Example 41 with KeyUsage
use of com.google.cloud.security.privateca.v1.KeyUsage in project spring-cloud-netflix by spring-cloud.
the class KeyTool method createCert.
public X509Certificate createCert(PublicKey publicKey, PrivateKey privateKey, String issuer, String subject) throws Exception {
JcaX509v3CertificateBuilder builder = certBuilder(publicKey, issuer, subject);
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
GeneralName[] names = new GeneralName[] { new GeneralName(GeneralName.dNSName, "localhost") };
builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(names)));
return signCert(builder, privateKey);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 42 with KeyUsage
use of com.google.cloud.security.privateca.v1.KeyUsage in project spring-cloud-netflix by spring-cloud.
the class KeyTool method createCert.
public X509Certificate createCert(KeyPair keyPair, String ca) throws Exception {
JcaX509v3CertificateBuilder builder = certBuilder(keyPair.getPublic(), ca, ca);
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
return signCert(builder, keyPair.getPrivate());
}
Also used :
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 43 with KeyUsage
use of com.google.cloud.security.privateca.v1.KeyUsage in project zookeeper by apache.
the class QuorumSSLTest method createSelfSignedCertifcate.
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception {
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, HOSTNAME);
BigInteger serialNumber = new BigInteger(128, new Random());
JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime, nameBuilder.build(), keyPair.getPublic());
X509v3CertificateBuilder certificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)).addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
}
Also used :
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
Random(java.util.Random)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 44 with KeyUsage
use of com.google.cloud.security.privateca.v1.KeyUsage in project zookeeper by apache.
the class X509TestHelpers method newSelfSignedCACert.
/**
* Uses the private key of the given key pair to create a self-signed CA certificate with the public half of the
* key pair and the given subject and expiration. The issuer of the new cert will be equal to the subject.
* Returns the new certificate.
* The returned certificate should be used as the trust store. The private key of the input key pair should be
* used to sign certificates that are used by test peers to establish TLS connections to each other.
* @param subject the subject of the new certificate being created.
* @param keyPair the key pair to use. The public key will be embedded in the new certificate, and the private key
* will be used to self-sign the certificate.
* @param expirationMillis expiration of the new certificate, in milliseconds from now.
* @return a new self-signed CA certificate.
* @throws IOException
* @throws OperatorCreationException
* @throws GeneralSecurityException
*/
public static X509Certificate newSelfSignedCACert(X500Name subject, KeyPair keyPair, long expirationMillis) throws IOException, OperatorCreationException, GeneralSecurityException {
Date now = new Date();
X509v3CertificateBuilder builder = initCertBuilder(// for self-signed certs, issuer == subject
subject, now, new Date(now.getTime() + expirationMillis), subject, keyPair.getPublic());
// is a CA
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return buildAndSignCertificate(keyPair.getPrivate(), builder);
}
Also used :
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Date(java.util.Date)
Example 45 with KeyUsage
use of com.google.cloud.security.privateca.v1.KeyUsage in project zookeeper by apache.
the class ZKTrustManagerTest method createSelfSignedCertifcateChain.
private X509Certificate[] createSelfSignedCertifcateChain(String ipAddress, String hostname) throws Exception {
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, "NOT_LOCALHOST");
Date notBefore = new Date();
Calendar cal = Calendar.getInstance();
cal.setTime(notBefore);
cal.add(Calendar.YEAR, 1);
Date notAfter = cal.getTime();
BigInteger serialNumber = new BigInteger(128, new Random());
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic()).addExtension(Extension.basicConstraints, true, new BasicConstraints(0)).addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
List<GeneralName> generalNames = new ArrayList<>();
if (ipAddress != null) {
generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress));
}
if (hostname != null) {
generalNames.add(new GeneralName(GeneralName.dNSName, hostname));
}
if (!generalNames.isEmpty()) {
certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {})));
}
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
return new X509Certificate[] { new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)) };
}
Also used :
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
Calendar(java.util.Calendar)
ArrayList(java.util.ArrayList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Random(java.util.Random)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)49
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)36
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)27
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)27
ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)25
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)25
Date (java.util.Date)23
X500Name (org.bouncycastle.asn1.x500.X500Name)22
ContentSigner (org.bouncycastle.operator.ContentSigner)22
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)19
X509Certificate (java.security.cert.X509Certificate)18
BigInteger (java.math.BigInteger)14
GeneralName (org.bouncycastle.asn1.x509.GeneralName)14
KeyPurposeId (org.bouncycastle.asn1.x509.KeyPurposeId)14
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)14
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)14
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)11
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)11
KeyPair (java.security.KeyPair)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
