Examples with X509V3CertificateGenerator org.bouncycastle.x509.X509V3CertificateGenerator used on opensource projects

Search in sources :

Example 16 with X509V3CertificateGenerator

use of org.bouncycastle.x509.X509V3CertificateGenerator in project platform_frameworks_base by android.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithValidSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithValidSignature(PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception {
    final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setPublicKey(publicKey);
    certGen.setSerialNumber(mSpec.getCertificateSerialNumber());
    certGen.setSubjectDN(mSpec.getCertificateSubject());
    certGen.setIssuerDN(mSpec.getCertificateSubject());
    certGen.setNotBefore(mSpec.getCertificateNotBefore());
    certGen.setNotAfter(mSpec.getCertificateNotAfter());
    certGen.setSignatureAlgorithm(signatureAlgorithm);
    return certGen.generate(privateKey);
}
Also used : X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)

Example 17 with X509V3CertificateGenerator

use of org.bouncycastle.x509.X509V3CertificateGenerator in project nhin-d by DirectProject.

the class PKCS11Commands method createKeyPair.

@Command(name = "CreateKeyPair", usage = CREATE_KEY_PAIR)
public void createKeyPair(String[] args) {
    final String alias = StringArrayUtil.getRequiredValue(args, 0);
    final String keySize = StringArrayUtil.getOptionalValue(args, 1, "2048");
    try {
        // create a local keygen for a private key to sign the certificate
        final KeyPairGenerator localKeyGen = KeyPairGenerator.getInstance("RSA", "BC");
        final KeyPair localKeyPair = localKeyGen.generateKeyPair();
        final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", mgr.getKS().getProvider().getName());
        keyGen.initialize(Integer.parseInt(keySize));
        final KeyPair keyPair = keyGen.generateKeyPair();
        // create a self signed certificate
        X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
        v1CertGen.setPublicKey(keyPair.getPublic());
        v1CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
        Calendar start = Calendar.getInstance();
        Calendar end = Calendar.getInstance();
        end.add(Calendar.DAY_OF_MONTH, 3000);
        v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
        v1CertGen.setIssuerDN(new X509Principal("cn=test"));
        v1CertGen.setNotBefore(start.getTime());
        v1CertGen.setNotAfter(end.getTime());
        // issuer and subject are the same for a CA
        v1CertGen.setSubjectDN(new X509Principal("cn=test"));
        v1CertGen.setPublicKey(keyPair.getPublic());
        X509Certificate newCACert = v1CertGen.generate(localKeyPair.getPrivate(), "BC");
        mgr.getKS().setKeyEntry(alias, keyPair.getPrivate(), "".toCharArray(), new X509Certificate[] { newCACert });
        System.out.println("Key pair created and stored.");
    } catch (Exception e) {
        e.printStackTrace();
        System.err.println("Failed to generate key pair: " + e.getMessage());
    }
}
Also used : KeyPair(java.security.KeyPair) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) X509Principal(org.bouncycastle.jce.X509Principal) Calendar(java.util.Calendar) KeyPairGenerator(java.security.KeyPairGenerator) X509Certificate(java.security.cert.X509Certificate) Command(org.nhindirect.common.tooling.Command)

Example 18 with X509V3CertificateGenerator

use of org.bouncycastle.x509.X509V3CertificateGenerator in project nhin-d by DirectProject.

the class CertGenerator method createLeafCertificate.

private static CertCreateFields createLeafCertificate(CertCreateFields fields, KeyPair keyPair, boolean addAltNames) throws Exception {
    String altName = "";
    StringBuilder dnBuilder = new StringBuilder();
    // create the DN
    if (fields.getAttributes().containsKey("EMAILADDRESS")) {
        dnBuilder.append("EMAILADDRESS=").append(fields.getAttributes().get("EMAILADDRESS")).append(", ");
        altName = fields.getAttributes().get("EMAILADDRESS").toString();
    }
    if (fields.getAttributes().containsKey("CN"))
        dnBuilder.append("CN=").append(fields.getAttributes().get("CN")).append(", ");
    if (fields.getAttributes().containsKey("C"))
        dnBuilder.append("C=").append(fields.getAttributes().get("C")).append(", ");
    if (fields.getAttributes().containsKey("ST"))
        dnBuilder.append("ST=").append(fields.getAttributes().get("ST")).append(", ");
    if (fields.getAttributes().containsKey("L"))
        dnBuilder.append("L=").append(fields.getAttributes().get("L")).append(", ");
    if (fields.getAttributes().containsKey("O"))
        dnBuilder.append("O=").append(fields.getAttributes().get("O")).append(", ");
    String DN = dnBuilder.toString().trim();
    if (DN.endsWith(","))
        DN = DN.substring(0, DN.length() - 1);
    X509V3CertificateGenerator v1CertGen = new X509V3CertificateGenerator();
    Calendar start = Calendar.getInstance();
    Calendar end = Calendar.getInstance();
    end.add(Calendar.DAY_OF_MONTH, fields.getExpDays());
    // not the best way to do this... generally done with a db file
    v1CertGen.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
    // issuer is the parent cert
    v1CertGen.setIssuerDN(fields.getSignerCert().getSubjectX500Principal());
    v1CertGen.setNotBefore(start.getTime());
    v1CertGen.setNotAfter(end.getTime());
    v1CertGen.setSubjectDN(new X509Principal(DN));
    v1CertGen.setPublicKey(keyPair.getPublic());
    v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
    // pointer to the parent CA
    v1CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(fields.getSignerCert()));
    v1CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
    boolean allowToSign = (fields.getAttributes().get("ALLOWTOSIGN") != null && fields.getAttributes().get("ALLOWTOSIGN").toString().equalsIgnoreCase("true"));
    v1CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(allowToSign));
    int keyUsage = 0;
    if (fields.getAttributes().get("KEYENC") != null && fields.getAttributes().get("KEYENC").toString().equalsIgnoreCase("true"))
        keyUsage = keyUsage | KeyUsage.keyEncipherment;
    if (fields.getAttributes().get("DIGSIG") != null && fields.getAttributes().get("DIGSIG").toString().equalsIgnoreCase("true"))
        keyUsage = keyUsage | KeyUsage.digitalSignature;
    if (keyUsage > 0)
        v1CertGen.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(keyUsage));
    if (fields.getSignerCert().getSubjectAlternativeNames() != null) {
        for (List<?> names : fields.getSignerCert().getSubjectAlternativeNames()) {
            GeneralNames issuerAltName = new GeneralNames(new GeneralName((Integer) names.get(0), names.get(1).toString()));
            v1CertGen.addExtension(X509Extensions.IssuerAlternativeName, false, issuerAltName);
        }
    }
    if (addAltNames && !altName.isEmpty()) {
        int nameType = altName.contains("@") ? GeneralName.rfc822Name : GeneralName.dNSName;
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(nameType, altName));
        v1CertGen.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
    }
    // use the CA's private key to sign the certificate
    X509Certificate newCACert = v1CertGen.generate((PrivateKey) fields.getSignerKey(), CryptoExtensions.getJCEProviderName());
    // validate the certificate 
    newCACert.verify(fields.getSignerCert().getPublicKey());
    // write the certificate the file system
    writeCertAndKey(newCACert, keyPair.getPrivate(), fields);
    return fields;
}
Also used : SubjectKeyIdentifierStructure(org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure) Calendar(java.util.Calendar) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) AuthorityKeyIdentifierStructure(org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure) X509Certificate(java.security.cert.X509Certificate) BigInteger(java.math.BigInteger) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509Principal(org.bouncycastle.jce.X509Principal) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 19 with X509V3CertificateGenerator

use of org.bouncycastle.x509.X509V3CertificateGenerator in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithValidSignature.

@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithValidSignature(PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception {
    final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setPublicKey(publicKey);
    certGen.setSerialNumber(mSpec.getCertificateSerialNumber());
    certGen.setSubjectDN(mSpec.getCertificateSubject());
    certGen.setIssuerDN(mSpec.getCertificateSubject());
    certGen.setNotBefore(mSpec.getCertificateNotBefore());
    certGen.setNotAfter(mSpec.getCertificateNotAfter());
    certGen.setSignatureAlgorithm(signatureAlgorithm);
    return certGen.generate(privateKey);
}
Also used : X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)

Example 20 with X509V3CertificateGenerator

use of org.bouncycastle.x509.X509V3CertificateGenerator in project OpenAttestation by OpenAttestation.

the class TpmUtils method createCaP12.

/**
	 * Creates a key pair and associated certificate for a certificate authority. An RSA key pair
	 * of specified size is stored with the self-signed certificate in an encrypted PKCS 12 key
	 * store file. The format of the certificate and PKCS 12 file are a replica of what is created
	 * by OpenSSL.
	 *
	 * @param keySize The size (in bits) of the RSA key to create
	 * @param caName The subject name for the new Certificate Authority (do not include "CN=")
	 * @param newP12Pass The password for encrypting the PKCS 12 file
	 * @param p12FileName The name for the PKCS 12 key store file (should end with .p12)
	 * @param validityDays The number of days the certificate should be valid before expiring
	 * @throws NoSuchAlgorithmException
	 * @throws InvalidKeyException
	 * @throws IllegalStateException
	 * @throws SignatureException
	 * @throws KeyStoreException
	 * @throws java.security.cert.CertificateException
	 * @throws IOException
	 */
public static void createCaP12(int keySize, String caName, String newP12Pass, String p12FileName, int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, IllegalStateException, SignatureException, KeyStoreException, java.security.cert.CertificateException, IOException {
    Security.addProvider(new BouncyCastleProvider());
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(keySize);
    KeyPair keyPair = keyGen.generateKeyPair();
    RSAPrivateKey privKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
    certGen.setIssuerDN(new X500Principal("CN=" + caName));
    certGen.setNotBefore(new java.sql.Time(System.currentTimeMillis()));
    Calendar expiry = Calendar.getInstance();
    expiry.add(Calendar.DAY_OF_YEAR, validityDays);
    certGen.setNotAfter(expiry.getTime());
    certGen.setSubjectDN(new X500Principal("CN=" + caName));
    certGen.setPublicKey(pubKey);
    certGen.setSignatureAlgorithm("SHA1withRSA");
    certGen.addExtension(org.bouncycastle.asn1.x509.X509Extension.subjectKeyIdentifier, /*X509Extensions.SubjectKeyIdentifier*/
    false, new SubjectKeyIdentifierStructure(pubKey));
    certGen.addExtension(org.bouncycastle.asn1.x509.X509Extension.basicConstraints, /*X509Extensions.BasicConstraints*/
    true, new BasicConstraints(true));
    X509Certificate caCert = certGen.generate(privKey);
    certGen.addExtension(org.bouncycastle.asn1.x509.X509Extension.authorityKeyIdentifier, /*X509Extensions.AuthorityKeyIdentifier*/
    false, new AuthorityKeyIdentifierStructure(caCert));
    caCert = certGen.generate(privKey);
    FileOutputStream newp12 = new FileOutputStream(p12FileName);
    try {
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(null, newP12Pass.toCharArray());
        Certificate[] chain = { caCert };
        keystore.setKeyEntry("1", privKey, newP12Pass.toCharArray(), chain);
        keystore.store(newp12, newP12Pass.toCharArray());
    //		} catch (Exception e) {
    //			e.printStackTrace();
    } finally {
        newp12.close();
    }
}
Also used : SubjectKeyIdentifierStructure(org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure) AuthorityKeyIdentifierStructure(org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure) X500Principal(javax.security.auth.x500.X500Principal) Certificate(java.security.cert.Certificate)

Aggregations

X509Certificate (java.security.cert.X509Certificate)16 X509V3CertificateGenerator (com.android.org.bouncycastle.x509.X509V3CertificateGenerator)14 KeyPair (java.security.KeyPair)9 X509V3CertificateGenerator (org.bouncycastle.x509.X509V3CertificateGenerator)8 X509Principal (org.bouncycastle.jce.X509Principal)7 Calendar (java.util.Calendar)6 BigInteger (java.math.BigInteger)4 X500Principal (javax.security.auth.x500.X500Principal)4 AuthorityKeyIdentifierStructure (org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure)4 KeyFactory (java.security.KeyFactory)3 KeyPairGenerator (java.security.KeyPairGenerator)3 PrivateKey (java.security.PrivateKey)3 Certificate (java.security.cert.Certificate)3 Date (java.util.Date)3 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)3 SubjectKeyIdentifierStructure (org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure)3 BasicConstraints (com.android.org.bouncycastle.asn1.x509.BasicConstraints)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InvalidKeyException (java.security.InvalidKeyException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial