Examples with KeyCertBundle de.trustable.ca3s.cert.bundle.KeyCertBundle used on opensource projects

Search in sources :

Example 1 with KeyCertBundle

use of de.trustable.ca3s.cert.bundle.KeyCertBundle in project ca3sCore by kuehne-trustable-de.

the class Ca3sFallbackBundleFactory method newKeyBundle.

@Override
public KeyCertBundle newKeyBundle(final String bundleName, long minValiditySeconds) throws GeneralSecurityException {
    KeyPair localKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    try {
        InetAddress ip = InetAddress.getLocalHost();
        String hostname = ip.getHostName();
        LOG.debug("requesting certificate for host : " + hostname);
        String x500Name = "CN=" + hostname;
        if (!dnSuffix.trim().isEmpty()) {
            x500Name += ", " + dnSuffix;
        }
        X500Name subject = new X500Name(x500Name);
        GeneralName[] sanArray = new GeneralName[1];
        sanArray[0] = new GeneralName(GeneralName.dNSName, hostname);
        GeneralNames gns = new GeneralNames(sanArray);
        List<Map<String, Object>> extensions = new ArrayList<>();
        Map<String, Object> serverAuthMap = new HashMap<>();
        serverAuthMap.put("oid", Extension.extendedKeyUsage.getId());
        serverAuthMap.put("critical", Boolean.FALSE);
        List<String> valList = new ArrayList<>();
        valList.add(KeyPurposeId.id_kp_serverAuth.getId());
        serverAuthMap.put("value", valList);
        extensions.add(serverAuthMap);
        LOG.debug("building certificate for SAN '{}' and EKU {}", hostname, Extension.extendedKeyUsage.getId());
        X509Certificate issuedCertificate = cryptoUtil.issueCertificate(x500Issuer, getRootKeyPair(), subject, SubjectPublicKeyInfo.getInstance(localKeyPair.getPublic().getEncoded()), Calendar.HOUR, 1, gns, extensions, PKILevel.END_ENTITY);
        // build the (short) chain
        X509Certificate[] certificateChain = { issuedCertificate, getRootCertificate() };
        LOG.debug("returning temp. certificate : " + issuedCertificate);
        return new KeyCertBundle(bundleName, certificateChain, issuedCertificate, localKeyPair.getPrivate());
    } catch (IOException e) {
        // certificate creation failed with an exception not inheriting from 'GeneralSecurityException'
        throw new GeneralSecurityException(e);
    }
}
Also used : KeyPair(java.security.KeyPair) KeyCertBundle(de.trustable.ca3s.cert.bundle.KeyCertBundle) GeneralSecurityException(java.security.GeneralSecurityException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) InetAddress(java.net.InetAddress)

Example 2 with KeyCertBundle

use of de.trustable.ca3s.cert.bundle.KeyCertBundle in project ca3sCore by kuehne-trustable-de.

the class BundleCertHolder method createKeyBundle.

public BundleCertHolder createKeyBundle(final String bundleName, long minValiditySeconds) throws GeneralSecurityException {
    KeyPair localKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    try {
        InetAddress ip = InetAddress.getLocalHost();
        String hostname = ip.getCanonicalHostName();
        String x500Name = "CN=" + hostname;
        if (!dnSuffix.trim().isEmpty()) {
            x500Name += ", " + dnSuffix;
        }
        X500Principal subject = new X500Principal(x500Name);
        LOG.debug("requesting certificate for subject : " + subject.getName());
        GeneralName[] sanArray = CertificateUtil.splitSANString(sans, hostname);
        List<Map<String, Object>> extensions = new ArrayList<>();
        Map<String, Object> serverAuthMap = new HashMap<>();
        serverAuthMap.put("oid", Extension.extendedKeyUsage.getId());
        serverAuthMap.put("critical", Boolean.FALSE);
        List<String> valList = new ArrayList<>();
        valList.add(KeyPurposeId.id_kp_serverAuth.getId());
        serverAuthMap.put("value", valList);
        extensions.add(serverAuthMap);
        PKCS10CertificationRequest req = CryptoUtil.getCsr(subject, localKeyPair.getPublic(), localKeyPair.getPrivate(), null, extensions, sanArray);
        String csrBase64 = CryptoUtil.pkcs10RequestToPem(req);
        Certificate cert = cacAdapt.signCertificateRequest(csrBase64, caConfigDao);
        certUtil.setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_TLS_CERTIFICATE, "true");
        // build the chain
        X509Certificate[] certificateChain = certUtil.getX509CertificateChain(cert);
        LOG.debug("returning new certificate : " + certificateChain[0]);
        return new BundleCertHolder(new KeyCertBundle(bundleName, certificateChain, certificateChain[0], localKeyPair.getPrivate()), cert);
    } catch (IOException e) {
        // certificate creation failed with an exception not inheriting from 'GeneralSecurityException'
        throw new GeneralSecurityException(e);
    }
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) KeyPair(java.security.KeyPair) KeyCertBundle(de.trustable.ca3s.cert.bundle.KeyCertBundle) HashMap(java.util.HashMap) GeneralSecurityException(java.security.GeneralSecurityException) ArrayList(java.util.ArrayList) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) X500Principal(javax.security.auth.x500.X500Principal) GeneralName(org.bouncycastle.asn1.x509.GeneralName) InetAddress(java.net.InetAddress) HashMap(java.util.HashMap) Map(java.util.Map) X509Certificate(java.security.cert.X509Certificate) Certificate(de.trustable.ca3s.core.domain.Certificate)

Example 3 with KeyCertBundle

use of de.trustable.ca3s.cert.bundle.KeyCertBundle in project ca3sCore by kuehne-trustable-de.

the class BundleCertHolder method newDBKeyBundle.

public KeyCertBundle newDBKeyBundle(final String bundleName, long minValiditySeconds) throws GeneralSecurityException {
    List<Certificate> certDaoList = certificateRepository.findActiveTLSCertificate();
    if (certDaoList.isEmpty()) {
        LOG.debug("Creating new TLS certificate.");
        BundleCertHolder bundleCertHolder = createKeyBundle(bundleName, minValiditySeconds);
        KeyCertBundle keyCertBundle = bundleCertHolder.getKeyCertBundle();
        KeyPair keyPair = new KeyPair(keyCertBundle.getCertificate().getPublicKey(), (PrivateKey) keyCertBundle.getKey());
        try {
            certUtil.storePrivateKey(bundleCertHolder.getCertificate(), keyPair);
            certUtil.setCertAttribute(bundleCertHolder.getCertificate(), CertificateAttribute.ATTRIBUTE_TLS_KEY, "true");
        } catch (IOException e) {
            LOG.warn("problem storing key and certificate ", e);
            throw new GeneralSecurityException(e.getMessage());
        }
        return keyCertBundle;
    } else {
        Certificate certificate = certDaoList.get(0);
        LOG.debug("Found TLS certificate {} in database.", certificate.getId());
        X509Certificate[] certificateChain = certUtil.getX509CertificateChain(certificate);
        PrivateKey privateKey = certUtil.getPrivateKey(certificate);
        return new KeyCertBundle(bundleName, certificateChain, certificateChain[0], privateKey);
    }
}
Also used : KeyPair(java.security.KeyPair) KeyCertBundle(de.trustable.ca3s.cert.bundle.KeyCertBundle) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(de.trustable.ca3s.core.domain.Certificate)

Aggregations

KeyCertBundle (de.trustable.ca3s.cert.bundle.KeyCertBundle)3 IOException (java.io.IOException)3 GeneralSecurityException (java.security.GeneralSecurityException)3 KeyPair (java.security.KeyPair)3 X509Certificate (java.security.cert.X509Certificate)3 Certificate (de.trustable.ca3s.core.domain.Certificate)2 InetAddress (java.net.InetAddress)2 PrivateKey (java.security.PrivateKey)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 X500Principal (javax.security.auth.x500.X500Principal)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 GeneralName (org.bouncycastle.asn1.x509.GeneralName)1 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial