Search in sources :

Example 61 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project security-lib by ncsa.

the class CertUtil method createCertRequest.

/**
 * This is merely public in case you want to use it. Generally use the {@link #createCertRequest(java.security.KeyPair)}
 *
 * @param keypair
 * @param sigAlgName
 * @param provider
 * @param dn
 * @return
 * @throws SignatureException
 * @throws InvalidKeyException
 * @throws NoSuchProviderException
 * @throws NoSuchAlgorithmException
 * @throws IOException
 */
public static MyPKCS10CertRequest createCertRequest(KeyPair keypair, String sigAlgName, String dn, String provider) throws SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, IOException {
    // String sigAlg = "SHA512WithRSA";
    PKCS10 pkcs10 = new PKCS10(keypair.getPublic());
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(keypair.getPrivate());
    try {
        X500Name x500Name = null;
        if (dn == null) {
            x500Name = new X500Name(DEFAULT_PKCS10_DISTINGUISHED_NAME, "OU", "OU", "USA");
        } else {
            x500Name = new X500Name(dn, "OU", "OU", "USA");
        }
        pkcs10.encodeAndSign(x500Name, signature);
        ByteArrayOutputStream bs = new ByteArrayOutputStream();
        PrintStream ps = new PrintStream(bs);
        pkcs10.print(ps);
        byte[] c = bs.toByteArray();
        if (ps != null) {
            ps.close();
        }
        if (bs != null) {
            bs.close();
        }
    } catch (RuntimeException rx) {
        throw rx;
    } catch (Throwable th) {
        throw new GeneralException("Error creating cert request", th);
    }
    return new MySunPKCS_CR(pkcs10);
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) X500Name(sun.security.x509.X500Name) PKCS10(sun.security.pkcs10.PKCS10)

Example 62 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project aws-greengrass-nucleus by aws-greengrass.

the class EncryptionUtilsTest method generateCertificateFile.

public static Pair<Path, KeyPair> generateCertificateFile(int keySize, boolean pem, Path filepath, boolean ec) throws Exception {
    KeyPair keyPair;
    if (ec) {
        keyPair = generateECKeyPair(keySize);
    } else {
        keyPair = generateRSAKeyPair(keySize);
    }
    X500Name name = new X500Name("CN=ROOT");
    SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    Date start = new Date();
    Date until = Date.from(LocalDate.now().plus(365, ChronoUnit.DAYS).atStartOfDay().toInstant(ZoneOffset.UTC));
    X509v3CertificateBuilder builder = new X509v3CertificateBuilder(name, new BigInteger(10, new SecureRandom()), start, until, name, subjectPublicKeyInfo);
    String signingAlgo = "SHA256WithRSA";
    if (ec) {
        signingAlgo = "SHA256WITHECDSA";
    }
    ContentSigner signer = new JcaContentSignerBuilder(signingAlgo).setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate());
    X509CertificateHolder holder = builder.build(signer);
    X509Certificate certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
    if (pem) {
        try (PrintWriter out = new PrintWriter(filepath.toFile())) {
            out.println("-----BEGIN CERTIFICATE-----");
            out.println(new String(Base64.encodeBase64(certificate.getEncoded())));
            out.println("-----END CERTIFICATE-----");
        }
    } else {
        try (OutputStream outputStream = Files.newOutputStream(filepath)) {
            outputStream.write(certificate.getEncoded());
        }
    }
    return new Pair<>(filepath, keyPair);
}
Also used : KeyPair(java.security.KeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) OutputStream(java.io.OutputStream) ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) LocalDate(java.time.LocalDate) X509Certificate(java.security.cert.X509Certificate) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) PrintWriter(java.io.PrintWriter) KeyPair(java.security.KeyPair)

Example 63 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project PCNGateway-Java-SDK by BSNDA.

the class R1Algorithm method getUserCertInfo.

/**
 * Get certificate CSR
 *
 * @param DN
 * @return
 */
@Override
public UserCertInfo getUserCertInfo(String DN) throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    int algSize = 256;
    String sigAlg = "SHA256withECDSA";
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDSA");
    kpg.initialize(algSize, new SecureRandom());
    KeyPair kp = kpg.generateKeyPair();
    PrivateKey privateKey = kp.getPrivate();
    Signature signature = Signature.getInstance(sigAlg);
    signature.initSign(privateKey);
    X500Name x500Name = new X500Name(DN);
    SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());
    PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(x500Name, subjectPublicKeyInfo);
    JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(sigAlg);
    Provider BC = new BouncyCastleProvider();
    jcaContentSignerBuilder.setProvider(BC);
    ContentSigner contentSigner = jcaContentSignerBuilder.build(kp.getPrivate());
    PKCS10CertificationRequest csr = builder.build(contentSigner);
    byte[] der = csr.getEncoded();
    String strPEMCSR = "-----BEGIN CERTIFICATE REQUEST-----\n";
    strPEMCSR += new String(org.bouncycastle.util.encoders.Base64.encode(der));
    strPEMCSR += "\n-----END CERTIFICATE REQUEST-----\n";
    UserCertInfo user = new UserCertInfo();
    user.setCSRPem(strPEMCSR);
    user.setKey(privateKey);
    return user;
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) UserCertInfo(com.bsnbase.sdk.util.common.UserCertInfo) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 64 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project bitbreeds-webrtc by IIlllII.

the class WebrtcDtlsServer method getCertificateRequest.

@Override
public CertificateRequest getCertificateRequest() {
    short[] certificateTypes = new short[] { ClientCertificateType.rsa_sign, ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
    Vector serverSigAlgs = null;
    if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(ProtocolVersion.DTLSv12)) {
        serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms(this.context);
    }
    Vector<X500Name> certificateAuthorities = new Vector<>();
    certificateAuthorities.addElement(certLoaded.getSubject());
    return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) Vector(java.util.Vector)

Example 65 with X500Name

use of com.github.zhenwei.core.asn1.x500.X500Name in project kdeconnect-android by KDE.

the class SslHelper method getCommonNameFromCertificate.

private static String getCommonNameFromCertificate(X509Certificate cert) {
    X500Principal principal = cert.getSubjectX500Principal();
    X500Name x500name = new X500Name(principal.getName());
    RDN rdn = x500name.getRDNs(BCStyle.CN)[0];
    return IETFUtils.valueToString(rdn.getFirst().getValue());
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) X500Name(org.spongycastle.asn1.x500.X500Name) RDN(org.spongycastle.asn1.x500.RDN)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)510 X509Certificate (java.security.cert.X509Certificate)183 BigInteger (java.math.BigInteger)175 Date (java.util.Date)169 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158 ContentSigner (org.bouncycastle.operator.ContentSigner)149 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127 IOException (java.io.IOException)108 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100 RDN (org.bouncycastle.asn1.x500.RDN)94 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93 KeyPair (java.security.KeyPair)79 X500Name (sun.security.x509.X500Name)68 PrivateKey (java.security.PrivateKey)64 CertificateException (java.security.cert.CertificateException)64 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)59 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55 GeneralName (org.bouncycastle.asn1.x509.GeneralName)55