Search in sources :

Example 1 with CertificateIssuerName

use of org.mozilla.jss.netscape.security.x509.CertificateIssuerName in project AppManager by MuntashirAkon.

the class KeyStoreUtils method generateCert.

@NonNull
private static X509Certificate generateCert(PrivateKey privateKey, PublicKey publicKey, @NonNull String formattedSubject, long expiryDate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException, IOException {
    String algorithmName = "SHA512withRSA";
    CertificateExtensions certificateExtensions = new CertificateExtensions();
    certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
    X500Name x500Name = new X500Name(formattedSubject);
    Date notBefore = new Date();
    Date notAfter = new Date(expiryDate);
    certificateExtensions.set("PrivateKeyUsage", new PrivateKeyUsageExtension(notBefore, notAfter));
    CertificateValidity certificateValidity = new CertificateValidity(notBefore, notAfter);
    X509CertInfo x509CertInfo = new X509CertInfo();
    x509CertInfo.set("version", new CertificateVersion(2));
    x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
    x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(algorithmName)));
    x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
    x509CertInfo.set("key", new CertificateX509Key(publicKey));
    x509CertInfo.set("validity", certificateValidity);
    x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
    x509CertInfo.set("extensions", certificateExtensions);
    X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
    x509CertImpl.sign(privateKey, algorithmName);
    return x509CertImpl;
}
Also used : CertificateSubjectName(android.sun.security.x509.CertificateSubjectName) KeyIdentifier(android.sun.security.x509.KeyIdentifier) X509CertInfo(android.sun.security.x509.X509CertInfo) CertificateIssuerName(android.sun.security.x509.CertificateIssuerName) CertificateVersion(android.sun.security.x509.CertificateVersion) CertificateExtensions(android.sun.security.x509.CertificateExtensions) CertificateValidity(android.sun.security.x509.CertificateValidity) X500Name(android.sun.security.x509.X500Name) CertificateX509Key(android.sun.security.x509.CertificateX509Key) Date(java.util.Date) SubjectKeyIdentifierExtension(android.sun.security.x509.SubjectKeyIdentifierExtension) CertificateSerialNumber(android.sun.security.x509.CertificateSerialNumber) Random(java.util.Random) SecureRandom(java.security.SecureRandom) X509CertImpl(android.sun.security.x509.X509CertImpl) CertificateAlgorithmId(android.sun.security.x509.CertificateAlgorithmId) PrivateKeyUsageExtension(android.sun.security.x509.PrivateKeyUsageExtension) NonNull(androidx.annotation.NonNull)

Example 2 with CertificateIssuerName

use of org.mozilla.jss.netscape.security.x509.CertificateIssuerName in project jss by dogtagpki.

the class X509CertTest method testEC.

public static void testEC(CryptoToken token, Date notBefore, Date notAfter) throws Exception {
    X509CertImpl certImpl = null;
    X509CertInfo certInfo = null;
    KeyPairGenerator gen = token.getKeyPairGenerator(KeyPairAlgorithm.EC);
    gen.initialize(gen.getCurveCodeByName("secp521r1"));
    KeyPair keypairCA = gen.genKeyPair();
    testKeys(keypairCA);
    PublicKey pubCA = keypairCA.getPublic();
    gen.initialize(gen.getCurveCodeByName("secp521r1"));
    KeyPair keypairUser = gen.genKeyPair();
    testKeys(keypairUser);
    PublicKey pubUser = keypairUser.getPublic();
    CertificateIssuerName issuernameObj = new CertificateIssuerName(new X500Name(issuerDN));
    certInfo = createX509CertInfo(convertPublicKeyToX509Key(pubUser), BigInteger.valueOf(1), issuernameObj, subjectDN, notBefore, notAfter, "SHA256withEC");
    certImpl = new X509CertImpl(certInfo);
    certImpl.sign(keypairCA.getPrivate(), "SHA256withEC");
    String certOutput = certImpl.toString();
    System.out.println("Test certificate output: \n" + certOutput);
}
Also used : KeyPair(java.security.KeyPair) X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) PK11ECPublicKey(org.mozilla.jss.pkcs11.PK11ECPublicKey) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) CertificateIssuerName(org.mozilla.jss.netscape.security.x509.CertificateIssuerName) KeyPairGenerator(org.mozilla.jss.crypto.KeyPairGenerator) X500Name(org.mozilla.jss.netscape.security.x509.X500Name)

Example 3 with CertificateIssuerName

use of org.mozilla.jss.netscape.security.x509.CertificateIssuerName in project xap by xap.

the class SelfSignedCertificate method generateKeyStore.

private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    String keyStoreType = KeyStore.getDefaultType();
    final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
    keyStore.load(null, null);
    // keyStore.setCertificateEntry("CAcert-root", cert);
    keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert });
    return keyStore;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) KeyStore(java.security.KeyStore) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 4 with CertificateIssuerName

use of org.mozilla.jss.netscape.security.x509.CertificateIssuerName in project CipherTrust_Application_Protection by thalescpl-io.

the class SelfSignedCertificateUtility method generateCertificate.

private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
    String dn = makeDN(certificateProeprties);
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
    CertificateValidity interval = new CertificateValidity(from, to);
    X500Name owner = new X500Name(dn);
    boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
    KeyUsageExtension kue = new KeyUsageExtension(kueOk);
    CertificateExtensions ext = new CertificateExtensions();
    ext.set(KeyUsageExtension.NAME, kue);
    info.set(X509CertInfo.VALIDITY, interval);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    boolean justName = isJavaAtLeast(1.8);
    if (justName) {
        info.set(X509CertInfo.SUBJECT, owner);
        info.set(X509CertInfo.ISSUER, owner);
    } else {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    }
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = null;
    String provider = null;
    switch(certificateProeprties.get("Algorithm")) {
        case "SHA1WithRSA":
            break;
        case "SHA256WithRSA":
            break;
        case "SHA384WithRSA":
            break;
        case "SHA512WithRSA":
            provider = "BC";
            break;
        case "SHA1WithECDSA":
            provider = "BC";
            break;
        case "SHA224WithECDSA":
            provider = "BC";
            break;
        case "SHA256WithECDSA":
            provider = "BC";
            break;
        case "SHA384WithECDSA":
            provider = "BC";
            break;
        case "SHA512WithECDSA":
            provider = "BC";
            break;
        default:
            throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
    }
    algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    info.set(X509CertInfo.EXTENSIONS, ext);
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    if (provider != null)
        cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
    else
        cert.sign(privateKey, certificateProeprties.get("Algorithm"));
    return cert;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) NAEException(com.ingrian.security.nae.NAEException) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateExtensions(sun.security.x509.CertificateExtensions) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) KeyUsageExtension(sun.security.x509.KeyUsageExtension)

Example 5 with CertificateIssuerName

use of org.mozilla.jss.netscape.security.x509.CertificateIssuerName in project OpenAM by OpenRock.

the class JwtGenerator method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
        System.exit(1);
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(512);
    KeyPair keyPair = keyGen.genKeyPair();
    PublicKey publicKey = keyPair.getPublic();
    long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
    String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
    System.out.println("JWT: " + jwt);
    Calendar expiry = Calendar.getInstance();
    expiry.add(Calendar.DAY_OF_YEAR, 7);
    X509CertInfo info = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(keyPair.getPrivate(), "SHA256withRSA");
    System.out.println("Certificate:");
    BASE64Encoder encoder = new BASE64Encoder();
    System.out.println(X509Factory.BEGIN_CERT);
    encoder.encodeBuffer(cert.getEncoded(), System.out);
    System.out.println(X509Factory.END_CERT);
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) CertificateSubjectName(sun.security.x509.CertificateSubjectName) KeyPair(java.security.KeyPair) X509CertInfo(sun.security.x509.X509CertInfo) PublicKey(java.security.PublicKey) Calendar(java.util.Calendar) CertificateIssuerName(sun.security.x509.CertificateIssuerName) BASE64Encoder(sun.misc.BASE64Encoder) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) SigningManager(org.forgerock.json.jose.jws.SigningManager) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Aggregations

CertificateIssuerName (sun.security.x509.CertificateIssuerName)10 BigInteger (java.math.BigInteger)8 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)8 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8 CertificateValidity (sun.security.x509.CertificateValidity)8 CertificateX509Key (sun.security.x509.CertificateX509Key)8 X500Name (sun.security.x509.X500Name)8 X509CertImpl (sun.security.x509.X509CertImpl)8 X509CertInfo (sun.security.x509.X509CertInfo)8 AlgorithmId (sun.security.x509.AlgorithmId)7 CertificateVersion (sun.security.x509.CertificateVersion)7 PrivateKey (java.security.PrivateKey)5 SecureRandom (java.security.SecureRandom)5 CertificateException (java.security.cert.CertificateException)5 Date (java.util.Date)4 KeyPair (java.security.KeyPair)3 PublicKey (java.security.PublicKey)3 X500Name (org.mozilla.jss.netscape.security.x509.X500Name)3 X509CertInfo (org.mozilla.jss.netscape.security.x509.X509CertInfo)3