use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project rabbitmq-java-client by rabbitmq.
the class OAuth2ClientCredentialsGrantCredentialsProviderTest method startHttpsServer.
KeyStore startHttpsServer(int port, Handler handler) throws Exception {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
String keyStorePassword = "password";
keyStore.load(null, keyStorePassword.toCharArray());
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
KeyPair kp = kpg.generateKeyPair();
JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(new X500NameBuilder().addRDN(BCStyle.CN, "localhost").build(), BigInteger.valueOf(new SecureRandom().nextInt()), Date.from(Instant.now().minus(10, ChronoUnit.DAYS)), Date.from(Instant.now().plus(10, ChronoUnit.DAYS)), new X500NameBuilder().addRDN(BCStyle.CN, "localhost").build(), kp.getPublic());
X509CertificateHolder certificateHolder = certificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(kp.getPrivate()));
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateHolder);
keyStore.setKeyEntry("default", kp.getPrivate(), keyStorePassword.toCharArray(), new Certificate[] { certificate });
server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePassword);
HttpConfiguration httpsConfiguration = new HttpConfiguration();
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(port);
httpsConfiguration.setOutputBufferSize(32768);
SecureRequestCustomizer src = new SecureRequestCustomizer();
src.setStsMaxAge(2000);
src.setStsIncludeSubDomains(true);
httpsConfiguration.addCustomizer(src);
ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfiguration));
https.setPort(port);
https.setIdleTimeout(500000);
server.setConnectors(new Connector[] { https });
ContextHandler context = new ContextHandler();
context.setContextPath("/uaa/oauth/token");
context.setHandler(handler);
server.setHandler(context);
server.start();
return keyStore;
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project jetty-bootstrap by teknux-org.
the class JettyKeystoreGeneratorBuilder method generateCertificate.
private static Certificate generateCertificate(KeyPair keyPair, String domainName, String signatureAlgorithm, String rdnOuValue, String rdnOValue, int dateNotBeforeNumberOfDays, int dateNotAfterNumberOfDays) throws JettyKeystoreException {
X500NameBuilder issuerX500Namebuilder = new X500NameBuilder(BCStyle.INSTANCE);
if (rdnOuValue != null) {
issuerX500Namebuilder.addRDN(BCStyle.OU, rdnOuValue);
}
if (rdnOValue != null) {
issuerX500Namebuilder.addRDN(BCStyle.O, rdnOValue);
}
X500Name issuer = issuerX500Namebuilder.addRDN(BCStyle.CN, domainName).build();
BigInteger serial = BigInteger.valueOf(Math.abs(new SecureRandom().nextInt()));
Date dateNotBefore = new Date(System.currentTimeMillis() - (dateNotBeforeNumberOfDays * DAY_IN_MILLIS));
Date dateNotAfter = new Date(System.currentTimeMillis() + (dateNotAfterNumberOfDays * DAY_IN_MILLIS));
X500NameBuilder subjectX500Namebuilder = new X500NameBuilder(BCStyle.INSTANCE);
if (rdnOuValue != null) {
subjectX500Namebuilder.addRDN(BCStyle.OU, rdnOuValue);
}
if (rdnOValue != null) {
subjectX500Namebuilder.addRDN(BCStyle.O, rdnOValue);
}
X500Name subject = subjectX500Namebuilder.addRDN(BCStyle.CN, domainName).build();
SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));
X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuer, serial, dateNotBefore, dateNotAfter, subject, publicKeyInfo);
Provider provider = new BouncyCastleProvider();
try {
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(provider).build(keyPair.getPrivate());
return new JcaX509CertificateConverter().setProvider(provider).getCertificate(x509v3CertificateBuilder.build(signer));
} catch (OperatorCreationException | CertificateException e) {
throw new JettyKeystoreException(JettyKeystoreException.ERROR_CREATE_CERTIFICATE, "Can not generate certificate", e);
}
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project airlift by airlift.
the class TestHttpServerProvider method appendCertificate.
private static void appendCertificate(File keyStoreFile, String alias) throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS");
char[] password = "airlift".toCharArray();
try (InputStream inStream = new FileInputStream(keyStoreFile)) {
keyStore.load(inStream, password);
} catch (EOFException ignored) {
// reading an empty file produces EOFException
keyStore.load(null, password);
}
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair keyPair = generator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
X500Principal issuer = new X500Principal("CN=Airlift Test, OU=Airlift, O=Airlift, L=Palo Alto, ST=CA, C=US");
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(System.currentTimeMillis()), Date.from(Instant.now()), Date.from(Instant.now().plus(365, ChronoUnit.DAYS)), issuer, keyPair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey);
X509CertificateHolder certHolder = builder.build(signer);
Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
keyStore.setKeyEntry(alias, privateKey, password, new Certificate[] { cert });
try (OutputStream outStream = new FileOutputStream(keyStoreFile)) {
keyStore.store(outStream, password);
}
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project ranger by apache.
the class KafkaTestUtils method createAndStoreKey.
public static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword, String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception {
// Create KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
Date currentDate = new Date();
Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);
// Create X509Certificate
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate, new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner));
// Store Private Key + Certificate in Keystore
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, keystorePassword.toCharArray());
keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] { certificate });
File keystoreFile = File.createTempFile("kafkakeystore", ".jks");
try (OutputStream output = new FileOutputStream(keystoreFile)) {
keystore.store(output, keystorePassword.toCharArray());
}
// Now store the Certificate in the truststore
trustStore.setCertificateEntry(keystoreAlias, certificate);
return keystoreFile.getPath();
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project fdroidclient by f-droid.
the class LocalRepoKeyStore method generateSelfSignedCertChain.
private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
SecureRandom rand = new SecureRandom();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
// now
Date now = new Date();
/* force it to use a English/Gregorian dates for the cert, hardly anyone
ever looks at the cert metadata anyway, and its very likely that they
understand English/Gregorian dates */
Calendar c = new GregorianCalendar(Locale.ENGLISH);
c.setTime(now);
c.add(Calendar.YEAR, 1);
Time startTime = new Time(now, Locale.ENGLISH);
Time endTime = new Time(c.getTime(), Locale.ENGLISH);
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
if (hostname != null) {
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
}
X509CertificateHolder certHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Aggregations