificado final certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); ASN1Set attributes = csr.getCertificationRequestInfo().getAttributes(); if (attributes != null) { for (int i = 0; i != attributes.size(); i++) { if (attributes.getObjectAt(i) instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) attributes.getObjectAt(i); ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } else { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } } } if (certExtensions != null) { for (DERTaggedObject taggedObject : certExtensions) { if (taggedObject != null) { ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } log.log(Level.FINE, "null taggedObject"); } } X509Certificate cert = certGen.generate(caKey, ContextVS.PROVIDER); cert.verify(caCert.getPublicKey()); return cert; }
From source file:org.xdi.oxauth.model.crypto.signature.ECDSAKeyFactory.java
License:MIT License
public Certificate generateV3Certificate(Date startDate, Date expirationDate, String dnName) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException { // Create certificate BigInteger serialNumber = new BigInteger(1024, new Random()); // serial number for certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal principal = new X500Principal(dnName); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(principal);//from www . jav a 2 s .co m certGen.setNotBefore(startDate); certGen.setNotAfter(expirationDate); certGen.setSubjectDN(principal); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signatureAlgorithm.getAlgorithm()); X509Certificate x509Certificate = certGen.generate(keyPair.getPrivate(), "BC"); return new Certificate(signatureAlgorithm, x509Certificate); }
From source file:passwdmanager.hig.no.services.PasswdManager.java
private X509Certificate generateDummyCertificate(String signatureAlgorithm) { try {// w ww . j av a2s. c o m Date today = Calendar.getInstance().getTime(); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); Date dateOfIssuing = today; Date dateOfExpiry = today; X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator(); certGenerator.setSerialNumber(new BigInteger("1")); certGenerator.setIssuerDN(new X509Name("C=NO, O=HIG, OU=CSCA, CN=PasswdManager/qingbao.guo@hig.no")); certGenerator.setSubjectDN(new X509Name("C=NO, O=HIG, OU=DSCA, CN=PasswdManager/qingbao.guo@hig.no")); certGenerator.setNotBefore(dateOfIssuing); certGenerator.setNotAfter(dateOfExpiry); certGenerator.setPublicKey(publicKey); certGenerator.setSignatureAlgorithm(signatureAlgorithm); X509Certificate cert = (X509Certificate) certGenerator.generate(privateKey, "BC"); if (signer == null) { signer = new SimpleDocumentSigner(privateKey, cert); } return cert; } catch (Exception ex) { return null; } }