Search in sources :

Example 56 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project Openfire by igniterealtime.

the class KeystoreTestUtils method generateTestCertificate.

private static X509Certificate generateTestCertificate(final boolean isValid, final KeyPair issuerKeyPair, final KeyPair subjectKeyPair, int indexAwayFromEndEntity) throws Exception {
    // Issuer and Subject.
    final X500Name subject = new X500Name("CN=" + Base64.encodeBytes(subjectKeyPair.getPublic().getEncoded(), Base64.URL_SAFE));
    final X500Name issuer = new X500Name("CN=" + Base64.encodeBytes(issuerKeyPair.getPublic().getEncoded(), Base64.URL_SAFE));
    // Validity
    final Date notBefore;
    final Date notAfter;
    if (isValid) {
        // 30 days ago
        notBefore = new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30));
        // 99 days from now.
        notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99));
    } else {
        // Generate a certificate for which the validate period has expired.
        // 40 days ago
        notBefore = new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 40));
        // 10 days ago
        notAfter = new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 10));
    }
    // The new certificate should get a unique serial number.
    final BigInteger serial = BigInteger.valueOf(Math.abs(new SecureRandom().nextInt()));
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, subjectKeyPair.getPublic());
    // When this certificate is used to sign another certificate, basic constraints need to be set.
    if (indexAwayFromEndEntity > 0) {
        builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(indexAwayFromEndEntity - 1));
    }
    final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").build(issuerKeyPair.getPrivate());
    final X509CertificateHolder certificateHolder = builder.build(contentSigner);
    return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) BigInteger(java.math.BigInteger) SecureRandom(java.security.SecureRandom) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Date(java.util.Date)

Example 57 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project bazel by bazelbuild.

the class SignedJarBuilder method writeSignatureBlock.

/** Write the certificate file with a digital signature. */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey, PrivateKey privateKey) throws IOException, GeneralSecurityException {
    SignerInfo signerInfo = new SignerInfo(new X500Name(publicKey.getIssuerX500Principal().getName()), publicKey.getSerialNumber(), AlgorithmId.get(DIGEST_ALGORITHM), AlgorithmId.get(privateKey.getAlgorithm()), signature.sign());
    PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) }, new ContentInfo(ContentInfo.DATA_OID, null), new X509Certificate[] { publicKey }, new SignerInfo[] { signerInfo });
    pkcs7.encodeSignedData(mOutputJar);
}
Also used : SignerInfo(sun.security.pkcs.SignerInfo) ContentInfo(sun.security.pkcs.ContentInfo) PKCS7(sun.security.pkcs.PKCS7) X500Name(sun.security.x509.X500Name)

Example 58 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project gitblit by gitblit.

the class X509Utils method buildDistinguishedName.

/**
	 * Builds a distinguished name from the X509Metadata.
	 *
	 * @return a DN
	 */
private static X500Name buildDistinguishedName(X509Metadata metadata) {
    X500NameBuilder dnBuilder = new X500NameBuilder(BCStyle.INSTANCE);
    setOID(dnBuilder, metadata, "C", null);
    setOID(dnBuilder, metadata, "ST", null);
    setOID(dnBuilder, metadata, "L", null);
    setOID(dnBuilder, metadata, "O", Constants.NAME);
    setOID(dnBuilder, metadata, "OU", Constants.NAME);
    setOID(dnBuilder, metadata, "E", metadata.emailAddress);
    setOID(dnBuilder, metadata, "CN", metadata.commonName);
    X500Name dn = dnBuilder.build();
    return dn;
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 59 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project atlas by alibaba.

the class SignedJarBuilder method writeSignatureBlock.

/**
     * Write the certificate file with a digital signature.
     */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey, PrivateKey privateKey) throws IOException, GeneralSecurityException {
    SignerInfo signerInfo = new SignerInfo(new X500Name(publicKey.getIssuerX500Principal().getName()), publicKey.getSerialNumber(), AlgorithmId.get(DIGEST_ALGORITHM), AlgorithmId.get(privateKey.getAlgorithm()), signature.sign());
    PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) }, new ContentInfo(ContentInfo.DATA_OID, null), new X509Certificate[] { publicKey }, new SignerInfo[] { signerInfo });
    pkcs7.encodeSignedData(mOutputJar);
}
Also used : SignerInfo(sun.security.pkcs.SignerInfo) ContentInfo(sun.security.pkcs.ContentInfo) PKCS7(sun.security.pkcs.PKCS7) X500Name(sun.security.x509.X500Name)

Example 60 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project netty by netty.

the class OpenJdkSelfSignedCertGenerator method generate.

static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fqdn, key, cert);
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)58 X509Certificate (java.security.cert.X509Certificate)45 X500Name (sun.security.x509.X500Name)39 IOException (java.io.IOException)25 Date (java.util.Date)25 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)23 BigInteger (java.math.BigInteger)20 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)20 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)19 SecureRandom (java.security.SecureRandom)18 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)18 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)17 PrivateKey (java.security.PrivateKey)14 CertificateEncodingException (java.security.cert.CertificateEncodingException)14 KeyPair (java.security.KeyPair)13 KeyStore (java.security.KeyStore)13 RDN (org.bouncycastle.asn1.x500.RDN)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 ArrayList (java.util.ArrayList)11 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10