use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class X509Builder method build.
public X509Certificate build() {
if (certificateVersion == null) {
v3();
}
if (certificateValidity == null) {
// 1 year default
expires(365, TimeUnit.DAYS);
}
if (certificateSerialNumber == null) {
randomSerial();
}
if (certificateSubjectName == null) {
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
subjectName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (certificateIssuerName == null) {
//}
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
issuerName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (subjectPublicKey == null) {
fault("missing subject public key");
}
// Note: alternativeName is optional so we don't have any defaults or errors for it here
if (algorithm == null) {
// algorithm.getName() == SHA256withRSA
algorithm(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid));
}
//}
try {
if (getFaults().isEmpty()) {
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
// NoSuchAlgorithMException, InvalidKeyException, NoSuchProviderException, , SignatureException
cert.sign(issuerPrivateKey, algorithm.getName());
/*
* for some unknown reason, if we return the "cert" now then all
* the optioanl fields such as getBasicConstraints() and
* getKeyUsage() are missing even though they are included if you
* call getEncoded() ... but if you re-create the certificate
* then those fields are present in the re-created certificate.
*/
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert2 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
return cert2;
}
return null;
} catch (Exception e) {
fault(e, "cannot sign certificate");
return null;
} finally {
done();
}
}
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class X509Util method decodeDerCertificate.
/**
* Reads a DER-encoded certificate and creates a corresponding X509Certificate
* object.
* @param certificateBytes
* @return
* @throws CertificateException
*/
public static X509Certificate decodeDerCertificate(byte[] certificateBytes) throws CertificateException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateBytes));
return cert;
}
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class TrustFirstCertificateTlsPolicy method addServerCertificatesToRepository.
private void addServerCertificatesToRepository(X509Certificate[] xcs) {
for (X509Certificate cert : xcs) {
System.out.println("server certificate: " + cert.getSubjectX500Principal().getName());
}
for (int i = 0; i < xcs.length; i++) {
try {
// CertificateExpiredException, CertificateNotYetValidEception
xcs[i].checkValidity();
log.info("Saving certificate {}", xcs[i].getSubjectX500Principal().getName());
// KeyManagementException
repository.addCertificate(xcs[i]);
} catch (Exception e) {
log.trace("TrustFirstCertificateTlsPolicy addServerCertificateToRepository cert was not valid. trying to save next cert");
// don't throw an exception because we may be able to save other certificates? throw new CertificateException("Unable to save server certificate", e);
}
}
}
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class ArrayCertificateRepositoryTest method testGetCertificateForAddress.
@Test
public void testGetCertificateForAddress() throws Exception {
X509Certificate x509 = arrayCertificateRepository.getCertificateForAddress(new InternetAddress("OATServer"));
assertNotNull(x509);
assertSame(x509, keystore[0]);
}
use of java.security.cert.X509Certificate in project OpenAttestation by OpenAttestation.
the class CertificateUtils method generateSelfSignedX509Certificate.
/**
* Generate a self signed X509 certificate with Bouncy Castle.
* @throws SignatureException
* @throws IllegalStateException
* @throws InvalidKeyException
* @throws CertificateEncodingException
*/
public static X509Certificate generateSelfSignedX509Certificate() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, InvalidKeyException, IllegalStateException, SignatureException {
Security.addProvider(new BouncyCastleProvider());
int validityDays = 3652;
// GENERATE THE PUBLIC/PRIVATE RSA KEY PAIR
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// GENERATE THE X509 CERTIFICATE
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=OATServer");
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(dnName);
// use the same
certGen.setIssuerDN(dnName);
certGen.setNotBefore(new java.sql.Time(System.currentTimeMillis()));
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.DAY_OF_YEAR, validityDays);
certGen.setNotAfter(expiry.getTime());
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
return cert;
}
Aggregations