Example 61 with X500Name
use of org.bouncycastle.asn1.x500.X500Name in project platformlayer by platformlayer.
the class SimpleCertificateAuthority method selfSign.
public static X509Certificate selfSign(String csr, KeyPair keyPair) throws OpsException {
try {
PKCS10CertificationRequest csrHolder = parseCsr(csr);
SubjectPublicKeyInfo subjectPublicKeyInfo = csrHolder.getSubjectPublicKeyInfo();
X500Name subject = csrHolder.getSubject();
// Self sign
X500Name issuer = subject;
PrivateKey issuerPrivateKey = keyPair.getPrivate();
Certificate certificate = signCertificate(issuer, issuerPrivateKey, subject, subjectPublicKeyInfo);
return toX509(certificate);
} catch (IOException e) {
throw new OpsException("Error reading CSR", e);
}
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
OpsException(org.platformlayer.ops.OpsException)
PrivateKey(java.security.PrivateKey)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 62 with X500Name
use of org.bouncycastle.asn1.x500.X500Name in project dex2jar by pxb1988.
the class SunJarSignImpl method writeSignatureBlock.
/** Write a .RSA file with a digital signature. */
@SuppressWarnings("all")
protected void writeSignatureBlock(byte[] signature, OutputStream out) throws IOException {
try {
SignerInfo signerInfo = new SignerInfo(new X500Name(cert.getIssuerX500Principal().getName()), cert.getSerialNumber(), AlgorithmId.get(digestAlg), AlgorithmId.get("RSA"), signature);
PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get(digestAlg) }, new ContentInfo(ContentInfo.DATA_OID, null), new X509Certificate[] { cert }, new SignerInfo[] { signerInfo });
pkcs7.encodeSignedData(out);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
Also used :
SignerInfo(sun.security.pkcs.SignerInfo)
ContentInfo(sun.security.pkcs.ContentInfo)
PKCS7(sun.security.pkcs.PKCS7)
X500Name(sun.security.x509.X500Name)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 63 with X500Name
use of org.bouncycastle.asn1.x500.X500Name in project keywhiz by square.
the class LdapAuthenticator method rolesFromDN.
private Set<String> rolesFromDN(String userDN) throws LDAPException, GeneralSecurityException {
SearchRequest searchRequest = new SearchRequest(config.getRoleBaseDN(), SearchScope.SUB, Filter.createEqualityFilter("uniqueMember", userDN));
Set<String> roles = Sets.newLinkedHashSet();
LDAPConnection connection = connectionFactory.getLDAPConnection();
try {
SearchResult sr = connection.search(searchRequest);
for (SearchResultEntry sre : sr.getSearchEntries()) {
X500Name x500Name = new X500Name(sre.getDN());
RDN[] rdns = x500Name.getRDNs(BCStyle.CN);
if (rdns.length == 0) {
logger.error("Could not create X500 Name for role:" + sre.getDN());
} else {
String commonName = IETFUtils.valueToString(rdns[0].getFirst().getValue());
roles.add(commonName);
}
}
} finally {
connection.close();
}
return roles;
}
Also used :
SearchRequest(com.unboundid.ldap.sdk.SearchRequest)
SearchResult(com.unboundid.ldap.sdk.SearchResult)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
X500Name(org.bouncycastle.asn1.x500.X500Name)
RDN(org.bouncycastle.asn1.x500.RDN)
SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry)
Example 64 with X500Name
use of org.bouncycastle.asn1.x500.X500Name in project keywhiz by square.
the class ClientAuthFactory method getClientName.
static Optional<String> getClientName(ContainerRequest request) {
Principal principal = request.getSecurityContext().getUserPrincipal();
if (principal == null) {
return Optional.empty();
}
X500Name name = new X500Name(principal.getName());
RDN[] rdns = name.getRDNs(BCStyle.CN);
if (rdns.length == 0) {
logger.warn("Certificate does not contain CN=xxx,...: {}", principal.getName());
return Optional.empty();
}
return Optional.of(IETFUtils.valueToString(rdns[0].getFirst().getValue()));
}Example 65 with X500Name
use of org.bouncycastle.asn1.x500.X500Name in project syncany by syncany.
the class WebServer method certificateCommonNameChanged.
private boolean certificateCommonNameChanged(String certificateCommonName) {
try {
KeyStore userKeyStore = UserConfig.getUserKeyStore();
X509Certificate currentCertificate = (X509Certificate) userKeyStore.getCertificate(CipherParams.CERTIFICATE_IDENTIFIER);
if (currentCertificate != null) {
X500Name currentCertificateSubject = new JcaX509CertificateHolder(currentCertificate).getSubject();
RDN currentCertificateSubjectCN = currentCertificateSubject.getRDNs(BCStyle.CN)[0];
String currentCertificateSubjectCnStr = IETFUtils.valueToString(currentCertificateSubjectCN.getFirst().getValue());
if (!certificateCommonName.equals(currentCertificateSubjectCnStr)) {
logger.log(Level.INFO, "- Certificate regeneration necessary: Cert common name in daemon config changed from " + currentCertificateSubjectCnStr + " to " + certificateCommonName + ".");
return true;
}
} else {
logger.log(Level.INFO, "- Certificate regeneration necessary, because no certificate found in key store.");
return true;
}
return false;
} catch (Exception e) {
throw new RuntimeException("Cannot (re-)generate server certificate for hostname: " + certificateCommonName, e);
}
}
Also used :
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStore(java.security.KeyStore)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
RDN(org.bouncycastle.asn1.x500.RDN)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)58
X509Certificate (java.security.cert.X509Certificate)45
X500Name (sun.security.x509.X500Name)39
IOException (java.io.IOException)25
Date (java.util.Date)25
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)23
BigInteger (java.math.BigInteger)20
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)20
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)19
SecureRandom (java.security.SecureRandom)18
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)18
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)17
PrivateKey (java.security.PrivateKey)14
CertificateEncodingException (java.security.cert.CertificateEncodingException)14
KeyPair (java.security.KeyPair)13
KeyStore (java.security.KeyStore)13
RDN (org.bouncycastle.asn1.x500.RDN)13
ContentSigner (org.bouncycastle.operator.ContentSigner)13
ArrayList (java.util.ArrayList)11
GeneralName (org.bouncycastle.asn1.x509.GeneralName)10
