Search in sources :

Example 91 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project ddf by codice.

the class PkiToolsTest method nameIsNotEmpty.

@Test
public void nameIsNotEmpty() throws CertificateEncodingException {
    String host = "host.domain.tld";
    X500Name name = PkiTools.makeDistinguishedName(host);
    assertThat(name.toString(), equalTo("cn=" + host));
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) Test(org.junit.Test)

Example 92 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project poi by apache.

the class PkiTestUtils method generateCertificate.

static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, Date notBefore, Date notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage) throws IOException, OperatorCreationException, CertificateException {
    String signatureAlgorithm = "SHA1withRSA";
    X500Name issuerName;
    if (issuerCertificate != null) {
        issuerName = new X509CertificateHolder(issuerCertificate.getEncoded()).getIssuer();
    } else {
        issuerName = new X500Name(subjectDn);
    }
    RSAPublicKey rsaPubKey = (RSAPublicKey) subjectPublicKey;
    RSAKeyParameters rsaSpec = new RSAKeyParameters(false, rsaPubKey.getModulus(), rsaPubKey.getPublicExponent());
    SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(rsaSpec);
    DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1);
    X509v3CertificateBuilder certificateGenerator = new X509v3CertificateBuilder(issuerName, new BigInteger(128, new SecureRandom()), notBefore, notAfter, new X500Name(subjectDn), subjectPublicKeyInfo);
    X509ExtensionUtils exUtils = new X509ExtensionUtils(digestCalc);
    SubjectKeyIdentifier subKeyId = exUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
    AuthorityKeyIdentifier autKeyId = (issuerCertificate != null) ? exUtils.createAuthorityKeyIdentifier(new X509CertificateHolder(issuerCertificate.getEncoded())) : exUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo);
    certificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, subKeyId);
    certificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, autKeyId);
    if (caFlag) {
        BasicConstraints bc;
        if (-1 == pathLength) {
            bc = new BasicConstraints(true);
        } else {
            bc = new BasicConstraints(pathLength);
        }
        certificateGenerator.addExtension(Extension.basicConstraints, false, bc);
    }
    if (null != crlUri) {
        int uri = GeneralName.uniformResourceIdentifier;
        DERIA5String crlUriDer = new DERIA5String(crlUri);
        GeneralName gn = new GeneralName(uri, crlUriDer);
        DERSequence gnDer = new DERSequence(gn);
        GeneralNames gns = GeneralNames.getInstance(gnDer);
        DistributionPointName dpn = new DistributionPointName(0, gns);
        DistributionPoint distp = new DistributionPoint(dpn, null, null);
        DERSequence distpDer = new DERSequence(distp);
        certificateGenerator.addExtension(Extension.cRLDistributionPoints, false, distpDer);
    }
    if (null != ocspUri) {
        int uri = GeneralName.uniformResourceIdentifier;
        GeneralName ocspName = new GeneralName(uri, ocspUri);
        AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, ocspName);
        certificateGenerator.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess);
    }
    if (null != keyUsage) {
        certificateGenerator.addExtension(Extension.keyUsage, true, keyUsage);
    }
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
    signerBuilder.setProvider("BC");
    X509CertificateHolder certHolder = certificateGenerator.build(signerBuilder.build(issuerPrivateKey));
    //                        .getEncoded()));
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) DigestCalculator(org.bouncycastle.operator.DigestCalculator) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) RSAPublicKey(java.security.interfaces.RSAPublicKey) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) SecureRandom(java.security.SecureRandom) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 93 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project cas by apereo.

the class DefaultSamlIdPCertificateAndKeyWriter method generateCertificate.

private X509Certificate generateCertificate(final KeyPair keypair) throws Exception {
    final X500Name dn = new X500Name("CN=" + hostname);
    final GregorianCalendar notBefore = new GregorianCalendar();
    final GregorianCalendar notOnOrAfter = new GregorianCalendar();
    notOnOrAfter.set(GregorianCalendar.YEAR, notOnOrAfter.get(GregorianCalendar.YEAR) + certificateLifetimeInYears);
    final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(dn, new BigInteger(160, RandomUtils.getNativeInstance()), notBefore.getTime(), notOnOrAfter.getTime(), dn, keypair.getPublic());
    final JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
    builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keypair.getPublic()));
    builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(buildSubjectAltNames())));
    final X509CertificateHolder certHldr = builder.build(new JcaContentSignerBuilder(certificateAlgorithm).build(keypair.getPrivate()));
    final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHldr);
    cert.checkValidity(new Date());
    cert.verify(keypair.getPublic());
    return cert;
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) DERSequence(org.bouncycastle.asn1.DERSequence) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) GregorianCalendar(java.util.GregorianCalendar) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date)

Example 94 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project meecrowave by apache.

the class Keystores method create.

public static void create(final File keystore) throws Exception {
    CryptoUtils.installBouncyCastleProvider();
    final KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(null, "password".toCharArray());
    final CertAndKeyGen keyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
    keyGen.generate(2048);
    PrivateKey rootPrivateKey = keyGen.getPrivateKey();
    X509Certificate rootCertificate = keyGen.getSelfCertificate(new X500Name("cn=root"), (long) 365 * 24 * 60 * 60);
    final CertAndKeyGen keyGen1 = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
    keyGen1.generate(2048);
    final PrivateKey middlePrivateKey = keyGen1.getPrivateKey();
    X509Certificate middleCertificate = keyGen1.getSelfCertificate(new X500Name("CN=MIDDLE"), (long) 365 * 24 * 60 * 60);
    // Generate leaf certificate
    final CertAndKeyGen keyGen2 = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
    keyGen2.generate(2048);
    final PrivateKey topPrivateKey = keyGen2.getPrivateKey();
    X509Certificate topCertificate = keyGen2.getSelfCertificate(new X500Name("cn=root"), (long) 365 * 24 * 60 * 60);
    rootCertificate = createSignedCertificate(rootCertificate, rootCertificate, rootPrivateKey);
    middleCertificate = createSignedCertificate(middleCertificate, rootCertificate, rootPrivateKey);
    topCertificate = createSignedCertificate(topCertificate, middleCertificate, middlePrivateKey);
    final X509Certificate[] chain = new X509Certificate[] { topCertificate, middleCertificate, rootCertificate };
    ks.setKeyEntry("alice", topPrivateKey, "pwd".toCharArray(), chain);
    keystore.getParentFile().mkdirs();
    try (final OutputStream os = new FileOutputStream(keystore)) {
        ks.store(os, "password".toCharArray());
    }
}
Also used : PrivateKey(java.security.PrivateKey) CertAndKeyGen(sun.security.tools.keytool.CertAndKeyGen) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) FileOutputStream(java.io.FileOutputStream) X500Name(sun.security.x509.X500Name) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate)

Example 95 with X500Name

use of org.bouncycastle.asn1.x500.X500Name in project Payara by payara.

the class SecClientRequestInterceptor method createIdToken.

/**
 * create and return an identity token from the credential. The identity token is cdr encoded.
 */
private IdentityToken createIdToken(java.lang.Object cred, Class cls, ORB orb) throws Exception {
    IdentityToken idtok = null;
    DerOutputStream dos = new DerOutputStream();
    // DER encoding buffer
    DerValue[] derval = null;
    // byte[] cdrval ; // CDR encoding buffer
    Any any = orb.create_any();
    idtok = new IdentityToken();
    if (X500Name.class.isAssignableFrom(cls)) {
        _logger.log(Level.FINE, "Constructing an X500 DN Identity Token");
        X500Name credname = (X500Name) cred;
        // ASN.1 encoding
        credname.encode(dos);
        X501DistinguishedNameHelper.insert(any, dos.toByteArray());
        /* IdentityToken with CDR encoded X501 name */
        idtok.dn(codec.encode_value(any));
    } else if (X509CertificateCredential.class.isAssignableFrom(cls)) {
        _logger.log(Level.FINE, "Constructing an X509 Certificate Chain Identity Token");
        /* create a DER encoding */
        X509CertificateCredential certcred = (X509CertificateCredential) cred;
        X509Certificate[] certchain = certcred.getX509CertificateChain();
        _logger.log(Level.FINE, "Certchain length = " + certchain.length);
        derval = new DerValue[certchain.length];
        for (int i = 0; i < certchain.length; i++) derval[i] = new DerValue(certchain[i].getEncoded());
        dos.putSequence(derval);
        X509CertificateChainHelper.insert(any, dos.toByteArray());
        /* IdentityToken with CDR encoded certificate chain */
        idtok.certificate_chain(codec.encode_value(any));
    } else if (AnonCredential.class.isAssignableFrom(cls)) {
        _logger.log(Level.FINE, "Constructing an Anonymous Identity Token");
        idtok.anonymous(true);
    } else if (GSSUPName.class.isAssignableFrom(cls)) {
        /* GSSAPI Exported name */
        _logger.log(Level.FINE, "Constructing a GSS Exported name Identity Token");
        /* create a DER encoding */
        GSSUPName gssname = (GSSUPName) cred;
        byte[] expname = gssname.getExportedName();
        GSS_NT_ExportedNameHelper.insert(any, expname);
        /* IdentityToken with CDR encoded GSSUPName */
        idtok.principal_name(codec.encode_value(any));
    }
    return (idtok);
}
Also used : GSSUPName(com.sun.enterprise.common.iiop.security.GSSUPName) DerOutputStream(sun.security.util.DerOutputStream) X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential) DerValue(sun.security.util.DerValue) X500Name(sun.security.x509.X500Name)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)58 X509Certificate (java.security.cert.X509Certificate)45 X500Name (sun.security.x509.X500Name)39 IOException (java.io.IOException)25 Date (java.util.Date)25 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)23 BigInteger (java.math.BigInteger)20 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)20 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)19 SecureRandom (java.security.SecureRandom)18 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)18 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)17 PrivateKey (java.security.PrivateKey)14 CertificateEncodingException (java.security.cert.CertificateEncodingException)14 KeyPair (java.security.KeyPair)13 KeyStore (java.security.KeyStore)13 RDN (org.bouncycastle.asn1.x500.RDN)13 ContentSigner (org.bouncycastle.operator.ContentSigner)13 ArrayList (java.util.ArrayList)11 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10