List of usage examples for org.bouncycastle.x509 X509V3CertificateGenerator X509V3CertificateGenerator
public X509V3CertificateGenerator()
From source file:org.owasp.proxy.util.BouncyCastleCertificateUtils.java
License:Open Source License
public static X509Certificate sign(X500Principal subject, PublicKey pubKey, X500Principal issuer, PublicKey caPubKey, PrivateKey caKey, Date begin, Date ends, BigInteger serialNo) throws GeneralSecurityException { try {//from w w w. j a v a2s . c om // X500Name issuerName = new X500Name(issuer.getName()); // X500Name subjectName = new X500Name(subject.getName()); // AlgorithmIdentifier algId = new // AlgorithmIdentifier(pubKey.getAlgorithm()); // SubjectPublicKeyInfo publicKeyInfo = new // SubjectPublicKeyInfo(algId, pubKey.getEncoded()); // // X509v1CertificateBuilder certBuilder = new // X509v1CertificateBuilder(issuerName, serialNo, begin, ends, // subjectName, publicKeyInfo); // ContentSigner cs = new // JcaContentSignerBuilder(SIGALG).setProvider("BC").build(caKey); // X509CertificateHolder holder = certBuilder.build(cs); // Certificate bcCert = holder.toASN1Structure(); // bcCert.get // X509V1CertificateGenerator certGen = new // X509V1CertificateGenerator(); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(serialNo); certGen.setIssuerDN(issuer); certGen.setNotBefore(begin); certGen.setNotAfter(ends); certGen.setSubjectDN(subject); certGen.setPublicKey(pubKey); certGen.setSignatureAlgorithm(SIGALG); // add Extensions if (subject == issuer) { addCACertificateExtensions(certGen); } else { addCertificateExtensions(pubKey, caPubKey, certGen); } X509Certificate cert = certGen.generate(caKey, "BC"); // note: // private // key of CA return cert; } catch (Exception e) { e.printStackTrace(); throw new CertificateEncodingException("generate: " + e.getMessage(), e); } }
From source file:org.pidome.server.services.provider.CertGen.java
License:Apache License
private void gen() throws CertGenException { try {/* w w w . j a v a2s . c o m*/ File store = new File(SystemConfig.getProperty("system", "server.keystore")); store.getParentFile().mkdirs(); if (store.exists()) { store.delete(); } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(new X500Principal("CN=" + curHost)); certGen.setIssuerDN(new X500Principal("CN=PiDome Server at " + curHost)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); certGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10))); certGen.setPublicKey(KPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); GeneralName altName = new GeneralName(GeneralName.iPAddress, Network.getIpAddressProperty().get().getHostAddress()); GeneralNames subjectAltName = new GeneralNames(altName); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); X509Certificate cert = certGen.generate(KPair.getPrivate(), "BC"); /// Always, but always create a new keystore. a new keystore pass has is always created. privateKS = KeyStore.getInstance("JKS"); privateKS.load(null, null); String storePass = MessageDigest.getInstance("MD5").toString(); privateKS.setKeyEntry("PiDome.Default", KPair.getPrivate(), storePass.toCharArray(), new java.security.cert.Certificate[] { cert }); store.createNewFile(); privateKS.store(new FileOutputStream(store), storePass.toCharArray()); System.setProperty("javax.net.ssl.keyStore", SystemConfig.getProperty("system", "server.keystore")); System.setProperty("javax.net.ssl.keyStorePassword", storePass); available = true; LOG.info("Certificate(s) generated."); } catch (CertificateEncodingException ex) { throw new CertGenException("Could not encode certificate, can not continue: " + ex.getMessage()); } catch (IllegalStateException ex) { throw new CertGenException("Illegal state, can not continue: " + ex.getMessage()); } catch (NoSuchProviderException ex) { throw new CertGenException("No known provider, can not continue: " + ex.getMessage()); } catch (NoSuchAlgorithmException ex) { throw new CertGenException("No such algorithm, can not continue: " + ex.getMessage()); } catch (SignatureException ex) { throw new CertGenException("Signature problem, can not continue: " + ex.getMessage()); } catch (InvalidKeyException ex) { throw new CertGenException("Invalid key used, can not continue: " + ex.getMessage()); } catch (KeyStoreException ex) { throw new CertGenException("KeyStore problem, can not continue: " + ex.getMessage()); } catch (IOException ex) { throw new CertGenException("KeyStore can not be opened, can not continue: " + ex.getMessage()); } catch (CertificateException ex) { throw new CertGenException("KeyStore certificate problem, can not continue: " + ex.getMessage()); } catch (ConfigPropertiesException ex) { throw new CertGenException( "KeyStore location configuration problem, can not continue: " + ex.getMessage()); } }
From source file:org.qipki.crypto.x509.X509GeneratorImpl.java
License:Open Source License
@Override public X509Certificate generateX509Certificate(PrivateKey privateKey, DistinguishedName issuerDN, BigInteger serialNumber, DistinguishedName subjectDN, PublicKey publicKey, Duration validity, List<X509ExtensionHolder> x509Extensions) { try {/*w ww .j a va2 s . c om*/ X509V3CertificateGenerator x509v3Generator = new X509V3CertificateGenerator(); DateTime now = new DateTime(); x509v3Generator.setSerialNumber(serialNumber); x509v3Generator.setSubjectDN(subjectDN.toX500Principal()); x509v3Generator.setIssuerDN(issuerDN.toX500Principal()); x509v3Generator.setNotBefore(now.minus(Time.CLOCK_SKEW).toDate()); x509v3Generator.setNotAfter(now.plus(validity).minus(Time.CLOCK_SKEW).toDate()); x509v3Generator.setSignatureAlgorithm(SignatureAlgorithm.SHA256withRSA.jcaString()); x509v3Generator.setPublicKey(publicKey); for (X509ExtensionHolder eachExtensionHolder : x509Extensions) { x509v3Generator.addExtension(eachExtensionHolder.getDerOID(), eachExtensionHolder.isCritical(), eachExtensionHolder.getValue()); } return x509v3Generator.generate(privateKey, cryptoContext.providerName()); } catch (GeneralSecurityException ex) { throw new CryptoFailure("Unable to generate X509Certificate", ex); } catch (IllegalStateException ex) { throw new CryptoFailure("Unable to generate X509Certificate", ex); } }
From source file:org.signserver.module.renewal.worker.MockCA.java
License:Open Source License
private static X509Certificate createCertificate(String subject, String issuer, long validity, String sigAlg, PublicKey pubKey, PrivateKey caPrivateKey) throws Exception { final long currentTime = new Date().getTime(); final Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000); final Date lastDate = new Date(currentTime + validity * 1000); X509V3CertificateGenerator cg = new X509V3CertificateGenerator(); // Add all mandatory attributes cg.setSerialNumber(BigInteger.valueOf(firstDate.getTime())); LOG.debug("keystore signing algorithm " + sigAlg); cg.setSignatureAlgorithm(sigAlg);/*from ww w . j ava 2s.c om*/ cg.setSubjectDN(new X500Principal(subject)); if (pubKey == null) { throw new Exception("Public key is null"); } cg.setPublicKey(pubKey); cg.setNotBefore(firstDate); cg.setNotAfter(lastDate); cg.setIssuerDN(new X500Principal(issuer)); return cg.generate(caPrivateKey, "BC"); }
From source file:org.signserver.validationservice.server.ValidationTestUtils.java
License:Open Source License
public static X509Certificate genCert(String dn, String issuerdn, PrivateKey privKey, PublicKey pubKey, Date startDate, Date endDate, boolean isCA, int keyUsage, CRLDistPoint crlDistPoint) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException { X509V3CertificateGenerator certgen = new X509V3CertificateGenerator(); byte[] serno = new byte[8]; SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed((new Date().getTime())); random.nextBytes(serno);//from www. ja v a 2 s . c om certgen.setSerialNumber((new java.math.BigInteger(serno)).abs()); certgen.setNotBefore(startDate); certgen.setNotAfter(endDate); certgen.setSignatureAlgorithm("SHA1WithRSA"); certgen.setSubjectDN(CertTools.stringToBcX509Name(dn)); certgen.setIssuerDN(CertTools.stringToBcX509Name(issuerdn)); certgen.setPublicKey(pubKey); // CRL Distribution point if (crlDistPoint != null) { certgen.addExtension(X509Extensions.CRLDistributionPoints, false, crlDistPoint); } // Basic constranits is always critical and MUST be present at-least in CA-certificates. BasicConstraints bc = new BasicConstraints(isCA); certgen.addExtension(X509Extensions.BasicConstraints.getId(), true, bc); // Put critical KeyUsage in CA-certificates if (keyUsage == 0) { if (isCA == true) { int keyusage = X509KeyUsage.keyCertSign + X509KeyUsage.cRLSign; X509KeyUsage ku = new X509KeyUsage(keyusage); certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku); } } else { X509KeyUsage ku = new X509KeyUsage(keyUsage); certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku); } X509Certificate cert = certgen.generate(privKey); return cert; }
From source file:org.sonatype.nexus.ssl.CertificateUtil.java
License:Open Source License
public static X509Certificate generateCertificate(final PublicKey publicKey, final PrivateKey privateKey, final String algorithm, final int validDays, final String commonName, final String orgUnit, final String organization, final String locality, final String state, final String country) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, CertificateEncodingException { X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); Vector<ASN1ObjectIdentifier> order = new Vector<>(); Hashtable<ASN1ObjectIdentifier, String> attributeMap = new Hashtable<>(); if (commonName != null) { attributeMap.put(X509Name.CN, commonName); order.add(X509Name.CN);//from ww w .j av a2 s . c o m } if (orgUnit != null) { attributeMap.put(X509Name.OU, orgUnit); order.add(X509Name.OU); } if (organization != null) { attributeMap.put(X509Name.O, organization); order.add(X509Name.O); } if (locality != null) { attributeMap.put(X509Name.L, locality); order.add(X509Name.L); } if (state != null) { attributeMap.put(X509Name.ST, state); order.add(X509Name.ST); } if (country != null) { attributeMap.put(X509Name.C, country); order.add(X509Name.C); } X509Name issuerDN = new X509Name(order, attributeMap); // validity long now = System.currentTimeMillis(); long expire = now + (long) validDays * 24 * 60 * 60 * 1000; certificateGenerator.setNotBefore(new Date(now)); certificateGenerator.setNotAfter(new Date(expire)); certificateGenerator.setIssuerDN(issuerDN); certificateGenerator.setSubjectDN(issuerDN); certificateGenerator.setPublicKey(publicKey); certificateGenerator.setSignatureAlgorithm(algorithm); certificateGenerator.setSerialNumber(BigInteger.valueOf(now)); // make certificate return certificateGenerator.generate(privateKey); }
From source file:org.structr.function.CreateJarFileFunction.java
License:Open Source License
private KeyStore getOrCreateKeystore(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) { final String keystorePath = "test.keystore"; final String keystorePass = "test"; final java.io.File keystoreFile = new java.io.File(keystorePath); if (keystoreFile.exists()) { try (final FileInputStream fis = new FileInputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fis, keystorePass.toCharArray()); return keystore; } catch (Throwable t) { t.printStackTrace();//from w w w .ja v a 2 s. c om } } else { try (final FileOutputStream fos = new FileOutputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePass.toCharArray()); final KeyPairGenerator gen = KeyPairGenerator.getInstance(keygenAlgorithm); gen.initialize(1024, SecureRandom.getInstance(srngAlgorithm)); final KeyPair keyPair = gen.generateKeyPair(); final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy"); final Date startDate = dateFormat.parse("01.01.2015"); final Date expiryDate = dateFormat.parse("01.01.2017"); final BigInteger serialNumber = BigInteger.valueOf(1234); final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); final X500Principal dnName = new X500Principal("CN=Test CA Certificate"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signAlgorithm); final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); keystore.setCertificateEntry("cert", cert); keystore.setKeyEntry("priv", keyPair.getPrivate(), keystorePass.toCharArray(), new Certificate[] { cert }); keystore.store(fos, keystorePass.toCharArray()); fos.flush(); return keystore; } catch (Throwable t) { t.printStackTrace(); } } return null; }
From source file:org.structr.jar.CreateJarFileFunction.java
License:Open Source License
private KeyStore getOrCreateKeystore(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) { final String keystorePath = "test.keystore"; final String keystorePass = "test"; final java.io.File keystoreFile = new java.io.File(keystorePath); if (keystoreFile.exists()) { try (final FileInputStream fis = new FileInputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fis, keystorePass.toCharArray()); return keystore; } catch (Throwable t) { logger.log(Level.WARNING, "", t); }//from w w w.ja va 2 s .c om } else { try (final FileOutputStream fos = new FileOutputStream(keystoreFile)) { final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, keystorePass.toCharArray()); final KeyPairGenerator gen = KeyPairGenerator.getInstance(keygenAlgorithm); gen.initialize(1024, SecureRandom.getInstance(srngAlgorithm)); final KeyPair keyPair = gen.generateKeyPair(); final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy"); final Date startDate = dateFormat.parse("01.01.2015"); final Date expiryDate = dateFormat.parse("01.01.2017"); final BigInteger serialNumber = BigInteger.valueOf(1234); final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); final X500Principal dnName = new X500Principal("CN=Test CA Certificate"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName); certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm(signAlgorithm); final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); keystore.setCertificateEntry("cert", cert); keystore.setKeyEntry("priv", keyPair.getPrivate(), keystorePass.toCharArray(), new Certificate[] { cert }); keystore.store(fos, keystorePass.toCharArray()); fos.flush(); return keystore; } catch (Throwable t) { logger.log(Level.WARNING, "", t); } } return null; }
From source file:org.sufficientlysecure.keychain.pgp.PgpToX509.java
License:Open Source License
/** * Creates a self-signed certificate from a public and private key. The (critical) key-usage * extension is set up with: digital signature, non-repudiation, key-encipherment, key-agreement * and certificate-signing. The (non-critical) Netscape extension is set up with: SSL client and * S/MIME. A URI subjectAltName may also be set up. * * @param pubKey public key// ww w . j a v a2 s. c o m * @param privKey private key * @param subject subject (and issuer) DN for this certificate, RFC 2253 format preferred. * @param startDate date from which the certificate will be valid (defaults to current date and time * if null) * @param endDate date until which the certificate will be valid (defaults to current date and time * if null) * * @param subjAltNameURI URI to be placed in subjectAltName * @return self-signed certificate * @throws InvalidKeyException * @throws SignatureException * @throws NoSuchAlgorithmException * @throws IllegalStateException * @throws NoSuchProviderException * @throws CertificateException * @throws Exception * @author Bruno Harbulot */ public static X509Certificate createSelfSignedCert(PublicKey pubKey, PrivateKey privKey, X509Name subject, Date startDate, Date endDate, String subjAltNameURI) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException { X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator(); certGenerator.reset(); /* * Sets up the subject distinguished name. Since it's a self-signed certificate, issuer and * subject are the same. */ certGenerator.setIssuerDN(subject); certGenerator.setSubjectDN(subject); /* * Sets up the validity dates. */ if (startDate == null) { startDate = new Date(System.currentTimeMillis()); } certGenerator.setNotBefore(startDate); if (endDate == null) { endDate = new Date(startDate.getTime() + (365L * 24L * 60L * 60L * 1000L)); Log.d(Constants.TAG, "end date is=" + DateFormat.getDateInstance().format(endDate)); } certGenerator.setNotAfter(endDate); /* * The serial-number of this certificate is 1. It makes sense because it's self-signed. */ certGenerator.setSerialNumber(BigInteger.ONE); /* * Sets the public-key to embed in this certificate. */ certGenerator.setPublicKey(pubKey); /* * Sets the signature algorithm. */ String pubKeyAlgorithm = pubKey.getAlgorithm(); if (pubKeyAlgorithm.equals("DSA")) { certGenerator.setSignatureAlgorithm("SHA1WithDSA"); } else if (pubKeyAlgorithm.equals("RSA")) { certGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption"); } else { RuntimeException re = new RuntimeException("Algorithm not recognised: " + pubKeyAlgorithm); Log.e(Constants.TAG, re.getMessage(), re); throw re; } /* * Adds the Basic Constraint (CA: true) extension. */ certGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); /* * Adds the subject key identifier extension. */ SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pubKey); certGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, subjectKeyIdentifier); /* * Adds the authority key identifier extension. */ AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(pubKey); certGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, authorityKeyIdentifier); /* * Adds the subject alternative-name extension. */ if (subjAltNameURI != null) { GeneralNames subjectAltNames = new GeneralNames( new GeneralName(GeneralName.uniformResourceIdentifier, subjAltNameURI)); certGenerator.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltNames); } /* * Creates and sign this certificate with the private key corresponding to the public key of * the certificate (hence the name "self-signed certificate"). */ X509Certificate cert = certGenerator.generate(privKey); /* * Checks that this certificate has indeed been correctly signed. */ cert.verify(pubKey); return cert; }
From source file:org.tolven.config.model.CredentialManager.java
License:Open Source License
private X509Certificate signCertificate(X500Principal subjectX500Principal, PublicKey subjectPublicKey, X500Principal issuerX500Principal, PrivateKey issuerPrivateKey) throws GeneralSecurityException { X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setSignatureAlgorithm("SHA1withRSA"); gen.setSubjectDN(subjectX500Principal); gen.setSerialNumber(getNextSerialNumber()); gen.setIssuerDN(issuerX500Principal); gen.setNotBefore(new Date()); gen.setNotAfter(new Date(new Date().getTime() + 1000000000000L)); gen.setPublicKey(subjectPublicKey);// www . j a v a 2 s . c om return gen.generate(issuerPrivateKey); }