Example 21 with X500Name
use of android.sun.security.x509.X500Name in project jss by dogtagpki.
the class EnumerationZeroTest method buildCrl.
/**
* Build a CRL using JSS
* @param useZero whether or not to try creating a CRLEntry with the reason set to "unspecified"
* @return an X509CRL object
* @throws Exception if anything goes wrong
*/
public static X509CRL buildCrl(boolean useZero) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair kp = generator.generateKeyPair();
List<RevokedCertificate> revokedCerts = new ArrayList<>();
for (int i = 0; i <= 10; i++) {
// 7 is an unused value in the enumeration
if (i == 7 || (i == 0 && !useZero)) {
continue;
}
CRLReasonExtension reasonExt = new CRLReasonExtension(RevocationReason.fromInt(i));
outputExtension(reasonExt);
CRLExtensions entryExtensions = new CRLExtensions();
entryExtensions.add(reasonExt);
revokedCerts.add(new RevokedCertImpl(BigInteger.valueOf(i), new Date(), entryExtensions));
}
CRLExtensions crlExtensions = new CRLExtensions();
crlExtensions.add(new CRLNumberExtension(BigInteger.ONE));
crlExtensions.add(buildAuthorityKeyIdentifier((RSAPublicKey) kp.getPublic()));
X500Name issuer = new X500Name("CN=Test");
Date now = new Date();
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_MONTH, 365);
Date until = calendar.getTime();
X509CRLImpl crlImpl = new X509CRLImpl(issuer, now, until, revokedCerts.toArray(new RevokedCertificate[] {}), crlExtensions);
crlImpl.sign(kp.getPrivate(), "SHA256withRSA");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
byte[] data = crlImpl.getEncoded();
return (X509CRL) cf.generateCRL(new ByteArrayInputStream(data));
}
Also used :
KeyPair(java.security.KeyPair)
X509CRL(java.security.cert.X509CRL)
Calendar(java.util.Calendar)
ArrayList(java.util.ArrayList)
RevokedCertificate(org.mozilla.jss.netscape.security.x509.RevokedCertificate)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
CertificateFactory(java.security.cert.CertificateFactory)
Date(java.util.Date)
RevokedCertImpl(org.mozilla.jss.netscape.security.x509.RevokedCertImpl)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CRLReasonExtension(org.mozilla.jss.netscape.security.x509.CRLReasonExtension)
CRLNumberExtension(org.mozilla.jss.netscape.security.x509.CRLNumberExtension)
X509CRLImpl(org.mozilla.jss.netscape.security.x509.X509CRLImpl)
CRLExtensions(org.mozilla.jss.netscape.security.x509.CRLExtensions)
Example 22 with X500Name
use of android.sun.security.x509.X500Name in project jdchain-core by blockchain-jd-com.
the class CATestPlus method run.
@Override
public void run() {
File caHome = new File(caCli.getCaHome());
if (!caHome.exists()) {
caHome.mkdirs();
}
try {
if (StringUtils.isEmpty(password)) {
password = caCli.scanValue("password for all private keys");
}
Security.removeProvider("SunEC");
PrivKey issuerPrivKey = null;
PrivateKey issuerPrivateKey = null;
X509Certificate issuerCrt = null;
File trustStoreFile = new File(caCli.getTlsHome() + File.separator + "trust.jks");
for (int i = 0; i < nodes + users + gws + 1; i++) {
String name;
CertificateRole ou;
if (i == 0) {
name = "root";
ou = CertificateRole.ROOT;
} else if (i <= nodes) {
name = "peer" + (i - 1);
ou = CertificateRole.PEER;
} else if (i <= nodes + gws) {
name = "gw" + (i - nodes - 1);
ou = CertificateRole.GW;
} else {
name = "user" + (i - nodes - gws - 1);
ou = CertificateRole.USER;
}
algorithm = algorithm.toUpperCase();
AsymmetricKeypair keypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
String pubkey = KeyGenUtils.encodePubKey(keypair.getPubKey());
String base58pwd = KeyGenUtils.encodePasswordAsBase58(password);
String privkey = KeyGenUtils.encodePrivKey(keypair.getPrivKey(), base58pwd);
FileUtils.writeText(pubkey, new File(caCli.getKeysHome() + File.separator + name + ".pub"));
FileUtils.writeText(privkey, new File(caCli.getKeysHome() + File.separator + name + ".priv"));
FileUtils.writeText(base58pwd, new File(caCli.getKeysHome() + File.separator + name + ".pwd"));
if (i == 0) {
issuerPrivKey = keypair.getPrivKey();
issuerPrivateKey = CertificateUtils.retrievePrivateKey(issuerPrivKey);
}
X500Name subject = caCli.buildRDN(organization, ou, country, province, locality, name, email);
X509Certificate certificate = caCli.genCert(CertificateUsage.SIGN, algorithm, name, subject, ou, CertificateUtils.retrievePublicKey(keypair.getPubKey()), issuerPrivateKey, issuerCrt);
if (i == 0) {
FileUtils.writeText(CertificateUtils.toPEMString(certificate), new File(caCli.getCaHome() + File.separator + name + ".crt"));
issuerCrt = certificate;
caCli.trustStore(trustStoreFile, name, password, certificate);
} else {
FileUtils.writeText(CertificateUtils.toPEMString(certificate), new File(caCli.getSignHome() + File.separator + name + ".crt"));
String ip = "127.0.0.1";
switch(ou) {
case PEER:
if (nodeIPs.length >= i) {
ip = nodeIPs[i - 1];
}
break;
case GW:
if (gwIPs.length >= i - nodes) {
ip = gwIPs[i - nodes - 1];
}
break;
case USER:
if (gwIPs.length >= i - nodes - gws) {
ip = userIPs[i - nodes - gws - 1];
}
break;
default:
break;
}
PrivateKey privateKey = CertificateUtils.retrievePrivateKey(keypair.getPrivKey(), keypair.getPubKey());
FileUtils.writeText(CertificateUtils.toPEMString(algorithm, privateKey), new File(caCli.getKeysHome() + File.separator + name + ".key"));
if (!algorithm.equalsIgnoreCase("SM2")) {
subject = caCli.buildRDN(organization, ou, country, province, locality, ip, email);
X509Certificate tlsCertificate = caCli.genCert(CertificateUsage.TLS, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(keypair.getPubKey()), issuerPrivateKey, issuerCrt);
FileUtils.writeText(CertificateUtils.toPEMString(tlsCertificate), new File(caCli.getTlsHome() + File.separator + name + ".crt"));
caCli.keyStore(privateKey, name, password, tlsCertificate, issuerCrt);
caCli.trustStore(trustStoreFile, name, password, tlsCertificate);
} else {
AsymmetricKeypair signKeypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
subject = caCli.buildRDN(organization, ou, country, province, locality, ip, email);
X509Certificate signCertificate = caCli.genCert(CertificateUsage.TLS_SIGN, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(signKeypair.getPubKey()), issuerPrivateKey, issuerCrt);
FileUtils.writeText(CertificateUtils.toPEMString(signCertificate), new File(caCli.getTlsHome() + File.separator + name + ".sign.crt"));
PrivateKey signPrivateKey = CertificateUtils.retrievePrivateKey(signKeypair.getPrivKey(), signKeypair.getPubKey());
FileUtils.writeText(CertificateUtils.toPEMString(signPrivateKey), new File(caCli.getKeysHome() + File.separator + name + ".sign.key"));
caCli.keyStore(signPrivateKey, name + ".sign", password, signCertificate, issuerCrt);
AsymmetricKeypair encKeypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
X509Certificate encCertificate = caCli.genCert(CertificateUsage.TLS_ENC, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(encKeypair.getPubKey()), issuerPrivateKey, issuerCrt);
FileUtils.writeText(CertificateUtils.toPEMString(encCertificate), new File(caCli.getTlsHome() + File.separator + name + ".enc.crt"));
PrivateKey encPrivateKey = CertificateUtils.retrievePrivateKey(encKeypair.getPrivKey(), encKeypair.getPubKey());
FileUtils.writeText(CertificateUtils.toPEMString(encPrivateKey), new File(caCli.getKeysHome() + File.separator + name + ".enc.key"));
caCli.keyStore(encPrivateKey, name + ".enc", password, encCertificate, issuerCrt);
caCli.doubleKeysStore(name, signPrivateKey, encPrivateKey, password, signCertificate, encCertificate, issuerCrt);
caCli.trustStore(trustStoreFile, name + ".sign", password, signCertificate);
caCli.trustStore(trustStoreFile, name + ".enc", password, encCertificate);
}
}
}
System.out.println("create test certificates in [" + caCli.getCaHome() + "] success");
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
PrivateKey(java.security.PrivateKey)
X500Name(org.bouncycastle.asn1.x500.X500Name)
CertificateRole(com.jd.blockchain.ca.CertificateRole)
X509Certificate(java.security.cert.X509Certificate)
Example 23 with X500Name
use of android.sun.security.x509.X500Name in project webauthn4j by webauthn4j.
the class TestAttestationUtil method createV1DummyCertificate.
public static X509Certificate createV1DummyCertificate() {
try {
X509v1CertificateBuilder certificateBuilder = new X509v1CertificateBuilder(new X500Name("O=SharpLab., C=US"), BigInteger.valueOf(1), Date.from(Instant.parse("2000-01-01T00:00:00Z")), Date.from(Instant.parse("2999-12-31T23:59:59Z")), new X500Name("O=SharpLab., C=US"), new SubjectPublicKeyInfo(new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WITHRSA"), new byte[0]));
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA").build(RSAUtil.createKeyPair().getPrivate());
X509CertificateHolder certificateHolder = certificateBuilder.build(contentSigner);
try {
return new JcaX509CertificateConverter().getCertificate(certificateHolder);
} catch (CertificateException e) {
throw new com.webauthn4j.validator.exception.CertificateException(e);
}
} catch (OperatorCreationException e) {
throw new UnexpectedCheckedException(e);
}
}
Also used :
UnexpectedCheckedException(com.webauthn4j.util.exception.UnexpectedCheckedException)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Example 24 with X500Name
use of android.sun.security.x509.X500Name in project webauthn4j by webauthn4j.
the class PackedAttestationStatementValidatorTest method generateCertPath.
private static AttestationCertificatePath generateCertPath(KeyPair pair, String signAlg) {
try {
Provider bcProvider = new BouncyCastleProvider();
// Security.addProvider(bcProvider);
long now = System.currentTimeMillis();
Date from = new Date(now);
Date to = new Date(from.getTime() + TimeUnit.DAYS.toMillis(1));
X500Name dnName = new X500Name("C=ORG, O=Dummy Org, OU=Authenticator Attestation, CN=Dummy");
BigInteger certSerialNumber = BigInteger.ZERO;
Calendar calendar = Calendar.getInstance();
calendar.setTime(from);
calendar.add(Calendar.YEAR, 1);
ContentSigner contentSigner = new JcaContentSignerBuilder(signAlg).build(pair.getPrivate());
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(dnName, certSerialNumber, from, to, dnName, pair.getPublic());
BasicConstraints basicConstraints = new BasicConstraints(false);
certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, basicConstraints);
X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(certBuilder.build(contentSigner));
return new AttestationCertificatePath(Collections.singletonList(certificate));
} catch (OperatorCreationException | CertificateException | CertIOException e) {
throw new UnexpectedCheckedException(e);
}
}
Also used :
UnexpectedCheckedException(com.webauthn4j.util.exception.UnexpectedCheckedException)
AttestationCertificatePath(com.webauthn4j.data.attestation.statement.AttestationCertificatePath)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
Calendar(java.util.Calendar)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
CertIOException(org.bouncycastle.cert.CertIOException)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 25 with X500Name
use of android.sun.security.x509.X500Name in project snowblossom by snowblossomcoin.
the class CertGen method generateSelfSignedCert.
/**
* @param key_pair Key pair to use to sign the cert inner signed message, the node key
* @param tls_wkp The temporary key to use just for this cert and TLS sessions
* @param spec Address for 'key_pair'
*/
public static X509Certificate generateSelfSignedCert(WalletKeyPair key_pair, WalletKeyPair tls_wkp, AddressSpec spec) throws Exception {
AddressSpecHash address_hash = AddressUtil.getHashForSpec(spec);
String address = AddressUtil.getAddressString(Globals.NODE_ADDRESS_STRING, address_hash);
byte[] encoded_pub = tls_wkp.getPublicKey().toByteArray();
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encoded_pub));
String dn = String.format("CN=%s, O=Snowblossom", address);
X500Name issuer = new X500Name(dn);
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + 86400000L * 365L * 10L);
X500Name subject = issuer;
X509v3CertificateBuilder cert_builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
// System.out.println(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName);
ASN1ObjectIdentifier snow_claim_oid = new ASN1ObjectIdentifier("2.5.29.134");
// System.out.println(spec);
SignedMessagePayload payload = SignedMessagePayload.newBuilder().setTlsPublicKey(tls_wkp.getPublicKey()).build();
SignedMessage sm = MsgSigUtil.signMessage(spec, key_pair, payload);
byte[] sm_data = sm.toByteString().toByteArray();
cert_builder.addExtension(snow_claim_oid, true, sm_data);
String algorithm = "SHA256withRSA";
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(tls_wkp.getPrivateKey().toByteArray());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
// ContentSigner sigGen = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X509CertificateHolder certificateHolder = cert_builder.build(sigGen);
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
return cert;
}
Also used :
SignedMessagePayload(snowblossom.proto.SignedMessagePayload)
SignedMessage(snowblossom.proto.SignedMessage)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ByteString(com.google.protobuf.ByteString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
AddressSpecHash(snowblossom.lib.AddressSpecHash)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)510
X509Certificate (java.security.cert.X509Certificate)182
BigInteger (java.math.BigInteger)175
Date (java.util.Date)168
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158
ContentSigner (org.bouncycastle.operator.ContentSigner)149
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127
IOException (java.io.IOException)104
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93
KeyPair (java.security.KeyPair)79
RDN (org.bouncycastle.asn1.x500.RDN)75
X500Name (sun.security.x509.X500Name)68
PrivateKey (java.security.PrivateKey)64
CertificateException (java.security.cert.CertificateException)64
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55
SecureRandom (java.security.SecureRandom)54
