Example 16 with ExtendedKeyUsage
use of com.github.zhenwei.core.asn1.x509.ExtendedKeyUsage in project certmgr by hdecarne.
the class ExtendedKeyUsageController method init.
/**
* Initialize the dialog with existing extension data.
*
* @param data The extension data to use.
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public ExtendedKeyUsageController init(ExtendedKeyUsageExtensionData data, boolean expertMode) {
init(expertMode);
this.ctlCritical.setSelected(data.getCritical());
if (data.hasUsage(ExtendedKeyUsage.ANY)) {
this.ctlAnyUsage.setSelected(true);
} else {
for (ExtendedKeyUsage usage : data) {
this.ctlUsages.getSelectionModel().select(usage);
}
}
return this;
}
Also used :
ExtendedKeyUsage(de.carne.certmgr.certs.x509.ExtendedKeyUsage)
Example 17 with ExtendedKeyUsage
use of com.github.zhenwei.core.asn1.x509.ExtendedKeyUsage in project pwm by pwm-project.
the class SelfCertGenerator method generateV3Certificate.
private X509Certificate generateV3Certificate(final KeyPair pair, final String cnValue) throws Exception {
final X500NameBuilder subjectName = new X500NameBuilder(BCStyle.INSTANCE);
subjectName.addRDN(BCStyle.CN, cnValue);
final BigInteger serialNumber = makeSerialNumber();
// 2 days in the past
final Date notBefore = new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(2));
final long futureSeconds = settings.getFutureSeconds();
final Date notAfter = new Date(System.currentTimeMillis() + (futureSeconds * 1000));
final X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(subjectName.build(), serialNumber, notBefore, notAfter, subjectName.build(), pair.getPublic());
// false == not a CA
final BasicConstraints basic = new BasicConstraints(false);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.basicConstraints, true, basic.getEncoded());
// add subject alternate name
{
final ASN1Encodable[] subjectAlternativeNames = new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, cnValue) };
final DERSequence subjectAlternativeNamesExtension = new DERSequence(subjectAlternativeNames);
certGen.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension);
}
// sign and key encipher
final KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.keyUsage, true, keyUsage.getEncoded());
// server authentication
final ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.extendedKeyUsage, true, extKeyUsage.getEncoded());
final ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate());
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
}
Also used :
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
Date(java.util.Date)
DERSequence(org.bouncycastle.asn1.DERSequence)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
Example 18 with ExtendedKeyUsage
use of com.github.zhenwei.core.asn1.x509.ExtendedKeyUsage in project MaxKey by dromara.
the class X509V3CertGen method genV3Certificate.
public static X509Certificate genV3Certificate(String issuerName, String subjectName, Date notBefore, Date notAfter, KeyPair keyPair) throws Exception {
// issuer same as subject is CA
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
X500Name x500Name = new X500Name(issuerName);
X500Name subject = new X500Name(subjectName);
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
ASN1InputStream publicKeyInputStream = null;
try {
publicKeyInputStream = new ASN1InputStream(publicKey.getEncoded());
Object aiStream = publicKeyInputStream.readObject();
subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream);
} catch (IOException e1) {
e1.printStackTrace();
} finally {
if (publicKeyInputStream != null)
publicKeyInputStream.close();
}
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
// certBuilder.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
// certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment));
// certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
// certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "connsec@163.com")));
X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen);
CertificateFactory certificateFactory = CertificateFactory.class.newInstance();
InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream);
inputStream.close();
return x509Certificate;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
CertificateFactory(org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
Example 19 with ExtendedKeyUsage
use of com.github.zhenwei.core.asn1.x509.ExtendedKeyUsage in project keycloak by keycloak.
the class CertificateUtils method generateV3Certificate.
/**
* Generates version 3 {@link java.security.cert.X509Certificate}.
*
* @param keyPair the key pair
* @param caPrivateKey the CA private key
* @param caCert the CA certificate
* @param subject the subject name
*
* @return the x509 certificate
*
* @throws Exception the exception
*/
public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
// Serial Number
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));
// Validity
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);
// SubjectPublicKeyInfo
SubjectPublicKeyInfo subjPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()), serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo);
DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);
// Subject Key Identifier
certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));
// Authority Key Identifier
certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));
// Key Usage
certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
// Extended Key Usage
KeyPurposeId[] EKU = new KeyPurposeId[2];
EKU[0] = KeyPurposeId.id_kp_emailProtection;
EKU[1] = KeyPurposeId.id_kp_serverAuth;
certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));
// Basic Constraints
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
// Content Signer
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
// Certificate
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
} catch (Exception e) {
throw new RuntimeException("Error creating X509v3Certificate.", e);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
BigInteger(java.math.BigInteger)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 20 with ExtendedKeyUsage
use of com.github.zhenwei.core.asn1.x509.ExtendedKeyUsage in project keystore-explorer by kaikramer.
the class DExtendedKeyUsage method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(value);
for (KeyPurposeId keyPurposeId : extendedKeyUsage.getUsages()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) keyPurposeId.toASN1Primitive();
ExtendedKeyUsageType type = ExtendedKeyUsageType.resolveOid(oid.getId());
if (type == SERVER_AUTH) {
jcbTlsWebServerAuthentication.setSelected(true);
} else if (type == CLIENT_AUTH) {
jcbTlsWebClientAuthentication.setSelected(true);
} else if (type == CODE_SIGNING) {
jcbCodeSigning.setSelected(true);
} else if (type == DOCUMENT_SIGNING) {
jcbDocumentSigning.setSelected(true);
} else if (type == ADOBE_PDF_SIGNING) {
jcbAdobePDFSigning.setSelected(true);
} else if (type == TSL_SIGNING) {
jcbTslSigning.setSelected(true);
} else if (type == EMAIL_PROTECTION) {
jcbEmailProtection.setSelected(true);
} else if (type == ENCRYPTED_FILE_SYSTEM) {
jcbEncryptedFileSystem.setSelected(true);
} else if (type == IPSEC_END_SYSTEM) {
jcbIpSecurityEndSystem.setSelected(true);
} else if (type == IPSEC_TUNNEL) {
jcbIpSecurityTunnelTermination.setSelected(true);
} else if (type == IPSEC_USER) {
jcbIpSecurityUser.setSelected(true);
} else if (type == SMARTCARD_LOGON) {
jcbSmartcardLogon.setSelected(true);
} else if (type == TIME_STAMPING) {
jcbTimeStamping.setSelected(true);
} else if (type == OCSP_SIGNING) {
jcbOcspStamping.setSelected(true);
} else if (type == ANY_EXTENDED_KEY_USAGE) {
jcbAnyExtendedKeyUsage.setSelected(true);
} else {
customExtKeyUsagesOids.add(oid);
}
}
jcbCustomExtKeyUsage.setSelected(customExtKeyUsagesOids.size() > 0);
}
Also used :
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
ExtendedKeyUsageType(org.kse.crypto.x509.ExtendedKeyUsageType)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)35
KeyPurposeId (org.bouncycastle.asn1.x509.KeyPurposeId)24
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)21
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)19
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)19
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)18
X500Name (org.bouncycastle.asn1.x500.X500Name)17
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)17
ContentSigner (org.bouncycastle.operator.ContentSigner)17
Date (java.util.Date)16
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14
X509Certificate (java.security.cert.X509Certificate)13
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)12
DEROctetString (org.bouncycastle.asn1.DEROctetString)11
Extension (org.bouncycastle.asn1.x509.Extension)11
GeneralName (org.bouncycastle.asn1.x509.GeneralName)11
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)10
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)9
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
