Example 16 with BasicConstraints
use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project runwar by cfmlprojects.
the class SelfSignedCertificate method generateCertificate.
private static X509Certificate generateCertificate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
final X500Name subject = new X500Name("CN=" + fqdn);
final SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded());
final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
final AsymmetricKeyParameter keyParam = PrivateKeyFactory.createKey(keypair.getPrivate().getEncoded());
final ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParam);
X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(subject, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, subject, subPubKeyInfo);
v3CertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
v3CertBuilder.addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment));
v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(keypair.getPublic()));
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
X509Certificate cert = converter.getCertificate(v3CertBuilder.build(sigGen));
cert.checkValidity();
cert.verify(keypair.getPublic());
return cert;
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
BigInteger(java.math.BigInteger)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)
Example 17 with BasicConstraints
use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project keystore-explorer by kaikramer.
the class DBasicConstraints method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
BasicConstraints basicConstraints = BasicConstraints.getInstance(value);
jcbSubjectIsCa.setSelected(basicConstraints.isCA());
if (basicConstraints.getPathLenConstraint() != null) {
jtfPathLengthConstraint.setText("" + basicConstraints.getPathLenConstraint().intValue());
jtfPathLengthConstraint.setCaretPosition(0);
}
}
Also used :
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 18 with BasicConstraints
use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project keystore-explorer by kaikramer.
the class DBasicConstraints method okPressed.
private void okPressed() {
boolean ca = jcbSubjectIsCa.isSelected();
int pathLengthConstraint = -1;
String pathLengthConstraintStr = jtfPathLengthConstraint.getText().trim();
if (pathLengthConstraintStr.length() > 0) {
try {
pathLengthConstraint = Integer.parseInt(pathLengthConstraintStr);
} catch (NumberFormatException ex) {
JOptionPane.showMessageDialog(this, res.getString("DBasicConstraints.InvalidLengthValue.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
if (pathLengthConstraint < 0) {
JOptionPane.showMessageDialog(this, res.getString("DBasicConstraints.InvalidLengthValue.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
}
BasicConstraints basicConstraints;
if (pathLengthConstraint != -1) {
// pathLengthConstraint set automatically means ca=true
basicConstraints = new BasicConstraints(pathLengthConstraint);
} else {
basicConstraints = new BasicConstraints(ca);
}
try {
value = basicConstraints.getEncoded(ASN1Encoding.DER);
} catch (IOException ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
Also used :
IOException(java.io.IOException)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
DError(org.kse.gui.error.DError)
Example 19 with BasicConstraints
use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project jruby-openssl by jruby.
the class X509Extension method value.
@JRubyMethod
public RubyString value(final ThreadContext context) {
if (this.value instanceof RubyString) {
// return the same as set
return (RubyString) this.value;
}
final Ruby runtime = context.runtime;
final String oid = getRealObjectID().getId();
try {
if (oid.equals("2.5.29.19")) {
// basicConstraints
ASN1Sequence seq2 = (ASN1Sequence) ASN1.readObject(getRealValueEncoded());
final ByteList val = new ByteList(32);
if (seq2.size() > 0) {
val.append(CA_);
ASN1Encodable obj0 = seq2.getObjectAt(0);
final boolean bool;
if (obj0 instanceof ASN1Boolean) {
bool = ((ASN1Boolean) obj0).isTrue();
} else {
// NOTE: keep it due BC <= 1.50
bool = ((DERBoolean) obj0).isTrue();
}
val.append(bool ? TRUE : FALSE);
}
if (seq2.size() > 1) {
val.append(", pathlen:".getBytes());
val.append(seq2.getObjectAt(1).toString().getBytes());
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.15")) {
// keyUsage
final byte[] enc = getRealValueEncoded();
byte b3 = 0;
byte b2 = enc[2];
if (enc.length > 3)
b3 = enc[3];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b2 & (byte) 128) != 0) {
val.append(sep);
val.append(Decipher_Only);
sep = SEP;
}
if ((b3 & (byte) 128) != 0) {
val.append(sep);
val.append(Digital_Signature);
sep = SEP;
}
if ((b3 & (byte) 64) != 0) {
val.append(sep);
val.append(Non_Repudiation);
sep = SEP;
}
if ((b3 & (byte) 32) != 0) {
val.append(sep);
val.append(Key_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 16) != 0) {
val.append(sep);
val.append(Data_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 8) != 0) {
val.append(sep);
val.append(Key_Agreement);
sep = SEP;
}
if ((b3 & (byte) 4) != 0) {
val.append(sep);
val.append(Certificate_Sign);
sep = SEP;
}
if ((b3 & (byte) 2) != 0) {
val.append(sep);
val.append(CRL_Sign);
sep = SEP;
}
if ((b3 & (byte) 1) != 0) {
// sep = SEP;
val.append(sep);
// sep = SEP;
val.append(Encipher_Only);
}
return runtime.newString(val);
}
if (oid.equals("2.16.840.1.113730.1.1")) {
// nsCertType
final byte b0 = getRealValueEncoded()[0];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b0 & (byte) 128) != 0) {
val.append(sep);
val.append(SSL_Client);
sep = SEP;
}
if ((b0 & (byte) 64) != 0) {
val.append(sep);
val.append(SSL_Server);
sep = SEP;
}
if ((b0 & (byte) 32) != 0) {
val.append(sep);
val.append(SMIME);
sep = SEP;
}
if ((b0 & (byte) 16) != 0) {
val.append(sep);
val.append(Object_Signing);
sep = SEP;
}
if ((b0 & (byte) 8) != 0) {
val.append(sep);
val.append(Unused);
sep = SEP;
}
if ((b0 & (byte) 4) != 0) {
val.append(sep);
val.append(SSL_CA);
sep = SEP;
}
if ((b0 & (byte) 2) != 0) {
val.append(sep);
val.append(SMIME_CA);
sep = SEP;
}
if ((b0 & (byte) 1) != 0) {
val.append(sep);
val.append(Object_Signing_CA);
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.14")) {
// subjectKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
byte[] octets = ((ASN1OctetString) value).getOctets();
if (octets.length > 0 && octets[0] == BERTags.OCTET_STRING) {
// read nested octets
value = ASN1.readObject(octets);
}
}
return runtime.newString(hexBytes(keyidBytes(value.toASN1Primitive()), 0));
}
if (oid.equals("2.5.29.35")) {
// authorityKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
final ByteList val = new ByteList(72);
val.append(keyid_);
if (value instanceof ASN1Sequence) {
final ASN1Sequence seq = (ASN1Sequence) value;
final int size = seq.size();
if (size == 0)
return RubyString.newEmptyString(runtime);
ASN1Primitive keyid = seq.getObjectAt(0).toASN1Primitive();
hexBytes(keyidBytes(keyid), val).append('\n');
for (int i = 1; i < size; i++) {
final ASN1Encodable issuer = seq.getObjectAt(i);
// NOTE: blindly got OpenSSL tests passing (likely in-complete) :
if (issuer instanceof ASN1TaggedObject) {
ASN1Primitive obj = ((ASN1TaggedObject) issuer).getObject();
switch(((ASN1TaggedObject) issuer).getTagNo()) {
case 1:
if (obj instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(obj), val, true);
}
break;
case // serial
2:
val.append(new byte[] { 's', 'e', 'r', 'i', 'a', 'l', ':' });
if (obj instanceof ASN1Integer) {
hexBytes(((ASN1Integer) obj).getValue().toByteArray(), val);
} else {
hexBytes(((ASN1OctetString) obj).getOctets(), val);
}
break;
}
}
val.append('\n');
}
return runtime.newString(val);
}
hexBytes(keyidBytes(value.toASN1Primitive()), val).append('\n');
return runtime.newString(val);
}
if (oid.equals("2.5.29.21")) {
// CRLReason
final IRubyObject value = getValue(runtime);
switch(RubyNumeric.fix2int(value)) {
case 0:
return runtime.newString(new ByteList(Unspecified));
case 1:
return RubyString.newString(runtime, "Key Compromise");
case 2:
return RubyString.newString(runtime, "CA Compromise");
case 3:
return RubyString.newString(runtime, "Affiliation Changed");
case 4:
return RubyString.newString(runtime, "Superseded");
case 5:
return RubyString.newString(runtime, "Cessation Of Operation");
case 6:
return RubyString.newString(runtime, "Certificate Hold");
case 8:
return RubyString.newString(runtime, "Remove From CRL");
case 9:
return RubyString.newString(runtime, "Privilege Withdrawn");
default:
return runtime.newString(new ByteList(Unspecified));
}
}
if (oid.equals("2.5.29.17") || oid.equals("2.5.29.18")) {
// subjectAltName || issuerAltName
try {
ASN1Encodable value = getRealValue();
final ByteList val = new ByteList(64);
if (value instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
if (value instanceof GeneralName) {
formatGeneralName((GeneralName) value, val, false);
return runtime.newString(val);
}
if (value instanceof ASN1OctetString) {
// decoded octets will end up as an ASN1Sequence instance :
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
if (value instanceof ASN1TaggedObject) {
// DERTaggedObject (issuerAltName wrapping)
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
final GeneralName[] names = GeneralNames.getInstance(value).getNames();
for (int i = 0; i < names.length; i++) {
boolean other = formatGeneralName(names[i], val, false);
if (i < names.length - 1) {
if (other)
val.append(';');
else
val.append(',').append(' ');
}
}
return runtime.newString(val);
} catch (IllegalArgumentException e) {
debugStackTrace(runtime, e);
return rawValueAsString(context);
}
}
if (oid.equals("2.5.29.37")) {
// extendedKeyUsage
final ByteList val = new ByteList(64);
if (this.value instanceof ASN1Sequence) {
// opt "short" path
final ASN1Sequence seq = (ASN1Sequence) this.value;
final int size = seq.size();
for (int i = 0; i < size; i++) {
ASN1Encodable o = seq.getObjectAt(i);
String name = o.toString();
Integer nid = ASN1.oid2nid(runtime, new ASN1ObjectIdentifier(name));
if (nid != null)
name = ASN1.nid2ln(runtime, nid);
if (name == null)
name = o.toString();
val.append(ByteList.plain(name));
if (i < size - 1)
val.append(',').append(' ');
}
return runtime.newString(val);
}
final IRubyObject value = getValue(runtime);
if (value instanceof RubyArray) {
final RubyArray arr = (RubyArray) value;
final int size = arr.size();
for (int i = 0; i < size; i++) {
IRubyObject entry = arr.eltInternal(i);
if ("ObjectId".equals(entry.getMetaClass().getBaseName())) {
entry = entry.callMethod(context, "ln");
} else if (entry.respondsTo("value")) {
entry = entry.callMethod(context, "value");
}
val.append(entry.asString().getByteList());
if (i < size - 1)
val.append(',').append(' ');
}
}
return runtime.newString(val);
}
return rawValueAsString(context);
} catch (IOException e) {
debugStackTrace(runtime, e);
throw newExtensionError(runtime, e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ByteList(org.jruby.util.ByteList)
RubyArray(org.jruby.RubyArray)
RubyString(org.jruby.RubyString)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RubyString(org.jruby.RubyString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Ruby(org.jruby.Ruby)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 20 with BasicConstraints
use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project vespa by vespa-engine.
the class X509CertificateBuilder method build.
public X509Certificate build() {
try {
JcaX509v3CertificateBuilder jcaCertBuilder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(serialNumber), Date.from(notBefore), Date.from(notAfter), subject, certPublicKey);
if (basicConstraintsExtension != null) {
jcaCertBuilder.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
}
if (!subjectAlternativeNames.isEmpty()) {
GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
jcaCertBuilder.addExtension(Extension.subjectAlternativeName, false, generalNames);
}
ContentSigner contentSigner = new JcaContentSignerBuilder(signingAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(caPrivateKey);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProviderHolder.getInstance()).getCertificate(jcaCertBuilder.build(contentSigner));
} catch (OperatorException | GeneralSecurityException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
Also used :
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
OperatorException(org.bouncycastle.operator.OperatorException)
Aggregations
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)63
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)35
X500Name (org.bouncycastle.asn1.x500.X500Name)30
Date (java.util.Date)29
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)29
X509Certificate (java.security.cert.X509Certificate)28
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)27
ContentSigner (org.bouncycastle.operator.ContentSigner)27
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)25
BigInteger (java.math.BigInteger)23
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)22
GeneralName (org.bouncycastle.asn1.x509.GeneralName)20
IOException (java.io.IOException)18
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)17
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15
ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)14
CertificateException (java.security.cert.CertificateException)12
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)12
KeyPair (java.security.KeyPair)10
ArrayList (java.util.ArrayList)10
