Example 1 with Base64
use of org.bouncycastle.util.encoders.Base64 in project oxTrust by GluuFederation.
the class UpdateTrustRelationshipAction method getCertForGeneratedSP.
/**
* If there is no certificate selected, or certificate is invalid -
* generates one.
*
* @author �Oleksiy Tataryn�
* @return certificate for generated SP
* @throws CertificateEncodingException
*/
public String getCertForGeneratedSP() {
X509Certificate cert = null;
try {
cert = sslService.getPEMCertificate(certWrapper.getStream());
} catch (Exception e) {
log.error(e.getMessage(), e);
}
if (cert == null) {
facesMessages.add(FacesMessage.SEVERITY_INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.");
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
try {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGen.initialize(2048);
KeyPair pair = keyPairGen.generateKeyPair();
StringWriter keyWriter = new StringWriter();
PEMWriter pemFormatWriter = new PEMWriter(keyWriter);
pemFormatWriter.writeObject(pair.getPrivate());
pemFormatWriter.close();
String url = trustRelationship.getUrl().replaceFirst(".*//", "");
X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"), BigInteger.valueOf(new SecureRandom().nextInt()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"), pair.getPublic());
cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(pair.getPrivate())));
org.apache.commons.codec.binary.Base64 encoder = new org.apache.commons.codec.binary.Base64(64);
byte[] derCert = cert.getEncoded();
String pemCertPre = new String(encoder.encode(derCert));
log.debug(Shibboleth3ConfService.PUBLIC_CERTIFICATE_START_LINE);
log.debug(pemCertPre);
log.debug(Shibboleth3ConfService.PUBLIC_CERTIFICATE_END_LINE);
saveCert(trustRelationship, pemCertPre);
saveKey(trustRelationship, keyWriter.toString());
} catch (Exception e) {
e.printStackTrace();
}
// String certName = appConfiguration.getCertDir() + File.separator + StringHelper.removePunctuation(appConfiguration.getOrgInum())
// + "-shib.crt";
// File certFile = new File(certName);
// if (certFile.exists()) {
// cert = SSLService.instance().getPEMCertificate(certName);
// }
}
String certificate = null;
if (cert != null) {
try {
certificate = new String(Base64.encode(cert.getEncoded()));
log.info("##### certificate = " + certificate);
} catch (CertificateEncodingException e) {
certificate = null;
facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to encode provided certificate. Please notify Gluu support about this.");
log.error("Failed to encode certificate to DER", e);
}
} else {
facesMessages.add(FacesMessage.SEVERITY_INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.");
}
return certificate;
}
Also used :
KeyPair(java.security.KeyPair)
Base64(org.bouncycastle.util.encoders.Base64)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
SecureRandom(java.security.SecureRandom)
PEMWriter(org.bouncycastle.openssl.PEMWriter)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509Certificate(java.security.cert.X509Certificate)
LdapMappingException(org.gluu.site.ldap.persistence.exception.LdapMappingException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
Date(java.util.Date)
StringWriter(java.io.StringWriter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Aggregations
IOException (java.io.IOException)1
StringWriter (java.io.StringWriter)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
SecureRandom (java.security.SecureRandom)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
X509Certificate (java.security.cert.X509Certificate)1
Date (java.util.Date)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)1
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)1
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)1
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)1
PEMWriter (org.bouncycastle.openssl.PEMWriter)1
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)1
Base64 (org.bouncycastle.util.encoders.Base64)1
LdapMappingException (org.gluu.site.ldap.persistence.exception.LdapMappingException)1
