Examples with BasicConstraints com.android.org.bouncycastle.asn1.x509.BasicConstraints used on opensource projects

Search in sources :

Example 26 with BasicConstraints

use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project indy by Commonjava.

the class CertUtils method createSignedCertificate.

/**
 * Generate X509Certificate using objects from existing issuer and subject certificates.
 * The generated certificate is signed by issuer PrivateKey.
 * @param certificate
 * @param issuerCertificate
 * @param issuerPrivateKey
 * @param isIntermediate
 * @return
 * @throws Exception
 */
public static X509Certificate createSignedCertificate(X509Certificate certificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean isIntermediate) throws Exception {
    String issuerSigAlg = issuerCertificate.getSigAlgName();
    X500Principal principal = issuerCertificate.getIssuerX500Principal();
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(issuerSigAlg).setProvider(BouncyCastleProvider.PROVIDER_NAME);
    JcaX509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(principal, certificate.getSerialNumber(), certificate.getNotBefore(), certificate.getNotAfter(), certificate.getSubjectX500Principal(), certificate.getPublicKey());
    if (isIntermediate) {
        v3CertGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(-1));
    }
    return converter.getCertificate(v3CertGen.build(contentSignerBuilder.build(issuerPrivateKey)));
}
Also used : JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X500Principal(javax.security.auth.x500.X500Principal) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 27 with BasicConstraints

use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project indy by Commonjava.

the class CertUtilsTest method testIntermediateSignedCertificateWithExtension.

@Test
public void testIntermediateSignedCertificateWithExtension() throws Exception, CertificateException, OperatorCreationException, CertificateEncodingException, CertException {
    PrivateKey caKey = CertUtils.getPrivateKey("src/test/resources/ca.der");
    X509Certificate caCert = CertUtils.loadX509Certificate(new File("src/test/resources", "ca.crt"));
    String subjectCN = "CN=testcase.org, O=Test Org";
    CertificateAndKeys certificateAndKeys = CertUtils.createSignedCertificateAndKey(subjectCN, caCert, caKey, true);
    PublicKey publicKey = certificateAndKeys.getPublicKey();
    X509CertificateHolder certHolder = new X509CertificateHolder(certificateAndKeys.getCertificate().getEncoded());
    Extension ext = certHolder.getExtension(Extension.basicConstraints);
    assertNotNull(ext);
    assertEquals(ext.getExtnId(), Extension.basicConstraints);
    assertEquals(ext.getParsedValue(), new BasicConstraints(-1));
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) File(java.io.File) CertificateAndKeys(org.commonjava.indy.httprox.util.CertificateAndKeys) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 28 with BasicConstraints

use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project zookeeper by apache.

the class QuorumSSLTest method buildEndEntityCert.

public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey, String hostname, String ipAddress, String crlPath, Integer ocspPort) throws Exception {
    X509CertificateHolder holder = new JcaX509CertificateHolder(caCert);
    ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey);
    List<GeneralName> generalNames = new ArrayList<>();
    if (hostname != null) {
        generalNames.add(new GeneralName(GeneralName.dNSName, hostname));
    }
    if (ipAddress != null) {
        generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress));
    }
    SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic().getEncoded()));
    X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils();
    JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()), certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic());
    X509v3CertificateBuilder certificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(holder)).addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(entityKeyInfo)).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    if (!generalNames.isEmpty()) {
        certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {})));
    }
    if (crlPath != null) {
        DistributionPointName distPointOne = new DistributionPointName(new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, "file://" + crlPath)));
        certificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[] { new DistributionPoint(distPointOne, null, null) }));
    }
    if (ocspPort != null) {
        certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort)));
    }
    return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(signer));
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) ArrayList(java.util.ArrayList) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Random(java.util.Random) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)

Example 29 with BasicConstraints

use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project zookeeper by apache.

the class X509TestHelpers method newCert.

/**
 * Using the private key of the given CA key pair and the Subject of the given CA cert as the Issuer, issues a
 * new cert with the given subject and public key. The returned certificate, combined with the private key half
 * of the <code>certPublicKey</code>, should be used as the key store.
 * @param caCert the certificate of the CA that's doing the signing.
 * @param caKeyPair the key pair of the CA. The private key will be used to sign. The public key must match the
 *                  public key in the <code>caCert</code>.
 * @param certSubject the subject field of the new cert being issued.
 * @param certPublicKey the public key of the new cert being issued.
 * @param expirationMillis the expiration of the cert being issued, in milliseconds from now.
 * @return a new certificate signed by the CA's private key.
 * @throws IOException
 * @throws OperatorCreationException
 * @throws GeneralSecurityException
 */
public static X509Certificate newCert(X509Certificate caCert, KeyPair caKeyPair, X500Name certSubject, PublicKey certPublicKey, long expirationMillis) throws IOException, OperatorCreationException, GeneralSecurityException {
    if (!caKeyPair.getPublic().equals(caCert.getPublicKey())) {
        throw new IllegalArgumentException("CA private key does not match the public key in the CA cert");
    }
    Date now = new Date();
    X509v3CertificateBuilder builder = initCertBuilder(new X500Name(caCert.getIssuerDN().getName()), now, new Date(now.getTime() + expirationMillis), certSubject, certPublicKey);
    // not a CA
    builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    builder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth }));
    builder.addExtension(Extension.subjectAlternativeName, false, getLocalhostSubjectAltNames());
    return buildAndSignCertificate(caKeyPair.getPrivate(), builder);
}
Also used : KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) Date(java.util.Date)

Example 30 with BasicConstraints

use of com.android.org.bouncycastle.asn1.x509.BasicConstraints in project qpid-broker-j by apache.

the class TlsResourceBuilder method createCertificate.

private static X509Certificate createCertificate(final KeyPair keyPair, final KeyCertificatePair ca, final String dn, final ValidityPeriod validityPeriod, final Extension... extensions) throws CertificateException {
    try {
        final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(ca.getCertificate(), generateSerialNumber(), new Date(validityPeriod.getFrom().toEpochMilli()), new Date(validityPeriod.getTo().toEpochMilli()), new X500Name(RFC4519Style.INSTANCE, dn), keyPair.getPublic());
        builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        for (Extension e : extensions) {
            builder.addExtension(e);
        }
        return buildX509Certificate(builder, ca.getPrivateKey());
    } catch (OperatorException | IOException e) {
        throw new CertificateException(e);
    }
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Date(java.util.Date) OperatorException(org.bouncycastle.operator.OperatorException)

Aggregations

BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)63 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)35 X500Name (org.bouncycastle.asn1.x500.X500Name)30 Date (java.util.Date)29 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)29 X509Certificate (java.security.cert.X509Certificate)28 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)27 ContentSigner (org.bouncycastle.operator.ContentSigner)27 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)25 BigInteger (java.math.BigInteger)23 KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)22 GeneralName (org.bouncycastle.asn1.x509.GeneralName)20 IOException (java.io.IOException)18 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)17 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15 ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)14 CertificateException (java.security.cert.CertificateException)12 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)12 KeyPair (java.security.KeyPair)10 ArrayList (java.util.ArrayList)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial