List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator setPublicKey
public void setPublicKey(PublicKey key) throws IllegalArgumentException
From source file:org.signserver.module.renewal.worker.MockCA.java
License:Open Source License
private static X509Certificate createCertificate(String subject, String issuer, long validity, String sigAlg, PublicKey pubKey, PrivateKey caPrivateKey) throws Exception { final long currentTime = new Date().getTime(); final Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000); final Date lastDate = new Date(currentTime + validity * 1000); X509V3CertificateGenerator cg = new X509V3CertificateGenerator(); // Add all mandatory attributes cg.setSerialNumber(BigInteger.valueOf(firstDate.getTime())); LOG.debug("keystore signing algorithm " + sigAlg); cg.setSignatureAlgorithm(sigAlg);/*from w w w . jav a 2 s . co m*/ cg.setSubjectDN(new X500Principal(subject)); if (pubKey == null) { throw new Exception("Public key is null"); } cg.setPublicKey(pubKey); cg.setNotBefore(firstDate); cg.setNotAfter(lastDate); cg.setIssuerDN(new X500Principal(issuer)); return cg.generate(caPrivateKey, "BC"); }
From source file:org.signserver.validationservice.server.ValidationTestUtils.java
License:Open Source License
public static X509Certificate genCert(String dn, String issuerdn, PrivateKey privKey, PublicKey pubKey, Date startDate, Date endDate, boolean isCA, int keyUsage, CRLDistPoint crlDistPoint) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException { X509V3CertificateGenerator certgen = new X509V3CertificateGenerator(); byte[] serno = new byte[8]; SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed((new Date().getTime())); random.nextBytes(serno);//from w w w . ja v a2s . c om certgen.setSerialNumber((new java.math.BigInteger(serno)).abs()); certgen.setNotBefore(startDate); certgen.setNotAfter(endDate); certgen.setSignatureAlgorithm("SHA1WithRSA"); certgen.setSubjectDN(CertTools.stringToBcX509Name(dn)); certgen.setIssuerDN(CertTools.stringToBcX509Name(issuerdn)); certgen.setPublicKey(pubKey); // CRL Distribution point if (crlDistPoint != null) { certgen.addExtension(X509Extensions.CRLDistributionPoints, false, crlDistPoint); } // Basic constranits is always critical and MUST be present at-least in CA-certificates. BasicConstraints bc = new BasicConstraints(isCA); certgen.addExtension(X509Extensions.BasicConstraints.getId(), true, bc); // Put critical KeyUsage in CA-certificates if (keyUsage == 0) { if (isCA == true) { int keyusage = X509KeyUsage.keyCertSign + X509KeyUsage.cRLSign; X509KeyUsage ku = new X509KeyUsage(keyusage); certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku); } } else { X509KeyUsage ku = new X509KeyUsage(keyUsage); certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku); } X509Certificate cert = certgen.generate(privKey); return cert; }
From source file:org.silvertunnel.netlib.layer.tor.util.PrivateKeyHandler.java
License:Open Source License
public java.security.cert.X509Certificate[] getCertificateChain(String alias) { try {//from www. jav a2 s . c om org.bouncycastle.x509.X509V3CertificateGenerator generator = new org.bouncycastle.x509.X509V3CertificateGenerator(); generator.reset(); generator.setSerialNumber(BigInteger.valueOf(42)); generator.setNotBefore(new Date(System.currentTimeMillis() - 24L * 3600 * 1000)); generator.setNotAfter(new Date(System.currentTimeMillis() + 365L * 24 * 3600 * 1000)); generator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name("CN=" + Util.MYNAME)); generator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name("CN=" + Util.MYNAME)); generator.setPublicKey(keypair.getPublic()); generator.setSignatureAlgorithm("SHA1WITHRSA"); java.security.cert.X509Certificate x509 = generator.generate(keypair.getPrivate(), "BC"); java.security.cert.X509Certificate[] x509s = new java.security.cert.X509Certificate[2]; // send the same certificate twice works fine with the default implementation of tor! // myself: x509s[0] = x509; // a certificate for myself: x509s[1] = x509; return x509s; } catch (Exception e) { log.severe("Caught exception: " + e.getMessage()); } return null; }
From source file:org.sonatype.nexus.ssl.CertificateUtil.java
License:Open Source License
public static X509Certificate generateCertificate(final PublicKey publicKey, final PrivateKey privateKey, final String algorithm, final int validDays, final String commonName, final String orgUnit, final String organization, final String locality, final String state, final String country) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, CertificateEncodingException { X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); Vector<ASN1ObjectIdentifier> order = new Vector<>(); Hashtable<ASN1ObjectIdentifier, String> attributeMap = new Hashtable<>(); if (commonName != null) { attributeMap.put(X509Name.CN, commonName); order.add(X509Name.CN);/*from w w w . ja v a 2 s. co m*/ } if (orgUnit != null) { attributeMap.put(X509Name.OU, orgUnit); order.add(X509Name.OU); } if (organization != null) { attributeMap.put(X509Name.O, organization); order.add(X509Name.O); } if (locality != null) { attributeMap.put(X509Name.L, locality); order.add(X509Name.L); } if (state != null) { attributeMap.put(X509Name.ST, state); order.add(X509Name.ST); } if (country != null) { attributeMap.put(X509Name.C, country); order.add(X509Name.C); } X509Name issuerDN = new X509Name(order, attributeMap); // validity long now = System.currentTimeMillis(); long expire = now + (long) validDays * 24 * 60 * 60 * 1000; certificateGenerator.setNotBefore(new Date(now)); certificateGenerator.setNotAfter(new Date(expire)); certificateGenerator.setIssuerDN(issuerDN); certificateGenerator.setSubjectDN(issuerDN); certificateGenerator.setPublicKey(publicKey); certificateGenerator.setSignatureAlgorithm(algorithm); certificateGenerator.setSerialNumber(BigInteger.valueOf(now)); // make certificate return certificateGenerator.generate(privateKey); }
From source file:org.structr.function.CreateJarFileFunction.java
License:Open Source License
private KeyStore getOrCreateKeystore(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) { final String keystorePath = "test.keystore"; final String keystorePass = "test"; final java.io.File keystoreFile = new java.io.File(keystorePath); if (keystoreFile.exists()) { try (final FileInputStream fis = new FileInputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fis, keystorePass.toCharArray()); return keystore; } catch (Throwable t) { t.printStackTrace();//from www . jav a 2s . co m } } else { try (final FileOutputStream fos = new FileOutputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePass.toCharArray()); final KeyPairGenerator gen = KeyPairGenerator.getInstance(keygenAlgorithm); gen.initialize(1024, SecureRandom.getInstance(srngAlgorithm)); final KeyPair keyPair = gen.generateKeyPair(); final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy"); final Date startDate = dateFormat.parse("01.01.2015"); final Date expiryDate = dateFormat.parse("01.01.2017"); final BigInteger serialNumber = BigInteger.valueOf(1234); final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); final X500Principal dnName = new X500Principal("CN=Test CA Certificate"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signAlgorithm); final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); keystore.setCertificateEntry("cert", cert); keystore.setKeyEntry("priv", keyPair.getPrivate(), keystorePass.toCharArray(), new Certificate[] { cert }); keystore.store(fos, keystorePass.toCharArray()); fos.flush(); return keystore; } catch (Throwable t) { t.printStackTrace(); } } return null; }
From source file:org.structr.jar.CreateJarFileFunction.java
License:Open Source License
private KeyStore getOrCreateKeystore(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) { final String keystorePath = "test.keystore"; final String keystorePass = "test"; final java.io.File keystoreFile = new java.io.File(keystorePath); if (keystoreFile.exists()) { try (final FileInputStream fis = new FileInputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fis, keystorePass.toCharArray()); return keystore; } catch (Throwable t) { logger.log(Level.WARNING, "", t); }/*from w ww . j ava 2 s . co m*/ } else { try (final FileOutputStream fos = new FileOutputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePass.toCharArray()); final KeyPairGenerator gen = KeyPairGenerator.getInstance(keygenAlgorithm); gen.initialize(1024, SecureRandom.getInstance(srngAlgorithm)); final KeyPair keyPair = gen.generateKeyPair(); final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy"); final Date startDate = dateFormat.parse("01.01.2015"); final Date expiryDate = dateFormat.parse("01.01.2017"); final BigInteger serialNumber = BigInteger.valueOf(1234); final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); final X500Principal dnName = new X500Principal("CN=Test CA Certificate"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signAlgorithm); final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); keystore.setCertificateEntry("cert", cert); keystore.setKeyEntry("priv", keyPair.getPrivate(), keystorePass.toCharArray(), new Certificate[] { cert }); keystore.store(fos, keystorePass.toCharArray()); fos.flush(); return keystore; } catch (Throwable t) { logger.log(Level.WARNING, "", t); } } return null; }
From source file:org.sufficientlysecure.keychain.pgp.PgpToX509.java
License:Open Source License
/** * Creates a self-signed certificate from a public and private key. The (critical) key-usage * extension is set up with: digital signature, non-repudiation, key-encipherment, key-agreement * and certificate-signing. The (non-critical) Netscape extension is set up with: SSL client and * S/MIME. A URI subjectAltName may also be set up. * * @param pubKey public key//from www . j a va 2 s . c om * @param privKey private key * @param subject subject (and issuer) DN for this certificate, RFC 2253 format preferred. * @param startDate date from which the certificate will be valid (defaults to current date and time * if null) * @param endDate date until which the certificate will be valid (defaults to current date and time * if null) * * @param subjAltNameURI URI to be placed in subjectAltName * @return self-signed certificate * @throws InvalidKeyException * @throws SignatureException * @throws NoSuchAlgorithmException * @throws IllegalStateException * @throws NoSuchProviderException * @throws CertificateException * @throws Exception * @author Bruno Harbulot */ public static X509Certificate createSelfSignedCert(PublicKey pubKey, PrivateKey privKey, X509Name subject, Date startDate, Date endDate, String subjAltNameURI) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException { X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator(); certGenerator.reset(); /* * Sets up the subject distinguished name. Since it's a self-signed certificate, issuer and * subject are the same. */ certGenerator.setIssuerDN(subject); certGenerator.setSubjectDN(subject); /* * Sets up the validity dates. */ if (startDate == null) { startDate = new Date(System.currentTimeMillis()); } certGenerator.setNotBefore(startDate); if (endDate == null) { endDate = new Date(startDate.getTime() + (365L * 24L * 60L * 60L * 1000L)); Log.d(Constants.TAG, "end date is=" + DateFormat.getDateInstance().format(endDate)); } certGenerator.setNotAfter(endDate); /* * The serial-number of this certificate is 1. It makes sense because it's self-signed. */ certGenerator.setSerialNumber(BigInteger.ONE); /* * Sets the public-key to embed in this certificate. */ certGenerator.setPublicKey(pubKey); /* * Sets the signature algorithm. */ String pubKeyAlgorithm = pubKey.getAlgorithm(); if (pubKeyAlgorithm.equals("DSA")) { certGenerator.setSignatureAlgorithm("SHA1WithDSA"); } else if (pubKeyAlgorithm.equals("RSA")) { certGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption"); } else { RuntimeException re = new RuntimeException("Algorithm not recognised: " + pubKeyAlgorithm); Log.e(Constants.TAG, re.getMessage(), re); throw re; } /* * Adds the Basic Constraint (CA: true) extension. */ certGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); /* * Adds the subject key identifier extension. */ SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pubKey); certGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, subjectKeyIdentifier); /* * Adds the authority key identifier extension. */ AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(pubKey); certGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, authorityKeyIdentifier); /* * Adds the subject alternative-name extension. */ if (subjAltNameURI != null) { GeneralNames subjectAltNames = new GeneralNames( new GeneralName(GeneralName.uniformResourceIdentifier, subjAltNameURI)); certGenerator.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltNames); } /* * Creates and sign this certificate with the private key corresponding to the public key of * the certificate (hence the name "self-signed certificate"). */ X509Certificate cert = certGenerator.generate(privKey); /* * Checks that this certificate has indeed been correctly signed. */ cert.verify(pubKey); return cert; }
From source file:org.tolven.config.model.CredentialManager.java
License:Open Source License
private X509Certificate signCertificate(X500Principal subjectX500Principal, PublicKey subjectPublicKey, X500Principal issuerX500Principal, PrivateKey issuerPrivateKey) throws GeneralSecurityException { X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setSignatureAlgorithm("SHA1withRSA"); gen.setSubjectDN(subjectX500Principal); gen.setSerialNumber(getNextSerialNumber()); gen.setIssuerDN(issuerX500Principal); gen.setNotBefore(new Date()); gen.setNotAfter(new Date(new Date().getTime() + 1000000000000L)); gen.setPublicKey(subjectPublicKey); return gen.generate(issuerPrivateKey); }
From source file:org.tolven.gatekeeper.CertificateHelper.java
License:Open Source License
private X509Certificate signCertificate(X500Principal subjectX500Principal, PublicKey subjectPublicKey, X500Principal issuerX500Principal, PrivateKey issuerPrivateKey) { X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setSignatureAlgorithm("SHA1withRSA"); gen.setSubjectDN(subjectX500Principal); gen.setSerialNumber(getNextSerialNumber()); gen.setIssuerDN(issuerX500Principal); gen.setNotBefore(new Date()); gen.setNotAfter(new Date(new Date().getTime() + 1000000000000L)); gen.setPublicKey(subjectPublicKey); try {/*from w w w . j av a 2 s. c o m*/ return gen.generate(issuerPrivateKey); } catch (Exception e) { throw new RuntimeException("Could not sign cerfificate for: " + subjectX500Principal.getName(), e); } }
From source file:org.tramaci.onionmail.LibSTLS.java
License:Open Source License
public static X509Certificate CreateCert(KeyPair KP, String onion, long Dfrom, long Dto, String info, String[] AltName) throws Exception { //OK byte[] bi = Stdio.md5(onion.getBytes()); byte[] bx = new byte[bi.length + 9]; System.arraycopy(bi, 0, bx, 1, bi.length); bx[0] = 0x7C;//from www. ja v a2 s. com byte[] tmp = Stdio.Stosx(new long[] { Dfrom / 1000L, Dto / 1000L }, 4); int bp = 17; for (int ax = 0; ax < 8; ax++) bx[bp++] = tmp[ax]; Date startDate = new Date(Dfrom); // time from which certificate is valid Date expiryDate = new Date(Dto); // time after which certificate is not valid BigInteger serialNumber = new BigInteger(bx); // serial number for certificate KeyPair keyPair = KP; // EC public/private key pair X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); if (info != null && info.length() > 0) info = ", " + info; else info = ""; X500Principal dnName = new X500Principal("CN=" + onion + info); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); // note: same as issuer certGen.setPublicKey(KP.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); if (AltName != null) { int cx = AltName.length; for (int ax = 0; ax < cx; ax++) try { GeneralName generalName = new GeneralName(GeneralName.dNSName, new DERIA5String(AltName[ax].toLowerCase().trim())); GeneralNames subjectAltNames = new GeneralNames(generalName); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new DEROctetString(subjectAltNames)); } catch (Exception EI) { Main.echo("CreateCert Error: " + EI.getMessage() + " (altName=`" + AltName[ax] + "`)\n"); } } X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); return cert; }