Search in sources :

Example 16 with X509V3CertificateGenerator

use of com.android.org.bouncycastle.x509.X509V3CertificateGenerator in project platform_frameworks_base by android.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithValidSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithValidSignature(PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception {
    final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setPublicKey(publicKey);
    certGen.setSerialNumber(mSpec.getCertificateSerialNumber());
    certGen.setSubjectDN(mSpec.getCertificateSubject());
    certGen.setIssuerDN(mSpec.getCertificateSubject());
    certGen.setNotBefore(mSpec.getCertificateNotBefore());
    certGen.setNotAfter(mSpec.getCertificateNotAfter());
    certGen.setSignatureAlgorithm(signatureAlgorithm);
    return certGen.generate(privateKey);
}
Also used : X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)

Example 17 with X509V3CertificateGenerator

use of com.android.org.bouncycastle.x509.X509V3CertificateGenerator in project nhin-d by DirectProject.

the class PKCS11Commands method createKeyPair.

@Command(name = "CreateKeyPair", usage = CREATE_KEY_PAIR)
public void createKeyPair(String[] args) {
    final String alias = StringArrayUtil.getRequiredValue(args, 0);
    final String keySize = StringArrayUtil.getOptionalValue(args, 1, "2048");
    try {
        // create a local keygen for a private key to sign the certificate
        final KeyPairGenerator localKeyGen = KeyPairGenerator.getInstance("RSA", "BC");
        final KeyPair localKeyPair = localKeyGen.generateKeyPair();
        final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", mgr.getKS().getProvider().getName());
        keyGen.initialize(Integer.parseInt(keySize));
        final KeyPair keyPair = keyGen.generateKeyPair();
        // create a self signed certificate
        X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
        v1CertGen.setPublicKey(keyPair.getPublic());
        v1CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
        Calendar start = Calendar.getInstance();
        Calendar end = Calendar.getInstance();
        end.add(Calendar.DAY_OF_MONTH, 3000);
        v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
        v1CertGen.setIssuerDN(new X509Principal("cn=test"));
        v1CertGen.setNotBefore(start.getTime());
        v1CertGen.setNotAfter(end.getTime());
        // issuer and subject are the same for a CA
        v1CertGen.setSubjectDN(new X509Principal("cn=test"));
        v1CertGen.setPublicKey(keyPair.getPublic());
        X509Certificate newCACert = v1CertGen.generate(localKeyPair.getPrivate(), "BC");
        mgr.getKS().setKeyEntry(alias, keyPair.getPrivate(), "".toCharArray(), new X509Certificate[] { newCACert });
        System.out.println("Key pair created and stored.");
    } catch (Exception e) {
        e.printStackTrace();
        System.err.println("Failed to generate key pair: " + e.getMessage());
    }
}
Also used : KeyPair(java.security.KeyPair) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) X509Principal(org.bouncycastle.jce.X509Principal) Calendar(java.util.Calendar) KeyPairGenerator(java.security.KeyPairGenerator) X509Certificate(java.security.cert.X509Certificate) Command(org.nhindirect.common.tooling.Command)

Example 18 with X509V3CertificateGenerator

use of com.android.org.bouncycastle.x509.X509V3CertificateGenerator in project nhin-d by DirectProject.

the class CertGenerator method createLeafCertificate.

private static CertCreateFields createLeafCertificate(CertCreateFields fields, KeyPair keyPair, boolean addAltNames) throws Exception {
    String altName = "";
    StringBuilder dnBuilder = new StringBuilder();
    // create the DN
    if (fields.getAttributes().containsKey("EMAILADDRESS")) {
        dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
        altName = fields.getAttributes().get("EMAILADDRESS").toString();
    }
    if (fields.getAttributes().containsKey("CN"))
        dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
    if (fields.getAttributes().containsKey("C"))
        dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
    if (fields.getAttributes().containsKey("ST"))
        dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
    if (fields.getAttributes().containsKey("L"))
        dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
    if (fields.getAttributes().containsKey("O"))
        dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
    String DN = dnBuilder.toString().trim();
    if (DN.endsWith(","))
        DN = DN.substring(0, DN.length() - 1);
    X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
    Calendar start = Calendar.getInstance();
    Calendar end = Calendar.getInstance();
    end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
    // not the best way to do this... generally done with a db file
    v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
    // issuer is the parent cert
    v1CertGen.setIssuerDN(fields.getSignerCert().getSubjectX500Principal());
    v1CertGen.setNotBefore(start.getTime());
    v1CertGen.setNotAfter(end.getTime());
    v1CertGen.setSubjectDN(new X509Principal(DN));
    v1CertGen.setPublicKey(keyPair.getPublic());
    v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
    // pointer to the parent CA
    v1CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
    v1CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
    boolean allowToSign = (fields.getAttributes().get("ALLOWTOSIGN") != null && fields.getAttributes().get("ALLOWTOSIGN").toString().equalsIgnoreCase("true"));
    v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(allowToSign));
    int keyUsage = 0;
    if (fields.getAttributes().get("KEYENC") != null && fields.getAttributes().get("KEYENC").toString().equalsIgnoreCase("true"))
        keyUsage = keyUsage | KeyUsage.keyEncipherment;
    if (fields.getAttributes().get("DIGSIG") != null && fields.getAttributes().get("DIGSIG").toString().equalsIgnoreCase("true"))
        keyUsage = keyUsage | KeyUsage.digitalSignature;
    if (keyUsage > 0)
        v1CertGen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(keyUsage));
    if (fields.getSignerCert().getSubjectAlternativeNames() != null) {
        for (List<?> names : fields.getSignerCert().getSubjectAlternativeNames()) {
            GeneralNames issuerAltName = new GeneralNames(new GeneralName((Integer) names.get(0), names.get(1).toString()));
            v1CertGen.addExtension(X509Extensions.IssuerAlternativeName, false, issuerAltName);
        }
    }
    if (addAltNames && !altName.isEmpty()) {
        int nameType = altName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(nameType, altName));
        v1CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
    }
    // use the CA's private key to sign the certificate
    X509Certificate newCACert = v1CertGen.generate((PrivateKey) fields.getSignerKey(), CryptoExtensions.getJCEProviderName());
    // validate the certificate 
    newCACert.verify(fields.getSignerCert().getPublicKey());
    // write the certificate the file system
    writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
    return fields;
}
Also used : SubjectKeyIdentifierStructure(org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure) Calendar(java.util.Calendar) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) AuthorityKeyIdentifierStructure(org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure) X509Certificate(java.security.cert.X509Certificate) BigInteger(java.math.BigInteger) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509Principal(org.bouncycastle.jce.X509Principal) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 19 with X509V3CertificateGenerator

use of com.android.org.bouncycastle.x509.X509V3CertificateGenerator in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithValidSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithValidSignature(PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception {
    final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setPublicKey(publicKey);
    certGen.setSerialNumber(mSpec.getCertificateSerialNumber());
    certGen.setSubjectDN(mSpec.getCertificateSubject());
    certGen.setIssuerDN(mSpec.getCertificateSubject());
    certGen.setNotBefore(mSpec.getCertificateNotBefore());
    certGen.setNotAfter(mSpec.getCertificateNotAfter());
    certGen.setSignatureAlgorithm(signatureAlgorithm);
    return certGen.generate(privateKey);
}
Also used : X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)

Example 20 with X509V3CertificateGenerator

use of com.android.org.bouncycastle.x509.X509V3CertificateGenerator in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithValidSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithValidSignature(PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception {
    final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setPublicKey(publicKey);
    certGen.setSerialNumber(mSpec.getCertificateSerialNumber());
    certGen.setSubjectDN(mSpec.getCertificateSubject());
    certGen.setIssuerDN(mSpec.getCertificateSubject());
    certGen.setNotBefore(mSpec.getCertificateNotBefore());
    certGen.setNotAfter(mSpec.getCertificateNotAfter());
    certGen.setSignatureAlgorithm(signatureAlgorithm);
    return certGen.generate(privateKey);
}
Also used : X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)

Aggregations

X509Certificate (java.security.cert.X509Certificate)16 X509V3CertificateGenerator (com.android.org.bouncycastle.x509.X509V3CertificateGenerator)14 KeyPair (java.security.KeyPair)9 X509V3CertificateGenerator (org.bouncycastle.x509.X509V3CertificateGenerator)8 X509Principal (org.bouncycastle.jce.X509Principal)7 Calendar (java.util.Calendar)6 BigInteger (java.math.BigInteger)4 KeyFactory (java.security.KeyFactory)3 KeyPairGenerator (java.security.KeyPairGenerator)3 PrivateKey (java.security.PrivateKey)3 Date (java.util.Date)3 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)3 BasicConstraints (com.android.org.bouncycastle.asn1.x509.BasicConstraints)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InvalidKeyException (java.security.InvalidKeyException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 PublicKey (java.security.PublicKey)2 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)2 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)2 X500Principal (javax.security.auth.x500.X500Principal)2