Examples with X509Principal org.bouncycastle.jce.X509Principal used on opensource projects

Search in sources :

Example 1 with X509Principal

use of org.bouncycastle.jce.X509Principal in project nhin-d by DirectProject.

the class CertGenerator method createNewCA.

private static CertCreateFields createNewCA(CertCreateFields fields, KeyPair keyPair, boolean addAltNames) throws Exception {
    StringBuilder dnBuilder = new StringBuilder();
    String altName = "";
    // create the DN
    if (fields.getAttributes().containsKey("EMAILADDRESS")) {
        dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
        altName = fields.getAttributes().get("EMAILADDRESS").toString();
    }
    if (fields.getAttributes().containsKey("CN"))
        dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
    if (fields.getAttributes().containsKey("C"))
        dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
    if (fields.getAttributes().containsKey("ST"))
        dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
    if (fields.getAttributes().containsKey("L"))
        dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
    if (fields.getAttributes().containsKey("O"))
        dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
    String DN = dnBuilder.toString().trim();
    if (DN.endsWith(","))
        DN = DN.substring(0, DN.length() - 1);
    X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
    Calendar start = Calendar.getInstance();
    Calendar end = Calendar.getInstance();
    end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
    v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
    v1CertGen.setIssuerDN(new X509Principal(DN));
    v1CertGen.setNotBefore(start.getTime());
    v1CertGen.setNotAfter(end.getTime());
    // issuer and subject are the same for a CA
    v1CertGen.setSubjectDN(new X509Principal(DN));
    v1CertGen.setPublicKey(keyPair.getPublic());
    v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
    v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
    if (addAltNames && !altName.isEmpty()) {
        int nameType = altName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(nameType, altName));
        v1CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
    }
    X509Certificate newCACert = v1CertGen.generate(keyPair.getPrivate(), CryptoExtensions.getJCEProviderName());
    // validate the certificate 
    newCACert.verify(keyPair.getPublic());
    // write the certificate the file system
    writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
    return fields;
}
Also used : X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509Principal(org.bouncycastle.jce.X509Principal) Calendar(java.util.Calendar) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509Certificate(java.security.cert.X509Certificate)

Example 2 with X509Principal

use of org.bouncycastle.jce.X509Principal in project nhin-d by DirectProject.

the class CertGenerator method createCertFromCSR.

public static X509Certificate createCertFromCSR(PKCS10CertificationRequest certReq, CertCreateFields signerCert) throws Exception {
    certReq.verify();
    final CertificationRequestInfo reqInfo = certReq.getCertificationRequestInfo();
    final X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
    final Calendar start = Calendar.getInstance();
    final Calendar end = Calendar.getInstance();
    end.add(Calendar.YEAR, 3);
    v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
    // issuer is the parent cert
    v1CertGen.setIssuerDN(signerCert.getSignerCert().getSubjectX500Principal());
    v1CertGen.setNotBefore(start.getTime());
    v1CertGen.setNotAfter(end.getTime());
    v1CertGen.setSubjectDN(new X509Principal(reqInfo.getSubject().toString()));
    v1CertGen.setPublicKey(certReq.getPublicKey());
    v1CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    final ASN1Set attributesAsn1Set = reqInfo.getAttributes();
    X509Extensions certificateRequestExtensions = null;
    for (int i = 0; i < attributesAsn1Set.size(); ++i) {
        // There should be only only one attribute in the set. (that is, only
        // the `Extension Request`, but loop through to find it properly)
        final DEREncodable derEncodable = attributesAsn1Set.getObjectAt(i);
        if (derEncodable instanceof DERSequence) {
            final Attribute attribute = new Attribute((DERSequence) attributesAsn1Set.getObjectAt(i));
            if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
                // The `Extension Request` attribute is present.
                final ASN1Set attributeValues = attribute.getAttrValues();
                // Assume that it is the first value of the set.
                if (attributeValues.size() >= 1) {
                    certificateRequestExtensions = new X509Extensions((ASN1Sequence) attributeValues.getObjectAt(0));
                // No need to search any more.
                //break;
                }
            }
        }
    }
    @SuppressWarnings("unchecked") Enumeration<DERObjectIdentifier> oids = certificateRequestExtensions.oids();
    while (oids.hasMoreElements()) {
        DERObjectIdentifier oid = oids.nextElement();
        X509Extension ex = certificateRequestExtensions.getExtension(oid);
        v1CertGen.addExtension(oid, ex.isCritical(), X509Extension.convertValueToObject(ex));
    }
    return v1CertGen.generate((PrivateKey) signerCert.getSignerKey(), CryptoExtensions.getJCEProviderName());
}
Also used : CertificationRequestInfo(org.bouncycastle.asn1.pkcs.CertificationRequestInfo) Attribute(org.bouncycastle.asn1.cms.Attribute) X509Extension(org.bouncycastle.asn1.x509.X509Extension) Calendar(java.util.Calendar) X509Extensions(org.bouncycastle.asn1.x509.X509Extensions) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ASN1Set(org.bouncycastle.asn1.ASN1Set) X509Principal(org.bouncycastle.jce.X509Principal) DEREncodable(org.bouncycastle.asn1.DEREncodable)

Example 3 with X509Principal

use of org.bouncycastle.jce.X509Principal in project nhin-d by DirectProject.

the class AnchorRecordPrinter method getColumnValue.

@Override
protected String getColumnValue(ReportColumn column, org.nhind.config.Anchor record) {
    try {
        final X509Certificate anchor = CertUtils.toX509Certificate(record.getData());
        if (column.header.equals(ANCHOR_NAME_COL)) {
            final X509Principal principal = PrincipalUtil.getSubjectX509Principal(anchor);
            final Vector<?> values = principal.getValues(X509Name.CN);
            final String cn = (String) values.get(0);
            return cn;
        } else if (column.header.equals(TP_NAME_COL))
            return Thumbprint.toThumbprint(anchor).toString();
        else if (column.header.equals(INCOMING_COL))
            return Boolean.valueOf(record.isIncoming()).toString();
        else if (column.header.equals(OUTGOING_COL))
            return Boolean.valueOf(record.isOutgoing()).toString();
        else
            return super.getColumnValue(column, record);
    } catch (Exception e) {
        return "ERROR: " + e.getMessage();
    }
}
Also used : X509Principal(org.bouncycastle.jce.X509Principal) X509Certificate(java.security.cert.X509Certificate)

Example 4 with X509Principal

use of org.bouncycastle.jce.X509Principal in project gocd by gocd.

the class X509CertificateGenerator method createIntermediateCertificate.

private X509Certificate createIntermediateCertificate(PrivateKey caPrivKey, X509Certificate caCert, Date startDate, KeyPair keyPair) throws Exception {
    X509Principal issuerDn = PrincipalUtil.getSubjectX509Principal(caCert);
    X509Principal subjectDn = createX509Principal(withOU(INTERMEDIATE_CERT_OU), withEmailAddress(CERT_EMAIL));
    X509CertificateGenerator.V3X509CertificateGenerator v3CertGen = new V3X509CertificateGenerator(startDate, issuerDn, subjectDn, keyPair.getPublic(), serialNumber());
    // extensions
    v3CertGen.addSubjectKeyIdExtension(keyPair.getPublic());
    v3CertGen.addAuthorityKeyIdExtension(caCert);
    v3CertGen.addBasicConstraintsExtension();
    X509Certificate cert = v3CertGen.generate(caPrivKey);
    Date now = new Date();
    cert.checkValidity(now);
    cert.verify(caCert.getPublicKey());
    PKCS12BagAttributeSetter.usingBagAttributeCarrier(cert).setFriendlyName(INTERMEDIATE_CERT_OU);
    PKCS12BagAttributeSetter.usingBagAttributeCarrier(keyPair.getPrivate()).setFriendlyName(FRIENDLY_NAME).setLocalKeyId(keyPair.getPublic());
    return cert;
}
Also used : X509Principal(org.bouncycastle.jce.X509Principal) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date)

Example 5 with X509Principal

use of org.bouncycastle.jce.X509Principal in project gocd by gocd.

the class X509CertificateGenerator method createAgentCertificate.

private X509Certificate createAgentCertificate(PublicKey publicKey, PrivateKey intermediatePrivateKey, PublicKey intermediatePublicKey, String hostname, Date startDate) throws Exception {
    X509Principal issuerDn = createX509Principal(withOU(INTERMEDIATE_CERT_OU), withEmailAddress(CERT_EMAIL));
    X509Principal subjectDn = createX509Principal(withOU(AGENT_CERT_OU), withCN(hostname), withEmailAddress(CERT_EMAIL));
    X509CertificateGenerator.V3X509CertificateGenerator v3CertGen = new V3X509CertificateGenerator(startDate, issuerDn, subjectDn, publicKey, BigInteger.valueOf(3));
    // add the extensions
    v3CertGen.addSubjectKeyIdExtension(publicKey);
    v3CertGen.addAuthorityKeyIdExtension(intermediatePublicKey);
    X509Certificate cert = v3CertGen.generate(intermediatePrivateKey);
    Date now = new Date();
    cert.checkValidity(now);
    cert.verify(intermediatePublicKey);
    PKCS12BagAttributeSetter.usingBagAttributeCarrier(cert).setFriendlyName("cruise-agent").setLocalKeyId(publicKey);
    return cert;
}
Also used : X509Principal(org.bouncycastle.jce.X509Principal) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date)

Aggregations

X509Principal (org.bouncycastle.jce.X509Principal)13 X509Certificate (java.security.cert.X509Certificate)12 X509V3CertificateGenerator (org.bouncycastle.x509.X509V3CertificateGenerator)8 Calendar (java.util.Calendar)6 Date (java.util.Date)4 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)4 GeneralName (org.bouncycastle.asn1.x509.GeneralName)4 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)4 X509Extensions (org.bouncycastle.asn1.x509.X509Extensions)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 InputStream (java.io.InputStream)2 BigInteger (java.math.BigInteger)2 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 KeyStore (java.security.KeyStore)2 KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)2 AuthorityKeyIdentifierStructure (org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)2 Command (org.nhindirect.common.tooling.Command)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 File (java.io.File)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial