Examples with BasicConstraints com.github.zhenwei.core.asn1.x509.BasicConstraints used on opensource projects

Search in sources :

Example 1 with BasicConstraints

use of com.github.zhenwei.core.asn1.x509.BasicConstraints in project solarnetwork-node by SolarNetwork.

the class PKITestUtils method generateNewCACert.

public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
    final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
    final X500Name subjectDn = new X500Name(subject);
    final BigInteger serial = getNextSerialNumber();
    final Date notBefore = new Date();
    final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
    // add "CA" extension
    BasicConstraints basicConstraints;
    if (issuer == null) {
        basicConstraints = new BasicConstraints(true);
    } else {
        int issuerPathLength = issuer.getBasicConstraints();
        basicConstraints = new BasicConstraints(issuerPathLength - 1);
    }
    builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
    // add subjectKeyIdentifier
    JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
    SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
    builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
    // add authorityKeyIdentifier
    GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
    AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
    aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
    builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
    // add keyUsage
    X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
    builder.addExtension(X509Extension.keyUsage, true, keyUsage);
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
    ContentSigner signer = signerBuilder.build(issuerKey);
    X509CertificateHolder holder = builder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    return converter.getCertificate(holder);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) Date(java.util.Date) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)

Example 2 with BasicConstraints

use of com.github.zhenwei.core.asn1.x509.BasicConstraints in project Gene by Nervousync.

the class CertificateUtils method x509.

/**
 * Convert public key instance to X.509 certificate
 *
 * @param publicKey     Public key
 * @param serialNumber  Certificate serial number
 * @param beginDate     Certificate begin date
 * @param endDate       Certificate end date
 * @param certName      Certificate name
 * @param signKey       Certificate signer private key
 * @param signAlgorithm Signature algorithm
 * @return Generated X.509 certificate
 */
public static X509Certificate x509(PublicKey publicKey, long serialNumber, Date beginDate, Date endDate, String certName, PrivateKey signKey, String signAlgorithm) {
    if (publicKey == null || signKey == null || StringUtils.isEmpty(signAlgorithm)) {
        return null;
    }
    X500Name subjectDN = new X500Name("CN=" + certName);
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(subjectDN, BigInteger.valueOf(serialNumber), beginDate, endDate, subjectDN, publicKeyInfo);
    try {
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE, new BasicConstraints(Boolean.FALSE));
        ContentSigner contentSigner = new JcaContentSignerBuilder(signAlgorithm).setProvider("BC").build(signKey);
        X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(contentSigner);
        return new JcaX509CertificateConverter().getCertificate(certificateHolder);
    } catch (OperatorCreationException | GeneralSecurityException | IOException e) {
        LOGGER.error("Generate PKCS12 Certificate Failed! ");
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Stack message: ", e);
        }
    }
    return null;
}
Also used : X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 3 with BasicConstraints

use of com.github.zhenwei.core.asn1.x509.BasicConstraints in project webauthn4j by webauthn4j.

the class PackedAttestationStatementValidatorTest method generateCertPath.

private static AttestationCertificatePath generateCertPath(KeyPair pair, String signAlg) {
    try {
        Provider bcProvider = new BouncyCastleProvider();
        // Security.addProvider(bcProvider);
        long now = System.currentTimeMillis();
        Date from = new Date(now);
        Date to = new Date(from.getTime() + TimeUnit.DAYS.toMillis(1));
        X500Name dnName = new X500Name("C=ORG, O=Dummy Org, OU=Authenticator Attestation, CN=Dummy");
        BigInteger certSerialNumber = BigInteger.ZERO;
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(from);
        calendar.add(Calendar.YEAR, 1);
        ContentSigner contentSigner = new JcaContentSignerBuilder(signAlg).build(pair.getPrivate());
        JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(dnName, certSerialNumber, from, to, dnName, pair.getPublic());
        BasicConstraints basicConstraints = new BasicConstraints(false);
        certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, basicConstraints);
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(certBuilder.build(contentSigner));
        return new AttestationCertificatePath(Collections.singletonList(certificate));
    } catch (OperatorCreationException | CertificateException | CertIOException e) {
        throw new UnexpectedCheckedException(e);
    }
}
Also used : UnexpectedCheckedException(com.webauthn4j.util.exception.UnexpectedCheckedException) AttestationCertificatePath(com.webauthn4j.data.attestation.statement.AttestationCertificatePath) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) ContentSigner(org.bouncycastle.operator.ContentSigner) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) CertIOException(org.bouncycastle.cert.CertIOException) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 4 with BasicConstraints

use of com.github.zhenwei.core.asn1.x509.BasicConstraints in project supply-chain-tools by secure-device-onboard.

the class SimpleCertPathServiceTest method buildCertificate.

X509Certificate buildCertificate(PublicKey signee, PrivateKey signer) throws CertificateException, CertIOException, OperatorCreationException {
    X500Name x500Name = new X500NameBuilder().build();
    JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(Long.toString(System.currentTimeMillis())), Date.from(Instant.now()), Date.from(Instant.now().plusSeconds(1000)), x500Name, signee);
    certificateBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, new BasicConstraints(true));
    return new JcaX509CertificateConverter().setProvider(BouncyCastleSingleton.INSTANCE).getCertificate(certificateBuilder.build(new JcaContentSignerBuilder(signatureAlg).build(signer)));
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 5 with BasicConstraints

use of com.github.zhenwei.core.asn1.x509.BasicConstraints in project modules by assimbly.

the class CertificatesUtil method selfsignCertificate2.

public static Certificate selfsignCertificate2(KeyPair keyPair, String subjectDN) throws OperatorCreationException, CertificateException, IOException {
    Provider bcProvider = new BouncyCastleProvider();
    Security.addProvider(bcProvider);
    long now = System.currentTimeMillis();
    Date startDate = new Date(now);
    X500Name dnName = new X500Name("CN=" + subjectDN);
    // <-- Using the current timestamp as the certificate serial number
    BigInteger certSerialNumber = new BigInteger(Long.toString(now));
    Calendar calendar = Calendar.getInstance();
    calendar.setTime(startDate);
    // <-- 2 Yr validity
    calendar.add(Calendar.YEAR, 2);
    Date endDate = calendar.getTime();
    // <-- Use appropriate signature algorithm based on your keyPair algorithm.
    String signatureAlgorithm = "SHA256WithRSA";
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate());
    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(dnName, certSerialNumber, startDate, endDate, dnName, keyPair.getPublic());
    // Extensions --------------------------
    // Basic Constraints
    // <-- true for CA, false for EndEntity
    BasicConstraints basicConstraints = new BasicConstraints(true);
    // Basic Constraints is usually marked as critical.
    certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, basicConstraints);
    return new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(certBuilder.build(contentSigner));
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date) Provider(java.security.Provider) BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Aggregations

BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)114 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)64 X500Name (org.bouncycastle.asn1.x500.X500Name)59 ContentSigner (org.bouncycastle.operator.ContentSigner)59 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)58 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)57 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)53 BigInteger (java.math.BigInteger)51 X509Certificate (java.security.cert.X509Certificate)46 Date (java.util.Date)45 KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)36 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)33 GeneralName (org.bouncycastle.asn1.x509.GeneralName)30 IOException (java.io.IOException)28 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)22 ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)21 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)21 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)17 ArrayList (java.util.ArrayList)16 CertificateException (java.security.cert.CertificateException)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial