Example 31 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project indy by Commonjava.
the class CertUtils method createSignedCertificate.
/**
* Generate X509Certificate using objects from existing issuer and subject certificates.
* The generated certificate is signed by issuer PrivateKey.
* @param certificate
* @param issuerCertificate
* @param issuerPrivateKey
* @param isIntermediate
* @return
* @throws Exception
*/
public static X509Certificate createSignedCertificate(X509Certificate certificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean isIntermediate) throws Exception {
String issuerSigAlg = issuerCertificate.getSigAlgName();
X500Principal principal = issuerCertificate.getIssuerX500Principal();
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(issuerSigAlg).setProvider(BouncyCastleProvider.PROVIDER_NAME);
JcaX509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(principal, certificate.getSerialNumber(), certificate.getNotBefore(), certificate.getNotAfter(), certificate.getSubjectX500Principal(), certificate.getPublicKey());
if (isIntermediate) {
v3CertGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(-1));
}
return converter.getCertificate(v3CertGen.build(contentSignerBuilder.build(issuerPrivateKey)));
}
Also used :
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X500Principal(javax.security.auth.x500.X500Principal)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 32 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project indy by Commonjava.
the class CertUtilsTest method testIntermediateSignedCertificateWithExtension.
@Test
public void testIntermediateSignedCertificateWithExtension() throws Exception, CertificateException, OperatorCreationException, CertificateEncodingException, CertException {
PrivateKey caKey = CertUtils.getPrivateKey("src/test/resources/ca.der");
X509Certificate caCert = CertUtils.loadX509Certificate(new File("src/test/resources", "ca.crt"));
String subjectCN = "CN=testcase.org, O=Test Org";
CertificateAndKeys certificateAndKeys = CertUtils.createSignedCertificateAndKey(subjectCN, caCert, caKey, true);
PublicKey publicKey = certificateAndKeys.getPublicKey();
X509CertificateHolder certHolder = new X509CertificateHolder(certificateAndKeys.getCertificate().getEncoded());
Extension ext = certHolder.getExtension(Extension.basicConstraints);
assertNotNull(ext);
assertEquals(ext.getExtnId(), Extension.basicConstraints);
assertEquals(ext.getParsedValue(), new BasicConstraints(-1));
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
File(java.io.File)
CertificateAndKeys(org.commonjava.indy.httprox.util.CertificateAndKeys)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 33 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project zookeeper by apache.
the class QuorumSSLTest method buildEndEntityCert.
public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey, String hostname, String ipAddress, String crlPath, Integer ocspPort) throws Exception {
X509CertificateHolder holder = new JcaX509CertificateHolder(caCert);
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey);
List<GeneralName> generalNames = new ArrayList<>();
if (hostname != null) {
generalNames.add(new GeneralName(GeneralName.dNSName, hostname));
}
if (ipAddress != null) {
generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress));
}
SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic().getEncoded()));
X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils();
JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()), certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic());
X509v3CertificateBuilder certificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(holder)).addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(entityKeyInfo)).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
if (!generalNames.isEmpty()) {
certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {})));
}
if (crlPath != null) {
DistributionPointName distPointOne = new DistributionPointName(new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, "file://" + crlPath)));
certificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[] { new DistributionPoint(distPointOne, null, null) }));
}
if (ocspPort != null) {
certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort)));
}
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(signer));
}
Also used :
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ArrayList(java.util.ArrayList)
DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Random(java.util.Random)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils)
BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
Example 34 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project zookeeper by apache.
the class X509TestHelpers method newCert.
/**
* Using the private key of the given CA key pair and the Subject of the given CA cert as the Issuer, issues a
* new cert with the given subject and public key. The returned certificate, combined with the private key half
* of the <code>certPublicKey</code>, should be used as the key store.
* @param caCert the certificate of the CA that's doing the signing.
* @param caKeyPair the key pair of the CA. The private key will be used to sign. The public key must match the
* public key in the <code>caCert</code>.
* @param certSubject the subject field of the new cert being issued.
* @param certPublicKey the public key of the new cert being issued.
* @param expirationMillis the expiration of the cert being issued, in milliseconds from now.
* @return a new certificate signed by the CA's private key.
* @throws IOException
* @throws OperatorCreationException
* @throws GeneralSecurityException
*/
public static X509Certificate newCert(X509Certificate caCert, KeyPair caKeyPair, X500Name certSubject, PublicKey certPublicKey, long expirationMillis) throws IOException, OperatorCreationException, GeneralSecurityException {
if (!caKeyPair.getPublic().equals(caCert.getPublicKey())) {
throw new IllegalArgumentException("CA private key does not match the public key in the CA cert");
}
Date now = new Date();
X509v3CertificateBuilder builder = initCertBuilder(new X500Name(caCert.getIssuerDN().getName()), now, new Date(now.getTime() + expirationMillis), certSubject, certPublicKey);
// not a CA
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
builder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth }));
builder.addExtension(Extension.subjectAlternativeName, false, getLocalhostSubjectAltNames());
return buildAndSignCertificate(caKeyPair.getPrivate(), builder);
}
Also used :
KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
Date(java.util.Date)
Example 35 with BasicConstraints
use of org.bouncycastle.asn1.x509.BasicConstraints in project robovm by robovm.
the class CertificateFactoryTest method generateCertificate.
@SuppressWarnings("deprecation")
private static KeyHolder generateCertificate(boolean isCa, KeyHolder issuer) throws Exception {
Date startDate = new Date();
GregorianCalendar cal = new GregorianCalendar();
cal.setTimeZone(TimeZone.getTimeZone("UTC"));
// Jan 1, 2100 UTC
cal.set(2100, 0, 1, 0, 0, 0);
Date expiryDate = cal.getTime();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = kpg.generateKeyPair();
BigInteger serial;
X500Principal issuerPrincipal;
X500Principal subjectPrincipal;
PrivateKey caKey;
if (issuer != null) {
serial = issuer.certificate.getSerialNumber().add(BigInteger.ONE);
subjectPrincipal = new X500Principal("CN=Test Certificate Serial #" + serial.toString());
issuerPrincipal = issuer.certificate.getSubjectX500Principal();
caKey = issuer.privateKey;
} else {
serial = BigInteger.ONE;
subjectPrincipal = new X500Principal("CN=Test CA, O=Tests, C=US");
issuerPrincipal = subjectPrincipal;
caKey = keyPair.getPrivate();
}
BasicConstraints basicConstraints;
if (isCa) {
basicConstraints = new BasicConstraints(10 - serial.intValue());
} else {
basicConstraints = new BasicConstraints(false);
}
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(serial);
certGen.setIssuerDN(issuerPrincipal);
certGen.setNotBefore(startDate);
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(subjectPrincipal);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA1withRSA");
if (issuer != null) {
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuer.certificate));
} else {
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic()));
}
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
certGen.addExtension(X509Extensions.BasicConstraints, true, basicConstraints);
X509Certificate cert = certGen.generate(caKey);
KeyHolder holder = new KeyHolder();
holder.certificate = cert;
holder.privateKey = keyPair.getPrivate();
return holder;
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
SubjectKeyIdentifierStructure(com.android.org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)
GregorianCalendar(java.util.GregorianCalendar)
KeyPairGenerator(java.security.KeyPairGenerator)
AuthorityKeyIdentifierStructure(com.android.org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)
BigInteger(java.math.BigInteger)
X500Principal(javax.security.auth.x500.X500Principal)
BasicConstraints(com.android.org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)57
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)30
X509Certificate (java.security.cert.X509Certificate)29
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)28
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)26
Date (java.util.Date)25
ContentSigner (org.bouncycastle.operator.ContentSigner)25
X500Name (org.bouncycastle.asn1.x500.X500Name)24
BigInteger (java.math.BigInteger)22
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)21
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)21
GeneralName (org.bouncycastle.asn1.x509.GeneralName)20
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)17
IOException (java.io.IOException)16
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)15
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14
ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)13
ArrayList (java.util.ArrayList)11
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)11
KeyPair (java.security.KeyPair)10
