org.bouncycastle.asn1.x500.X500NameBuilder Java Examples
The following examples show how to use
org.bouncycastle.asn1.x500.X500NameBuilder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestDefaultProfile.java From hadoop-ozone with Apache License 2.0 | 6 votes |
|
/**
* Generates an CSR with the extension specified.
* This function is used to get an Invalid CSR and test that PKI profile
* rejects these invalid extensions, Hence the function name, by itself it
* is a well formed CSR, but our PKI profile will treat it as invalid CSR.
*
* @param kPair - Key Pair.
* @return CSR - PKCS10CertificationRequest
* @throws OperatorCreationException - on Error.
*/
private PKCS10CertificationRequest getInvalidCSR(KeyPair kPair,
Extensions extensions) throws OperatorCreationException {
X500NameBuilder namebuilder =
new X500NameBuilder(X500Name.getDefaultStyle());
namebuilder.addRDN(BCStyle.CN, "invalidCert");
PKCS10CertificationRequestBuilder p10Builder =
new JcaPKCS10CertificationRequestBuilder(namebuilder.build(),
keyPair.getPublic());
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extensions);
JcaContentSignerBuilder csBuilder =
new JcaContentSignerBuilder(this.securityConfig.getSignatureAlgo());
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
return p10Builder.build(signer);
}
Example #2
| Source File: CertificateManager.java From Launcher with GNU General Public License v3.0 | 6 votes |
|
public void generateCA() throws NoSuchAlgorithmException, IOException, OperatorCreationException, InvalidAlgorithmParameterException {
ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("secp384k1");
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
generator.initialize(ecGenSpec, SecurityHelper.newRandom());
KeyPair pair = generator.generateKeyPair();
LocalDateTime startDate = LocalDate.now().atStartOfDay();
X500NameBuilder subject = new X500NameBuilder();
subject.addRDN(BCStyle.CN, orgName.concat(" CA"));
subject.addRDN(BCStyle.O, orgName);
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
subject.build(),
new BigInteger("0"),
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),
new X500Name("CN=ca"),
SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()));
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256WITHECDSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
ca = builder.build(signer);
caKey = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
}
Example #3
| Source File: CertificateManager.java From Launcher with GNU General Public License v3.0 | 6 votes |
|
public X509CertificateHolder generateCertificate(String subjectName, PublicKey subjectPublicKey) throws OperatorCreationException {
SubjectPublicKeyInfo subjectPubKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded());
BigInteger serial = BigInteger.valueOf(SecurityHelper.newRandom().nextLong());
Date startDate = Date.from(Instant.now().minus(minusHours, ChronoUnit.HOURS));
Date endDate = Date.from(startDate.toInstant().plus(validDays, ChronoUnit.DAYS));
X500NameBuilder subject = new X500NameBuilder();
subject.addRDN(BCStyle.CN, subjectName);
subject.addRDN(BCStyle.O, orgName);
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(ca.getSubject(), serial,
startDate, endDate, subject.build(), subjectPubKeyInfo);
AlgorithmIdentifier sigAlgId = ca.getSignatureAlgorithm();
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner sigGen = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(caKey);
return v3CertGen.build(sigGen);
}
Example #4
| Source File: KeyGenerator.java From chvote-1-0 with GNU Affero General Public License v3.0 | 6 votes |
|
private X509v3CertificateBuilder createCertificateBuilder(KeyPair keyPair) throws PropertyConfigurationException, CertIOException {
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, propertyConfigurationService.getConfigValue(CERT_COMMON_NAME_PROPERTY));
nameBuilder.addRDN(BCStyle.O, propertyConfigurationService.getConfigValue(CERT_ORGANISATION_PROPERTY));
nameBuilder.addRDN(BCStyle.OU, propertyConfigurationService.getConfigValue(CERT_ORGANISATIONAL_UNIT_PROPERTY));
nameBuilder.addRDN(BCStyle.C, propertyConfigurationService.getConfigValue(CERT_COUNTRY_PROPERTY));
X500Name x500Name = nameBuilder.build();
BigInteger serial = new BigInteger(CERT_SERIAL_NUMBER_BIT_SIZE, SecureRandomFactory.createPRNG());
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = Date.from(startDate.toInstant().plus(propertyConfigurationService.getConfigValueAsInt(CERT_VALIDITY_DAYS_PROPERTY), ChronoUnit.DAYS));
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, serial, startDate, endDate, x500Name, publicKeyInfo);
String certFriendlyName = propertyConfigurationService.getConfigValue(CERT_PRIVATE_FRIENDLY_NAME_PROPERTY);
certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, false, new DERBMPString(certFriendlyName));
return certificateBuilder;
}
Example #5
| Source File: TLSCertificateBuilder.java From fabric-sdk-java with Apache License 2.0 | 6 votes |
|
private X509v3CertificateBuilder createCertBuilder(KeyPair keyPair) {
X500Name subject = new X500NameBuilder(BCStyle.INSTANCE)
.addRDN(BCStyle.CN, commonName)
.build();
Calendar notBefore = new GregorianCalendar();
notBefore.add(Calendar.DAY_OF_MONTH, -1);
Calendar notAfter = new GregorianCalendar();
notAfter.add(Calendar.YEAR, 10);
return new JcaX509v3CertificateBuilder(
subject,
new BigInteger(160, rand),
notBefore.getTime(),
notAfter.getTime(),
subject,
keyPair.getPublic());
}
Example #6
| Source File: CommonUtil.java From gmhelper with Apache License 2.0 | 6 votes |
|
/**
* 如果不知道怎么填充names,可以查看org.bouncycastle.asn1.x500.style.BCStyle这个类,
* names的key值必须是BCStyle.DefaultLookUp中存在的(可以不关心大小写)
*
* @param names
* @return
* @throws InvalidX500NameException
*/
public static X500Name buildX500Name(Map<String, String> names) throws InvalidX500NameException {
if (names == null || names.size() == 0) {
throw new InvalidX500NameException("names can not be empty");
}
try {
X500NameBuilder builder = new X500NameBuilder();
Iterator itr = names.entrySet().iterator();
BCStyle x500NameStyle = (BCStyle) BCStyle.INSTANCE;
Map.Entry entry;
while (itr.hasNext()) {
entry = (Map.Entry) itr.next();
ASN1ObjectIdentifier oid = x500NameStyle.attrNameToOID((String) entry.getKey());
builder.addRDN(oid, (String) entry.getValue());
}
return builder.build();
} catch (Exception ex) {
throw new InvalidX500NameException(ex.getMessage(), ex);
}
}
Example #7
| Source File: CertificateNamesGenerator.java From dcos-commons with Apache License 2.0 | 6 votes |
|
/**
* Returns a Subject for service certificate.
*/
public X500Name getSubject() {
// Create subject CN as pod-name-0-task-name.service-name
String cn = String.format("%s.%s",
EndpointUtils.removeSlashes(EndpointUtils.replaceDotsWithDashes(taskInstanceName)),
EndpointUtils.removeSlashes(EndpointUtils.replaceDotsWithDashes(serviceName)));
if (cn.length() > CN_MAX_LENGTH) {
cn = cn.substring(cn.length() - CN_MAX_LENGTH);
}
return new X500NameBuilder()
.addRDN(BCStyle.CN, cn)
.addRDN(BCStyle.O, "Mesosphere, Inc")
.addRDN(BCStyle.L, "San Francisco")
.addRDN(BCStyle.ST, "CA")
.addRDN(BCStyle.C, "US")
.build();
}
Example #8
| Source File: CertificateHelper.java From signer with GNU Lesser General Public License v3.0 | 5 votes |
|
public static KeyStore createRootCertificate(Authority authority, String keyStoreType)
throws NoSuchAlgorithmException, NoSuchProviderException, CertIOException, IOException,
OperatorCreationException, CertificateException, KeyStoreException {
KeyPair keyPair = generateKeyPair(ROOT_KEYSIZE);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, authority.commonName());
nameBuilder.addRDN(BCStyle.O, authority.organization());
nameBuilder.addRDN(BCStyle.OU, authority.organizationalUnitName());
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER,
subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore result = KeyStore.getInstance(keyStoreType/* , PROVIDER_NAME */);
result.load(null, null);
result.setKeyEntry(authority.alias(), keyPair.getPrivate(), authority.password(), new Certificate[] { cert });
return result;
}
Example #9
| Source File: CertificateService.java From XS2A-Sandbox with Apache License 2.0 | 5 votes |
|
private SubjectData generateSubjectData(CertificateRequest cerData) {
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.O, cerData.getOrganizationName());
if (StringUtils.isNotBlank(cerData.getCommonName())) {
builder.addRDN(BCStyle.CN, cerData.getCommonName());
}
if (cerData.getDomainComponent() != null) {
builder.addRDN(BCStyle.DC, cerData.getDomainComponent());
}
if (cerData.getOrganizationUnit() != null) {
builder.addRDN(BCStyle.OU, cerData.getOrganizationUnit());
}
if (cerData.getCountryName() != null) {
builder.addRDN(BCStyle.C, cerData.getCountryName());
}
if (cerData.getStateOrProvinceName() != null) {
builder.addRDN(BCStyle.ST, cerData.getStateOrProvinceName());
}
if (cerData.getLocalityName() != null) {
builder.addRDN(BCStyle.L, cerData.getLocalityName());
}
builder.addRDN(BCStyle.ORGANIZATION_IDENTIFIER,
"PSD" + getNcaIdFromIssuerData() + "-" + cerData.getAuthorizationNumber());
Date expiration = Date.from(
LocalDate.now().plusDays(cerData.getValidity()).atStartOfDay(ZoneOffset.UTC).toInstant()
);
KeyPair keyPairSubject = generateKeyPair();
Integer serialNumber = random.nextInt(Integer.MAX_VALUE);
return new SubjectData(
keyPairSubject.getPrivate(), keyPairSubject.getPublic(), builder.build(),
serialNumber, new Date(), expiration
);
}
Example #10
| Source File: CertificateHelper.java From signer with GNU Lesser General Public License v3.0 | 5 votes |
|
public static KeyStore createServerCertificate(String commonName,
SubjectAlternativeNameHolder subjectAlternativeNames, Authority authority, Certificate caCert,
PrivateKey caPrivKey)
throws NoSuchAlgorithmException, NoSuchProviderException, IOException, OperatorCreationException,
CertificateException, InvalidKeyException, SignatureException, KeyStoreException {
KeyPair keyPair = generateKeyPair(FAKE_KEYSIZE);
X500Name issuer = new X509CertificateHolder(caCert.getEncoded()).getSubject();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500NameBuilder name = new X500NameBuilder(BCStyle.INSTANCE);
name.addRDN(BCStyle.CN, commonName);
name.addRDN(BCStyle.O, authority.certOrganisation());
name.addRDN(BCStyle.OU, authority.certOrganizationalUnitName());
X500Name subject = name.build();
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER,
subject, keyPair.getPublic());
builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(keyPair.getPublic()));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
subjectAlternativeNames.fillInto(builder);
X509Certificate cert = signCertificate(builder, caPrivKey);
cert.checkValidity(new Date());
cert.verify(caCert.getPublicKey());
KeyStore result = KeyStore.getInstance("PKCS12"
/* , PROVIDER_NAME */);
result.load(null, null);
Certificate[] chain = { cert, caCert };
result.setKeyEntry(authority.alias(), keyPair.getPrivate(), authority.password(), chain);
return result;
}
Example #11
| Source File: BouncyCastleSecurityProviderTool.java From Dream-Catcher with MIT License | 5 votes |
|
/**
* Creates an X500Name based on the specified certificateInfo.
*
* @param certificateInfo information to populate the X500Name with
* @return a new X500Name object for use as a subject or issuer
*/
private static X500Name createX500NameForCertificate(CertificateInfo certificateInfo) {
X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
if (certificateInfo.getCommonName() != null) {
x500NameBuilder.addRDN(BCStyle.CN, certificateInfo.getCommonName());
}
if (certificateInfo.getOrganization() != null) {
x500NameBuilder.addRDN(BCStyle.O, certificateInfo.getOrganization());
}
if (certificateInfo.getOrganizationalUnit() != null) {
x500NameBuilder.addRDN(BCStyle.OU, certificateInfo.getOrganizationalUnit());
}
if (certificateInfo.getEmail() != null) {
x500NameBuilder.addRDN(BCStyle.E, certificateInfo.getEmail());
}
if (certificateInfo.getLocality() != null) {
x500NameBuilder.addRDN(BCStyle.L, certificateInfo.getLocality());
}
if (certificateInfo.getState() != null) {
x500NameBuilder.addRDN(BCStyle.ST, certificateInfo.getState());
}
if (certificateInfo.getCountryCode() != null) {
x500NameBuilder.addRDN(BCStyle.C, certificateInfo.getCountryCode());
}
// TODO: Add more X.509 certificate fields as needed
return x500NameBuilder.build();
}
Example #12
| Source File: CertificateAuthorityClientTest.java From dcos-commons with Apache License 2.0 | 5 votes |
|
private byte[] createCSR() throws IOException, OperatorCreationException {
KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
X500Name name = new X500NameBuilder()
.addRDN(BCStyle.CN, "issuer")
.build();
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(
Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(
Extension.extendedKeyUsage,
true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth }
));
GeneralNames subAtlNames = new GeneralNames(
new GeneralName[]{
new GeneralName(GeneralName.dNSName, "test.com"),
new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR),
}
);
extensionsGenerator.addExtension(
Extension.subjectAlternativeName, true, subAtlNames);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
return PEMUtils.toPEM(csrBuilder.build(signer));
}
Example #13
| Source File: CertificateAuthorityClientTest.java From dcos-commons with Apache License 2.0 | 5 votes |
|
private X509Certificate createCertificate() throws Exception {
KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(
keyPair.getPublic().getEncoded());
X500Name issuer = new X500NameBuilder()
.addRDN(BCStyle.CN, "issuer")
.build();
X500Name subject = new X500NameBuilder()
.addRDN(BCStyle.CN, "subject")
.build();
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509CertificateHolder certHolder = new X509v3CertificateBuilder(
issuer,
new BigInteger("1000"),
Date.from(Instant.now()),
Date.from(Instant.now().plusSeconds(100000)),
subject,
subjectPublicKeyInfo
)
.build(signer);
return (X509Certificate) certificateFactory.
generateCertificate(
new ByteArrayInputStream(certHolder.getEncoded()));
}
Example #14
| Source File: CertificateGeneratorTest.java From haven-platform with Apache License 2.0 | 5 votes |
|
private static JcaX509v3CertificateBuilder createRootCert(KeyPair keypair) throws Exception {
X500NameBuilder ib = new X500NameBuilder(RFC4519Style.INSTANCE);
ib.addRDN(RFC4519Style.c, "AQ");
ib.addRDN(RFC4519Style.o, "Test");
ib.addRDN(RFC4519Style.l, "Vostok Station");
ib.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "[email protected]");
X500Name issuer = ib.build();
return createCert(keypair, issuer, issuer);
}
Example #15
| Source File: AbstractX509CertificateService.java From flashback with BSD 2-Clause "Simplified" License | 5 votes |
|
protected X500Name getSubject(String commonName) {
X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
x500NameBuilder.addRDN(BCStyle.CN, commonName);
x500NameBuilder.addRDN(BCStyle.O, _certificateAuthority.getOrganization());
x500NameBuilder.addRDN(BCStyle.OU, _certificateAuthority.getOrganizationalUnit());
return x500NameBuilder.build();
}
Example #16
| Source File: BouncyCastleSecurityProviderTool.java From AndroidHttpCapture with MIT License | 5 votes |
|
/**
* Creates an X500Name based on the specified certificateInfo.
*
* @param certificateInfo information to populate the X500Name with
* @return a new X500Name object for use as a subject or issuer
*/
private static X500Name createX500NameForCertificate(CertificateInfo certificateInfo) {
X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
if (certificateInfo.getCommonName() != null) {
x500NameBuilder.addRDN(BCStyle.CN, certificateInfo.getCommonName());
}
if (certificateInfo.getOrganization() != null) {
x500NameBuilder.addRDN(BCStyle.O, certificateInfo.getOrganization());
}
if (certificateInfo.getOrganizationalUnit() != null) {
x500NameBuilder.addRDN(BCStyle.OU, certificateInfo.getOrganizationalUnit());
}
if (certificateInfo.getEmail() != null) {
x500NameBuilder.addRDN(BCStyle.E, certificateInfo.getEmail());
}
if (certificateInfo.getLocality() != null) {
x500NameBuilder.addRDN(BCStyle.L, certificateInfo.getLocality());
}
if (certificateInfo.getState() != null) {
x500NameBuilder.addRDN(BCStyle.ST, certificateInfo.getState());
}
if (certificateInfo.getCountryCode() != null) {
x500NameBuilder.addRDN(BCStyle.C, certificateInfo.getCountryCode());
}
// TODO: Add more X.509 certificate fields as needed
return x500NameBuilder.build();
}
Example #17
| Source File: X500NameUtils.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
/**
* Creates an X500Name object from the given components.
*
* @param commonName
* @param organisationUnit
* @param organisationName
* @param localityName
* @param stateName
* @param countryCode
* @param emailAddress
* @return X500Name object from the given components
*/
public static X500Name buildX500Name(String commonName, String organisationUnit, String organisationName,
String localityName, String stateName, String countryCode, String emailAddress) {
X500NameBuilder x500NameBuilder = new X500NameBuilder(KseX500NameStyle.INSTANCE);
if (emailAddress != null) {
x500NameBuilder.addRDN(BCStyle.E, emailAddress);
}
if (countryCode != null) {
x500NameBuilder.addRDN(BCStyle.C, countryCode);
}
if (stateName != null) {
x500NameBuilder.addRDN(BCStyle.ST, stateName);
}
if (localityName != null) {
x500NameBuilder.addRDN(BCStyle.L, localityName);
}
if (organisationName != null) {
x500NameBuilder.addRDN(BCStyle.O, organisationName);
}
if (organisationUnit != null) {
x500NameBuilder.addRDN(BCStyle.OU, organisationUnit);
}
if (commonName != null) {
x500NameBuilder.addRDN(BCStyle.CN, commonName);
}
return x500NameBuilder.build();
}
Example #18
| Source File: SpkacSubject.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
/**
* Get subject as an X.509 name.
*
* @return Name
*/
public X500Name getName() {
X500NameBuilder x500NameBuilder = new X500NameBuilder(KseX500NameStyle.INSTANCE);
if (c != null) {
x500NameBuilder.addRDN(BCStyle.C, c);
}
if (st != null) {
x500NameBuilder.addRDN(BCStyle.ST, st);
}
if (l != null) {
x500NameBuilder.addRDN(BCStyle.L, l);
}
if (o != null) {
x500NameBuilder.addRDN(BCStyle.O, o);
}
if (ou != null) {
x500NameBuilder.addRDN(BCStyle.OU, ou);
}
if (cn != null) {
x500NameBuilder.addRDN(BCStyle.CN, cn);
}
return x500NameBuilder.build();
}
Example #19
| Source File: X509Utils.java From acme-client with Apache License 2.0 | 5 votes |
|
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException {
X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
namebuilder.addRDN(BCStyle.CN, commonNames[0]);
List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length);
for (String cn:commonNames)
subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn));
GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0]));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
PKCS10CertificationRequest request = p10Builder.build(signer);
return request;
}
Example #20
| Source File: CertificateManager.java From Openfire with Apache License 2.0 | 5 votes |
|
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, String issuerCommonName,
String subjectCommonName, String domain,
String signAlgoritm, Set<String> sanDnsNames)
throws GeneralSecurityException, IOException {
// subjectDN
X500NameBuilder subjectBuilder = new X500NameBuilder();
subjectBuilder.addRDN(BCStyle.CN, subjectCommonName);
// issuerDN
X500NameBuilder issuerBuilder = new X500NameBuilder();
issuerBuilder.addRDN(BCStyle.CN, issuerCommonName);
return createX509V3Certificate(kp, days, issuerBuilder, subjectBuilder, domain, signAlgoritm, sanDnsNames);
}
Example #21
| Source File: CertificateGenerator.java From NetBare with MIT License | 5 votes |
|
/**
* Generate a root keystore by a given {@link JKS}.
*
* @param jks A java keystore object.
* @return A root {@link KeyStore}.
*/
public KeyStore generateRoot(JKS jks)
throws KeyStoreException, CertificateException, NoSuchAlgorithmException,
IOException, OperatorCreationException {
KeyPair keyPair = generateKeyPair(ROOT_KEY_SIZE);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, jks.commonName());
nameBuilder.addRDN(BCStyle.O, jks.organization());
nameBuilder.addRDN(BCStyle.OU, jks.organizationalUnitName());
X500Name issuer = nameBuilder.build();
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(
issuer, BigInteger.valueOf(randomSerial()), NOT_BEFORE, NOT_AFTER, issuer, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false,
createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature |
KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false,
new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore result = KeyStore.getInstance(KEY_STORE_TYPE);
result.load(null, null);
result.setKeyEntry(jks.alias(), keyPair.getPrivate(), jks.password(),
new Certificate[] { cert });
return result;
}
Example #22
| Source File: PKCGenerate.java From ofdrw with Apache License 2.0 | 5 votes |
|
/**
* @return 证书请求识别名称 (也就是证书的Subject)
*/
public static X500Name TestND() {
return new X500NameBuilder()
// 国家代码
.addRDN(BCStyle.C, "CN")
// 组织
.addRDN(BCStyle.O, "OFD R&W")
// 省份
.addRDN(BCStyle.ST, "Zhejiang")
// 地区
.addRDN(BCStyle.L, "Hangzhou")
// 通用名称
.addRDN(BCStyle.CN, "Test Certificate")
.build();
}
Example #23
| Source File: BouncyCastleSecurityProviderTool.java From browserup-proxy with Apache License 2.0 | 5 votes |
|
/**
* Creates an X500Name based on the specified certificateInfo.
*
* @param certificateInfo information to populate the X500Name with
* @return a new X500Name object for use as a subject or issuer
*/
private static X500Name createX500NameForCertificate(CertificateInfo certificateInfo) {
X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
if (certificateInfo.getCommonName() != null) {
x500NameBuilder.addRDN(BCStyle.CN, certificateInfo.getCommonName());
}
if (certificateInfo.getOrganization() != null) {
x500NameBuilder.addRDN(BCStyle.O, certificateInfo.getOrganization());
}
if (certificateInfo.getOrganizationalUnit() != null) {
x500NameBuilder.addRDN(BCStyle.OU, certificateInfo.getOrganizationalUnit());
}
if (certificateInfo.getEmail() != null) {
x500NameBuilder.addRDN(BCStyle.E, certificateInfo.getEmail());
}
if (certificateInfo.getLocality() != null) {
x500NameBuilder.addRDN(BCStyle.L, certificateInfo.getLocality());
}
if (certificateInfo.getState() != null) {
x500NameBuilder.addRDN(BCStyle.ST, certificateInfo.getState());
}
if (certificateInfo.getCountryCode() != null) {
x500NameBuilder.addRDN(BCStyle.C, certificateInfo.getCountryCode());
}
// TODO: Add more X.509 certificate fields as needed
return x500NameBuilder.build();
}
Example #24
| Source File: BouncyCastleSecurityProviderTool.java From CapturePacket with MIT License | 5 votes |
|
/**
* Creates an X500Name based on the specified certificateInfo.
*
* @param certificateInfo information to populate the X500Name with
* @return a new X500Name object for use as a subject or issuer
*/
private static X500Name createX500NameForCertificate(CertificateInfo certificateInfo) {
X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
if (certificateInfo.getCommonName() != null) {
x500NameBuilder.addRDN(BCStyle.CN, certificateInfo.getCommonName());
}
if (certificateInfo.getOrganization() != null) {
x500NameBuilder.addRDN(BCStyle.O, certificateInfo.getOrganization());
}
if (certificateInfo.getOrganizationalUnit() != null) {
x500NameBuilder.addRDN(BCStyle.OU, certificateInfo.getOrganizationalUnit());
}
if (certificateInfo.getEmail() != null) {
x500NameBuilder.addRDN(BCStyle.E, certificateInfo.getEmail());
}
if (certificateInfo.getLocality() != null) {
x500NameBuilder.addRDN(BCStyle.L, certificateInfo.getLocality());
}
if (certificateInfo.getState() != null) {
x500NameBuilder.addRDN(BCStyle.ST, certificateInfo.getState());
}
if (certificateInfo.getCountryCode() != null) {
x500NameBuilder.addRDN(BCStyle.C, certificateInfo.getCountryCode());
}
// TODO: Add more X.509 certificate fields as needed
return x500NameBuilder.build();
}
Example #25
| Source File: CertificateGenerator.java From NetBare with MIT License | 5 votes |
|
public KeyStore generateServer(String commonName, JKS jks,
Certificate caCert, PrivateKey caPrivKey)
throws NoSuchAlgorithmException, NoSuchProviderException,
IOException, OperatorCreationException, CertificateException,
InvalidKeyException, SignatureException, KeyStoreException {
KeyPair keyPair = generateKeyPair(SERVER_KEY_SIZE);
X500Name issuer = new X509CertificateHolder(caCert.getEncoded()).getSubject();
BigInteger serial = BigInteger.valueOf(randomSerial());
X500NameBuilder name = new X500NameBuilder(BCStyle.INSTANCE);
name.addRDN(BCStyle.CN, commonName);
name.addRDN(BCStyle.O, jks.certOrganisation());
name.addRDN(BCStyle.OU, jks.certOrganizationalUnitName());
X500Name subject = name.build();
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE,
new Date(System.currentTimeMillis() + ONE_DAY), subject, keyPair.getPublic());
builder.addExtension(Extension.subjectKeyIdentifier, false,
createSubjectKeyIdentifier(keyPair.getPublic()));
builder.addExtension(Extension.basicConstraints, false,
new BasicConstraints(false));
builder.addExtension(Extension.subjectAlternativeName, false,
new DERSequence(new GeneralName(GeneralName.dNSName, commonName)));
X509Certificate cert = signCertificate(builder, caPrivKey);
cert.checkValidity(new Date());
cert.verify(caCert.getPublicKey());
KeyStore result = KeyStore.getInstance(KeyStore.getDefaultType());
result.load(null, null);
Certificate[] chain = { cert, caCert };
result.setKeyEntry(jks.alias(), keyPair.getPrivate(), jks.password(), chain);
return result;
}
Example #26
| Source File: SM2X509CertMakerTest.java From gmhelper with Apache License 2.0 | 5 votes |
|
public static X500Name buildSubjectDN() {
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, "CN");
builder.addRDN(BCStyle.O, "org.zz");
builder.addRDN(BCStyle.OU, "org.zz");
builder.addRDN(BCStyle.CN, "example.org");
builder.addRDN(BCStyle.EmailAddress, "[email protected]");
return builder.build();
}
Example #27
| Source File: SM2X509CertMakerTest.java From gmhelper with Apache License 2.0 | 5 votes |
|
public static X500Name buildRootCADN() {
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, "CN");
builder.addRDN(BCStyle.O, "org.zz");
builder.addRDN(BCStyle.OU, "org.zz");
builder.addRDN(BCStyle.CN, "ZZ Root CA");
return builder.build();
}
Example #28
| Source File: SM2CertUtilTest.java From gmhelper with Apache License 2.0 | 5 votes |
|
public static X500Name buildMidCADN() {
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.C, "CN");
builder.addRDN(BCStyle.O, "org.zz");
builder.addRDN(BCStyle.OU, "org.zz");
builder.addRDN(BCStyle.CN, "ZZ Intermediate CA");
return builder.build();
}
Example #29
| Source File: CertificateAutogenTask.java From Launcher with GNU General Public License v3.0 | 5 votes |
|
@Override
public Path process(Path inputFile) throws IOException {
if (signedDataGenerator != null) return inputFile;
try {
LogHelper.warning("You are using an auto-generated certificate (sign.enabled false). It is not good");
LogHelper.warning("It is highly recommended that you use the correct certificate (sign.enabled true)");
LogHelper.warning("You can use GenerateCertificateModule or your own certificate.");
X500NameBuilder subject = new X500NameBuilder();
subject.addRDN(BCStyle.CN, server.config.projectName.concat(" Autogenerated"));
subject.addRDN(BCStyle.O, server.config.projectName);
LocalDateTime startDate = LocalDate.now().atStartOfDay();
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
subject.build(),
new BigInteger("0"),
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),
new X500Name("CN=ca"),
SubjectPublicKeyInfo.getInstance(server.publicKey.getEncoded()));
builder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_codeSigning));
//builder.addExtension(Extension.keyUsage, false, new KeyUsage(1));
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256WITHECDSA");
ContentSigner signer = csBuilder.build(server.privateKey);
bcCertificate = builder.build(signer);
certificate = new JcaX509CertificateConverter().setProvider("BC")
.getCertificate(bcCertificate);
ArrayList<Certificate> chain = new ArrayList<>();
chain.add(certificate);
signedDataGenerator = SignHelper.createSignedDataGenerator(server.privateKey, certificate, chain, "SHA256WITHECDSA");
} catch (OperatorCreationException | CMSException | CertificateException e) {
LogHelper.error(e);
}
return inputFile;
}
Example #30
| Source File: CertificateHelper.java From PowerTunnel with MIT License | 4 votes |
|
public static KeyStore createRootCertificate(Authority authority,
String keyStoreType) throws NoSuchAlgorithmException,
NoSuchProviderException, IOException,
OperatorCreationException, CertificateException, KeyStoreException {
KeyPair keyPair = generateKeyPair(ROOT_KEYSIZE);
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, authority.commonName());
nameBuilder.addRDN(BCStyle.O, authority.organization());
nameBuilder.addRDN(BCStyle.OU, authority.organizationalUnitName());
X500Name issuer = nameBuilder.build();
BigInteger serial = BigInteger.valueOf(initRandomSerial());
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(
issuer, serial, NOT_BEFORE, NOT_AFTER, subject, pubKey);
generator.addExtension(Extension.subjectKeyIdentifier, false,
createSubjectKeyIdentifier(pubKey));
generator.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign
| KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
generator.addExtension(Extension.keyUsage, false, usage);
ASN1EncodableVector purposes = new ASN1EncodableVector();
purposes.add(KeyPurposeId.id_kp_serverAuth);
purposes.add(KeyPurposeId.id_kp_clientAuth);
purposes.add(KeyPurposeId.anyExtendedKeyUsage);
generator.addExtension(Extension.extendedKeyUsage, false,
new DERSequence(purposes));
X509Certificate cert = signCertificate(generator, keyPair.getPrivate());
KeyStore result = KeyStore
.getInstance(keyStoreType/* , PROVIDER_NAME */);
result.load(null, null);
result.setKeyEntry(authority.alias(), keyPair.getPrivate(),
authority.password(), new Certificate[] { cert });
return result;
}
