Examples with JcaX509ExtensionUtils org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils used on opensource projects

Search in sources :

Example 31 with JcaX509ExtensionUtils

use of org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils in project wso2-synapse by wso2.

the class CRLVerifierTest method createCRL.

/**
 * Creates a fake CRL for the fake CA. The fake certificate with the given revokedSerialNumber will be marked
 * as Revoked in the returned CRL.
 * @param caCert the fake CA certificate.
 * @param caPrivateKey private key of the fake CA.
 * @param revokedSerialNumber the serial number of the fake peer certificate made to be marked as revoked.
 * @return the created fake CRL
 * @throws Exception
 */
public static X509CRL createCRL(X509Certificate caCert, PrivateKey caPrivateKey, BigInteger revokedSerialNumber) throws Exception {
    JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
    Date now = new Date();
    X500Name issuer = X500Name.getInstance(PrincipalUtil.getIssuerX509Principal(caCert).getEncoded());
    X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
    builder.addCRLEntry(revokedSerialNumber, new Date(), 0);
    builder.setNextUpdate(new Date(now.getTime() + TestConstants.NEXT_UPDATE_PERIOD));
    builder.addExtension(Extension.cRLDistributionPoints, false, extUtils.createAuthorityKeyIdentifier(caCert));
    builder.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.valueOf(1)));
    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
    contentSignerBuilder.setProvider(CryptoConstants.BOUNCY_CASTLE_PROVIDER);
    X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(caPrivateKey));
    JcaX509CRLConverter converter = new JcaX509CRLConverter();
    converter.setProvider(CryptoConstants.BOUNCY_CASTLE_PROVIDER);
    return converter.getCRL(cRLHolder);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date)

Example 32 with JcaX509ExtensionUtils

use of org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils in project accumulo by apache.

the class CertUtils method generateCert.

private Certificate generateCert(KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException {
    Calendar startDate = Calendar.getInstance();
    Calendar endDate = Calendar.getInstance();
    endDate.add(Calendar.YEAR, 100);
    BigInteger serialNumber = BigInteger.valueOf(startDate.getTimeInMillis());
    X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
    certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
    certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
    certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
    if (isCertAuthority) {
        certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    }
    X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
    return new JcaX509CertificateConverter().getCertificate(cert);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) Calendar(java.util.Calendar) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Aggregations

JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)32 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)19 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)17 Date (java.util.Date)16 ContentSigner (org.bouncycastle.operator.ContentSigner)16 X500Name (org.bouncycastle.asn1.x500.X500Name)15 BigInteger (java.math.BigInteger)13 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)12 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)12 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)11 KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)10 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)10 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)9 CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)9 AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)8 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)8 File (java.io.File)6 X509Certificate (java.security.cert.X509Certificate)6 HashSet (java.util.HashSet)6 ExtendedKeyUsage (org.bouncycastle.asn1.x509.ExtendedKeyUsage)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial