List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator setSignatureAlgorithm
public void setSignatureAlgorithm(String signatureAlgorithm)
From source file:org.tranche.users.MakeUserZipFileTool.java
License:Apache License
/** * <p>Executes the creation of the UserZipFile.</p> * @return//from w w w . j a va2 s . c om * @throws java.lang.NullPointerException * @throws java.security.NoSuchAlgorithmException * @throws java.security.NoSuchProviderException * @throws java.security.SignatureException * @throws java.security.InvalidKeyException */ public UserZipFile makeCertificate() throws NullPointerException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException { // checks if (name == null) { throw new NullPointerException("Name is not set."); } if (passphrase == null) { throw new NullPointerException("Passphrase is not set."); } if (saveFile == null) { throw new RuntimeException("Save location is not set."); } // execute SecurityUtil.lazyLoad(); // make up a new RSA keypair KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); keyGen.initialize(1024); // key pair KeyPair keyPair = keyGen.generateKeyPair(); PrivateKey privateKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); // make a new certificate Hashtable attrs = new Hashtable(); attrs.put(X509Principal.CN, name); // Serialnumber is random bits, where random generator is initialized with Date.getTime() byte[] serno = new byte[8]; SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed(TimeUtil.getTrancheTimestamp()); random.nextBytes(serno); BigInteger sn = new java.math.BigInteger(serno).abs(); // make the principle X509Principal principal = new X509Principal(attrs); //generate cert X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setSerialNumber(sn); // use the give issuer if appropriate if (signerCertificate != null && signerPrivateKey != null) { gen.setIssuerDN((X509Principal) signerCertificate.getSubjectDN()); } else { gen.setIssuerDN(principal); } gen.setNotBefore(startDate); gen.setNotAfter(new Date(startDate.getTime() + (validDays * Long.valueOf("86400000")))); gen.setSubjectDN(principal); gen.setSignatureAlgorithm("SHA1WITHRSA"); gen.setPublicKey(publicKey); // make the certificate X509Certificate cert = null; if (signerCertificate != null && signerPrivateKey != null) { cert = gen.generateX509Certificate(getSignerPrivateKey()); } else { cert = gen.generateX509Certificate(privateKey); } // make the user file UserZipFile uzf = new UserZipFile(saveFile); uzf.setCertificate(cert); uzf.setPrivateKey(privateKey); uzf.setPassphrase(passphrase); uzf.saveTo(saveFile); // return the user return uzf; }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 certificate for users/*from w ww .jav a 2s.c o m*/ */ public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert, Date dateBegin, Date dateFinish, String endEntitySubjectDN) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); certGen.setSubjectDN(new X500Principal(endEntitySubjectDN)); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); return certGen.generate(caKey, ContextVS.PROVIDER); }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 certificate for root CA Authority *///from w ww . jav a2 s. c om public static X509Certificate generateV3RootCert(KeyPair pair, Date dateBegin, Date dateFinish, String strSubjectDN) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); log.info("strSubjectDN: " + strSubjectDN); X509Principal x509Principal = new X509Principal(strSubjectDN); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); certGen.setIssuerDN(x509Principal); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); log.info("dateBegin: " + dateBegin.toString() + " - dateFinish: " + dateFinish.toString()); certGen.setSubjectDN(x509Principal); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); //The following fragment shows how to create one which indicates that //the certificate containing it is a CA and that only one certificate can follow in the certificate path. certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true, 0)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(pair.getPublic())); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); return certGen.generate(pair.getPrivate(), ContextVS.PROVIDER); }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 certificate for TimeStamp signing */// www .j ava2 s.c o m public static X509Certificate generateTimeStampingCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert, long begin, long period, String endEntitySubjectDN) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(new Date(begin)); certGen.setNotAfter(new Date(begin + period)); certGen.setSubjectDN(new X500Principal(endEntitySubjectDN)); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(new DERSequence(KeyPurposeId.id_kp_timeStamping))); return certGen.generate(caKey, ContextVS.PROVIDER); }
From source file:org.votingsystem.signature.util.CertUtils.java
License:Open Source License
/** * Generate V3 Certificate from CSR//from ww w. j a v a 2s . c o m */ public static X509Certificate generateV3EndEntityCertFromCsr(PKCS10CertificationRequest csr, PrivateKey caKey, X509Certificate caCert, Date dateBegin, Date dateFinish, String strSubjectDN, DERTaggedObject... certExtensions) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); PublicKey requestPublicKey = csr.getPublicKey(); X509Principal x509Principal = new X509Principal(strSubjectDN); certGen.setSerialNumber(KeyGeneratorVS.INSTANCE.getSerno()); log.info("generateV3EndEntityCertFromCsr - SubjectX500Principal(): " + caCert.getSubjectX500Principal()); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(dateBegin); certGen.setNotAfter(dateFinish); certGen.setSubjectDN(x509Principal); certGen.setPublicKey(requestPublicKey); certGen.setSignatureAlgorithm(ContextVS.CERT_GENERATION_SIG_ALGORITHM); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(requestPublicKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));//Certificado final certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); ASN1Set attributes = csr.getCertificationRequestInfo().getAttributes(); if (attributes != null) { for (int i = 0; i != attributes.size(); i++) { if (attributes.getObjectAt(i) instanceof DERTaggedObject) { DERTaggedObject taggedObject = (DERTaggedObject) attributes.getObjectAt(i); ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } else { Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); X509Extension ext = extensions.getExtension(oid); certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); } } } } } if (certExtensions != null) { for (DERTaggedObject taggedObject : certExtensions) { if (taggedObject != null) { ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier( ContextVS.VOTING_SYSTEM_BASE_OID + taggedObject.getTagNo()); certGen.addExtension(oid, true, taggedObject); } log.log(Level.FINE, "null taggedObject"); } } X509Certificate cert = certGen.generate(caKey, ContextVS.PROVIDER); cert.verify(caCert.getPublicKey()); return cert; }
From source file:org.xdi.oxauth.model.crypto.signature.ECDSAKeyFactory.java
License:MIT License
public Certificate generateV3Certificate(Date startDate, Date expirationDate, String dnName) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException { // Create certificate BigInteger serialNumber = new BigInteger(1024, new Random()); // serial number for certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal principal = new X500Principal(dnName); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(principal);/* www. ja va 2 s. c o m*/ certGen.setNotBefore(startDate); certGen.setNotAfter(expirationDate); certGen.setSubjectDN(principal); // note: same as issuer certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signatureAlgorithm.getAlgorithm()); X509Certificate x509Certificate = certGen.generate(keyPair.getPrivate(), "BC"); return new Certificate(signatureAlgorithm, x509Certificate); }
From source file:passwdmanager.hig.no.services.PasswdManager.java
private X509Certificate generateDummyCertificate(String signatureAlgorithm) { try {/*from w w w. ja v a 2 s .c o m*/ Date today = Calendar.getInstance().getTime(); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); Date dateOfIssuing = today; Date dateOfExpiry = today; X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator(); certGenerator.setSerialNumber(new BigInteger("1")); certGenerator.setIssuerDN(new X509Name("C=NO, O=HIG, OU=CSCA, CN=PasswdManager/qingbao.guo@hig.no")); certGenerator.setSubjectDN(new X509Name("C=NO, O=HIG, OU=DSCA, CN=PasswdManager/qingbao.guo@hig.no")); certGenerator.setNotBefore(dateOfIssuing); certGenerator.setNotAfter(dateOfExpiry); certGenerator.setPublicKey(publicKey); certGenerator.setSignatureAlgorithm(signatureAlgorithm); X509Certificate cert = (X509Certificate) certGenerator.generate(privateKey, "BC"); if (signer == null) { signer = new SimpleDocumentSigner(privateKey, cert); } return cert; } catch (Exception ex) { return null; } }
From source file:ru.codeinside.gws.signature.injector.InjectTest.java
License:Mozilla Public License
private X509Certificate genCertificate(KeyPair pair) throws NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, InvalidKeyException, SignatureException { Date startDate = new Date(); Date expiryDate = new Date(startDate.getTime() + 10000); BigInteger serialNumber = new BigInteger("123456789"); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal("CN=Test CA Certificate"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName);//from w w w .jav a 2 s . co m certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("GOST3411withECGOST3410"); return certGen.generate(pair.getPrivate(), "BC"); }
From source file:sernet.verinice.encryption.test.CryptoTest.java
License:Open Source License
X509Certificate generateCertificate(String dn, KeyPair pair, int days) throws GeneralSecurityException, IOException { PublicKey publicKey = pair.getPublic(); PrivateKey privateKey = pair.getPrivate(); if (publicKey instanceof RSAPublicKey) { RSAPublicKey rsaPk = (RSAPublicKey) publicKey; RSAPublicKeySpec rsaPkSpec = new RSAPublicKeySpec(rsaPk.getModulus(), rsaPk.getPublicExponent()); try {// w w w.ja v a 2 s .com publicKey = KeyFactory.getInstance("RSA").generatePublic(rsaPkSpec); } catch (InvalidKeySpecException e) { publicKey = pair.getPublic(); } } if (privateKey instanceof RSAPrivateKey) { RSAPrivateKey rsaPk = (RSAPrivateKey) privateKey; RSAPrivateKeySpec rsaPkSpec = new RSAPrivateKeySpec(rsaPk.getModulus(), rsaPk.getPrivateExponent()); try { privateKey = KeyFactory.getInstance("RSA").generatePrivate(rsaPkSpec); } catch (InvalidKeySpecException e) { privateKey = pair.getPrivate(); } } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); String commonName = "CN=" + dn + ", OU=None, O=None L=None, C=None"; X500Principal dnName = new X500Principal(commonName); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(dnName); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); Calendar cal = Calendar.getInstance(); certGen.setNotBefore(cal.getTime()); cal.add(Calendar.YEAR, 5); certGen.setNotAfter(cal.getTime()); certGen.setSubjectDN(dnName); certGen.setPublicKey(publicKey); certGen.setSignatureAlgorithm("MD5WithRSA"); return certGen.generate(privateKey, BouncyCastleProvider.PROVIDER_NAME); }
From source file:sos.util.security.SOSCertificate.java
License:Apache License
/** * Certificate Objekt erzeugen//from w ww .j a v a2 s. c o m * * @param privateKey * @param publicKey * @throws Exception */ public static Certificate createCertificate(PrivateKey privateKey, PublicKey publicKey) throws Exception { if (privateKey == null) { throw new Exception("Private Key is null"); } if (publicKey == null) { throw new Exception("Public Key is null"); } if (SOSCertificate.serialNumber == null) { throw new Exception("Serialnumber is null"); } if (SOSCertificate.subjectDN == null || SOSCertificate.subjectDN.length() == 0) { throw new Exception("Subject DN is empty"); } if (SOSCertificate.issuerDN == null || SOSCertificate.issuerDN.length() == 0) { throw new Exception("Issuer DN is empty"); } long time = gmtCalendar.getTimeInMillis(); if (SOSCertificate.validFrom == null) { //this.validFrom = new Date(); // von gestern SOSCertificate.validFrom = new Date(time - 24L * 60 * 60 * 1000); } if (SOSCertificate.validTo == null) { SOSCertificate.validTo = new Date(SOSCertificate.validFrom.getTime() + 90 * 24 * 60 * 60 * 1000L); //this.validTo = new // Date(System.currentTimeMillis()+90*24*60*60*1000L); } try { if (Security.getProvider("BC") == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); } org.bouncycastle.x509.X509V3CertificateGenerator v3CertGen = new org.bouncycastle.x509.X509V3CertificateGenerator(); // create the certificate - version 3 v3CertGen.reset(); v3CertGen.setSerialNumber(SOSCertificate.serialNumber); // ausgestellt fr v3CertGen.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name(SOSCertificate.issuerDN)); // ausgestellt von //v3CertGen.setSubjectDN(new X509Principal(n)); v3CertGen.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name(SOSCertificate.subjectDN)); // gltig ab v3CertGen.setNotBefore(SOSCertificate.validFrom); //gltig bis v3CertGen.setNotAfter(SOSCertificate.validTo); v3CertGen.setPublicKey(publicKey); //v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); v3CertGen.setSignatureAlgorithm(SOSCertificate.hashAlgorithm + "With" + privateKey.getAlgorithm()); X509Certificate cert = v3CertGen.generateX509Certificate(privateKey); return cert; } catch (NoClassDefFoundError e) { throw new Exception("not found Definition : " + e); } catch (Exception e) { throw new Exception(e); } }