use of com.github.zhenwei.core.asn1.x509.KeyUsage in project certmgr by hdecarne.
the class KeyUsageController method init.
/**
* Initialize the dialog.
*
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public KeyUsageController init(boolean expertMode) {
this.ctlCritical.setSelected(KeyUsageExtensionData.CRITICAL_DEFAULT);
ObservableList<KeyUsage> usageItems = this.ctlUsages.getItems();
for (KeyUsage usage : KeyUsage.instances()) {
if (!KeyUsage.ANY.equals(usage)) {
usageItems.add(usage);
}
}
usageItems.sort((o1, o2) -> o1.name().compareTo(o2.name()));
this.ctlUsages.getSelectionModel().setSelectionMode(SelectionMode.MULTIPLE);
this.ctlAnyUsage.setSelected(false);
return this;
}
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project pwm by pwm-project.
the class SelfCertGenerator method generateV3Certificate.
private X509Certificate generateV3Certificate(final KeyPair pair, final String cnValue) throws Exception {
final X500NameBuilder subjectName = new X500NameBuilder(BCStyle.INSTANCE);
subjectName.addRDN(BCStyle.CN, cnValue);
final BigInteger serialNumber = makeSerialNumber();
// 2 days in the past
final Date notBefore = new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(2));
final long futureSeconds = settings.getFutureSeconds();
final Date notAfter = new Date(System.currentTimeMillis() + (futureSeconds * 1000));
final X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(subjectName.build(), serialNumber, notBefore, notAfter, subjectName.build(), pair.getPublic());
// false == not a CA
final BasicConstraints basic = new BasicConstraints(false);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.basicConstraints, true, basic.getEncoded());
// add subject alternate name
{
final ASN1Encodable[] subjectAlternativeNames = new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, cnValue) };
final DERSequence subjectAlternativeNamesExtension = new DERSequence(subjectAlternativeNames);
certGen.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension);
}
// sign and key encipher
final KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.keyUsage, true, keyUsage.getEncoded());
// server authentication
final ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.extendedKeyUsage, true, extKeyUsage.getEncoded());
final ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate());
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
}
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project fabric-sdk-java by hyperledger.
the class TLSCertificateBuilder method createSelfSignedCertificate.
private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san) throws Exception {
X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair);
// Basic constraints
BasicConstraints constraints = new BasicConstraints(false);
certBuilder.addExtension(Extension.basicConstraints, true, constraints.getEncoded());
// Key usage
KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature);
certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded());
// Extended key usage
certBuilder.addExtension(Extension.extendedKeyUsage, false, certType.keyUsage().getEncoded());
if (san != null) {
addSAN(certBuilder, san);
}
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate());
X509CertificateHolder holder = certBuilder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider(new BouncyCastleProvider());
return converter.getCertificate(holder);
}
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project MaxKey by dromara.
the class X509V3CertGen method genV3Certificate.
public static X509Certificate genV3Certificate(String issuerName, String subjectName, Date notBefore, Date notAfter, KeyPair keyPair) throws Exception {
// issuer same as subject is CA
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
X500Name x500Name = new X500Name(issuerName);
X500Name subject = new X500Name(subjectName);
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
ASN1InputStream publicKeyInputStream = null;
try {
publicKeyInputStream = new ASN1InputStream(publicKey.getEncoded());
Object aiStream = publicKeyInputStream.readObject();
subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream);
} catch (IOException e1) {
e1.printStackTrace();
} finally {
if (publicKeyInputStream != null)
publicKeyInputStream.close();
}
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
// certBuilder.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
// certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment));
// certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
// certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "connsec@163.com")));
X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen);
CertificateFactory certificateFactory = CertificateFactory.class.newInstance();
InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream);
inputStream.close();
return x509Certificate;
}
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project keycloak by keycloak.
the class CertificateUtils method generateV3Certificate.
/**
* Generates version 3 {@link java.security.cert.X509Certificate}.
*
* @param keyPair the key pair
* @param caPrivateKey the CA private key
* @param caCert the CA certificate
* @param subject the subject name
*
* @return the x509 certificate
*
* @throws Exception the exception
*/
public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
// Serial Number
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));
// Validity
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);
// SubjectPublicKeyInfo
SubjectPublicKeyInfo subjPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()), serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo);
DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);
// Subject Key Identifier
certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));
// Authority Key Identifier
certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));
// Key Usage
certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
// Extended Key Usage
KeyPurposeId[] EKU = new KeyPurposeId[2];
EKU[0] = KeyPurposeId.id_kp_emailProtection;
EKU[1] = KeyPurposeId.id_kp_serverAuth;
certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));
// Basic Constraints
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
// Content Signer
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
// Certificate
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
} catch (Exception e) {
throw new RuntimeException("Error creating X509v3Certificate.", e);
}
}
Aggregations