Example 26 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project certmgr by hdecarne.
the class KeyUsageController method init.
/**
* Initialize the dialog.
*
* @param expertMode Whether to run in expert mode ({@code true}) or not ({@code false}).
* @return This controller.
*/
public KeyUsageController init(boolean expertMode) {
this.ctlCritical.setSelected(KeyUsageExtensionData.CRITICAL_DEFAULT);
ObservableList<KeyUsage> usageItems = this.ctlUsages.getItems();
for (KeyUsage usage : KeyUsage.instances()) {
if (!KeyUsage.ANY.equals(usage)) {
usageItems.add(usage);
}
}
usageItems.sort((o1, o2) -> o1.name().compareTo(o2.name()));
this.ctlUsages.getSelectionModel().setSelectionMode(SelectionMode.MULTIPLE);
this.ctlAnyUsage.setSelected(false);
return this;
}
Also used :
KeyUsage(de.carne.certmgr.certs.x509.KeyUsage)
Example 27 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project pwm by pwm-project.
the class SelfCertGenerator method generateV3Certificate.
private X509Certificate generateV3Certificate(final KeyPair pair, final String cnValue) throws Exception {
final X500NameBuilder subjectName = new X500NameBuilder(BCStyle.INSTANCE);
subjectName.addRDN(BCStyle.CN, cnValue);
final BigInteger serialNumber = makeSerialNumber();
// 2 days in the past
final Date notBefore = new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(2));
final long futureSeconds = settings.getFutureSeconds();
final Date notAfter = new Date(System.currentTimeMillis() + (futureSeconds * 1000));
final X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(subjectName.build(), serialNumber, notBefore, notAfter, subjectName.build(), pair.getPublic());
// false == not a CA
final BasicConstraints basic = new BasicConstraints(false);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.basicConstraints, true, basic.getEncoded());
// add subject alternate name
{
final ASN1Encodable[] subjectAlternativeNames = new ASN1Encodable[] { new GeneralName(GeneralName.dNSName, cnValue) };
final DERSequence subjectAlternativeNamesExtension = new DERSequence(subjectAlternativeNames);
certGen.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension);
}
// sign and key encipher
final KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.keyUsage, true, keyUsage.getEncoded());
// server authentication
final ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth);
// OID, critical, ASN.1 encoded value
certGen.addExtension(Extension.extendedKeyUsage, true, extKeyUsage.getEncoded());
final ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate());
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
}
Also used :
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
Date(java.util.Date)
DERSequence(org.bouncycastle.asn1.DERSequence)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
Example 28 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project fabric-sdk-java by hyperledger.
the class TLSCertificateBuilder method createSelfSignedCertificate.
private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san) throws Exception {
X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair);
// Basic constraints
BasicConstraints constraints = new BasicConstraints(false);
certBuilder.addExtension(Extension.basicConstraints, true, constraints.getEncoded());
// Key usage
KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature);
certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded());
// Extended key usage
certBuilder.addExtension(Extension.extendedKeyUsage, false, certType.keyUsage().getEncoded());
if (san != null) {
addSAN(certBuilder, san);
}
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate());
X509CertificateHolder holder = certBuilder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider(new BouncyCastleProvider());
return converter.getCertificate(holder);
}
Also used :
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 29 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project MaxKey by dromara.
the class X509V3CertGen method genV3Certificate.
public static X509Certificate genV3Certificate(String issuerName, String subjectName, Date notBefore, Date notAfter, KeyPair keyPair) throws Exception {
// issuer same as subject is CA
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
X500Name x500Name = new X500Name(issuerName);
X500Name subject = new X500Name(subjectName);
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
ASN1InputStream publicKeyInputStream = null;
try {
publicKeyInputStream = new ASN1InputStream(publicKey.getEncoded());
Object aiStream = publicKeyInputStream.readObject();
subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream);
} catch (IOException e1) {
e1.printStackTrace();
} finally {
if (publicKeyInputStream != null)
publicKeyInputStream.close();
}
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
// certBuilder.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
// certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment));
// certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
// certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "connsec@163.com")));
X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen);
CertificateFactory certificateFactory = CertificateFactory.class.newInstance();
InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream);
inputStream.close();
return x509Certificate;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
CertificateFactory(org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
Example 30 with KeyUsage
use of com.github.zhenwei.core.asn1.x509.KeyUsage in project keycloak by keycloak.
the class CertificateUtils method generateV3Certificate.
/**
* Generates version 3 {@link java.security.cert.X509Certificate}.
*
* @param keyPair the key pair
* @param caPrivateKey the CA private key
* @param caCert the CA certificate
* @param subject the subject name
*
* @return the x509 certificate
*
* @throws Exception the exception
*/
public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
// Serial Number
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));
// Validity
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);
// SubjectPublicKeyInfo
SubjectPublicKeyInfo subjPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()), serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo);
DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);
// Subject Key Identifier
certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));
// Authority Key Identifier
certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));
// Key Usage
certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
// Extended Key Usage
KeyPurposeId[] EKU = new KeyPurposeId[2];
EKU[0] = KeyPurposeId.id_kp_emailProtection;
EKU[1] = KeyPurposeId.id_kp_serverAuth;
certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));
// Basic Constraints
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
// Content Signer
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
// Certificate
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
} catch (Exception e) {
throw new RuntimeException("Error creating X509v3Certificate.", e);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
BigInteger(java.math.BigInteger)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)49
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)40
X500Name (org.bouncycastle.asn1.x500.X500Name)33
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)30
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)30
X509Certificate (java.security.cert.X509Certificate)29
Date (java.util.Date)29
ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)29
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)27
ContentSigner (org.bouncycastle.operator.ContentSigner)24
BigInteger (java.math.BigInteger)23
GeneralName (org.bouncycastle.asn1.x509.GeneralName)21
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)21
IOException (java.io.IOException)20
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)19
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)16
HashSet (java.util.HashSet)15
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15
KeyPurposeId (org.bouncycastle.asn1.x509.KeyPurposeId)15
Extension (org.bouncycastle.asn1.x509.Extension)14
