List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator setSignatureAlgorithm
public void setSignatureAlgorithm(String signatureAlgorithm)
From source file:org.opcfoundation.ua.utils.CertificateUtils.java
License:Open Source License
private static X509Certificate generateRootCertificate(KeyPair pair) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException { // generate root certificate X509V3CertificateGenerator certGenRoot = new X509V3CertificateGenerator(); certGenRoot.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGenRoot.setIssuerDN(new X500Principal("CN=Test Certificate")); certGenRoot.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGenRoot.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGenRoot.setSubjectDN(new X500Principal("CN=Test Certificate")); certGenRoot.setPublicKey(pair.getPublic()); certGenRoot.setSignatureAlgorithm("SHA1WithRSAEncryption"); return certGenRoot.generate(pair.getPrivate(), "BC"); }
From source file:org.opendaylight.aaa.cert.impl.ODLKeyTool.java
License:Open Source License
public boolean createKeyStoreWithSelfSignCert(final String keyStoreName, final String keyStorePwd, final String dName, final String keyAlias, final int validity) { try {/*from ww w. ja va 2 s.co m*/ final KeyPairGenerator keyPairGenerator = KeyPairGenerator .getInstance(KeyStoreConstant.DEFAULT_KEY_ALG); keyPairGenerator.initialize(KeyStoreConstant.DEFAULT_KEY_SIZE); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final X509V3CertificateGenerator x509V3CertGen = new X509V3CertificateGenerator(); x509V3CertGen.setSerialNumber(getSecureRandomeInt()); x509V3CertGen.setIssuerDN(new X509Principal(dName)); x509V3CertGen.setNotBefore(new Date(System.currentTimeMillis())); x509V3CertGen .setNotAfter(new Date(System.currentTimeMillis() + (KeyStoreConstant.DAY_TIME * validity))); x509V3CertGen.setSubjectDN(new X509Principal(dName)); x509V3CertGen.setPublicKey(keyPair.getPublic()); x509V3CertGen.setSignatureAlgorithm(KeyStoreConstant.DEFAULT_SIGN_ALG); final X509Certificate x509Cert = x509V3CertGen.generateX509Certificate(keyPair.getPrivate()); final KeyStore ctlKeyStore = KeyStore.getInstance("JKS"); ctlKeyStore.load(null, keyStorePwd.toCharArray()); ctlKeyStore.setKeyEntry(keyAlias, keyPair.getPrivate(), keyStorePwd.toCharArray(), new java.security.cert.Certificate[] { x509Cert }); final FileOutputStream fOutputStream = new FileOutputStream(workingDir + keyStoreName); ctlKeyStore.store(fOutputStream, keyStorePwd.toCharArray()); LOG.info("{} is created", keyStoreName); return true; } catch (NoSuchAlgorithmException | InvalidKeyException | SecurityException | SignatureException | KeyStoreException | CertificateException | IOException e) { LOG.error("Fatal error creating key", e); return false; } }
From source file:org.opendaylight.aaa.cert.impl.ODLMdsalKeyTool.java
License:Open Source License
public KeyStore createKeyStoreWithSelfSignCert(final String keyStoreName, final String keyStorePwd, final String dName, final String keyAlias, final int validity, final String keyAlg, final int keySize, final String signAlg) { try {//from w w w.ja va 2s . com final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlg); keyPairGenerator.initialize(keySize); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final X509V3CertificateGenerator x509V3CertGen = new X509V3CertificateGenerator(); x509V3CertGen.setSerialNumber(getSecureRandomeInt()); x509V3CertGen.setIssuerDN(new X509Principal(dName)); x509V3CertGen.setNotBefore(new Date(System.currentTimeMillis())); x509V3CertGen .setNotAfter(new Date(System.currentTimeMillis() + (KeyStoreConstant.DAY_TIME * validity))); x509V3CertGen.setSubjectDN(new X509Principal(dName)); x509V3CertGen.setPublicKey(keyPair.getPublic()); x509V3CertGen.setSignatureAlgorithm(signAlg); final X509Certificate x509Cert = x509V3CertGen.generateX509Certificate(keyPair.getPrivate()); final KeyStore ctlKeyStore = KeyStore.getInstance("JKS"); ctlKeyStore.load(null, keyStorePwd.toCharArray()); ctlKeyStore.setKeyEntry(keyAlias, keyPair.getPrivate(), keyStorePwd.toCharArray(), new java.security.cert.Certificate[] { x509Cert }); LOG.info("{} is created", keyStoreName); return ctlKeyStore; } catch (final NoSuchAlgorithmException | InvalidKeyException | SecurityException | SignatureException | KeyStoreException | CertificateException | IOException e) { LOG.error("Fatal error creating keystore", e); return null; } }
From source file:org.openmaji.implementation.server.security.auth.CoreAdminHelper.java
License:Open Source License
private static void userAdd(String userID, char[] userPass, String userName, String emailAddress, Date expiryDate) throws Exception { if (!userID.toLowerCase().equals(userID)) { throw new IllegalArgumentException("username's cannot have mixed case - must be lower case only."); }/*from w ww.j av a2 s . co m*/ String keyStorePasswd = System.getProperty(MeemCoreRootAuthority.KEYSTORE_PASSWD); if (keyStorePasswd == null) { throw new RuntimeException("unable to find property for key store password."); } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); MajiKeyStore keyStore = MeemCoreRootAuthority.getMajiKeyStore(); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA"); kpGen.initialize(1024); // get "server" key PrivateKey signingKey = (PrivateKey) keyStore.getKey(MeemCoreRootAuthority.KEY_ID, keyStorePasswd.toCharArray()); Certificate[] certs = keyStore.getCertificateChain(MeemCoreRootAuthority.KEY_ID); X509Certificate signingCert = (X509Certificate) certs[0]; KeyPair userKey = kpGen.generateKeyPair(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(signingCert)); certGen.setNotBefore(new Date()); certGen.setNotAfter(expiryDate); certGen.setPublicKey(userKey.getPublic()); if (emailAddress != null) { certGen.setSubjectDN(new X509Principal(new X500Principal("CN=" + userName + ", T=" + userID + ", EMAILADDRESS=" + emailAddress + ", OU=Maji, O=Majitek, C=AU").getEncoded())); } else { certGen.setSubjectDN(new X509Principal( new X500Principal("CN=" + userName + ", T=" + userID + ", OU=Maji, O=Majitek, C=AU") .getEncoded())); } certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(userKey.getPublic())); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(certs[0].getPublicKey(), PrincipalUtil.getSubjectX509Principal(signingCert), signingCert.getSerialNumber())); X509Certificate newCert = certGen.generateX509Certificate(signingKey); Certificate[] chain = new Certificate[certs.length + 1]; chain[0] = newCert; System.arraycopy(certs, 0, chain, 1, certs.length); // // having set up the chain add the user. // MajiKeyStore userKeyStore = MeemCoreRootAuthority.getUserKeyStore(); try { Certificate[] testCerts = userKeyStore.getCertificateChain(userID); if (testCerts != null) { logger.log(Level.WARNING, "User, \"" + userID + "\" already exists. The certificate chain might not be updated"); } } catch (KeyStoreException e) { } userKeyStore.setKeyEntry(userID, userKey.getPrivate(), userPass, chain); logger.log(Level.INFO, "User, \"" + userID + "\" added."); userKeyStore.store(); // // store the encrypted password // byte[] userPassBytes = new byte[userPass.length]; for (int i = 0; i != userPass.length; i++) { userPassBytes[i] = (byte) userPass[i]; } Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPPadding", "BC"); cipher.init(Cipher.ENCRYPT_MODE, certs[0].getPublicKey()); MeemCoreRootAuthority.getUserPasswordFile().setPassword(userID, cipher.doFinal(userPassBytes)); }
From source file:org.opensc.test.pkcs11.SaveCertificateTest.java
License:Open Source License
public void testX509CertificateGeneration() throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidKeyException, IllegalStateException, SignatureException, InvalidKeySpecException { KeyStore ks = KeyStore.getInstance("PKCS11", "OpenSC-PKCS11"); PKCS11LoadStoreParameter params = new PKCS11LoadStoreParameter(); PINEntry pe = new PINEntry(); params.setWaitForSlot(true);// w w w. j a v a2s .c o m params.setProtectionCallback(pe); params.setSOProtectionCallback(pe); params.setWriteEnabled(true); params.setEventHandler(pe); ks.load(params); // well, find a private key. Enumeration<String> aliases = ks.aliases(); String alias = null; while (aliases.hasMoreElements()) { String s = aliases.nextElement(); if (ks.isKeyEntry(s)) { alias = s; break; } } assertNotNull(alias); PKCS11PrivateKey privKey = (PKCS11PrivateKey) ks.getKey(alias, null); PKCS11PublicKey pubKey = privKey.getPublicKey(); KeyFactory kf = KeyFactory.getInstance(pubKey.getAlgorithm()); PublicKey dup = (PublicKey) kf.translateKey(pubKey); PKCS11Id enc1 = new PKCS11Id(pubKey.getEncoded()); PKCS11Id enc2 = new PKCS11Id(dup.getEncoded()); System.out.println("enc1=" + enc1); System.out.println("enc2=" + enc2); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); long now = System.currentTimeMillis(); certGen.setSerialNumber(BigInteger.valueOf(now)); X509Principal subject = new X509Principal("CN=PKCS11 Test CA,DC=opensc-project,DC=org"); certGen.setIssuerDN(subject); certGen.setSubjectDN(subject); Date from_date = new Date(now); certGen.setNotBefore(from_date); Calendar cal = new GregorianCalendar(); cal.setTime(from_date); cal.add(Calendar.YEAR, 4); Date to_date = cal.getTime(); certGen.setNotAfter(to_date); certGen.setPublicKey(dup); certGen.setSignatureAlgorithm("SHA256withRSA"); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyCertSign | KeyUsage.cRLSign)); X509Certificate x509 = certGen.generate(privKey, "OpenSC-PKCS11"); ks.setCertificateEntry(alias, x509); }
From source file:org.ourgrid.common.util.SelfSignedCertificateGenerator.java
License:Open Source License
public static void generateX509Certificate(KeyPair keyPair, String dnData, String certFilePath) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, IOException { X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator(); certGenerator.setSerialNumber(BigInteger.valueOf(1)); certGenerator.setPublicKey(keyPair.getPublic()); certGenerator.setSubjectDN(new X500Principal(dnData)); certGenerator.setIssuerDN(new X500Principal(dnData)); certGenerator.setNotBefore(new Date(System.currentTimeMillis() - VALIDITY_INTERVAL)); certGenerator.setNotAfter(new Date(System.currentTimeMillis() + VALIDITY_INTERVAL)); certGenerator.setSignatureAlgorithm(SignatureConstants.SIGN_ALGORITHM); X509Certificate certificate = certGenerator.generate(keyPair.getPrivate()); File file = new File(certFilePath); if (!file.exists()) { FileUtils.touch(file);/*from w ww. j a v a 2 s . c om*/ } FileOutputStream fosP = new FileOutputStream(file); fosP.write(certificate.getEncoded()); fosP.close(); }
From source file:org.overlord.commons.karaf.commands.saml.GenerateSamlKeystoreUtil.java
License:Apache License
/** * Creates a new key pair and self-signed certificate. * * @param alias//from w ww .j a v a 2s . co m * the alias * @param dname * the dname * @param keyAlgName * the key alg name * @param keysize * the keysize * @param sigAlgName * the sig alg name * @throws Exception * the exception */ private void doGenKeyPair(String alias, String dname, String keyAlgName, int keysize, String sigAlgName) throws Exception { if (keysize == -1) { if ("EC".equalsIgnoreCase(keyAlgName)) { //$NON-NLS-1$ keysize = 256; } else if ("RSA".equalsIgnoreCase(keyAlgName)) { //$NON-NLS-1$ keysize = 2048; } else { keysize = 1024; } } if (keyStore.containsAlias(alias)) { throw new Exception(Messages.getString("Key.pair.not.generated.alias.alias.already.exists")); //$NON-NLS-1$ } if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(keyAlgName); } KeyPairGenerator generator = KeyPairGenerator.getInstance(keyAlgName); generator.initialize(keysize); KeyPair keypair = generator.generateKeyPair(); PrivateKey privKey = keypair.getPrivate(); X509Certificate[] chain = new X509Certificate[1]; Date date = getStartDate(startDate); Calendar calendar = Calendar.getInstance(); calendar.setTime(date); // Configuramos la fecha que se recibe calendar.add(Calendar.DAY_OF_YEAR, validity); // time from which certificate is valid Date expiryDate = calendar.getTime(); // time after which certificate is not valid BigInteger serialNumber = new BigInteger("10"); // serial number for certificate //$NON-NLS-1$ // private key of the certifying authority (ca) certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal subjectName = new X500Principal(dname); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(subjectName); certGen.setNotBefore(date); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(subjectName); certGen.setPublicKey(keypair.getPublic()); certGen.setSignatureAlgorithm("SHA256withRSA"); //$NON-NLS-1$ certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keypair.getPublic())); X509Certificate cert = certGen.generate(keypair.getPrivate(), providerName); chain[0] = cert; keyStore.setKeyEntry(alias, privKey, keyPass, chain); }
From source file:org.owasp.proxy.util.BouncyCastleCertificateUtils.java
License:Open Source License
public static X509Certificate sign(X500Principal subject, PublicKey pubKey, X500Principal issuer, PublicKey caPubKey, PrivateKey caKey, Date begin, Date ends, BigInteger serialNo) throws GeneralSecurityException { try {//w w w . ja v a2 s . c om // X500Name issuerName = new X500Name(issuer.getName()); // X500Name subjectName = new X500Name(subject.getName()); // AlgorithmIdentifier algId = new // AlgorithmIdentifier(pubKey.getAlgorithm()); // SubjectPublicKeyInfo publicKeyInfo = new // SubjectPublicKeyInfo(algId, pubKey.getEncoded()); // // X509v1CertificateBuilder certBuilder = new // X509v1CertificateBuilder(issuerName, serialNo, begin, ends, // subjectName, publicKeyInfo); // ContentSigner cs = new // JcaContentSignerBuilder(SIGALG).setProvider("BC").build(caKey); // X509CertificateHolder holder = certBuilder.build(cs); // Certificate bcCert = holder.toASN1Structure(); // bcCert.get // X509V1CertificateGenerator certGen = new // X509V1CertificateGenerator(); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(serialNo); certGen.setIssuerDN(issuer); certGen.setNotBefore(begin); certGen.setNotAfter(ends); certGen.setSubjectDN(subject); certGen.setPublicKey(pubKey); certGen.setSignatureAlgorithm(SIGALG); // add Extensions if (subject == issuer) { addCACertificateExtensions(certGen); } else { addCertificateExtensions(pubKey, caPubKey, certGen); } X509Certificate cert = certGen.generate(caKey, "BC"); // note: // private // key of CA return cert; } catch (Exception e) { e.printStackTrace(); throw new CertificateEncodingException("generate: " + e.getMessage(), e); } }
From source file:org.pidome.server.services.provider.CertGen.java
License:Apache License
private void gen() throws CertGenException { try {/*from w ww . j av a 2 s. c om*/ File store = new File(SystemConfig.getProperty("system", "server.keystore")); store.getParentFile().mkdirs(); if (store.exists()) { store.delete(); } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(new X500Principal("CN=" + curHost)); certGen.setIssuerDN(new X500Principal("CN=PiDome Server at " + curHost)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); certGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10))); certGen.setPublicKey(KPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); GeneralName altName = new GeneralName(GeneralName.iPAddress, Network.getIpAddressProperty().get().getHostAddress()); GeneralNames subjectAltName = new GeneralNames(altName); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); X509Certificate cert = certGen.generate(KPair.getPrivate(), "BC"); /// Always, but always create a new keystore. a new keystore pass has is always created. privateKS = KeyStore.getInstance("JKS"); privateKS.load(null, null); String storePass = MessageDigest.getInstance("MD5").toString(); privateKS.setKeyEntry("PiDome.Default", KPair.getPrivate(), storePass.toCharArray(), new java.security.cert.Certificate[] { cert }); store.createNewFile(); privateKS.store(new FileOutputStream(store), storePass.toCharArray()); System.setProperty("javax.net.ssl.keyStore", SystemConfig.getProperty("system", "server.keystore")); System.setProperty("javax.net.ssl.keyStorePassword", storePass); available = true; LOG.info("Certificate(s) generated."); } catch (CertificateEncodingException ex) { throw new CertGenException("Could not encode certificate, can not continue: " + ex.getMessage()); } catch (IllegalStateException ex) { throw new CertGenException("Illegal state, can not continue: " + ex.getMessage()); } catch (NoSuchProviderException ex) { throw new CertGenException("No known provider, can not continue: " + ex.getMessage()); } catch (NoSuchAlgorithmException ex) { throw new CertGenException("No such algorithm, can not continue: " + ex.getMessage()); } catch (SignatureException ex) { throw new CertGenException("Signature problem, can not continue: " + ex.getMessage()); } catch (InvalidKeyException ex) { throw new CertGenException("Invalid key used, can not continue: " + ex.getMessage()); } catch (KeyStoreException ex) { throw new CertGenException("KeyStore problem, can not continue: " + ex.getMessage()); } catch (IOException ex) { throw new CertGenException("KeyStore can not be opened, can not continue: " + ex.getMessage()); } catch (CertificateException ex) { throw new CertGenException("KeyStore certificate problem, can not continue: " + ex.getMessage()); } catch (ConfigPropertiesException ex) { throw new CertGenException( "KeyStore location configuration problem, can not continue: " + ex.getMessage()); } }
From source file:org.qipki.crypto.x509.X509GeneratorImpl.java
License:Open Source License
@Override public X509Certificate generateX509Certificate(PrivateKey privateKey, DistinguishedName issuerDN, BigInteger serialNumber, DistinguishedName subjectDN, PublicKey publicKey, Duration validity, List<X509ExtensionHolder> x509Extensions) { try {/* ww w . j a va 2s .c o m*/ X509V3CertificateGenerator x509v3Generator = new X509V3CertificateGenerator(); DateTime now = new DateTime(); x509v3Generator.setSerialNumber(serialNumber); x509v3Generator.setSubjectDN(subjectDN.toX500Principal()); x509v3Generator.setIssuerDN(issuerDN.toX500Principal()); x509v3Generator.setNotBefore(now.minus(Time.CLOCK_SKEW).toDate()); x509v3Generator.setNotAfter(now.plus(validity).minus(Time.CLOCK_SKEW).toDate()); x509v3Generator.setSignatureAlgorithm(SignatureAlgorithm.SHA256withRSA.jcaString()); x509v3Generator.setPublicKey(publicKey); for (X509ExtensionHolder eachExtensionHolder : x509Extensions) { x509v3Generator.addExtension(eachExtensionHolder.getDerOID(), eachExtensionHolder.isCritical(), eachExtensionHolder.getValue()); } return x509v3Generator.generate(privateKey, cryptoContext.providerName()); } catch (GeneralSecurityException ex) { throw new CryptoFailure("Unable to generate X509Certificate", ex); } catch (IllegalStateException ex) { throw new CryptoFailure("Unable to generate X509Certificate", ex); } }