use of com.github.zhenwei.core.asn1.x500.X500Name in project security-lib by ncsa.
the class CertUtil method createCertRequest.
/**
* This is merely public in case you want to use it. Generally use the {@link #createCertRequest(java.security.KeyPair)}
*
* @param keypair
* @param sigAlgName
* @param provider
* @param dn
* @return
* @throws SignatureException
* @throws InvalidKeyException
* @throws NoSuchProviderException
* @throws NoSuchAlgorithmException
* @throws IOException
*/
public static MyPKCS10CertRequest createCertRequest(KeyPair keypair, String sigAlgName, String dn, String provider) throws SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, IOException {
// String sigAlg = "SHA512WithRSA";
PKCS10 pkcs10 = new PKCS10(keypair.getPublic());
Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(keypair.getPrivate());
try {
X500Name x500Name = null;
if (dn == null) {
x500Name = new X500Name(DEFAULT_PKCS10_DISTINGUISHED_NAME, "OU", "OU", "USA");
} else {
x500Name = new X500Name(dn, "OU", "OU", "USA");
}
pkcs10.encodeAndSign(x500Name, signature);
ByteArrayOutputStream bs = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bs);
pkcs10.print(ps);
byte[] c = bs.toByteArray();
if (ps != null) {
ps.close();
}
if (bs != null) {
bs.close();
}
} catch (RuntimeException rx) {
throw rx;
} catch (Throwable th) {
throw new GeneralException("Error creating cert request", th);
}
return new MySunPKCS_CR(pkcs10);
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project aws-greengrass-nucleus by aws-greengrass.
the class EncryptionUtilsTest method generateCertificateFile.
public static Pair<Path, KeyPair> generateCertificateFile(int keySize, boolean pem, Path filepath, boolean ec) throws Exception {
KeyPair keyPair;
if (ec) {
keyPair = generateECKeyPair(keySize);
} else {
keyPair = generateRSAKeyPair(keySize);
}
X500Name name = new X500Name("CN=ROOT");
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date start = new Date();
Date until = Date.from(LocalDate.now().plus(365, ChronoUnit.DAYS).atStartOfDay().toInstant(ZoneOffset.UTC));
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(name, new BigInteger(10, new SecureRandom()), start, until, name, subjectPublicKeyInfo);
String signingAlgo = "SHA256WithRSA";
if (ec) {
signingAlgo = "SHA256WITHECDSA";
}
ContentSigner signer = new JcaContentSignerBuilder(signingAlgo).setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate());
X509CertificateHolder holder = builder.build(signer);
X509Certificate certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
if (pem) {
try (PrintWriter out = new PrintWriter(filepath.toFile())) {
out.println("-----BEGIN CERTIFICATE-----");
out.println(new String(Base64.encodeBase64(certificate.getEncoded())));
out.println("-----END CERTIFICATE-----");
}
} else {
try (OutputStream outputStream = Files.newOutputStream(filepath)) {
outputStream.write(certificate.getEncoded());
}
}
return new Pair<>(filepath, keyPair);
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project PCNGateway-Java-SDK by BSNDA.
the class R1Algorithm method getUserCertInfo.
/**
* Get certificate CSR
*
* @param DN
* @return
*/
@Override
public UserCertInfo getUserCertInfo(String DN) throws Exception {
Security.addProvider(new BouncyCastleProvider());
int algSize = 256;
String sigAlg = "SHA256withECDSA";
KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDSA");
kpg.initialize(algSize, new SecureRandom());
KeyPair kp = kpg.generateKeyPair();
PrivateKey privateKey = kp.getPrivate();
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
X500Name x500Name = new X500Name(DN);
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());
PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(x500Name, subjectPublicKeyInfo);
JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(sigAlg);
Provider BC = new BouncyCastleProvider();
jcaContentSignerBuilder.setProvider(BC);
ContentSigner contentSigner = jcaContentSignerBuilder.build(kp.getPrivate());
PKCS10CertificationRequest csr = builder.build(contentSigner);
byte[] der = csr.getEncoded();
String strPEMCSR = "-----BEGIN CERTIFICATE REQUEST-----\n";
strPEMCSR += new String(org.bouncycastle.util.encoders.Base64.encode(der));
strPEMCSR += "\n-----END CERTIFICATE REQUEST-----\n";
UserCertInfo user = new UserCertInfo();
user.setCSRPem(strPEMCSR);
user.setKey(privateKey);
return user;
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project bitbreeds-webrtc by IIlllII.
the class WebrtcDtlsServer method getCertificateRequest.
@Override
public CertificateRequest getCertificateRequest() {
short[] certificateTypes = new short[] { ClientCertificateType.rsa_sign, ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
Vector serverSigAlgs = null;
if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(ProtocolVersion.DTLSv12)) {
serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms(this.context);
}
Vector<X500Name> certificateAuthorities = new Vector<>();
certificateAuthorities.addElement(certLoaded.getSubject());
return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project kdeconnect-android by KDE.
the class SslHelper method getCommonNameFromCertificate.
private static String getCommonNameFromCertificate(X509Certificate cert) {
X500Principal principal = cert.getSubjectX500Principal();
X500Name x500name = new X500Name(principal.getName());
RDN rdn = x500name.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(rdn.getFirst().getValue());
}
Aggregations