Example 6 with X509V3CertificateGenerator
use of org.bouncycastle.x509.X509V3CertificateGenerator in project android_frameworks_base by AOSPA.
the class AndroidKeyStoreTest method generateCertificate.
@SuppressWarnings("deprecation")
private static X509Certificate generateCertificate(android.security.KeyStore keyStore, String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore, Date notAfter) throws Exception {
final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
KeyPair keyPair = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(keyStore, privateKeyAlias, KeyStore.UID_SELF);
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setPublicKey(keyPair.getPublic());
certGen.setSerialNumber(serialNumber);
certGen.setSubjectDN(subjectDN);
certGen.setIssuerDN(subjectDN);
certGen.setNotBefore(notBefore);
certGen.setNotAfter(notAfter);
certGen.setSignatureAlgorithm("sha1WithRSA");
final X509Certificate cert = certGen.generate(keyPair.getPrivate());
return cert;
}
Also used :
KeyPair(java.security.KeyPair)
X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with X509V3CertificateGenerator
use of org.bouncycastle.x509.X509V3CertificateGenerator in project android_frameworks_base by ResurrectionRemix.
the class AndroidKeyStoreTest method generateCertificate.
@SuppressWarnings("deprecation")
private static X509Certificate generateCertificate(android.security.KeyStore keyStore, String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore, Date notAfter) throws Exception {
final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
KeyPair keyPair = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(keyStore, privateKeyAlias, KeyStore.UID_SELF);
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setPublicKey(keyPair.getPublic());
certGen.setSerialNumber(serialNumber);
certGen.setSubjectDN(subjectDN);
certGen.setIssuerDN(subjectDN);
certGen.setNotBefore(notBefore);
certGen.setNotAfter(notAfter);
certGen.setSignatureAlgorithm("sha1WithRSA");
final X509Certificate cert = certGen.generate(keyPair.getPrivate());
return cert;
}
Also used :
KeyPair(java.security.KeyPair)
X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)
X509Certificate(java.security.cert.X509Certificate)
Example 8 with X509V3CertificateGenerator
use of org.bouncycastle.x509.X509V3CertificateGenerator in project chassis by Kixeye.
the class JettyConnectorRegistry method registerHttpsConnector.
/**
* Register to listen to HTTPS.
*
* @param server
* @param address
* @throws Exception
*/
public static void registerHttpsConnector(Server server, InetSocketAddress address, boolean selfSigned, boolean mutualSsl, String keyStorePath, String keyStoreData, String keyStorePassword, String keyManagerPassword, String trustStorePath, String trustStoreData, String trustStorePassword, String[] excludedCipherSuites) throws Exception {
// SSL Context Factory
SslContextFactory sslContextFactory = new SslContextFactory();
if (selfSigned) {
char[] passwordChars = UUID.randomUUID().toString().toCharArray();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, passwordChars);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()).abs());
v3CertGen.setIssuerDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(keyPair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate privateKeyCertificate = v3CertGen.generateX509Certificate(keyPair.getPrivate());
keyStore.setKeyEntry("selfSigned", keyPair.getPrivate(), passwordChars, new java.security.cert.Certificate[] { privateKeyCertificate });
ByteArrayOutputStream keyStoreBaos = new ByteArrayOutputStream();
keyStore.store(keyStoreBaos, passwordChars);
keyStoreData = new String(Hex.encode(keyStoreBaos.toByteArray()), Charsets.UTF_8);
keyStorePassword = new String(passwordChars);
keyManagerPassword = keyStorePassword;
sslContextFactory.setTrustAll(true);
}
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
if (StringUtils.isNotBlank(keyStoreData)) {
keyStore.load(new ByteArrayInputStream(Hex.decode(keyStoreData)), keyStorePassword.toCharArray());
} else if (StringUtils.isNotBlank(keyStorePath)) {
try (InputStream inputStream = new DefaultResourceLoader().getResource(keyStorePath).getInputStream()) {
keyStore.load(inputStream, keyStorePassword.toCharArray());
}
}
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePassword);
if (StringUtils.isBlank(keyManagerPassword)) {
keyManagerPassword = keyStorePassword;
}
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
KeyStore trustStore = null;
if (StringUtils.isNotBlank(trustStoreData)) {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(new ByteArrayInputStream(Hex.decode(trustStoreData)), trustStorePassword.toCharArray());
} else if (StringUtils.isNotBlank(trustStorePath)) {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream inputStream = new DefaultResourceLoader().getResource(trustStorePath).getInputStream()) {
trustStore.load(inputStream, trustStorePassword.toCharArray());
}
}
if (trustStore != null) {
sslContextFactory.setTrustStore(trustStore);
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
sslContextFactory.setNeedClientAuth(mutualSsl);
sslContextFactory.setExcludeCipherSuites(excludedCipherSuites);
// SSL Connector
ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory());
connector.setHost(address.getHostName());
connector.setPort(address.getPort());
server.addConnector(connector);
}
Also used :
KeyPair(java.security.KeyPair)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
SecureRandom(java.security.SecureRandom)
KeyPairGenerator(java.security.KeyPairGenerator)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
KeyStore(java.security.KeyStore)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
X509Principal(org.bouncycastle.jce.X509Principal)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DefaultResourceLoader(org.springframework.core.io.DefaultResourceLoader)
Example 9 with X509V3CertificateGenerator
use of org.bouncycastle.x509.X509V3CertificateGenerator in project nhin-d by DirectProject.
the class CertGenerator method createNewCA.
private static CertCreateFields createNewCA(CertCreateFields fields, KeyPair keyPair) throws Exception {
StringBuilder dnBuilder = new StringBuilder();
// create the DN
if (fields.getAttributes().containsKey("EMAILADDRESS"))
dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
if (fields.getAttributes().containsKey("CN"))
dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
if (fields.getAttributes().containsKey("C"))
dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
if (fields.getAttributes().containsKey("ST"))
dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
if (fields.getAttributes().containsKey("L"))
dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
if (fields.getAttributes().containsKey("O"))
dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
String DN = dnBuilder.toString().trim();
if (DN.endsWith(","))
;
DN = DN.substring(0, DN.length() - 1);
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
v1CertGen.setIssuerDN(new X509Principal(DN));
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
// issuer and subject are the same for a CA
v1CertGen.setSubjectDN(new X509Principal(DN));
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
X509Certificate newCACert = v1CertGen.generate(keyPair.getPrivate(), "BC");
// validate the certificate
newCACert.verify(keyPair.getPublic());
// write the certificate the file system
writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
return fields;
}
Also used :
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
X509Principal(org.bouncycastle.jce.X509Principal)
Calendar(java.util.Calendar)
X509Certificate(java.security.cert.X509Certificate)
Example 10 with X509V3CertificateGenerator
use of org.bouncycastle.x509.X509V3CertificateGenerator in project nhin-d by DirectProject.
the class CertGenerator method createLeafCertificate.
private static CertCreateFields createLeafCertificate(CertCreateFields fields, KeyPair keyPair) throws Exception {
StringBuilder dnBuilder = new StringBuilder();
// create the DN
if (fields.getAttributes().containsKey("EMAILADDRESS"))
dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
if (fields.getAttributes().containsKey("CN"))
dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
if (fields.getAttributes().containsKey("C"))
dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
if (fields.getAttributes().containsKey("ST"))
dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
if (fields.getAttributes().containsKey("L"))
dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
if (fields.getAttributes().containsKey("O"))
dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
String DN = dnBuilder.toString().trim();
if (DN.endsWith(","))
;
DN = DN.substring(0, DN.length() - 1);
X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
Calendar start = Calendar.getInstance();
Calendar end = Calendar.getInstance();
end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
// not the best way to do this... generally done with a db file
v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
// issuer is the parent cert
v1CertGen.setIssuerDN(fields.getSignerCert().getSubjectX500Principal());
v1CertGen.setNotBefore(start.getTime());
v1CertGen.setNotAfter(end.getTime());
v1CertGen.setSubjectDN(new X509Principal(DN));
v1CertGen.setPublicKey(keyPair.getPublic());
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
// pointer to the parent CA
v1CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
v1CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
// use the CA's private key to sign the certificate
X509Certificate newCACert = v1CertGen.generate((PrivateKey) fields.getSignerKey(), "BC");
// validate the certificate
newCACert.verify(fields.getSignerCert().getPublicKey());
// write the certificate the file system
writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
return fields;
}
Also used :
X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator)
X509Principal(org.bouncycastle.jce.X509Principal)
SubjectKeyIdentifierStructure(org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)
Calendar(java.util.Calendar)
AuthorityKeyIdentifierStructure(org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509Certificate (java.security.cert.X509Certificate)16
X509V3CertificateGenerator (com.android.org.bouncycastle.x509.X509V3CertificateGenerator)14
KeyPair (java.security.KeyPair)9
X509V3CertificateGenerator (org.bouncycastle.x509.X509V3CertificateGenerator)8
X509Principal (org.bouncycastle.jce.X509Principal)7
Calendar (java.util.Calendar)6
BigInteger (java.math.BigInteger)4
X500Principal (javax.security.auth.x500.X500Principal)4
AuthorityKeyIdentifierStructure (org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)4
KeyFactory (java.security.KeyFactory)3
KeyPairGenerator (java.security.KeyPairGenerator)3
PrivateKey (java.security.PrivateKey)3
Certificate (java.security.cert.Certificate)3
Date (java.util.Date)3
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)3
SubjectKeyIdentifierStructure (org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)3
BasicConstraints (com.android.org.bouncycastle.asn1.x509.BasicConstraints)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
InvalidKeyException (java.security.InvalidKeyException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
