Examples with BasicConstraints org.bouncycastle.asn1.x509.BasicConstraints used on opensource projects

Search in sources :

Example 46 with BasicConstraints

use of org.bouncycastle.asn1.x509.BasicConstraints in project fabric-sdk-java by hyperledger.

the class TLSCertificateBuilder method createSelfSignedCertificate.

private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san) throws Exception {
    X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair);
    // Basic constraints
    BasicConstraints constraints = new BasicConstraints(false);
    certBuilder.addExtension(Extension.basicConstraints, true, constraints.getEncoded());
    // Key usage
    KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature);
    certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded());
    // Extended key usage
    certBuilder.addExtension(Extension.extendedKeyUsage, false, certType.keyUsage().getEncoded());
    if (san != null) {
        addSAN(certBuilder, san);
    }
    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate());
    X509CertificateHolder holder = certBuilder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    converter.setProvider(new BouncyCastleProvider());
    return converter.getCertificate(holder);
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 47 with BasicConstraints

use of org.bouncycastle.asn1.x509.BasicConstraints in project MaxKey by dromara.

the class X509V3CertGen method genV3Certificate.

public static X509Certificate genV3Certificate(String issuerName, String subjectName, Date notBefore, Date notAfter, KeyPair keyPair) throws Exception {
    // issuer same as  subject is CA
    BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
    X500Name x500Name = new X500Name(issuerName);
    X500Name subject = new X500Name(subjectName);
    PublicKey publicKey = keyPair.getPublic();
    PrivateKey privateKey = keyPair.getPrivate();
    SubjectPublicKeyInfo subjectPublicKeyInfo = null;
    ASN1InputStream publicKeyInputStream = null;
    try {
        publicKeyInputStream = new ASN1InputStream(publicKey.getEncoded());
        Object aiStream = publicKeyInputStream.readObject();
        subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream);
    } catch (IOException e1) {
        e1.printStackTrace();
    } finally {
        if (publicKeyInputStream != null)
            publicKeyInputStream.close();
    }
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
    // certBuilder.addExtension(X509Extensions.BasicConstraints,  true, new BasicConstraints(false));
    // certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment));
    // certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
    // certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "connsec@163.com")));
    X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen);
    CertificateFactory certificateFactory = CertificateFactory.class.newInstance();
    InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
    X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream);
    inputStream.close();
    return x509Certificate;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertificateFactory(org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger)

Example 48 with BasicConstraints

use of org.bouncycastle.asn1.x509.BasicConstraints in project mockserver by mock-server.

the class BCKeyAndCertificateFactory method createCASignedCert.

/**
 * Create a server certificate for the given domain and subject alternative names, signed by the given Certificate Authority.
 */
private X509Certificate createCASignedCert(PublicKey publicKey, X509Certificate certificateAuthorityCert, PrivateKey certificateAuthorityPrivateKey, PublicKey certificateAuthorityPublicKey, String domain, Set<String> subjectAlternativeNameDomains, Set<String> subjectAlternativeNameIps) throws Exception {
    // signers name
    X500Name issuer = new X509CertificateHolder(certificateAuthorityCert.getEncoded()).getSubject();
    // subjects name - the same as we are self signed.
    X500Name subject = new X500Name("CN=" + domain + ", O=MockServer, L=London, ST=England, C=UK");
    // serial
    BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE));
    // create the certificate - version 3
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER, subject, publicKey);
    builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
    // subject alternative name
    List<ASN1Encodable> subjectAlternativeNames = new ArrayList<>();
    if (subjectAlternativeNameDomains != null) {
        subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, domain));
        for (String subjectAlternativeNameDomain : subjectAlternativeNameDomains) {
            subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, subjectAlternativeNameDomain));
        }
    }
    if (subjectAlternativeNameIps != null) {
        for (String subjectAlternativeNameIp : subjectAlternativeNameIps) {
            if (IPAddress.isValidIPv6WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv6(subjectAlternativeNameIp) || IPAddress.isValidIPv4WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv4(subjectAlternativeNameIp)) {
                subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, subjectAlternativeNameIp));
            }
        }
    }
    if (subjectAlternativeNames.size() > 0) {
        DERSequence subjectAlternativeNamesExtension = new DERSequence(subjectAlternativeNames.toArray(new ASN1Encodable[0]));
        builder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension);
    }
    X509Certificate signedX509Certificate = signCertificate(builder, certificateAuthorityPrivateKey);
    // validate
    signedX509Certificate.checkValidity(new Date());
    signedX509Certificate.verify(certificateAuthorityPublicKey);
    return signedX509Certificate;
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger)

Example 49 with BasicConstraints

use of org.bouncycastle.asn1.x509.BasicConstraints in project mockserver by mock-server.

the class BCKeyAndCertificateFactory method createCACert.

private X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception {
    // signers name
    X500Name issuerName = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK");
    // serial
    BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE));
    // create the certificate - version 3 (with subjects name same as issues as self signed)
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, issuerName, publicKey);
    builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
    builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
    builder.addExtension(Extension.keyUsage, false, usage);
    ASN1EncodableVector purposes = new ASN1EncodableVector();
    purposes.add(KeyPurposeId.id_kp_serverAuth);
    purposes.add(KeyPurposeId.id_kp_clientAuth);
    purposes.add(KeyPurposeId.anyExtendedKeyUsage);
    builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
    X509Certificate cert = signCertificate(builder, privateKey);
    cert.checkValidity(new Date());
    cert.verify(publicKey);
    return cert;
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate)

Example 50 with BasicConstraints

use of org.bouncycastle.asn1.x509.BasicConstraints in project pwm by pwm-project.

the class SelfCertGenerator method generateV3Certificate.

private X509Certificate generateV3Certificate(final KeyPair pair, final String cnValue) throws Exception {
    final X500NameBuilder subjectName = new X500NameBuilder(BCStyle.INSTANCE);
    subjectName.addRDN(BCStyle.CN, cnValue);
    final BigInteger serialNumber = makeSerialNumber();
    // 2 days in the past
    final Date notBefore = new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(2));
    final long futureSeconds = settings.getFutureSeconds();
    final Date notAfter = new Date(System.currentTimeMillis() + (futureSeconds * 1000));
    final X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(subjectName.build(), serialNumber, notBefore, notAfter, subjectName.build(), pair.getPublic());
    // false == not a CA
    final BasicConstraints basic = new BasicConstraints(false);
    // OID, critical, ASN.1 encoded value
    certGen.addExtension(Extension.basicConstraints, true, basic.getEncoded());
    // add subject alternate name
    /*
        {
            final ASN1Encodable[] subjectAlternativeNames = new ASN1Encodable[]
                {
                    new GeneralName( GeneralName.dNSName, cnValue ),
                    };
            final DERSequence subjectAlternativeNamesExtension = new DERSequence( subjectAlternativeNames );
            certGen.addExtension( Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension );
        }
        */
    // sign and key encipher
    final KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment);
    // OID, critical, ASN.1 encoded value
    certGen.addExtension(Extension.keyUsage, true, keyUsage.getEncoded());
    // server authentication
    final ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth);
    // OID, critical, ASN.1 encoded value
    certGen.addExtension(Extension.extendedKeyUsage, true, extKeyUsage.getEncoded());
    final ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate());
    return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) BigInteger(java.math.BigInteger) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) Date(java.util.Date)

Aggregations

BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)103 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)60 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)60 X500Name (org.bouncycastle.asn1.x500.X500Name)57 ContentSigner (org.bouncycastle.operator.ContentSigner)56 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)54 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)54 BigInteger (java.math.BigInteger)52 Date (java.util.Date)47 X509Certificate (java.security.cert.X509Certificate)46 KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)34 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)34 IOException (java.io.IOException)28 GeneralName (org.bouncycastle.asn1.x509.GeneralName)27 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)25 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)22 ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)20 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)20 ArrayList (java.util.ArrayList)16 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)16
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial