use of com.github.zhenwei.core.asn1.x500.X500Name in project snowblossom by snowblossomcoin.
the class CertGen method generateSelfSignedCert.
/**
* @param key_pair Key pair to use to sign the cert inner signed message, the node key
* @param tls_wkp The temporary key to use just for this cert and TLS sessions
* @param spec Address for 'key_pair'
*/
public static X509Certificate generateSelfSignedCert(WalletKeyPair key_pair, WalletKeyPair tls_wkp, AddressSpec spec) throws Exception {
AddressSpecHash address_hash = AddressUtil.getHashForSpec(spec);
String address = AddressUtil.getAddressString(Globals.NODE_ADDRESS_STRING, address_hash);
byte[] encoded_pub = tls_wkp.getPublicKey().toByteArray();
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encoded_pub));
String dn = String.format("CN=%s, O=Snowblossom", address);
X500Name issuer = new X500Name(dn);
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + 86400000L * 365L * 10L);
X500Name subject = issuer;
X509v3CertificateBuilder cert_builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
// System.out.println(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName);
ASN1ObjectIdentifier snow_claim_oid = new ASN1ObjectIdentifier("2.5.29.134");
// System.out.println(spec);
SignedMessagePayload payload = SignedMessagePayload.newBuilder().setTlsPublicKey(tls_wkp.getPublicKey()).build();
SignedMessage sm = MsgSigUtil.signMessage(spec, key_pair, payload);
byte[] sm_data = sm.toByteString().toByteArray();
cert_builder.addExtension(snow_claim_oid, true, sm_data);
String algorithm = "SHA256withRSA";
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(tls_wkp.getPrivateKey().toByteArray());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
// ContentSigner sigGen = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X509CertificateHolder certificateHolder = cert_builder.build(sigGen);
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
return cert;
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project supply-chain-tools by secure-device-onboard.
the class SimpleCertPathServiceTest method buildCertificate.
X509Certificate buildCertificate(PublicKey signee, PrivateKey signer) throws CertificateException, CertIOException, OperatorCreationException {
X500Name x500Name = new X500NameBuilder().build();
JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(Long.toString(System.currentTimeMillis())), Date.from(Instant.now()), Date.from(Instant.now().plusSeconds(1000)), x500Name, signee);
certificateBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, new BasicConstraints(true));
return new JcaX509CertificateConverter().setProvider(BouncyCastleSingleton.INSTANCE).getCertificate(certificateBuilder.build(new JcaContentSignerBuilder(signatureAlg).build(signer)));
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project xap by xap.
the class BouncyCastleSelfSignedCertificate method generateKeyStore.
private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
X500Name owner = new X500Name("CN=" + fqdn);
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key);
X509CertificateHolder certHolder = builder.build(signer);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
cert.verify(keypair.getPublic());
String keyStoreType = KeyStore.getDefaultType();
final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert });
return keyStore;
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project xap by xap.
the class SelfSignedCertificate method generateKeyStore.
private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
cert.verify(keypair.getPublic());
String keyStoreType = KeyStore.getDefaultType();
final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
// keyStore.setCertificateEntry("CAcert-root", cert);
keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert });
return keyStore;
}
use of com.github.zhenwei.core.asn1.x500.X500Name in project CipherTrust_Application_Protection by thalescpl-io.
the class SelfSignedCertificateUtility method generateCertificate.
private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
String dn = makeDN(certificateProeprties);
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
X500Name owner = new X500Name(dn);
boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
KeyUsageExtension kue = new KeyUsageExtension(kueOk);
CertificateExtensions ext = new CertificateExtensions();
ext.set(KeyUsageExtension.NAME, kue);
info.set(X509CertInfo.VALIDITY, interval);
BigInteger sn = new BigInteger(64, new SecureRandom());
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
boolean justName = isJavaAtLeast(1.8);
if (justName) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = null;
String provider = null;
switch(certificateProeprties.get("Algorithm")) {
case "SHA1WithRSA":
break;
case "SHA256WithRSA":
break;
case "SHA384WithRSA":
break;
case "SHA512WithRSA":
provider = "BC";
break;
case "SHA1WithECDSA":
provider = "BC";
break;
case "SHA224WithECDSA":
provider = "BC";
break;
case "SHA256WithECDSA":
provider = "BC";
break;
case "SHA384WithECDSA":
provider = "BC";
break;
case "SHA512WithECDSA":
provider = "BC";
break;
default:
throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
}
algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
info.set(X509CertInfo.EXTENSIONS, ext);
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
if (provider != null)
cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
else
cert.sign(privateKey, certificateProeprties.get("Algorithm"));
return cert;
}
Aggregations