Example 16 with X500Name
use of com.github.zhenwei.core.asn1.x500.X500Name in project laverca by laverca.
the class CmsSignature method readIssuer.
/**
* Read the Issuer from a SignedInfo object
* @param si data
* @return Issuer as String
*/
public static String readIssuer(final SignerInfo si) {
if (si == null) {
return null;
}
final IssuerAndSerialNumber ias = si.getIssuerAndSerialNumber();
final X500Name issuerName = ias.getName();
return issuerName.toString();
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Example 17 with X500Name
use of com.github.zhenwei.core.asn1.x500.X500Name in project laverca by laverca.
the class Pkcs7 method readIssuer.
/**
* Read the Issuer from a SignedInfo object
* @param si data
* @return Issuer as String
*/
public static String readIssuer(final SignerInfo si) {
if (si == null) {
return null;
}
final IssuerAndSerialNumber ias = si.getIssuerAndSerialNumber();
final X500Name issuerName = ias.getName();
return issuerName.toString();
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Example 18 with X500Name
use of com.github.zhenwei.core.asn1.x500.X500Name in project solarnetwork-node by SolarNetwork.
the class PKITestUtils method generateNewCACert.
public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
final X500Name subjectDn = new X500Name(subject);
final BigInteger serial = getNextSerialNumber();
final Date notBefore = new Date();
final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
// add "CA" extension
BasicConstraints basicConstraints;
if (issuer == null) {
basicConstraints = new BasicConstraints(true);
} else {
int issuerPathLength = issuer.getBasicConstraints();
basicConstraints = new BasicConstraints(issuerPathLength - 1);
}
builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
// add subjectKeyIdentifier
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
// add authorityKeyIdentifier
GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
// add keyUsage
X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
builder.addExtension(X509Extension.keyUsage, true, keyUsage);
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
ContentSigner signer = signerBuilder.build(issuerKey);
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
return converter.getCertificate(holder);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
Date(java.util.Date)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)
Example 19 with X500Name
use of com.github.zhenwei.core.asn1.x500.X500Name in project Gene by Nervousync.
the class CertificateUtils method x509.
/**
* Convert public key instance to X.509 certificate
*
* @param publicKey Public key
* @param serialNumber Certificate serial number
* @param beginDate Certificate begin date
* @param endDate Certificate end date
* @param certName Certificate name
* @param signKey Certificate signer private key
* @param signAlgorithm Signature algorithm
* @return Generated X.509 certificate
*/
public static X509Certificate x509(PublicKey publicKey, long serialNumber, Date beginDate, Date endDate, String certName, PrivateKey signKey, String signAlgorithm) {
if (publicKey == null || signKey == null || StringUtils.isEmpty(signAlgorithm)) {
return null;
}
X500Name subjectDN = new X500Name("CN=" + certName);
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(subjectDN, BigInteger.valueOf(serialNumber), beginDate, endDate, subjectDN, publicKeyInfo);
try {
x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE, new BasicConstraints(Boolean.FALSE));
ContentSigner contentSigner = new JcaContentSignerBuilder(signAlgorithm).setProvider("BC").build(signKey);
X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(contentSigner);
return new JcaX509CertificateConverter().getCertificate(certificateHolder);
} catch (OperatorCreationException | GeneralSecurityException | IOException e) {
LOGGER.error("Generate PKCS12 Certificate Failed! ");
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Stack message: ", e);
}
}
return null;
}
Also used :
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 20 with X500Name
use of com.github.zhenwei.core.asn1.x500.X500Name in project jss by dogtagpki.
the class X509CertTest method testEC.
public static void testEC(CryptoToken token, Date notBefore, Date notAfter) throws Exception {
X509CertImpl certImpl = null;
X509CertInfo certInfo = null;
KeyPairGenerator gen = token.getKeyPairGenerator(KeyPairAlgorithm.EC);
gen.initialize(gen.getCurveCodeByName("secp521r1"));
KeyPair keypairCA = gen.genKeyPair();
testKeys(keypairCA);
PublicKey pubCA = keypairCA.getPublic();
gen.initialize(gen.getCurveCodeByName("secp521r1"));
KeyPair keypairUser = gen.genKeyPair();
testKeys(keypairUser);
PublicKey pubUser = keypairUser.getPublic();
CertificateIssuerName issuernameObj = new CertificateIssuerName(new X500Name(issuerDN));
certInfo = createX509CertInfo(convertPublicKeyToX509Key(pubUser), BigInteger.valueOf(1), issuernameObj, subjectDN, notBefore, notAfter, "SHA256withEC");
certImpl = new X509CertImpl(certInfo);
certImpl.sign(keypairCA.getPrivate(), "SHA256withEC");
String certOutput = certImpl.toString();
System.out.println("Test certificate output: \n" + certOutput);
}
Also used :
KeyPair(java.security.KeyPair)
X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
PK11ECPublicKey(org.mozilla.jss.pkcs11.PK11ECPublicKey)
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
CertificateIssuerName(org.mozilla.jss.netscape.security.x509.CertificateIssuerName)
KeyPairGenerator(org.mozilla.jss.crypto.KeyPairGenerator)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)510
X509Certificate (java.security.cert.X509Certificate)183
BigInteger (java.math.BigInteger)175
Date (java.util.Date)169
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158
ContentSigner (org.bouncycastle.operator.ContentSigner)149
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127
IOException (java.io.IOException)108
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100
RDN (org.bouncycastle.asn1.x500.RDN)94
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93
KeyPair (java.security.KeyPair)79
X500Name (sun.security.x509.X500Name)68
PrivateKey (java.security.PrivateKey)64
CertificateException (java.security.cert.CertificateException)64
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)59
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55
GeneralName (org.bouncycastle.asn1.x509.GeneralName)55
