Example 6 with X509Principal
use of org.bouncycastle.jce.X509Principal in project chassis by Kixeye.
the class JettyConnectorRegistry method registerHttpsConnector.
/**
* Register to listen to HTTPS.
*
* @param server
* @param address
* @throws Exception
*/
public static void registerHttpsConnector(Server server, InetSocketAddress address, boolean selfSigned, boolean mutualSsl, String keyStorePath, String keyStoreData, String keyStorePassword, String keyManagerPassword, String trustStorePath, String trustStoreData, String trustStorePassword, String[] excludedCipherSuites) throws Exception {
// SSL Context Factory
SslContextFactory sslContextFactory = new SslContextFactory();
if (selfSigned) {
char[] passwordChars = UUID.randomUUID().toString().toCharArray();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, passwordChars);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()).abs());
v3CertGen.setIssuerDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(keyPair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate privateKeyCertificate = v3CertGen.generateX509Certificate(keyPair.getPrivate());
keyStore.setKeyEntry("selfSigned", keyPair.getPrivate(), passwordChars, new java.security.cert.Certificate[] { privateKeyCertificate });
ByteArrayOutputStream keyStoreBaos = new ByteArrayOutputStream();
keyStore.store(keyStoreBaos, passwordChars);
keyStoreData = new String(Hex.encode(keyStoreBaos.toByteArray()), Charsets.UTF_8);
keyStorePassword = new String(passwordChars);
keyManagerPassword = keyStorePassword;
sslContextFactory.setTrustAll(true);
}
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
if (StringUtils.isNotBlank(keyStoreData)) {
keyStore.load(new ByteArrayInputStream(Hex.decode(keyStoreData)), keyStorePassword.toCharArray());
} else if (StringUtils.isNotBlank(keyStorePath)) {
try (InputStream inputStream = new DefaultResourceLoader().getResource(keyStorePath).getInputStream()) {
keyStore.load(inputStream, keyStorePassword.toCharArray());
}
}
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePassword);
if (StringUtils.isBlank(keyManagerPassword)) {
keyManagerPassword = keyStorePassword;
}
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
KeyStore trustStore = null;
if (StringUtils.isNotBlank(trustStoreData)) {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(new ByteArrayInputStream(Hex.decode(trustStoreData)), trustStorePassword.toCharArray());
} else if (StringUtils.isNotBlank(trustStorePath)) {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream inputStream = new DefaultResourceLoader().getResource(trustStorePath).getInputStream()) {
trustStore.load(inputStream, trustStorePassword.toCharArray());
}
}
if (trustStore != null) {
sslContextFactory.setTrustStore(trustStore);
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
sslContextFactory.setNeedClientAuth(mutualSsl);
sslContextFactory.setExcludeCipherSuites(excludedCipherSuites);
// SSL Connector
ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory());
connector.setHost(address.getHostName());
connector.setPort(address.getPort());
server.addConnector(connector);
}
Also used :
KeyPair(java.security.KeyPair)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
SecureRandom(java.security.SecureRandom)
KeyPairGenerator(java.security.KeyPairGenerator)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
KeyStore(java.security.KeyStore)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
X509Principal(org.bouncycastle.jce.X509Principal)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DefaultResourceLoader(org.springframework.core.io.DefaultResourceLoader)
Example 7 with X509Principal
use of org.bouncycastle.jce.X509Principal in project nhin-d by DirectProject.
the class CertGenerator method createNewCA.
private static CertCreateFields createNewCA(CertCreateFields fields, KeyPair keyPair) throws Exception {
StringBuilder dnBuilder = new StringBuilder();
// create the DN
if (fields.getAttributes().containsKey("EMAILADDRESS"))
dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
if (fields.getAttributes().containsKey("CN"))
dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
if (fields.getAttributes().containsKey("C"))
dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
if (fields.getAttributes().containsKey("ST"))
dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
if (fields.getAttributes().containsKey("L"))
dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
if (fields.getAttributes().containsKey("O"))
dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
String DN = dnBuilder.toString().trim();
if (DN.endsWith(","))
;
DN = DN.substring(0, DN.length() - 1);
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
v1CertGen.setIssuerDN(new X509Principal(DN));
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
// issuer and subject are the same for a CA
v1CertGen.setSubjectDN(new X509Principal(DN));
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
X509Certificate newCACert = v1CertGen.generate(keyPair.getPrivate(), "BC");
// validate the certificate
newCACert.verify(keyPair.getPublic());
// write the certificate the file system
writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
return fields;
}
Also used :
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
X509Principal(org.bouncycastle.jce.X509Principal)
Calendar(java.util.Calendar)
X509Certificate(java.security.cert.X509Certificate)
Example 8 with X509Principal
use of org.bouncycastle.jce.X509Principal in project nhin-d by DirectProject.
the class CertGenerator method createLeafCertificate.
private static CertCreateFields createLeafCertificate(CertCreateFields fields, KeyPair keyPair) throws Exception {
StringBuilder dnBuilder = new StringBuilder();
// create the DN
if (fields.getAttributes().containsKey("EMAILADDRESS"))
dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
if (fields.getAttributes().containsKey("CN"))
dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
if (fields.getAttributes().containsKey("C"))
dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
if (fields.getAttributes().containsKey("ST"))
dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
if (fields.getAttributes().containsKey("L"))
dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
if (fields.getAttributes().containsKey("O"))
dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
String DN = dnBuilder.toString().trim();
if (DN.endsWith(","))
;
DN = DN.substring(0, DN.length() - 1);
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
// not the best way to do this... generally done with a db file
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
// issuer is the parent cert
v1CertGen.setIssuerDN(fields.getSignerCert().getSubjectX500Principal());
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
v1CertGen.setSubjectDN(new X509Principal(DN));
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
// pointer to the parent CA
v1CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
v1CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
// use the CA's private key to sign the certificate
X509Certificate newCACert = v1CertGen.generate((PrivateKey) fields.getSignerKey(), "BC");
// validate the certificate
newCACert.verify(fields.getSignerCert().getPublicKey());
// write the certificate the file system
writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
return fields;
}
Also used :
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
X509Principal(org.bouncycastle.jce.X509Principal)
SubjectKeyIdentifierStructure(org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)
Calendar(java.util.Calendar)
AuthorityKeyIdentifierStructure(org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509Certificate(java.security.cert.X509Certificate)
Example 9 with X509Principal
use of org.bouncycastle.jce.X509Principal in project nhin-d by DirectProject.
the class CertGenerator method createLeafCertificate.
private static CertCreateFields createLeafCertificate(CertCreateFields fields, KeyPair keyPair, boolean addAltNames) throws Exception {
String altName = "";
StringBuilder dnBuilder = new StringBuilder();
// create the DN
if (fields.getAttributes().containsKey("EMAILADDRESS")) {
dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
altName = fields.getAttributes().get("EMAILADDRESS").toString();
}
if (fields.getAttributes().containsKey("CN"))
dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
if (fields.getAttributes().containsKey("C"))
dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
if (fields.getAttributes().containsKey("ST"))
dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
if (fields.getAttributes().containsKey("L"))
dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
if (fields.getAttributes().containsKey("O"))
dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
String DN = dnBuilder.toString().trim();
if (DN.endsWith(","))
DN = DN.substring(0, DN.length() - 1);
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
// not the best way to do this... generally done with a db file
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
// issuer is the parent cert
v1CertGen.setIssuerDN(fields.getSignerCert().getSubjectX500Principal());
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
v1CertGen.setSubjectDN(new X509Principal(DN));
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
// pointer to the parent CA
v1CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
v1CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
boolean allowToSign = (fields.getAttributes().get("ALLOWTOSIGN") != null && fields.getAttributes().get("ALLOWTOSIGN").toString().equalsIgnoreCase("true"));
v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(allowToSign));
int keyUsage = 0;
if (fields.getAttributes().get("KEYENC") != null && fields.getAttributes().get("KEYENC").toString().equalsIgnoreCase("true"))
keyUsage = keyUsage | KeyUsage.keyEncipherment;
if (fields.getAttributes().get("DIGSIG") != null && fields.getAttributes().get("DIGSIG").toString().equalsIgnoreCase("true"))
keyUsage = keyUsage | KeyUsage.digitalSignature;
if (keyUsage > 0)
v1CertGen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(keyUsage));
if (fields.getSignerCert().getSubjectAlternativeNames() != null) {
for (List<?> names : fields.getSignerCert().getSubjectAlternativeNames()) {
GeneralNames issuerAltName = new GeneralNames(new GeneralName((Integer) names.get(0), names.get(1).toString()));
v1CertGen.addExtension(X509Extensions.IssuerAlternativeName, false, issuerAltName);
}
}
if (addAltNames && !altName.isEmpty()) {
int nameType = altName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
GeneralNames subjectAltName = new GeneralNames(new GeneralName(nameType, altName));
v1CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
}
// use the CA's private key to sign the certificate
X509Certificate newCACert = v1CertGen.generate((PrivateKey) fields.getSignerKey(), CryptoExtensions.getJCEProviderName());
// validate the certificate
newCACert.verify(fields.getSignerCert().getPublicKey());
// write the certificate the file system
writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
return fields;
}
Also used :
SubjectKeyIdentifierStructure(org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)
Calendar(java.util.Calendar)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
AuthorityKeyIdentifierStructure(org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)
X509Certificate(java.security.cert.X509Certificate)
BigInteger(java.math.BigInteger)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509Principal(org.bouncycastle.jce.X509Principal)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 10 with X509Principal
use of org.bouncycastle.jce.X509Principal in project nhin-d by DirectProject.
the class PKCS11Commands method createKeyPair.
@Command(name = "CreateKeyPair", usage = CREATE_KEY_PAIR)
public void createKeyPair(String[] args) {
final String alias = StringArrayUtil.getRequiredValue(args, 0);
final String keySize = StringArrayUtil.getOptionalValue(args, 1, "2048");
try {
// create a local keygen for a private key to sign the certificate
final KeyPairGenerator localKeyGen = KeyPairGenerator.getInstance("RSA", "BC");
final KeyPair localKeyPair = localKeyGen.generateKeyPair();
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", mgr.getKS().getProvider().getName());
keyGen.initialize(Integer.parseInt(keySize));
final KeyPair keyPair = keyGen.generateKeyPair();
// create a self signed certificate
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, 3000);
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
v1CertGen.setIssuerDN(new X509Principal("cn=test"));
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
// issuer and subject are the same for a CA
v1CertGen.setSubjectDN(new X509Principal("cn=test"));
v1CertGen.setPublicKey(keyPair.getPublic());
X509Certificate newCACert = v1CertGen.generate(localKeyPair.getPrivate(), "BC");
mgr.getKS().setKeyEntry(alias, keyPair.getPrivate(), "".toCharArray(), new X509Certificate[] { newCACert });
System.out.println("Key pair created and stored.");
} catch (Exception e) {
e.printStackTrace();
System.err.println("Failed to generate key pair: " + e.getMessage());
}
}
Also used :
KeyPair(java.security.KeyPair)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
X509Principal(org.bouncycastle.jce.X509Principal)
Calendar(java.util.Calendar)
KeyPairGenerator(java.security.KeyPairGenerator)
X509Certificate(java.security.cert.X509Certificate)
Command(org.nhindirect.common.tooling.Command)
Aggregations
X509Principal (org.bouncycastle.jce.X509Principal)12
X509Certificate (java.security.cert.X509Certificate)11
X509V3CertificateGenerator (org.bouncycastle.x509.X509V3CertificateGenerator)7
Calendar (java.util.Calendar)6
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)4
Date (java.util.Date)3
GeneralName (org.bouncycastle.asn1.x509.GeneralName)3
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)3
KeyPair (java.security.KeyPair)2
KeyPairGenerator (java.security.KeyPairGenerator)2
KeyStore (java.security.KeyStore)2
KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)2
X509Extensions (org.bouncycastle.asn1.x509.X509Extensions)2
AuthorityKeyIdentifierStructure (org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)2
SubjectKeyIdentifierStructure (org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)2
Command (org.nhindirect.common.tooling.Command)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
File (java.io.File)1
InputStream (java.io.InputStream)1
