Search in sources :

Example 46 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project identity-credential by google.

the class CredentialData method generateAuthenticationKeyCert.

@NonNull
static X509Certificate generateAuthenticationKeyCert(String authKeyAlias, String credentialKeyAlias, byte[] proofOfProvisioningSha256) {
    KeyStore ks = null;
    try {
        ks = KeyStore.getInstance("AndroidKeyStore");
        ks.load(null);
        X509Certificate selfSignedCert = (X509Certificate) ks.getCertificate(authKeyAlias);
        PublicKey publicKey = selfSignedCert.getPublicKey();
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) ks.getEntry(credentialKeyAlias, null)).getPrivateKey();
        X500Name issuer = new X500Name("CN=Android Identity Credential Key");
        X500Name subject = new X500Name("CN=Android Identity Credential Authentication Key");
        Date now = new Date();
        final long kMilliSecsInOneYear = 365L * 24 * 60 * 60 * 1000;
        Date expirationDate = new Date(now.getTime() + kMilliSecsInOneYear);
        BigInteger serial = new BigInteger("1");
        JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, now, expirationDate, subject, publicKey);
        if (proofOfProvisioningSha256 != null) {
            byte[] encodedProofOfBinding = Util.cborEncode(new CborBuilder().addArray().add("ProofOfBinding").add(proofOfProvisioningSha256).end().build().get(0));
            builder.addExtension(new ASN1ObjectIdentifier("1.3.6.1.4.1.11129.2.1.26"), false, encodedProofOfBinding);
        }
        ContentSigner signer = new JcaContentSignerBuilder("SHA256withECDSA").build(privateKey);
        byte[] encodedCert = builder.build(signer).getEncoded();
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert);
        X509Certificate result = (X509Certificate) cf.generateCertificate(bais);
        return result;
    } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | OperatorCreationException e) {
        throw new IllegalStateException("Error signing public key with private key", e);
    }
}
Also used : PrivateKey(java.security.PrivateKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateFactory(java.security.cert.CertificateFactory) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) UnrecoverableEntryException(java.security.UnrecoverableEntryException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) PublicKey(java.security.PublicKey) ContentSigner(org.bouncycastle.operator.ContentSigner) IOException(java.io.IOException) CertIOException(org.bouncycastle.cert.CertIOException) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) ByteArrayInputStream(java.io.ByteArrayInputStream) BigInteger(java.math.BigInteger) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) CborBuilder(co.nstant.in.cbor.CborBuilder) NonNull(androidx.annotation.NonNull)

Example 47 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project Conversations by iNPUTmice.

the class XmppDomainVerifier method getCommonNames.

private static List<String> getCommonNames(X509Certificate certificate) {
    List<String> domains = new ArrayList<>();
    try {
        X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
        RDN[] rdns = x500name.getRDNs(BCStyle.CN);
        for (int i = 0; i < rdns.length; ++i) {
            domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
        }
        return domains;
    } catch (CertificateEncodingException e) {
        return domains;
    }
}
Also used : ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN)

Example 48 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project Conversations by iNPUTmice.

the class CryptoHelper method extractCertificateInformation.

public static Bundle extractCertificateInformation(X509Certificate certificate) {
    Bundle information = new Bundle();
    try {
        JcaX509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
        X500Name subject = holder.getSubject();
        try {
            information.putString("subject_cn", subject.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
        } catch (Exception e) {
        // ignored
        }
        try {
            information.putString("subject_o", subject.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
        } catch (Exception e) {
        // ignored
        }
        X500Name issuer = holder.getIssuer();
        try {
            information.putString("issuer_cn", issuer.getRDNs(BCStyle.CN)[0].getFirst().getValue().toString());
        } catch (Exception e) {
        // ignored
        }
        try {
            information.putString("issuer_o", issuer.getRDNs(BCStyle.O)[0].getFirst().getValue().toString());
        } catch (Exception e) {
        // ignored
        }
        try {
            information.putString("sha1", getFingerprintCert(certificate.getEncoded()));
        } catch (Exception e) {
        }
        return information;
    } catch (CertificateEncodingException e) {
        return information;
    }
}
Also used : Bundle(android.os.Bundle) CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) CertificateParsingException(java.security.cert.CertificateParsingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 49 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project nosql-java-sdk by oracle.

the class DriverTestBase method generateKeyPair.

/**
 * Generate a RAS key and certificate, return in PEM. Note that certificate
 * must has OU with opc-tenant:TestTenant, because it's used by instance
 * and resource principal testing.
 * @return a string that the first element is key and the second one is
 * certificate.
 */
protected static KeyPairInfo generateKeyPair() throws Exception {
    KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
    keygen.initialize(2048);
    KeyPair keypair = keygen.generateKeyPair();
    JcaPKCS8Generator gen = new JcaPKCS8Generator(keypair.getPrivate(), null);
    StringWriter sw = new StringWriter();
    try (JcaPEMWriter pw = new JcaPEMWriter(sw)) {
        pw.writeObject(gen.generate());
    }
    String key = sw.toString();
    X500Name name = new X500Name("OU=opc-tenant:TestTenant");
    SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded());
    Date start = new Date();
    Date until = Date.from(LocalDate.now().plus(3650, ChronoUnit.DAYS).atStartOfDay().toInstant(ZoneOffset.UTC));
    X509v3CertificateBuilder builder = new X509v3CertificateBuilder(name, new BigInteger(10, new SecureRandom()), start, until, name, subPubKeyInfo);
    ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(keypair.getPrivate());
    X509CertificateHolder holder = builder.build(signer);
    Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
    sw = new StringWriter();
    try (JcaPEMWriter pw = new JcaPEMWriter(sw)) {
        pw.writeObject(cert);
    }
    String certString = sw.toString();
    return new KeyPairInfo(key, certString, keypair);
}
Also used : KeyPair(java.security.KeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) LocalDate(java.time.LocalDate) StringWriter(java.io.StringWriter) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaPKCS8Generator(org.bouncycastle.openssl.jcajce.JcaPKCS8Generator) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Certificate(java.security.cert.Certificate)

Example 50 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project dubbo-spi-extensions by apache.

the class IstioCitadelCertificateSigner method generateCsr.

private String generateCsr(PublicKey publicKey, ContentSigner signer) throws IOException {
    GeneralNames subjectAltNames = new GeneralNames(new GeneralName[] { new GeneralName(6, istioEnv.getCsrHost()) });
    ExtensionsGenerator extGen = new ExtensionsGenerator();
    extGen.addExtension(Extension.subjectAlternativeName, true, subjectAltNames);
    PKCS10CertificationRequest request = new JcaPKCS10CertificationRequestBuilder(new X500Name("O=" + istioEnv.getTrustDomain()), publicKey).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()).build(signer);
    String csr = generatePemKey("CERTIFICATE REQUEST", request.getEncoded());
    if (logger.isDebugEnabled()) {
        logger.debug("CSR Request to Istio Citadel. \n" + csr);
    }
    return csr;
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)510 X509Certificate (java.security.cert.X509Certificate)183 BigInteger (java.math.BigInteger)175 Date (java.util.Date)169 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158 ContentSigner (org.bouncycastle.operator.ContentSigner)149 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127 IOException (java.io.IOException)108 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100 RDN (org.bouncycastle.asn1.x500.RDN)94 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93 KeyPair (java.security.KeyPair)79 X500Name (sun.security.x509.X500Name)68 PrivateKey (java.security.PrivateKey)64 CertificateException (java.security.cert.CertificateException)64 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)59 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55 GeneralName (org.bouncycastle.asn1.x509.GeneralName)55