use of org.bouncycastle.asn1.x500.X500Name in project helios by spotify.
the class X509CertificateFactory method generate.
private CertificateAndPrivateKey generate(final AgentProxy agentProxy, final Identity identity, final String username) {
final UUID uuid = new UUID();
final Calendar calendar = Calendar.getInstance();
final X500Name issuerdn = new X500Name("C=US,O=Spotify,CN=helios-client");
final X500Name subjectdn = new X500NameBuilder().addRDN(BCStyle.UID, username).build();
calendar.add(Calendar.MILLISECOND, -validBeforeMilliseconds);
final Date notBefore = calendar.getTime();
calendar.add(Calendar.MILLISECOND, validBeforeMilliseconds + validAfterMilliseconds);
final Date notAfter = calendar.getTime();
// Reuse the UUID time as a SN
final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs();
try {
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(KEY_SIZE, new SecureRandom());
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));
final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerdn, serialNumber, notBefore, notAfter, subjectdn, subjectPublicKeyInfo);
final DigestCalculator digestCalculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator);
final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier());
log.info("generating an X509 certificate for {} with key ID={} and identity={}", username, keyIdHex, identity.getComment());
builder.addExtension(Extension.subjectKeyIdentifier, false, keyId);
builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo));
builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign));
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
final X509CertificateHolder holder = builder.build(new SshAgentContentSigner(agentProxy, identity));
final X509Certificate certificate = CERTIFICATE_CONVERTER.getCertificate(holder);
log.debug("generated certificate:\n{}", asPemString(certificate));
return new CertificateAndPrivateKey(certificate, keyPair.getPrivate());
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
use of org.bouncycastle.asn1.x500.X500Name in project OpenAttestation by OpenAttestation.
the class X509Builder method issuerName.
public X509Builder issuerName(X509Certificate issuerCertificate) {
X500Name issuerName = X500Name.asX500Name(issuerCertificate.getSubjectX500Principal());
issuerName(issuerName);
return this;
}
use of org.bouncycastle.asn1.x500.X500Name in project OpenAttestation by OpenAttestation.
the class X509Builder method subjectName.
/**
*
* @param dn like "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US"
* @return
*/
public X509Builder subjectName(String dn) {
try {
certificateSubjectName = new CertificateSubjectName(new X500Name(dn));
// CertificateException, IOException
info.set(X509CertInfo.SUBJECT, certificateSubjectName);
} catch (Exception e) {
fault(e, "subjectName(%s)", dn);
}
return this;
}
use of org.bouncycastle.asn1.x500.X500Name in project OpenAttestation by OpenAttestation.
the class X509Builder method issuerName.
public X509Builder issuerName(String dn) {
try {
certificateIssuerName = new CertificateIssuerName(new X500Name(dn));
// CertificateException, IOException
info.set(X509CertInfo.ISSUER, certificateIssuerName);
} catch (Exception e) {
fault(e, "issuerName(%s)", dn);
}
return this;
}
use of org.bouncycastle.asn1.x500.X500Name in project Conversations by siacs.
the class CryptoHelper method extractJidAndName.
public static Pair<Jid, String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
List<String> emails = new ArrayList<>();
if (alternativeNames != null) {
for (List<?> san : alternativeNames) {
Integer type = (Integer) san.get(0);
if (type == 1) {
emails.add((String) san.get(1));
}
}
}
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
if (emails.size() == 0) {
emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
}
String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
if (emails.size() >= 1) {
return new Pair<>(Jid.fromString(emails.get(0)), name);
} else {
return null;
}
}
Aggregations