List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator setSerialNumber
public void setSerialNumber(BigInteger serialNumber)
From source file:com.kixeye.chassis.transport.shared.JettyConnectorRegistry.java
License:Apache License
/** * Register to listen to HTTPS.//from w ww .j a va 2 s. co m * * @param server * @param address * @throws Exception */ public static void registerHttpsConnector(Server server, InetSocketAddress address, boolean selfSigned, boolean mutualSsl, String keyStorePath, String keyStoreData, String keyStorePassword, String keyManagerPassword, String trustStorePath, String trustStoreData, String trustStorePassword, String[] excludedCipherSuites) throws Exception { // SSL Context Factory SslContextFactory sslContextFactory = new SslContextFactory(); if (selfSigned) { char[] passwordChars = UUID.randomUUID().toString().toCharArray(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, passwordChars); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()).abs()); v3CertGen.setIssuerDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None")); v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10))); v3CertGen.setSubjectDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None")); v3CertGen.setPublicKey(keyPair.getPublic()); v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption"); X509Certificate privateKeyCertificate = v3CertGen.generateX509Certificate(keyPair.getPrivate()); keyStore.setKeyEntry("selfSigned", keyPair.getPrivate(), passwordChars, new java.security.cert.Certificate[] { privateKeyCertificate }); ByteArrayOutputStream keyStoreBaos = new ByteArrayOutputStream(); keyStore.store(keyStoreBaos, passwordChars); keyStoreData = new String(Hex.encode(keyStoreBaos.toByteArray()), Charsets.UTF_8); keyStorePassword = new String(passwordChars); keyManagerPassword = keyStorePassword; sslContextFactory.setTrustAll(true); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); if (StringUtils.isNotBlank(keyStoreData)) { keyStore.load(new ByteArrayInputStream(Hex.decode(keyStoreData)), keyStorePassword.toCharArray()); } else if (StringUtils.isNotBlank(keyStorePath)) { try (InputStream inputStream = new DefaultResourceLoader().getResource(keyStorePath).getInputStream()) { keyStore.load(inputStream, keyStorePassword.toCharArray()); } } sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyStorePassword(keyStorePassword); if (StringUtils.isBlank(keyManagerPassword)) { keyManagerPassword = keyStorePassword; } sslContextFactory.setKeyManagerPassword(keyManagerPassword); KeyStore trustStore = null; if (StringUtils.isNotBlank(trustStoreData)) { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(new ByteArrayInputStream(Hex.decode(trustStoreData)), trustStorePassword.toCharArray()); } else if (StringUtils.isNotBlank(trustStorePath)) { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream inputStream = new DefaultResourceLoader().getResource(trustStorePath) .getInputStream()) { trustStore.load(inputStream, trustStorePassword.toCharArray()); } } if (trustStore != null) { sslContextFactory.setTrustStore(trustStore); sslContextFactory.setTrustStorePassword(trustStorePassword); } sslContextFactory.setNeedClientAuth(mutualSsl); sslContextFactory.setExcludeCipherSuites(excludedCipherSuites); // SSL Connector ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory()); connector.setHost(address.getHostName()); connector.setPort(address.getPort()); server.addConnector(connector); }
From source file:com.nokia.tools.vct.internal.common.secure.core.KeyStoreManager.java
License:Open Source License
public X509Certificate createCertificate(KeyPair keys, int years, Map<String, String> fields) throws CoreException { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setNotBefore(new GregorianCalendar(Locale.getDefault()).getTime()); GregorianCalendar gregorianCalendar = new GregorianCalendar(); gregorianCalendar.add(Calendar.YEAR, 1); certGen.setNotAfter(gregorianCalendar.getTime()); certGen.setPublicKey(keys.getPublic()); StringBuffer userInformation = new StringBuffer(); UUID uuid = UUID.randomUUID(); ByteBuffer bb = ByteBuffer.allocate(17); bb.put((byte) 0); bb.putLong(uuid.getMostSignificantBits()); bb.putLong(uuid.getLeastSignificantBits()); BigInteger bigInteger = new BigInteger(bb.array()); userInformation.append("SERIALNUMBER=").append(bigInteger.toString()); for (Map.Entry<String, String> field : fields.entrySet()) { userInformation.append(','); userInformation.append(field.getKey()); userInformation.append('='); userInformation.append(escapeRFC2253(field.getValue())); }// ww w . j a v a 2 s . c o m X500Principal principal = new X500Principal(userInformation.toString()); certGen.setIssuerDN(principal); certGen.setSubjectDN(principal); certGen.setSignatureAlgorithm(SIGNATURE_SHA1_RSA); X509Certificate certificate; try { certificate = certGen.generate(keys.getPrivate()); } catch (Exception ex) { IStatus status = new Status(IStatus.ERROR, SecurityCorePlugin.PLUGIN_ID, "Failed to generate certificate", ex); SecurityCorePlugin.getDefault().getLog().log(status); throw new CoreException(status); } return certificate; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param certificatePublicKey//from ww w . ja v a 2 s.com * @param caPrivateKey * @param issuer * @param subject * * @return */ public static X509Certificate generateClientCertificate(PublicKey certificatePublicKey, PrivateKey caPrivateKey, X509Name issuer, X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); setNotBeforeNotAfter(gen, 10); // validity from 48 hours in the past until 10 years in the future gen.setSubjectDN(subject); gen.setPublicKey(certificatePublicKey); gen.setSignatureAlgorithm(getSignatureAlgorithm()); gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addClientExtensions(gen); cert = gen.generate(caPrivateKey, "BC"); return cert; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param certificatePublicKey/* w w w . j a va 2 s . c om*/ * @param caPrivateKey * @param issuer * @param subject * * @return */ public static X509Certificate generateServerCertificate(PublicKey certificatePublicKey, PrivateKey caPrivateKey, X509Name issuer, X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); gen.setSubjectDN(subject); setNotBeforeNotAfter(gen, 10); // validity from 48 hours in the past until 10 years in the future gen.setPublicKey(certificatePublicKey); gen.setSignatureAlgorithm(getSignatureAlgorithm()); gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addSSLServerExtensions(gen); cert = gen.generate(caPrivateKey, "BC"); return cert; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
License:Open Source License
/** * @param kp//from ww w . j av a 2 s . co m * @param issuer * @param subject * * @return */ public static X509Certificate generateCaCertificate(final String friendlyName, final KeyPair kp, final BigInteger serial, final X509Name issuer, final X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); setNotBeforeNotAfter(gen, 20); // The CA certificate is valid for 20 years gen.setSubjectDN(subject); gen.setPublicKey(kp.getPublic()); gen.setSignatureAlgorithm(getSignatureAlgorithm()); if (serial != null) gen.setSerialNumber(serial); else gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addCaExtensions(gen, kp.getPublic()); // gen.addExtension(X509Extensions.SubjectKeyIdentifier, false, // new SubjectKeyIdentifierStructure(kp.getPublic())); cert = gen.generate(kp.getPrivate(), "BC"); cert.checkValidity(); cert.verify(kp.getPublic(), "BC"); if (friendlyName != null) { PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(friendlyName)); } return cert; }
From source file:com.qut.middleware.crypto.impl.CryptoProcessorImpl.java
License:Apache License
private X509Certificate generateV3Certificate(KeyPair pair, String certSubjectDN, Calendar before, Calendar expiry) throws CryptoException { X509V3CertificateGenerator cert = new X509V3CertificateGenerator(); /* Set the certificate serial number to a random number */ Random rand = new Random(); rand.setSeed(System.currentTimeMillis()); /* Generates a number between 0 and 2^32 as the serial */ BigInteger serial = BigInteger.valueOf(rand.nextInt(Integer.MAX_VALUE)); logger.info("Setting X509 Cert Serial to: " + serial); cert.setSerialNumber(serial); /* Set the certificate issuer */ cert.setIssuerDN(new X500Principal(this.certIssuerDN)); /* Set the start of valid period. */ cert.setNotBefore(before.getTime()); /* Set the certificate expiry date. */ cert.setNotAfter(expiry.getTime());/*from w w w . j a v a2 s . com*/ /* Set the subject */ cert.setSubjectDN(new X500Principal(certSubjectDN)); cert.setPublicKey(pair.getPublic()); /* Signature algorithm, this may need to be changed if not all hosts have SHA256 and RSA implementations */ cert.setSignatureAlgorithm("SHA512withRSA"); cert.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); /* Only for signing */ cert.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign)); cert.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); /* Set a contact email address for the issuer */ cert.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, this.certIssuerEmail))); logger.debug("Generating X509Certificate for key pair: " + pair); try { /* Use the BouncyCastle provider to actually generate the X509Certificate now */ return cert.generateX509Certificate(pair.getPrivate(), "BC"); } catch (InvalidKeyException e) { this.logger.error("InvalidKeyException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } catch (NoSuchProviderException e) { this.logger.error("NoSuchProviderException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } catch (SecurityException e) { this.logger.error("SecurityException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } catch (SignatureException e) { this.logger.error("SignatureException thrown, " + e.getLocalizedMessage()); this.logger.debug(e.toString()); throw new CryptoException(e.getLocalizedMessage(), e); } }
From source file:com.raphfrk.bukkit.eventlink.SSLUtils.java
License:Open Source License
static boolean generateCertificateFile(File file, int keySize, String password, String algorithm, String certificateAlgorithm, String certificateName, boolean forceWrite) { KeyPair keyPair;// w w w .ja v a 2s. c o m X509Certificate cert; X509V3CertificateGenerator certGen = null; String providerName = "BC"; if (Security.getProvider(providerName) == null) { Security.addProvider(new BouncyCastleProvider()); if (Security.getProvider(providerName) == null) { EventLink.logger.log("Crypt libray (" + providerName + ") provider not installed"); return false; } } try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm); synchronized (randomLock) { keyPairGenerator.initialize(keySize, random); } keyPair = KeyPairGenerator.getInstance(algorithm).generateKeyPair(); certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal(certificateName)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000)); certGen.setSubjectDN(new X500Principal(certificateName)); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(certificateAlgorithm); cert = certGen.generate(keyPair.getPrivate(), "BC"); } catch (IllegalArgumentException iae) { EventLink.logger.log("Unable to find provider (BC)"); iae.printStackTrace(); if (certGen != null) { Iterator itr = certGen.getSignatureAlgNames(); while (itr.hasNext()) { System.out.println("Algorithm: " + itr.next()); } } return false; } catch (NoSuchProviderException nspe) { EventLink.logger.log("Unable to find provider (BC)"); nspe.printStackTrace(); return false; } catch (NoSuchAlgorithmException nsa) { EventLink.logger.log("Unable to implement algorithm (" + certificateAlgorithm + ")"); if (certGen != null) { Iterator<String> itr = certGen.getSignatureAlgNames(); while (itr.hasNext()) { String algName = itr.next(); System.out.println("Algorithm: " + algName + " " + (algName.equals(certificateAlgorithm))); } } nsa.printStackTrace(); return false; } catch (InvalidKeyException ike) { EventLink.logger.log("Unable to generate key"); ike.printStackTrace(); return false; } catch (SignatureException se) { EventLink.logger.log("Signature error"); se.printStackTrace(); return false; } catch (CertificateEncodingException cee) { EventLink.logger.log("Encoding error"); cee.printStackTrace(); return false; } return createKeyFile(file, password, keyPair, cert, forceWrite); }
From source file:com.squareup.okhttp.internal.SslContextBuilder.java
License:Apache License
/** * Generates a certificate for {@code hostName} containing {@code keyPair}'s * public key, signed by {@code keyPair}'s private key. *///from www.j a va 2 s . c o m @SuppressWarnings("deprecation") // use the old Bouncy Castle APIs to reduce dependencies. public X509Certificate selfSignedCertificate(KeyPair keyPair, String serialNumber) throws GeneralSecurityException { X509V3CertificateGenerator generator = new X509V3CertificateGenerator(); X500Principal issuer = new X500Principal("CN=" + hostName); X500Principal subject = new X500Principal("CN=" + hostName); generator.setSerialNumber(new BigInteger(serialNumber)); generator.setIssuerDN(issuer); generator.setNotBefore(new Date(notBefore)); generator.setNotAfter(new Date(notAfter)); generator.setSubjectDN(subject); generator.setPublicKey(keyPair.getPublic()); generator.setSignatureAlgorithm("SHA256WithRSAEncryption"); return generator.generateX509Certificate(keyPair.getPrivate(), "BC"); }
From source file:com.streamreduce.util.CAGenerator.java
License:Apache License
public static X509Certificate generateCACert(KeyPair keyPair) throws Exception { Date startDate = new Date(System.currentTimeMillis()); // time from which certificate is valid Calendar expiry = Calendar.getInstance(); expiry.add(Calendar.DAY_OF_YEAR, 1000 * 365); Date expiryDate = expiry.getTime(); // time after which certificate is not valid BigInteger serialNumber = new BigInteger(Long.toString(System.currentTimeMillis())); // serial number for certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal("CN=Nodeable Client"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName);/*w ww . j a v a 2 s. co m*/ certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("MD5withRSA"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic())); return certGen.generate(keyPair.getPrivate()); // note: private key of CA }
From source file:com.trsst.Command.java
License:Apache License
private static final X509Certificate createCertificate(KeyPair keyPair, String algorithm) { org.bouncycastle.x509.X509V3CertificateGenerator certGen = new org.bouncycastle.x509.X509V3CertificateGenerator(); long now = System.currentTimeMillis(); certGen.setSerialNumber(java.math.BigInteger.valueOf(now)); org.bouncycastle.jce.X509Principal subject = new org.bouncycastle.jce.X509Principal( "CN=Trsst Keystore,DC=trsst,DC=com"); certGen.setIssuerDN(subject);/* w w w . j a va 2s . c om*/ certGen.setSubjectDN(subject); Date fromDate = new java.util.Date(now); certGen.setNotBefore(fromDate); Calendar cal = new java.util.GregorianCalendar(); cal.setTime(fromDate); cal.add(java.util.Calendar.YEAR, 100); Date toDate = cal.getTime(); certGen.setNotAfter(toDate); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(algorithm); certGen.addExtension(org.bouncycastle.asn1.x509.X509Extensions.BasicConstraints, true, new org.bouncycastle.asn1.x509.BasicConstraints(false)); certGen.addExtension(org.bouncycastle.asn1.x509.X509Extensions.KeyUsage, true, new org.bouncycastle.asn1.x509.KeyUsage(org.bouncycastle.asn1.x509.KeyUsage.digitalSignature | org.bouncycastle.asn1.x509.KeyUsage.keyEncipherment | org.bouncycastle.asn1.x509.KeyUsage.keyCertSign | org.bouncycastle.asn1.x509.KeyUsage.cRLSign)); X509Certificate x509 = null; try { x509 = certGen.generateX509Certificate(keyPair.getPrivate()); } catch (InvalidKeyException e) { log.error("Error generating certificate: invalid key", e); } catch (SecurityException e) { log.error("Unexpected error generating certificate", e); } catch (SignatureException e) { log.error("Error generating generating certificate signature", e); } return x509; }