Examples with KeyUsage com.google.cloud.security.privateca.v1.KeyUsage used on opensource projects

Search in sources :

Example 36 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project xades4j by luisgoncalves.

the class SignerSpecificTest method signWithNationalCertificate.

@Test
public void signWithNationalCertificate() throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
    keyGen.initialize(1024, new SecureRandom());
    Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
    // 1 year
    long add = (1L * 365L * 24L * 60L * 60L * 1000L);
    Date validityEndDate = new Date(System.currentTimeMillis() + add);
    KeyPair keyPair = keyGen.generateKeyPair();
    X509Certificate certWithNationalSymbols;
    {
        // generate certificate with national symbols in DN
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        AttributeTypeAndValue attr = new AttributeTypeAndValue(RFC4519Style.cn, commonName);
        x500NameBuilder.addRDN(attr);
        X500Name dn = x500NameBuilder.build();
        X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// issuer authority
        dn, // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        validityBeginDate, // end of certificate validity
        validityEndDate, // subject name of certificate
        dn, // public key of certificate
        keyPair.getPublic());
        // key usage restrictions
        builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign));
        builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
        certWithNationalSymbols = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate())));
    }
    XadesSigner signer = new XadesBesSigningProfile(new DirectKeyingDataProvider(certWithNationalSymbols, keyPair.getPrivate())).newSigner();
    Document doc1 = getTestDocument();
    Element elemToSign = doc1.getDocumentElement();
    DataObjectDesc obj1 = new DataObjectReference('#' + elemToSign.getAttribute("Id")).withTransform(new EnvelopedSignatureTransform());
    SignedDataObjects signDataObject = new SignedDataObjects(obj1);
    signer.sign(signDataObject, doc1.getDocumentElement());
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    outputDOM(doc1, baos);
    String str = new String(baos.toByteArray());
    // expected without parsing exception
    Document doc = parseDocument(new ByteArrayInputStream(baos.toByteArray()));
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Element(org.w3c.dom.Element) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) EnvelopedSignatureTransform(xades4j.algorithms.EnvelopedSignatureTransform) X500Name(org.bouncycastle.asn1.x500.X500Name) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Document(org.w3c.dom.Document) DataObjectDesc(xades4j.properties.DataObjectDesc) Random(java.util.Random) SecureRandom(java.security.SecureRandom) DirectKeyingDataProvider(xades4j.providers.impl.DirectKeyingDataProvider) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) KeyPair(java.security.KeyPair) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ByteArrayInputStream(java.io.ByteArrayInputStream) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Test(org.junit.Test)

Example 37 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project certmgr by hdecarne.

the class KeyUsageController method onApply.

@SuppressWarnings("unused")
private void onApply(ActionEvent evt) {
    boolean critical = this.ctlCritical.isSelected();
    Set<KeyUsage> usages = new HashSet<>();
    if (this.ctlAnyUsage.isSelected()) {
        usages.add(KeyUsage.ANY);
    } else {
        for (KeyUsage usage : this.ctlUsages.getSelectionModel().getSelectedItems()) {
            usages.add(usage);
        }
    }
    this.extensionDataResult = new KeyUsageExtensionData(critical, usages);
}
Also used : KeyUsageExtensionData(de.carne.certmgr.certs.x509.KeyUsageExtensionData) KeyUsage(de.carne.certmgr.certs.x509.KeyUsage) HashSet(java.util.HashSet)

Example 38 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project Spark by igniterealtime.

the class IdentityController method createSelfSignedCertificate.

public X509Certificate createSelfSignedCertificate(KeyPair keyPair) throws CertIOException, OperatorCreationException, CertificateException {
    long serial = System.currentTimeMillis();
    SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    X500Name name = new X500Name(createX500NameString());
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(name, BigInteger.valueOf(serial), new Date(System.currentTimeMillis() - 1000000000), new Date(System.currentTimeMillis() + 1000000000), name, keyInfo);
    certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
    certBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
    JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
    ContentSigner signer = csBuilder.build(keyPair.getPrivate());
    X509CertificateHolder certHolder = certBuilder.build(signer);
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) Date(java.util.Date)

Example 39 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project keystore-explorer by kaikramer.

the class DKeyUsage method okPressed.

private void okPressed() {
    if (!jcbDigitalSignature.isSelected() && !jcbNonRepudiation.isSelected() && !jcbKeyEncipherment.isSelected() && !jcbDataEncipherment.isSelected() && !jcbKeyAgreement.isSelected() && !jcbCertificateSigning.isSelected() && !jcbCrlSign.isSelected() && !jcbEncipherOnly.isSelected() && !jcbDecipherOnly.isSelected()) {
        JOptionPane.showMessageDialog(this, res.getString("DKeyUsage.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return;
    }
    int keyUsageIntValue = 0;
    keyUsageIntValue |= jcbDigitalSignature.isSelected() ? KeyUsage.digitalSignature : 0;
    keyUsageIntValue |= jcbNonRepudiation.isSelected() ? KeyUsage.nonRepudiation : 0;
    keyUsageIntValue |= jcbKeyEncipherment.isSelected() ? KeyUsage.keyEncipherment : 0;
    keyUsageIntValue |= jcbDataEncipherment.isSelected() ? KeyUsage.dataEncipherment : 0;
    keyUsageIntValue |= jcbKeyAgreement.isSelected() ? KeyUsage.keyAgreement : 0;
    keyUsageIntValue |= jcbCertificateSigning.isSelected() ? KeyUsage.keyCertSign : 0;
    keyUsageIntValue |= jcbCrlSign.isSelected() ? KeyUsage.cRLSign : 0;
    keyUsageIntValue |= jcbEncipherOnly.isSelected() ? KeyUsage.encipherOnly : 0;
    keyUsageIntValue |= jcbDecipherOnly.isSelected() ? KeyUsage.decipherOnly : 0;
    KeyUsage keyUsage = new KeyUsage(keyUsageIntValue);
    try {
        value = keyUsage.getEncoded(ASN1Encoding.DER);
    } catch (IOException e) {
        DError.displayError(this, e);
        return;
    }
    closeDialog();
}
Also used : KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) IOException(java.io.IOException)

Example 40 with KeyUsage

use of com.google.cloud.security.privateca.v1.KeyUsage in project accumulo by apache.

the class CertUtils method generateCert.

private Certificate generateCert(KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException {
    Calendar startDate = Calendar.getInstance();
    Calendar endDate = Calendar.getInstance();
    endDate.add(Calendar.YEAR, 100);
    BigInteger serialNumber = BigInteger.valueOf(startDate.getTimeInMillis());
    X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
    certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
    certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
    certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
    if (isCertAuthority) {
        certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    }
    X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
    return new JcaX509CertificateConverter().getCertificate(cert);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) Calendar(java.util.Calendar) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Aggregations

KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)49 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)36 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)27 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)27 ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)25 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)25 Date (java.util.Date)23 X500Name (org.bouncycastle.asn1.x500.X500Name)22 ContentSigner (org.bouncycastle.operator.ContentSigner)22 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)19 X509Certificate (java.security.cert.X509Certificate)18 BigInteger (java.math.BigInteger)14 GeneralName (org.bouncycastle.asn1.x509.GeneralName)14 KeyPurposeId (org.bouncycastle.asn1.x509.KeyPurposeId)14 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)14 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)14 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)11 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)11 KeyPair (java.security.KeyPair)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial