List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator setNotAfter
public void setNotAfter(Date date)
From source file:org.opensc.test.pkcs11.SaveCertificateTest.java
License:Open Source License
public void testX509CertificateGeneration() throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidKeyException, IllegalStateException, SignatureException, InvalidKeySpecException { KeyStore ks = KeyStore.getInstance("PKCS11", "OpenSC-PKCS11"); PKCS11LoadStoreParameter params = new PKCS11LoadStoreParameter(); PINEntry pe = new PINEntry(); params.setWaitForSlot(true);/*from w ww . j av a 2 s . c o m*/ params.setProtectionCallback(pe); params.setSOProtectionCallback(pe); params.setWriteEnabled(true); params.setEventHandler(pe); ks.load(params); // well, find a private key. Enumeration<String> aliases = ks.aliases(); String alias = null; while (aliases.hasMoreElements()) { String s = aliases.nextElement(); if (ks.isKeyEntry(s)) { alias = s; break; } } assertNotNull(alias); PKCS11PrivateKey privKey = (PKCS11PrivateKey) ks.getKey(alias, null); PKCS11PublicKey pubKey = privKey.getPublicKey(); KeyFactory kf = KeyFactory.getInstance(pubKey.getAlgorithm()); PublicKey dup = (PublicKey) kf.translateKey(pubKey); PKCS11Id enc1 = new PKCS11Id(pubKey.getEncoded()); PKCS11Id enc2 = new PKCS11Id(dup.getEncoded()); System.out.println("enc1=" + enc1); System.out.println("enc2=" + enc2); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); long now = System.currentTimeMillis(); certGen.setSerialNumber(BigInteger.valueOf(now)); X509Principal subject = new X509Principal("CN=PKCS11 Test CA,DC=opensc-project,DC=org"); certGen.setIssuerDN(subject); certGen.setSubjectDN(subject); Date from_date = new Date(now); certGen.setNotBefore(from_date); Calendar cal = new GregorianCalendar(); cal.setTime(from_date); cal.add(Calendar.YEAR, 4); Date to_date = cal.getTime(); certGen.setNotAfter(to_date); certGen.setPublicKey(dup); certGen.setSignatureAlgorithm("SHA256withRSA"); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyCertSign | KeyUsage.cRLSign)); X509Certificate x509 = certGen.generate(privKey, "OpenSC-PKCS11"); ks.setCertificateEntry(alias, x509); }
From source file:org.ourgrid.common.util.SelfSignedCertificateGenerator.java
License:Open Source License
public static void generateX509Certificate(KeyPair keyPair, String dnData, String certFilePath) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, IOException { X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator(); certGenerator.setSerialNumber(BigInteger.valueOf(1)); certGenerator.setPublicKey(keyPair.getPublic()); certGenerator.setSubjectDN(new X500Principal(dnData)); certGenerator.setIssuerDN(new X500Principal(dnData)); certGenerator.setNotBefore(new Date(System.currentTimeMillis() - VALIDITY_INTERVAL)); certGenerator.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_INTERVAL)); certGenerator.setSignatureAlgorithm(SignatureConstants.SIGN_ALGORITHM); X509Certificate certificate = certGenerator.generate(keyPair.getPrivate()); File file = new File(certFilePath); if (!file.exists()) { FileUtils.touch(file);//from w w w.j a v a 2s . c o m } FileOutputStream fosP = new FileOutputStream(file); fosP.write(certificate.getEncoded()); fosP.close(); }
From source file:org.overlord.commons.karaf.commands.saml.GenerateSamlKeystoreUtil.java
License:Apache License
/** * Creates a new key pair and self-signed certificate. * * @param alias/* w w w. j a va2s . c om*/ * the alias * @param dname * the dname * @param keyAlgName * the key alg name * @param keysize * the keysize * @param sigAlgName * the sig alg name * @throws Exception * the exception */ private void doGenKeyPair(String alias, String dname, String keyAlgName, int keysize, String sigAlgName) throws Exception { if (keysize == -1) { if ("EC".equalsIgnoreCase(keyAlgName)) { //$NON-NLS-1$ keysize = 256; } else if ("RSA".equalsIgnoreCase(keyAlgName)) { //$NON-NLS-1$ keysize = 2048; } else { keysize = 1024; } } if (keyStore.containsAlias(alias)) { throw new Exception(Messages.getString("Key.pair.not.generated.alias.alias.already.exists")); //$NON-NLS-1$ } if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(keyAlgName); } KeyPairGenerator generator = KeyPairGenerator.getInstance(keyAlgName); generator.initialize(keysize); KeyPair keypair = generator.generateKeyPair(); PrivateKey privKey = keypair.getPrivate(); X509Certificate[] chain = new X509Certificate[1]; Date date = getStartDate(startDate); Calendar calendar = Calendar.getInstance(); calendar.setTime(date); // Configuramos la fecha que se recibe calendar.add(Calendar.DAY_OF_YEAR, validity); // time from which certificate is valid Date expiryDate = calendar.getTime(); // time after which certificate is not valid BigInteger serialNumber = new BigInteger("10"); // serial number for certificate //$NON-NLS-1$ // private key of the certifying authority (ca) certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal subjectName = new X500Principal(dname); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(subjectName); certGen.setNotBefore(date); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(subjectName); certGen.setPublicKey(keypair.getPublic()); certGen.setSignatureAlgorithm("SHA256withRSA"); //$NON-NLS-1$ certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keypair.getPublic())); X509Certificate cert = certGen.generate(keypair.getPrivate(), providerName); chain[0] = cert; keyStore.setKeyEntry(alias, privKey, keyPass, chain); }
From source file:org.owasp.proxy.util.BouncyCastleCertificateUtils.java
License:Open Source License
public static X509Certificate sign(X500Principal subject, PublicKey pubKey, X500Principal issuer, PublicKey caPubKey, PrivateKey caKey, Date begin, Date ends, BigInteger serialNo) throws GeneralSecurityException { try {/*from w w w . j av a2 s .c o m*/ // X500Name issuerName = new X500Name(issuer.getName()); // X500Name subjectName = new X500Name(subject.getName()); // AlgorithmIdentifier algId = new // AlgorithmIdentifier(pubKey.getAlgorithm()); // SubjectPublicKeyInfo publicKeyInfo = new // SubjectPublicKeyInfo(algId, pubKey.getEncoded()); // // X509v1CertificateBuilder certBuilder = new // X509v1CertificateBuilder(issuerName, serialNo, begin, ends, // subjectName, publicKeyInfo); // ContentSigner cs = new // JcaContentSignerBuilder(SIGALG).setProvider("BC").build(caKey); // X509CertificateHolder holder = certBuilder.build(cs); // Certificate bcCert = holder.toASN1Structure(); // bcCert.get // X509V1CertificateGenerator certGen = new // X509V1CertificateGenerator(); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(serialNo); certGen.setIssuerDN(issuer); certGen.setNotBefore(begin); certGen.setNotAfter(ends); certGen.setSubjectDN(subject); certGen.setPublicKey(pubKey); certGen.setSignatureAlgorithm(SIGALG); // add Extensions if (subject == issuer) { addCACertificateExtensions(certGen); } else { addCertificateExtensions(pubKey, caPubKey, certGen); } X509Certificate cert = certGen.generate(caKey, "BC"); // note: // private // key of CA return cert; } catch (Exception e) { e.printStackTrace(); throw new CertificateEncodingException("generate: " + e.getMessage(), e); } }
From source file:org.pidome.server.services.provider.CertGen.java
License:Apache License
private void gen() throws CertGenException { try {/*from w w w . ja v a2 s . c o m*/ File store = new File(SystemConfig.getProperty("system", "server.keystore")); store.getParentFile().mkdirs(); if (store.exists()) { store.delete(); } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(new X500Principal("CN=" + curHost)); certGen.setIssuerDN(new X500Principal("CN=PiDome Server at " + curHost)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); certGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10))); certGen.setPublicKey(KPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); GeneralName altName = new GeneralName(GeneralName.iPAddress, Network.getIpAddressProperty().get().getHostAddress()); GeneralNames subjectAltName = new GeneralNames(altName); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); X509Certificate cert = certGen.generate(KPair.getPrivate(), "BC"); /// Always, but always create a new keystore. a new keystore pass has is always created. privateKS = KeyStore.getInstance("JKS"); privateKS.load(null, null); String storePass = MessageDigest.getInstance("MD5").toString(); privateKS.setKeyEntry("PiDome.Default", KPair.getPrivate(), storePass.toCharArray(), new java.security.cert.Certificate[] { cert }); store.createNewFile(); privateKS.store(new FileOutputStream(store), storePass.toCharArray()); System.setProperty("javax.net.ssl.keyStore", SystemConfig.getProperty("system", "server.keystore")); System.setProperty("javax.net.ssl.keyStorePassword", storePass); available = true; LOG.info("Certificate(s) generated."); } catch (CertificateEncodingException ex) { throw new CertGenException("Could not encode certificate, can not continue: " + ex.getMessage()); } catch (IllegalStateException ex) { throw new CertGenException("Illegal state, can not continue: " + ex.getMessage()); } catch (NoSuchProviderException ex) { throw new CertGenException("No known provider, can not continue: " + ex.getMessage()); } catch (NoSuchAlgorithmException ex) { throw new CertGenException("No such algorithm, can not continue: " + ex.getMessage()); } catch (SignatureException ex) { throw new CertGenException("Signature problem, can not continue: " + ex.getMessage()); } catch (InvalidKeyException ex) { throw new CertGenException("Invalid key used, can not continue: " + ex.getMessage()); } catch (KeyStoreException ex) { throw new CertGenException("KeyStore problem, can not continue: " + ex.getMessage()); } catch (IOException ex) { throw new CertGenException("KeyStore can not be opened, can not continue: " + ex.getMessage()); } catch (CertificateException ex) { throw new CertGenException("KeyStore certificate problem, can not continue: " + ex.getMessage()); } catch (ConfigPropertiesException ex) { throw new CertGenException( "KeyStore location configuration problem, can not continue: " + ex.getMessage()); } }
From source file:org.qipki.crypto.x509.X509GeneratorImpl.java
License:Open Source License
@Override public X509Certificate generateX509Certificate(PrivateKey privateKey, DistinguishedName issuerDN, BigInteger serialNumber, DistinguishedName subjectDN, PublicKey publicKey, Duration validity, List<X509ExtensionHolder> x509Extensions) { try {/* w ww .j a v a 2 s . co m*/ X509V3CertificateGenerator x509v3Generator = new X509V3CertificateGenerator(); DateTime now = new DateTime(); x509v3Generator.setSerialNumber(serialNumber); x509v3Generator.setSubjectDN(subjectDN.toX500Principal()); x509v3Generator.setIssuerDN(issuerDN.toX500Principal()); x509v3Generator.setNotBefore(now.minus(Time.CLOCK_SKEW).toDate()); x509v3Generator.setNotAfter(now.plus(validity).minus(Time.CLOCK_SKEW).toDate()); x509v3Generator.setSignatureAlgorithm(SignatureAlgorithm.SHA256withRSA.jcaString()); x509v3Generator.setPublicKey(publicKey); for (X509ExtensionHolder eachExtensionHolder : x509Extensions) { x509v3Generator.addExtension(eachExtensionHolder.getDerOID(), eachExtensionHolder.isCritical(), eachExtensionHolder.getValue()); } return x509v3Generator.generate(privateKey, cryptoContext.providerName()); } catch (GeneralSecurityException ex) { throw new CryptoFailure("Unable to generate X509Certificate", ex); } catch (IllegalStateException ex) { throw new CryptoFailure("Unable to generate X509Certificate", ex); } }
From source file:org.signserver.module.renewal.worker.MockCA.java
License:Open Source License
private static X509Certificate createCertificate(String subject, String issuer, long validity, String sigAlg, PublicKey pubKey, PrivateKey caPrivateKey) throws Exception { final long currentTime = new Date().getTime(); final Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000); final Date lastDate = new Date(currentTime + validity * 1000); X509V3CertificateGenerator cg = new X509V3CertificateGenerator(); // Add all mandatory attributes cg.setSerialNumber(BigInteger.valueOf(firstDate.getTime())); LOG.debug("keystore signing algorithm " + sigAlg); cg.setSignatureAlgorithm(sigAlg);/*from w w w . java 2s . c om*/ cg.setSubjectDN(new X500Principal(subject)); if (pubKey == null) { throw new Exception("Public key is null"); } cg.setPublicKey(pubKey); cg.setNotBefore(firstDate); cg.setNotAfter(lastDate); cg.setIssuerDN(new X500Principal(issuer)); return cg.generate(caPrivateKey, "BC"); }
From source file:org.signserver.validationservice.server.ValidationTestUtils.java
License:Open Source License
public static X509Certificate genCert(String dn, String issuerdn, PrivateKey privKey, PublicKey pubKey, Date startDate, Date endDate, boolean isCA, int keyUsage, CRLDistPoint crlDistPoint) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException { X509V3CertificateGenerator certgen = new X509V3CertificateGenerator(); byte[] serno = new byte[8]; SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed((new Date().getTime())); random.nextBytes(serno);//from www . j a va2 s .c o m certgen.setSerialNumber((new java.math.BigInteger(serno)).abs()); certgen.setNotBefore(startDate); certgen.setNotAfter(endDate); certgen.setSignatureAlgorithm("SHA1WithRSA"); certgen.setSubjectDN(CertTools.stringToBcX509Name(dn)); certgen.setIssuerDN(CertTools.stringToBcX509Name(issuerdn)); certgen.setPublicKey(pubKey); // CRL Distribution point if (crlDistPoint != null) { certgen.addExtension(X509Extensions.CRLDistributionPoints, false, crlDistPoint); } // Basic constranits is always critical and MUST be present at-least in CA-certificates. BasicConstraints bc = new BasicConstraints(isCA); certgen.addExtension(X509Extensions.BasicConstraints.getId(), true, bc); // Put critical KeyUsage in CA-certificates if (keyUsage == 0) { if (isCA == true) { int keyusage = X509KeyUsage.keyCertSign + X509KeyUsage.cRLSign; X509KeyUsage ku = new X509KeyUsage(keyusage); certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku); } } else { X509KeyUsage ku = new X509KeyUsage(keyUsage); certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku); } X509Certificate cert = certgen.generate(privKey); return cert; }
From source file:org.silvertunnel.netlib.layer.tor.util.PrivateKeyHandler.java
License:Open Source License
public java.security.cert.X509Certificate[] getCertificateChain(String alias) { try {/*from w ww .j av a2s. c om*/ org.bouncycastle.x509.X509V3CertificateGenerator generator = new org.bouncycastle.x509.X509V3CertificateGenerator(); generator.reset(); generator.setSerialNumber(BigInteger.valueOf(42)); generator.setNotBefore(new Date(System.currentTimeMillis() - 24L * 3600 * 1000)); generator.setNotAfter(new Date(System.currentTimeMillis() + 365L * 24 * 3600 * 1000)); generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name("CN=" + Util.MYNAME)); generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name("CN=" + Util.MYNAME)); generator.setPublicKey(keypair.getPublic()); generator.setSignatureAlgorithm("SHA1WITHRSA"); java.security.cert.X509Certificate x509 = generator.generate(keypair.getPrivate(), "BC"); java.security.cert.X509Certificate[] x509s = new java.security.cert.X509Certificate[2]; // send the same certificate twice works fine with the default implementation of tor! // myself: x509s[0] = x509; // a certificate for myself: x509s[1] = x509; return x509s; } catch (Exception e) { log.severe("Caught exception: " + e.getMessage()); } return null; }
From source file:org.sonatype.nexus.ssl.CertificateUtil.java
License:Open Source License
public static X509Certificate generateCertificate(final PublicKey publicKey, final PrivateKey privateKey, final String algorithm, final int validDays, final String commonName, final String orgUnit, final String organization, final String locality, final String state, final String country) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, CertificateEncodingException { X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); Vector<ASN1ObjectIdentifier> order = new Vector<>(); Hashtable<ASN1ObjectIdentifier, String> attributeMap = new Hashtable<>(); if (commonName != null) { attributeMap.put(X509Name.CN, commonName); order.add(X509Name.CN);/*from w ww. j a v a 2s . c o m*/ } if (orgUnit != null) { attributeMap.put(X509Name.OU, orgUnit); order.add(X509Name.OU); } if (organization != null) { attributeMap.put(X509Name.O, organization); order.add(X509Name.O); } if (locality != null) { attributeMap.put(X509Name.L, locality); order.add(X509Name.L); } if (state != null) { attributeMap.put(X509Name.ST, state); order.add(X509Name.ST); } if (country != null) { attributeMap.put(X509Name.C, country); order.add(X509Name.C); } X509Name issuerDN = new X509Name(order, attributeMap); // validity long now = System.currentTimeMillis(); long expire = now + (long) validDays * 24 * 60 * 60 * 1000; certificateGenerator.setNotBefore(new Date(now)); certificateGenerator.setNotAfter(new Date(expire)); certificateGenerator.setIssuerDN(issuerDN); certificateGenerator.setSubjectDN(issuerDN); certificateGenerator.setPublicKey(publicKey); certificateGenerator.setSignatureAlgorithm(algorithm); certificateGenerator.setSerialNumber(BigInteger.valueOf(now)); // make certificate return certificateGenerator.generate(privateKey); }