Example 71 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project accumulo by apache.
the class CertUtils method generateCert.
private Certificate generateCert(KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException {
Calendar startDate = Calendar.getInstance();
Calendar endDate = Calendar.getInstance();
endDate.add(Calendar.YEAR, 100);
BigInteger serialNumber = BigInteger.valueOf(startDate.getTimeInMillis());
X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
if (isCertAuthority) {
certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
}
X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
return new JcaX509CertificateConverter().getCertificate(cert);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
Calendar(java.util.Calendar)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 72 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project spring-cloud-netflix by spring-cloud.
the class KeyTool method createCert.
public X509Certificate createCert(PublicKey publicKey, PrivateKey privateKey, String issuer, String subject) throws Exception {
JcaX509v3CertificateBuilder builder = certBuilder(publicKey, issuer, subject);
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
GeneralName[] names = new GeneralName[] { new GeneralName(GeneralName.dNSName, "localhost") };
builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(names)));
return signCert(builder, privateKey);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 73 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project spring-cloud-netflix by spring-cloud.
the class KeyTool method createCert.
public X509Certificate createCert(KeyPair keyPair, String ca) throws Exception {
JcaX509v3CertificateBuilder builder = certBuilder(keyPair.getPublic(), ca, ca);
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
return signCert(builder, keyPair.getPrivate());
}
Also used :
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 74 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project candlepin by candlepin.
the class JSSPKIUtilityTest method testCreateX509Certificate.
@Test
public void testCreateX509Certificate() throws Exception {
JSSPKIUtility pki = this.buildJSSPKIUtility();
Date start = new Date();
Date end = Date.from(LocalDate.now().plusDays(365).atStartOfDay(ZoneId.systemDefault()).toInstant());
X509Certificate cert = pki.createX509Certificate("cn=candlepinproject.org", null, null, start, end, subjectKeyPair, BigInteger.valueOf(1999L), "altName");
assertEquals("SHA256withRSA", cert.getSigAlgName());
assertEquals("1999", cert.getSerialNumber().toString());
X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
Extensions bcExtensions = holder.getExtensions();
// KeyUsage extension incorrect
assertTrue(KeyUsage.fromExtensions(bcExtensions).hasUsages(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment));
// ExtendedKeyUsage extension incorrect
assertTrue(ExtendedKeyUsage.fromExtensions(bcExtensions).hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth));
// Basic constraints incorrectly identify this cert as a CA
assertFalse(BasicConstraints.fromExtensions(bcExtensions).isCA());
NetscapeCertType expected = new NetscapeCertType(NetscapeCertType.sslClient | NetscapeCertType.smime);
NetscapeCertType actual = new NetscapeCertType((DERBitString) bcExtensions.getExtension(MiscObjectIdentifiers.netscapeCertType).getParsedValue());
assertArrayEquals(new JcaX509ExtensionUtils().createSubjectKeyIdentifier(subjectKeyPair.getPublic()).getEncoded(), SubjectKeyIdentifier.fromExtensions(bcExtensions).getEncoded());
CertificateReader reader = injector.getInstance(CertificateReader.class);
PrivateKey key = reader.getCaKey();
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec ks = kf.getKeySpec(key, RSAPrivateCrtKeySpec.class);
RSAPublicKeySpec pubKs = new RSAPublicKeySpec(ks.getModulus(), ks.getPublicExponent());
PublicKey pubKey = kf.generatePublic(pubKs);
assertArrayEquals(new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(pubKey).getEncoded(), AuthorityKeyIdentifier.fromExtensions(bcExtensions).getEncoded());
assertEquals(expected, actual);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec)
PrivateKey(java.security.PrivateKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
Extensions(org.bouncycastle.asn1.x509.Extensions)
Date(java.util.Date)
LocalDate(java.time.LocalDate)
X509Certificate(java.security.cert.X509Certificate)
NetscapeCertType(org.bouncycastle.asn1.misc.NetscapeCertType)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
KeyFactory(java.security.KeyFactory)
CertificateReader(org.candlepin.pki.CertificateReader)
Test(org.junit.jupiter.api.Test)
Example 75 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project zookeeper by apache.
the class QuorumSSLTest method createSelfSignedCertifcate.
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception {
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, HOSTNAME);
BigInteger serialNumber = new BigInteger(128, new Random());
JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime, nameBuilder.build(), keyPair.getPublic());
X509v3CertificateBuilder certificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)).addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
}
Also used :
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
Random(java.util.Random)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)49
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)40
X500Name (org.bouncycastle.asn1.x500.X500Name)33
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)30
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)30
X509Certificate (java.security.cert.X509Certificate)29
Date (java.util.Date)29
ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)29
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)27
ContentSigner (org.bouncycastle.operator.ContentSigner)24
BigInteger (java.math.BigInteger)23
GeneralName (org.bouncycastle.asn1.x509.GeneralName)21
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)21
IOException (java.io.IOException)20
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)19
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)16
HashSet (java.util.HashSet)15
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15
KeyPurposeId (org.bouncycastle.asn1.x509.KeyPurposeId)15
Extension (org.bouncycastle.asn1.x509.Extension)14
