Examples with CertificateFactory java.security.cert.CertificateFactory used on opensource projects

Search in sources :

Example 41 with CertificateFactory

use of java.security.cert.CertificateFactory in project robovm by robovm.

the class BcKeyStoreSpi method decodeCertificate.

private Certificate decodeCertificate(DataInputStream dIn) throws IOException {
    String type = dIn.readUTF();
    byte[] cEnc = new byte[dIn.readInt()];
    dIn.readFully(cEnc);
    try {
        CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME);
        ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc);
        return cFact.generateCertificate(bIn);
    } catch (NoSuchProviderException ex) {
        throw new IOException(ex.toString());
    } catch (CertificateException ex) {
        throw new IOException(ex.toString());
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateFactory(java.security.cert.CertificateFactory)

Example 42 with CertificateFactory

use of java.security.cert.CertificateFactory in project robovm by robovm.

the class CertificateTest method getCertList.

private List<Certificate> getCertList(boolean useMD2root, boolean includeRootInChain) throws Exception {
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    if (useMD2root) {
        certs[0] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCertMD2.getBytes()));
        certs[1] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert1Chain1.getBytes()));
        certs[2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert2Chain1.getBytes()));
    } else {
        certs[0] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCertMD5.getBytes()));
        certs[1] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert1Chain2.getBytes()));
        certs[2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signedCert2Chain2.getBytes()));
    }
    ArrayList<Certificate> result = new ArrayList<Certificate>();
    result.add(certs[2]);
    result.add(certs[1]);
    if (includeRootInChain) {
        result.add(certs[0]);
    }
    return result;
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ArrayList(java.util.ArrayList) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 43 with CertificateFactory

use of java.security.cert.CertificateFactory in project robovm by robovm.

the class CertificateTest method testVerifyMD5.

public void testVerifyMD5() throws Exception {
    Provider[] providers = Security.getProviders("CertificateFactory.X509");
    for (Provider provider : providers) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", provider);
        Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCertMD5.getBytes()));
        certificate.verify(certificate.getPublicKey());
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) CertificateFactory(java.security.cert.CertificateFactory) Provider(java.security.Provider) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 44 with CertificateFactory

use of java.security.cert.CertificateFactory in project robovm by robovm.

the class TestKeyStore method createCertificate.

private static X509Certificate createCertificate(PublicKey publicKey, PrivateKey privateKey, X500Principal subject, X500Principal issuer, int keyUsage, boolean ca, List<KeyPurposeId> extendedKeyUsages, List<Boolean> criticalExtendedKeyUsages, List<GeneralName> subjectAltNames, List<GeneralSubtree> permittedNameConstraints, List<GeneralSubtree> excludedNameConstraints) throws Exception {
    // Note that there is no way to programmatically make a
    // Certificate using java.* or javax.* APIs. The
    // CertificateFactory interface assumes you want to read
    // in a stream of bytes, typically the X.509 factory would
    // allow ASN.1 DER encoded bytes and optionally some PEM
    // formats. Here we use Bouncy Castle's
    // X509V3CertificateGenerator and related classes.
    long millisPerDay = 24 * 60 * 60 * 1000;
    long now = System.currentTimeMillis();
    Date start = new Date(now - millisPerDay);
    Date end = new Date(now + millisPerDay);
    BigInteger serial = BigInteger.valueOf(1);
    String keyAlgorithm = privateKey.getAlgorithm();
    String signatureAlgorithm;
    if (keyAlgorithm.equals("RSA")) {
        signatureAlgorithm = "sha1WithRSA";
    } else if (keyAlgorithm.equals("DSA")) {
        signatureAlgorithm = "sha1WithDSA";
    } else if (keyAlgorithm.equals("EC")) {
        signatureAlgorithm = "sha1WithECDSA";
    } else if (keyAlgorithm.equals("EC_RSA")) {
        signatureAlgorithm = "sha1WithRSA";
    } else {
        throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm);
    }
    X509V3CertificateGenerator x509cg = new X509V3CertificateGenerator();
    x509cg.setSubjectDN(subject);
    x509cg.setIssuerDN(issuer);
    x509cg.setNotBefore(start);
    x509cg.setNotAfter(end);
    x509cg.setPublicKey(publicKey);
    x509cg.setSignatureAlgorithm(signatureAlgorithm);
    x509cg.setSerialNumber(serial);
    if (keyUsage != 0) {
        x509cg.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(keyUsage));
    }
    if (ca) {
        x509cg.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
    }
    for (int i = 0; i < extendedKeyUsages.size(); i++) {
        KeyPurposeId keyPurposeId = extendedKeyUsages.get(i);
        boolean critical = criticalExtendedKeyUsages.get(i);
        x509cg.addExtension(X509Extensions.ExtendedKeyUsage, critical, new ExtendedKeyUsage(keyPurposeId));
    }
    for (GeneralName subjectAltName : subjectAltNames) {
        x509cg.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(subjectAltName).getEncoded());
    }
    if (!permittedNameConstraints.isEmpty() || !excludedNameConstraints.isEmpty()) {
        x509cg.addExtension(X509Extensions.NameConstraints, true, new NameConstraints(permittedNameConstraints.toArray(new GeneralSubtree[permittedNameConstraints.size()]), excludedNameConstraints.toArray(new GeneralSubtree[excludedNameConstraints.size()])));
    }
    if (privateKey instanceof ECPrivateKey) {
        /*
             * bouncycastle needs its own ECPrivateKey implementation
             */
        KeyFactory kf = KeyFactory.getInstance(keyAlgorithm, "BC");
        PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(privateKey.getEncoded());
        privateKey = kf.generatePrivate(ks);
    }
    X509Certificate x509c = x509cg.generateX509Certificate(privateKey);
    if (StandardNames.IS_RI) {
        /*
             * The RI can't handle the BC EC signature algorithm
             * string of "ECDSA", since it expects "...WITHEC...",
             * so convert from BC to RI X509Certificate
             * implementation via bytes.
             */
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream bais = new ByteArrayInputStream(x509c.getEncoded());
        Certificate c = cf.generateCertificate(bais);
        x509c = (X509Certificate) c;
    }
    return x509c;
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) NameConstraints(com.android.org.bouncycastle.asn1.x509.NameConstraints) KeyPurposeId(com.android.org.bouncycastle.asn1.x509.KeyPurposeId) ExtendedKeyUsage(com.android.org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(com.android.org.bouncycastle.asn1.x509.KeyUsage) DEROctetString(com.android.org.bouncycastle.asn1.DEROctetString) CertificateFactory(java.security.cert.CertificateFactory) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator) GeneralNames(com.android.org.bouncycastle.asn1.x509.GeneralNames) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) BigInteger(java.math.BigInteger) GeneralName(com.android.org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(com.android.org.bouncycastle.asn1.x509.BasicConstraints) ExtendedKeyUsage(com.android.org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 45 with CertificateFactory

use of java.security.cert.CertificateFactory in project robovm by robovm.

the class CertPathBuilderTestPKIX method getCertPathParameters.

@Override
public CertPathParameters getCertPathParameters() throws Exception {
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    X509Certificate selfSignedcertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(selfSignedCert.getBytes()));
    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);
    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(certList);
    CertStore certStore = CertStore.getInstance("Collection", storeParams);
    PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore, targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);
    return parameters;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) CertStoreParameters(java.security.cert.CertStoreParameters) CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) ByteArrayInputStream(java.io.ByteArrayInputStream) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) ArrayList(java.util.ArrayList) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) CertStore(java.security.cert.CertStore) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

CertificateFactory (java.security.cert.CertificateFactory)550 X509Certificate (java.security.cert.X509Certificate)409 ByteArrayInputStream (java.io.ByteArrayInputStream)372 Certificate (java.security.cert.Certificate)272 CertificateException (java.security.cert.CertificateException)120 KeyFactory (java.security.KeyFactory)103 PrivateKey (java.security.PrivateKey)93 InputStream (java.io.InputStream)92 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)86 IOException (java.io.IOException)80 KeyStore (java.security.KeyStore)77 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)67 Entry (java.security.KeyStore.Entry)59 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)59 KeyStoreException (java.security.KeyStoreException)49 ArrayList (java.util.ArrayList)49 FileInputStream (java.io.FileInputStream)47 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 File (java.io.File)23 HashSet (java.util.HashSet)21
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial