List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator generateX509Certificate
public X509Certificate generateX509Certificate(PrivateKey key) throws SecurityException, SignatureException, InvalidKeyException
From source file:org.globus.gsi.bc.BouncyCastleCertProcessingFactory.java
License:Apache License
/** * Creates a proxy certificate. A set of X.509 extensions can be optionally included in the new proxy * certificate. <BR>/*from w w w .jav a2s. com*/ * If a GSI-2 proxy is created, the serial number of the proxy certificate will be the same as of the * issuing certificate. Also, none of the extensions in the issuing certificate will be copied into the * proxy certificate.<BR> * If a GSI-3 or GSI 4 proxy is created, the serial number of the proxy certificate will be picked * randomly. If the issuing certificate contains a <i>KeyUsage</i> extension, the extension will be copied * into the proxy certificate with <i>keyCertSign</i> and <i>nonRepudiation</i> bits turned off. No other * extensions are currently copied. * * The methods defaults to creating GSI 4 proxy * * @param issuerCert_ * the issuing certificate * @param issuerKey * private key matching the public key of issuer certificate. The new proxy certificate will be * signed by that key. * @param publicKey * the public key of the new certificate * @param lifetime * lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will * have the same lifetime as the issuing certificate. * @param certType * can be one of {@link org.globus.gsi.GSIConstants.CertificateType#GSI_2_LIMITED_PROXY GSIConstants.CertificateType.GSI_2_LIMITED_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_2_PROXY GSIConstants.CertificateType.GSI_2_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_3_IMPERSONATION_PROXY GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_3_LIMITED_PROXY GSIConstants.CertificateType.GSI_3_LIMITED_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_3_INDEPENDENT_PROXY GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_3_RESTRICTED_PROXY GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY}. * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_4_IMPERSONATION_PROXY GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_4_LIMITED_PROXY GSIConstants.CertificateType.GSI_3_LIMITED_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_4_INDEPENDENT_PROXY GSIConstants.CertificateType.GSI_4_INDEPENDENT_PROXY}, * {@link org.globus.gsi.GSIConstants.CertificateType#GSI_4_RESTRICTED_PROXY GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY}. * * @param extSet * a set of X.509 extensions to be included in the new proxy certificate. Can be null. If * delegation mode is {@link org.globus.gsi.GSIConstants.CertificateType#GSI_3_RESTRICTED_PROXY * GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY} or {@link org.globus.gsi.GSIConstants.CertificateType#GSI_4_RESTRICTED_PROXY * GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY} then * {@link org.globus.gsi.proxy.ext.ProxyCertInfoExtension ProxyCertInfoExtension} must be * present in the extension set. * * @param cnValue * the value of the CN component of the subject of the new certificate. If null, the defaults * will be used depending on the proxy certificate type created. * @return <code>X509Certificate</code> the new proxy certificate. * @exception GeneralSecurityException * if a security error occurs. */ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, PrivateKey issuerKey, PublicKey publicKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException { X509Certificate issuerCert = issuerCert_; if (!(issuerCert_ instanceof X509CertificateObject)) { issuerCert = CertificateLoadUtil.loadCertificate(new ByteArrayInputStream(issuerCert.getEncoded())); } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); org.globus.gsi.X509Extension x509Ext = null; BigInteger serialNum = null; String delegDN = null; if (ProxyCertificateUtil.isGsi3Proxy(certType) || ProxyCertificateUtil.isGsi4Proxy(certType)) { Random rand = new Random(); delegDN = String.valueOf(Math.abs(rand.nextInt())); serialNum = new BigInteger(20, rand); if (extSet != null) { x509Ext = extSet.get(ProxyCertInfo.OID.getId()); if (x509Ext == null) { x509Ext = extSet.get(ProxyCertInfo.OLD_OID.getId()); } } if (x509Ext == null) { // create ProxyCertInfo extension ProxyPolicy policy = null; if (ProxyCertificateUtil.isLimitedProxy(certType)) { policy = new ProxyPolicy(ProxyPolicy.LIMITED); } else if (ProxyCertificateUtil.isIndependentProxy(certType)) { policy = new ProxyPolicy(ProxyPolicy.INDEPENDENT); } else if (ProxyCertificateUtil.isImpersonationProxy(certType)) { // since limited has already been checked, this should work. policy = new ProxyPolicy(ProxyPolicy.IMPERSONATION); } else if ((certType == GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY) || (certType == GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY)) { String err = i18n.getMessage("restrictProxy"); throw new IllegalArgumentException(err); } else { String err = i18n.getMessage("invalidProxyType"); throw new IllegalArgumentException(err); } ProxyCertInfo proxyCertInfo = new ProxyCertInfo(policy); x509Ext = new ProxyCertInfoExtension(proxyCertInfo); if (ProxyCertificateUtil.isGsi4Proxy(certType)) { // RFC compliant OID x509Ext = new ProxyCertInfoExtension(proxyCertInfo); } else { // old OID x509Ext = new GlobusProxyCertInfoExtension(proxyCertInfo); } } try { // add ProxyCertInfo extension to the new cert certGen.addExtension(x509Ext.getOid(), x509Ext.isCritical(), x509Ext.getValue()); // handle KeyUsage in issuer cert TBSCertificateStructure crt = BouncyCastleUtil.getTBSCertificateStructure(issuerCert); X509Extensions extensions = crt.getExtensions(); if (extensions != null) { X509Extension ext; // handle key usage ext ext = extensions.getExtension(X509Extension.keyUsage); if (ext != null) { // TBD: handle this better if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) { String err = i18n.getMessage("keyUsageExt"); throw new GeneralSecurityException(err); } DERBitString bits = (DERBitString) BouncyCastleUtil.getExtensionObject(ext); byte[] bytes = bits.getBytes(); // make sure they are disabled if ((bytes[0] & KeyUsage.nonRepudiation) != 0) { bytes[0] ^= KeyUsage.nonRepudiation; } if ((bytes[0] & KeyUsage.keyCertSign) != 0) { bytes[0] ^= KeyUsage.keyCertSign; } bits = new DERBitString(bytes, bits.getPadBits()); certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits); } } } catch (IOException e) { // but this should not happen throw new GeneralSecurityException(e.getMessage()); } } else if (certType == GSIConstants.CertificateType.GSI_2_LIMITED_PROXY) { delegDN = "limited proxy"; serialNum = issuerCert.getSerialNumber(); } else if (certType == GSIConstants.CertificateType.GSI_2_PROXY) { delegDN = "proxy"; serialNum = issuerCert.getSerialNumber(); } else { String err = i18n.getMessage("unsupportedProxy", certType); throw new IllegalArgumentException(err); } // add specified extensions if (extSet != null) { Iterator iter = extSet.oidSet().iterator(); while (iter.hasNext()) { String oid = (String) iter.next(); // skip ProxyCertInfo extension if (oid.equals(ProxyCertInfo.OID.getId()) || oid.equals(ProxyCertInfo.OLD_OID.getId())) { continue; } x509Ext = (org.globus.gsi.X509Extension) extSet.get(oid); certGen.addExtension(x509Ext.getOid(), x509Ext.isCritical(), x509Ext.getValue()); } } X509Name issuerDN; if (issuerCert.getSubjectDN() instanceof X509Name) { issuerDN = (X509Name) issuerCert.getSubjectDN(); } else { issuerDN = new X509Name(true, issuerCert.getSubjectX500Principal().getName()); } X509NameHelper issuer = new X509NameHelper(issuerDN); X509NameHelper subject = new X509NameHelper(issuerDN); subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue); certGen.setSubjectDN(subject.getAsName()); certGen.setIssuerDN(issuer.getAsName()); certGen.setSerialNumber(serialNum); certGen.setPublicKey(publicKey); certGen.setSignatureAlgorithm(issuerCert.getSigAlgName()); GregorianCalendar date = new GregorianCalendar(TimeZone.getTimeZone("GMT")); /* Allow for a five minute clock skew here. */ date.add(Calendar.MINUTE, -5); certGen.setNotBefore(date.getTime()); /* If hours = 0, then cert lifetime is set to user cert */ if (lifetime <= 0) { certGen.setNotAfter(issuerCert.getNotAfter()); } else { date.add(Calendar.MINUTE, 5); date.add(Calendar.SECOND, lifetime); certGen.setNotAfter(date.getTime()); } return certGen.generateX509Certificate(issuerKey); }
From source file:org.jcryptool.visual.sigVerification.cert.CertGeneration.java
License:Open Source License
/** * this method creates the x.509 certificate and the needed keypair * @param x - the number value of the certificate (root=1) * @return the generated certificate//from w ww . ja v a2 s . c o m * @throws Exception */ public X509Certificate createCertificate(int x) throws Exception { this.x = x; X509Certificate cert = null; KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CERTIFICATE_ALGORITHM); keyPairGenerator.initialize(CERTIFICATE_BITS, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // GENERATE THE X509 CERTIFICATE X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); v3CertGen.setIssuerDN(new X509Principal(CERTIFICATE_DN)); v3CertGen.setNotBefore(now); v3CertGen.setNotAfter(end); v3CertGen.setSubjectDN(new X509Principal(CERTIFICATE_DN)); v3CertGen.setPublicKey(keyPair.getPublic()); v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); cert = v3CertGen.generateX509Certificate(keyPair.getPrivate()); saveCert(cert, keyPair.getPrivate()); return cert; }
From source file:org.jcryptool.visual.sigVerification.cert.CertGeneration.java
License:Open Source License
/** * this method creates the needed keypair and the x.509 certificate valid till the given date * @param x - the number value of the certificate (root=1) * @param newend - the new not after date * @return the generated certificate/* w w w . j a v a 2s .c o m*/ */ public X509Certificate createCertificateNew(int x, Date newend) throws Exception { this.x = x; X509Certificate cert = null; KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CERTIFICATE_ALGORITHM); keyPairGenerator.initialize(CERTIFICATE_BITS, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // GENERATE THE X509 CERTIFICATE X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); v3CertGen.setIssuerDN(new X509Principal(CERTIFICATE_DN)); v3CertGen.setNotBefore(now); v3CertGen.setNotAfter(newend); v3CertGen.setSubjectDN(new X509Principal(CERTIFICATE_DN)); v3CertGen.setPublicKey(keyPair.getPublic()); v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); cert = v3CertGen.generateX509Certificate(keyPair.getPrivate()); saveCert(cert, keyPair.getPrivate()); return cert; }
From source file:org.mitre.jwt.signer.service.impl.KeyStoreTest.java
License:Apache License
/** * Create an RSA KeyPair and insert into specified KeyStore * //from w w w . jav a 2 s . com * @param location * @param domainName * @param alias * @param keystorePassword * @param aliasPassword * @param daysNotValidBefore * @param daysNotValidAfter * @return * @throws GeneralSecurityException * @throws IOException */ public static java.security.KeyStore generateKeyPair(KeyStore keystore, String keyPairAlgorithm, int keySize, String signatureAlgorithm, String domainName, String alias, String aliasPassword, int daysNotValidBefore, int daysNotValidAfter) throws GeneralSecurityException, IOException { java.security.KeyStore ks; if (keystore != null) { ks = keystore.getKeystore(); } else { ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); ks.load(null, null); } KeyPairGenerator rsaKeyPairGenerator = null; rsaKeyPairGenerator = KeyPairGenerator.getInstance(keyPairAlgorithm); rsaKeyPairGenerator.initialize(keySize); KeyPair rsaKeyPair = rsaKeyPairGenerator.generateKeyPair(); // BC sez X509V3CertificateGenerator is deprecated and the docs say to // use another, but it seemingly isn't included jar... X509V3CertificateGenerator v3CertGen = createCertificate(domainName, daysNotValidBefore, daysNotValidAfter); PrivateKey privateKey = rsaKeyPair.getPrivate(); v3CertGen.setPublicKey(rsaKeyPair.getPublic()); v3CertGen.setSignatureAlgorithm(signatureAlgorithm); // BC docs say to use another, but it seemingly isn't included... X509Certificate certificate = v3CertGen.generateX509Certificate(privateKey); // if exist, overwrite ks.setKeyEntry(alias, privateKey, aliasPassword.toCharArray(), new java.security.cert.Certificate[] { certificate }); if (keystore != null) { keystore.setKeystore(ks); } return ks; }
From source file:org.opendaylight.aaa.cert.impl.ODLKeyTool.java
License:Open Source License
public boolean createKeyStoreWithSelfSignCert(final String keyStoreName, final String keyStorePwd, final String dName, final String keyAlias, final int validity) { try {// ww w . jav a2 s. co m final KeyPairGenerator keyPairGenerator = KeyPairGenerator .getInstance(KeyStoreConstant.DEFAULT_KEY_ALG); keyPairGenerator.initialize(KeyStoreConstant.DEFAULT_KEY_SIZE); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final X509V3CertificateGenerator x509V3CertGen = new X509V3CertificateGenerator(); x509V3CertGen.setSerialNumber(getSecureRandomeInt()); x509V3CertGen.setIssuerDN(new X509Principal(dName)); x509V3CertGen.setNotBefore(new Date(System.currentTimeMillis())); x509V3CertGen .setNotAfter(new Date(System.currentTimeMillis() + (KeyStoreConstant.DAY_TIME * validity))); x509V3CertGen.setSubjectDN(new X509Principal(dName)); x509V3CertGen.setPublicKey(keyPair.getPublic()); x509V3CertGen.setSignatureAlgorithm(KeyStoreConstant.DEFAULT_SIGN_ALG); final X509Certificate x509Cert = x509V3CertGen.generateX509Certificate(keyPair.getPrivate()); final KeyStore ctlKeyStore = KeyStore.getInstance("JKS"); ctlKeyStore.load(null, keyStorePwd.toCharArray()); ctlKeyStore.setKeyEntry(keyAlias, keyPair.getPrivate(), keyStorePwd.toCharArray(), new java.security.cert.Certificate[] { x509Cert }); final FileOutputStream fOutputStream = new FileOutputStream(workingDir + keyStoreName); ctlKeyStore.store(fOutputStream, keyStorePwd.toCharArray()); LOG.info("{} is created", keyStoreName); return true; } catch (NoSuchAlgorithmException | InvalidKeyException | SecurityException | SignatureException | KeyStoreException | CertificateException | IOException e) { LOG.error("Fatal error creating key", e); return false; } }
From source file:org.opendaylight.aaa.cert.impl.ODLMdsalKeyTool.java
License:Open Source License
public KeyStore createKeyStoreWithSelfSignCert(final String keyStoreName, final String keyStorePwd, final String dName, final String keyAlias, final int validity, final String keyAlg, final int keySize, final String signAlg) { try {/*from w ww .j a va 2 s .co m*/ final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlg); keyPairGenerator.initialize(keySize); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final X509V3CertificateGenerator x509V3CertGen = new X509V3CertificateGenerator(); x509V3CertGen.setSerialNumber(getSecureRandomeInt()); x509V3CertGen.setIssuerDN(new X509Principal(dName)); x509V3CertGen.setNotBefore(new Date(System.currentTimeMillis())); x509V3CertGen .setNotAfter(new Date(System.currentTimeMillis() + (KeyStoreConstant.DAY_TIME * validity))); x509V3CertGen.setSubjectDN(new X509Principal(dName)); x509V3CertGen.setPublicKey(keyPair.getPublic()); x509V3CertGen.setSignatureAlgorithm(signAlg); final X509Certificate x509Cert = x509V3CertGen.generateX509Certificate(keyPair.getPrivate()); final KeyStore ctlKeyStore = KeyStore.getInstance("JKS"); ctlKeyStore.load(null, keyStorePwd.toCharArray()); ctlKeyStore.setKeyEntry(keyAlias, keyPair.getPrivate(), keyStorePwd.toCharArray(), new java.security.cert.Certificate[] { x509Cert }); LOG.info("{} is created", keyStoreName); return ctlKeyStore; } catch (final NoSuchAlgorithmException | InvalidKeyException | SecurityException | SignatureException | KeyStoreException | CertificateException | IOException e) { LOG.error("Fatal error creating keystore", e); return null; } }
From source file:org.openmaji.implementation.server.security.auth.CoreAdminHelper.java
License:Open Source License
private static void userAdd(String userID, char[] userPass, String userName, String emailAddress, Date expiryDate) throws Exception { if (!userID.toLowerCase().equals(userID)) { throw new IllegalArgumentException("username's cannot have mixed case - must be lower case only."); }// www . j a v a 2 s .co m String keyStorePasswd = System.getProperty(MeemCoreRootAuthority.KEYSTORE_PASSWD); if (keyStorePasswd == null) { throw new RuntimeException("unable to find property for key store password."); } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); MajiKeyStore keyStore = MeemCoreRootAuthority.getMajiKeyStore(); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA"); kpGen.initialize(1024); // get "server" key PrivateKey signingKey = (PrivateKey) keyStore.getKey(MeemCoreRootAuthority.KEY_ID, keyStorePasswd.toCharArray()); Certificate[] certs = keyStore.getCertificateChain(MeemCoreRootAuthority.KEY_ID); X509Certificate signingCert = (X509Certificate) certs[0]; KeyPair userKey = kpGen.generateKeyPair(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(signingCert)); certGen.setNotBefore(new Date()); certGen.setNotAfter(expiryDate); certGen.setPublicKey(userKey.getPublic()); if (emailAddress != null) { certGen.setSubjectDN(new X509Principal(new X500Principal("CN=" + userName + ", T=" + userID + ", EMAILADDRESS=" + emailAddress + ", OU=Maji, O=Majitek, C=AU").getEncoded())); } else { certGen.setSubjectDN(new X509Principal( new X500Principal("CN=" + userName + ", T=" + userID + ", OU=Maji, O=Majitek, C=AU") .getEncoded())); } certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(userKey.getPublic())); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(certs[0].getPublicKey(), PrincipalUtil.getSubjectX509Principal(signingCert), signingCert.getSerialNumber())); X509Certificate newCert = certGen.generateX509Certificate(signingKey); Certificate[] chain = new Certificate[certs.length + 1]; chain[0] = newCert; System.arraycopy(certs, 0, chain, 1, certs.length); // // having set up the chain add the user. // MajiKeyStore userKeyStore = MeemCoreRootAuthority.getUserKeyStore(); try { Certificate[] testCerts = userKeyStore.getCertificateChain(userID); if (testCerts != null) { logger.log(Level.WARNING, "User, \"" + userID + "\" already exists. The certificate chain might not be updated"); } } catch (KeyStoreException e) { } userKeyStore.setKeyEntry(userID, userKey.getPrivate(), userPass, chain); logger.log(Level.INFO, "User, \"" + userID + "\" added."); userKeyStore.store(); // // store the encrypted password // byte[] userPassBytes = new byte[userPass.length]; for (int i = 0; i != userPass.length; i++) { userPassBytes[i] = (byte) userPass[i]; } Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPPadding", "BC"); cipher.init(Cipher.ENCRYPT_MODE, certs[0].getPublicKey()); MeemCoreRootAuthority.getUserPasswordFile().setPassword(userID, cipher.doFinal(userPassBytes)); }
From source file:org.tranche.users.MakeUserZipFileTool.java
License:Apache License
/** * <p>Executes the creation of the UserZipFile.</p> * @return//from w w w.j a va 2 s. c o m * @throws java.lang.NullPointerException * @throws java.security.NoSuchAlgorithmException * @throws java.security.NoSuchProviderException * @throws java.security.SignatureException * @throws java.security.InvalidKeyException */ public UserZipFile makeCertificate() throws NullPointerException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException { // checks if (name == null) { throw new NullPointerException("Name is not set."); } if (passphrase == null) { throw new NullPointerException("Passphrase is not set."); } if (saveFile == null) { throw new RuntimeException("Save location is not set."); } // execute SecurityUtil.lazyLoad(); // make up a new RSA keypair KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); keyGen.initialize(1024); // key pair KeyPair keyPair = keyGen.generateKeyPair(); PrivateKey privateKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); // make a new certificate Hashtable attrs = new Hashtable(); attrs.put(X509Principal.CN, name); // Serialnumber is random bits, where random generator is initialized with Date.getTime() byte[] serno = new byte[8]; SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed(TimeUtil.getTrancheTimestamp()); random.nextBytes(serno); BigInteger sn = new java.math.BigInteger(serno).abs(); // make the principle X509Principal principal = new X509Principal(attrs); //generate cert X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setSerialNumber(sn); // use the give issuer if appropriate if (signerCertificate != null && signerPrivateKey != null) { gen.setIssuerDN((X509Principal) signerCertificate.getSubjectDN()); } else { gen.setIssuerDN(principal); } gen.setNotBefore(startDate); gen.setNotAfter(new Date(startDate.getTime() + (validDays * Long.valueOf("86400000")))); gen.setSubjectDN(principal); gen.setSignatureAlgorithm("SHA1WITHRSA"); gen.setPublicKey(publicKey); // make the certificate X509Certificate cert = null; if (signerCertificate != null && signerPrivateKey != null) { cert = gen.generateX509Certificate(getSignerPrivateKey()); } else { cert = gen.generateX509Certificate(privateKey); } // make the user file UserZipFile uzf = new UserZipFile(saveFile); uzf.setCertificate(cert); uzf.setPrivateKey(privateKey); uzf.setPassphrase(passphrase); uzf.saveTo(saveFile); // return the user return uzf; }
From source file:sos.util.security.SOSCertificate.java
License:Apache License
/** * Certificate Objekt erzeugen/*w ww. j a va2 s.co m*/ * * @param privateKey * @param publicKey * @throws Exception */ public static Certificate createCertificate(PrivateKey privateKey, PublicKey publicKey) throws Exception { if (privateKey == null) { throw new Exception("Private Key is null"); } if (publicKey == null) { throw new Exception("Public Key is null"); } if (SOSCertificate.serialNumber == null) { throw new Exception("Serialnumber is null"); } if (SOSCertificate.subjectDN == null || SOSCertificate.subjectDN.length() == 0) { throw new Exception("Subject DN is empty"); } if (SOSCertificate.issuerDN == null || SOSCertificate.issuerDN.length() == 0) { throw new Exception("Issuer DN is empty"); } long time = gmtCalendar.getTimeInMillis(); if (SOSCertificate.validFrom == null) { //this.validFrom = new Date(); // von gestern SOSCertificate.validFrom = new Date(time - 24L * 60 * 60 * 1000); } if (SOSCertificate.validTo == null) { SOSCertificate.validTo = new Date(SOSCertificate.validFrom.getTime() + 90 * 24 * 60 * 60 * 1000L); //this.validTo = new // Date(System.currentTimeMillis()+90*24*60*60*1000L); } try { if (Security.getProvider("BC") == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); } org.bouncycastle.x509.X509V3CertificateGenerator v3CertGen = new org.bouncycastle.x509.X509V3CertificateGenerator(); // create the certificate - version 3 v3CertGen.reset(); v3CertGen.setSerialNumber(SOSCertificate.serialNumber); // ausgestellt fr v3CertGen.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name(SOSCertificate.issuerDN)); // ausgestellt von //v3CertGen.setSubjectDN(new X509Principal(n)); v3CertGen.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name(SOSCertificate.subjectDN)); // gltig ab v3CertGen.setNotBefore(SOSCertificate.validFrom); //gltig bis v3CertGen.setNotAfter(SOSCertificate.validTo); v3CertGen.setPublicKey(publicKey); //v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); v3CertGen.setSignatureAlgorithm(SOSCertificate.hashAlgorithm + "With" + privateKey.getAlgorithm()); X509Certificate cert = v3CertGen.generateX509Certificate(privateKey); return cert; } catch (NoClassDefFoundError e) { throw new Exception("not found Definition : " + e); } catch (Exception e) { throw new Exception(e); } }
From source file:TorJava.PrivateKeyHandler.java
License:Open Source License
public java.security.cert.X509Certificate[] getCertificateChain(String alias) { try {/* w w w . j av a2 s. c o m*/ org.bouncycastle.x509.X509V3CertificateGenerator generator = new org.bouncycastle.x509.X509V3CertificateGenerator(); generator.reset(); generator.setSerialNumber(BigInteger.valueOf(42)); generator.setNotBefore(new Date(System.currentTimeMillis() - 24L * 3600 * 1000)); generator.setNotAfter(new Date(System.currentTimeMillis() + 365L * 24 * 3600 * 1000)); /*generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name( "CN=TorJava, O=TOR")); generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name( "CN=TorJava, O=TOR"));*/ generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name("CN=TorJava")); generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name("CN=TorJava")); generator.setPublicKey(keypair.getPublic()); generator.setSignatureAlgorithm("SHA1WITHRSA"); java.security.cert.X509Certificate x509 = generator.generateX509Certificate(keypair.getPrivate()); java.security.cert.X509Certificate[] x509s = new java.security.cert.X509Certificate[2]; // send the same certificate twice works fine with the default implementation of tor! x509s[0] = x509; // myself x509s[1] = x509; // a certificate for myself return x509s; } catch (Exception e) { Logger.logTLS(Logger.ERROR, "Caught exception: " + e.getMessage()); } return null; }