Examples with KeyUsage com.google.cloud.security.privateca.v1.KeyUsage used on opensource projects

Search in sources :

Example 26 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project spring-cloud-config by spring-cloud.

the class KeyTool method createCert.

public X509Certificate createCert(PublicKey publicKey, PrivateKey privateKey, String issuer, String subject) throws Exception {
    JcaX509v3CertificateBuilder builder = certBuilder(publicKey, issuer, subject);
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
    GeneralName[] names = new GeneralName[] { new GeneralName(GeneralName.dNSName, "localhost") };
    builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(names)));
    return signCert(builder, privateKey);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 27 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project spring-cloud-config by spring-cloud.

the class KeyTool method createCert.

public X509Certificate createCert(KeyPair keyPair, String ca) throws Exception {
    JcaX509v3CertificateBuilder builder = certBuilder(keyPair.getPublic(), ca, ca);
    builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
    return signCert(builder, keyPair.getPrivate());
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 28 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project java-security-private-ca by googleapis.

the class CreateCertificateTemplate method createCertificateTemplate.

/* Creates a Certificate template. These templates can be reused for common
  certificate issuance scenarios. */
public static void createCertificateTemplate(String project, String location, String certificateTemplateId) throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        /* Describes any predefined X.509 values set by this template.
      The provided extensions are copied over to certificate requests that use this template.*/
        KeyUsage keyUsage = KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build();
        CaOptions caOptions = CaOptions.newBuilder().setIsCa(false).build();
        /* CEL expression that is evaluated against the Subject and
      Subject Alternative Name of the certificate before it is issued. */
        Expr expr = Expr.newBuilder().setExpression("subject_alt_names.all(san, san.type == DNS)").build();
        // Set the certificate issuance schema.
        CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().setPredefinedValues(X509Parameters.newBuilder().setKeyUsage(keyUsage).setCaOptions(caOptions).build()).setIdentityConstraints(CertificateIdentityConstraints.newBuilder().setCelExpression(expr).setAllowSubjectPassthrough(false).setAllowSubjectAltNamesPassthrough(false).build()).build();
        // Set the parent and certificate template properties.
        CreateCertificateTemplateRequest certificateTemplateRequest = CreateCertificateTemplateRequest.newBuilder().setParent(LocationName.of(project, location).toString()).setCertificateTemplate(certificateTemplate).setCertificateTemplateId(certificateTemplateId).build();
        // Create Template request.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateTemplateCallable().futureCall(certificateTemplateRequest);
        Operation response = futureCall.get(60, TimeUnit.SECONDS);
        if (response.hasError()) {
            System.out.println("Error creating certificate template ! " + response.getError());
            return;
        }
        System.out.println("Successfully created certificate template ! " + response.getName());
    }
}
Also used : CreateCertificateTemplateRequest(com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest) Expr(com.google.type.Expr) CertificateTemplate(com.google.cloud.security.privateca.v1.CertificateTemplate) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) KeyUsage(com.google.cloud.security.privateca.v1.KeyUsage) CaOptions(com.google.cloud.security.privateca.v1.X509Parameters.CaOptions) Operation(com.google.longrunning.Operation)

Example 29 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project ozone by apache.

the class DefaultProfile method validateKeyUsage.

/**
 * This function validates that the KeyUsage Bits are subset of the Bits
 * permitted by the ozone profile.
 *
 * @param ext - KeyUsage Extension.
 * @param profile - PKI Profile - In this case this profile.
 * @return True, if the request key usage is a subset, false otherwise.
 */
private static Boolean validateKeyUsage(Extension ext, PKIProfile profile) {
    KeyUsage keyUsage = profile.getKeyUsage();
    KeyUsage requestedUsage = KeyUsage.getInstance(ext.getParsedValue());
    BitSet profileBitSet = BitSet.valueOf(keyUsage.getBytes());
    BitSet requestBitSet = BitSet.valueOf(requestedUsage.getBytes());
    // Check if the requestBitSet is a subset of profileBitSet
    // p & r == r should be equal if it is a subset.
    profileBitSet.and(requestBitSet);
    return profileBitSet.equals(requestBitSet);
}
Also used : BitSet(java.util.BitSet) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)

Example 30 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project helios by spotify.

the class X509CertificateFactory method generate.

private CertificateAndPrivateKey generate(final AgentProxy agentProxy, final Identity identity, final String username) {
    final UUID uuid = new UUID();
    final Calendar calendar = Calendar.getInstance();
    final X500Name issuerdn = new X500Name("C=US,O=Spotify,CN=helios-client");
    final X500Name subjectdn = new X500NameBuilder().addRDN(BCStyle.UID, username).build();
    calendar.add(Calendar.MILLISECOND, -validBeforeMilliseconds);
    final Date notBefore = calendar.getTime();
    calendar.add(Calendar.MILLISECOND, validBeforeMilliseconds + validAfterMilliseconds);
    final Date notAfter = calendar.getTime();
    // Reuse the UUID time as a SN
    final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs();
    try {
        final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(KEY_SIZE, new SecureRandom());
        final KeyPair keyPair = keyPairGenerator.generateKeyPair();
        final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));
        final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerdn, serialNumber, notBefore, notAfter, subjectdn, subjectPublicKeyInfo);
        final DigestCalculator digestCalculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
        final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator);
        final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
        final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier());
        log.info("generating an X509 certificate for {} with key ID={} and identity={}", username, keyIdHex, identity.getComment());
        builder.addExtension(Extension.subjectKeyIdentifier, false, keyId);
        builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo));
        builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign));
        builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        final X509CertificateHolder holder = builder.build(new SshAgentContentSigner(agentProxy, identity));
        final X509Certificate certificate = CERTIFICATE_CONVERTER.getCertificate(holder);
        log.debug("generated certificate:\n{}", asPemString(certificate));
        return new CertificateAndPrivateKey(certificate, keyPair.getPrivate());
    } catch (Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) Calendar(java.util.Calendar) DigestCalculator(org.bouncycastle.operator.DigestCalculator) SecureRandom(java.security.SecureRandom) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyPairGenerator(java.security.KeyPairGenerator) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) UUID(com.eaio.uuid.UUID) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Aggregations

KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)49 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)36 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)27 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)27 ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)25 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)25 Date (java.util.Date)23 X500Name (org.bouncycastle.asn1.x500.X500Name)22 ContentSigner (org.bouncycastle.operator.ContentSigner)22 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)19 X509Certificate (java.security.cert.X509Certificate)18 BigInteger (java.math.BigInteger)14 GeneralName (org.bouncycastle.asn1.x509.GeneralName)14 KeyPurposeId (org.bouncycastle.asn1.x509.KeyPurposeId)14 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)14 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)14 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)11 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)11 KeyPair (java.security.KeyPair)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial