Search in sources :

Example 66 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project helios by spotify.

the class X509CertificateFactory method generate.

private CertificateAndPrivateKey generate(final AgentProxy agentProxy, final Identity identity, final String username) {
    final UUID uuid = new UUID();
    final Calendar calendar = Calendar.getInstance();
    final X500Name issuerdn = new X500Name("C=US,O=Spotify,CN=helios-client");
    final X500Name subjectdn = new X500NameBuilder().addRDN(BCStyle.UID, username).build();
    calendar.add(Calendar.MILLISECOND, -validBeforeMilliseconds);
    final Date notBefore = calendar.getTime();
    calendar.add(Calendar.MILLISECOND, validBeforeMilliseconds + validAfterMilliseconds);
    final Date notAfter = calendar.getTime();
    // Reuse the UUID time as a SN
    final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs();
    try {
        final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(KEY_SIZE, new SecureRandom());
        final KeyPair keyPair = keyPairGenerator.generateKeyPair();
        final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));
        final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerdn, serialNumber, notBefore, notAfter, subjectdn, subjectPublicKeyInfo);
        final DigestCalculator digestCalculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
        final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator);
        final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
        final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier());
        log.info("generating an X509 certificate for {} with key ID={} and identity={}", username, keyIdHex, identity.getComment());
        builder.addExtension(Extension.subjectKeyIdentifier, false, keyId);
        builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo));
        builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign));
        builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        final X509CertificateHolder holder = builder.build(new SshAgentContentSigner(agentProxy, identity));
        final X509Certificate certificate = CERTIFICATE_CONVERTER.getCertificate(holder);
        log.debug("generated certificate:\n{}", asPemString(certificate));
        return new CertificateAndPrivateKey(certificate, keyPair.getPrivate());
    } catch (Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) Calendar(java.util.Calendar) DigestCalculator(org.bouncycastle.operator.DigestCalculator) SecureRandom(java.security.SecureRandom) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyPairGenerator(java.security.KeyPairGenerator) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) UUID(com.eaio.uuid.UUID) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 67 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project OpenAttestation by OpenAttestation.

the class X509Builder method issuerName.

public X509Builder issuerName(X509Certificate issuerCertificate) {
    X500Name issuerName = X500Name.asX500Name(issuerCertificate.getSubjectX500Principal());
    issuerName(issuerName);
    return this;
}
Also used : X500Name(sun.security.x509.X500Name)

Example 68 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project OpenAttestation by OpenAttestation.

the class X509Builder method subjectName.

/**
     * 
     * @param dn like "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US"
     * @return 
     */
public X509Builder subjectName(String dn) {
    try {
        certificateSubjectName = new CertificateSubjectName(new X500Name(dn));
        // CertificateException, IOException
        info.set(X509CertInfo.SUBJECT, certificateSubjectName);
    } catch (Exception e) {
        fault(e, "subjectName(%s)", dn);
    }
    return this;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) X500Name(sun.security.x509.X500Name)

Example 69 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project OpenAttestation by OpenAttestation.

the class X509Builder method issuerName.

public X509Builder issuerName(String dn) {
    try {
        certificateIssuerName = new CertificateIssuerName(new X500Name(dn));
        // CertificateException, IOException
        info.set(X509CertInfo.ISSUER, certificateIssuerName);
    } catch (Exception e) {
        fault(e, "issuerName(%s)", dn);
    }
    return this;
}
Also used : CertificateIssuerName(sun.security.x509.CertificateIssuerName) X500Name(sun.security.x509.X500Name)

Example 70 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project Conversations by siacs.

the class CryptoHelper method extractJidAndName.

public static Pair<Jid, String> extractJidAndName(X509Certificate certificate) throws CertificateEncodingException, InvalidJidException, CertificateParsingException {
    Collection<List<?>> alternativeNames = certificate.getSubjectAlternativeNames();
    List<String> emails = new ArrayList<>();
    if (alternativeNames != null) {
        for (List<?> san : alternativeNames) {
            Integer type = (Integer) san.get(0);
            if (type == 1) {
                emails.add((String) san.get(1));
            }
        }
    }
    X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
    if (emails.size() == 0) {
        emails.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.EmailAddress)[0].getFirst().getValue()));
    }
    String name = IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[0].getFirst().getValue());
    if (emails.size() >= 1) {
        return new Pair<>(Jid.fromString(emails.get(0)), name);
    } else {
        return null;
    }
}
Also used : ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) Pair(android.util.Pair)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)58 X509Certificate (java.security.cert.X509Certificate)45 X500Name (sun.security.x509.X500Name)39 IOException (java.io.IOException)25 Date (java.util.Date)25 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)23 BigInteger (java.math.BigInteger)20 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)20 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)19 SecureRandom (java.security.SecureRandom)18 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)18 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)17 PrivateKey (java.security.PrivateKey)14 CertificateEncodingException (java.security.cert.CertificateEncodingException)14 KeyPair (java.security.KeyPair)13 KeyStore (java.security.KeyStore)13 RDN (org.bouncycastle.asn1.x500.RDN)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 ArrayList (java.util.ArrayList)11 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10