Examples with CertificateSerialNumber org.mozilla.jss.netscape.security.x509.CertificateSerialNumber used on opensource projects

Search in sources :

Example 6 with CertificateSerialNumber

use of org.mozilla.jss.netscape.security.x509.CertificateSerialNumber in project OpenAttestation by OpenAttestation.

the class X509Builder method randomSerial.

public X509Builder randomSerial() {
    try {
        BigInteger sn = new BigInteger(64, new SecureRandom());
        certificateSerialNumber = new CertificateSerialNumber(sn);
        info.set(X509CertInfo.SERIAL_NUMBER, certificateSerialNumber);
    } catch (Exception e) {
        fault(e, "randomSerial");
    }
    return this;
}
Also used : CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) BigInteger(java.math.BigInteger) SecureRandom(java.security.SecureRandom)

Example 7 with CertificateSerialNumber

use of org.mozilla.jss.netscape.security.x509.CertificateSerialNumber in project OpenAM by OpenRock.

the class JwtGenerator method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
        System.exit(1);
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(512);
    KeyPair keyPair = keyGen.genKeyPair();
    PublicKey publicKey = keyPair.getPublic();
    long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
    String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
    System.out.println("JWT: " + jwt);
    Calendar expiry = Calendar.getInstance();
    expiry.add(Calendar.DAY_OF_YEAR, 7);
    X509CertInfo info = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(keyPair.getPrivate(), "SHA256withRSA");
    System.out.println("Certificate:");
    BASE64Encoder encoder = new BASE64Encoder();
    System.out.println(X509Factory.BEGIN_CERT);
    encoder.encodeBuffer(cert.getEncoded(), System.out);
    System.out.println(X509Factory.END_CERT);
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) CertificateSubjectName(sun.security.x509.CertificateSubjectName) KeyPair(java.security.KeyPair) X509CertInfo(sun.security.x509.X509CertInfo) PublicKey(java.security.PublicKey) Calendar(java.util.Calendar) CertificateIssuerName(sun.security.x509.CertificateIssuerName) BASE64Encoder(sun.misc.BASE64Encoder) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) SigningManager(org.forgerock.json.jose.jws.SigningManager) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 8 with CertificateSerialNumber

use of org.mozilla.jss.netscape.security.x509.CertificateSerialNumber in project baseio by generallycloud.

the class SelfSignedCertificate method generate.

private File[] generate(String fileRoot, String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509
    // certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fileRoot, fqdn, key, cert);
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 9 with CertificateSerialNumber

use of org.mozilla.jss.netscape.security.x509.CertificateSerialNumber in project coprhd-controller by CoprHD.

the class KeyCertificatePairGenerator method generateCertificate.

/**
 * Create a self-signed X.509 Certificate
 *
 * @param pair the KeyPair
 */
private X509Certificate generateCertificate(KeyPair pair) throws GeneralSecurityException, IOException {
    PublicKey pubKey = loadPublicKeyFromBytes(pair.getPublic().getEncoded());
    PrivateKey privkey = pair.getPrivate();
    X509CertInfo info = new X509CertInfo();
    Date from = getNotBefore();
    Date to = new Date(from.getTime() + valuesHolder.getCertificateValidityInDays() * 86400000L);
    CertificateValidity interval = new CertificateValidity(from, to);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name(String.format(CERTIFICATE_COMMON_NAME_FORMAT, valuesHolder.getCertificateCommonName()));
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, owner);
    info.set(X509CertInfo.ISSUER, owner);
    info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId keyAlgo = AlgorithmId.get(KeyCertificateAlgorithmValuesHolder.DEFAULT_KEY_ALGORITHM);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(keyAlgo));
    AlgorithmId signingAlgo = AlgorithmId.get(valuesHolder.getSigningAlgorithm());
    info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, signingAlgo);
    // add extensions
    CertificateExtensions ext = new CertificateExtensions();
    ext.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey).getIdentifier()));
    // CA public key is the same as our public key (self signed)
    ext.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(pubKey), null, null));
    ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(subjectAltNames()));
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, valuesHolder.getSigningAlgorithm());
    return cert;
}
Also used : RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) KeyIdentifier(sun.security.x509.KeyIdentifier) X509CertInfo(sun.security.x509.X509CertInfo) PublicKey(java.security.PublicKey) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateExtensions(sun.security.x509.CertificateExtensions) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension) AlgorithmId(sun.security.x509.AlgorithmId) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 10 with CertificateSerialNumber

use of org.mozilla.jss.netscape.security.x509.CertificateSerialNumber in project cdap by caskdata.

the class KeyStores method getCertificate.

/**
 * Generate an X.509 certificate
 *
 * @param dn Distinguished name for the owner of the certificate, it will also be the signer of the certificate.
 * @param pair Key pair used for signing the certificate.
 * @param days Validity of the certificate.
 * @param algorithm Name of the signature algorithm used.
 * @return A X.509 certificate
 */
private static X509Certificate getCertificate(String dn, KeyPair pair, int days, String algorithm) throws IOException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
    // Calculate the validity interval of the certificate
    Date from = new Date();
    Date to = DateUtils.addDays(from, days);
    CertificateValidity interval = new CertificateValidity(from, to);
    // Generate a random number to use as the serial number for the certificate
    BigInteger sn = new BigInteger(64, new SecureRandom());
    // Create the name of the owner based on the provided distinguished name
    X500Name owner = new X500Name(dn);
    // Create an info objects with the provided information, which will be used to create the certificate
    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    // In java 7, subject is of type CertificateSubjectName and issuer is of type CertificateIssuerName.
    // These were changed to X500Name in Java8. So looking at the field type before setting them.
    // This certificate will be self signed, hence the subject and the issuer are same.
    Field subjectField = null;
    try {
        subjectField = info.getClass().getDeclaredField("subject");
        if (subjectField.getType().equals(X500Name.class)) {
            info.set(X509CertInfo.SUBJECT, owner);
            info.set(X509CertInfo.ISSUER, owner);
        } else {
            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
        }
    } catch (NoSuchFieldException e) {
        // Trying to set it to Java 8 types. If one of the underlying fields has changed then this will throw a
        // CertificateException which is handled by the caller.
        info.set(X509CertInfo.SUBJECT, owner);
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Create the certificate and sign it with the private key
    X509CertImpl cert = new X509CertImpl(info);
    PrivateKey privateKey = pair.getPrivate();
    cert.sign(privateKey, algorithm);
    return cert;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) Field(java.lang.reflect.Field) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Aggregations

CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)13 BigInteger (java.math.BigInteger)12 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)12 CertificateValidity (sun.security.x509.CertificateValidity)12 CertificateX509Key (sun.security.x509.CertificateX509Key)12 X509CertInfo (sun.security.x509.X509CertInfo)12 CertificateVersion (sun.security.x509.CertificateVersion)11 X509CertImpl (sun.security.x509.X509CertImpl)11 AlgorithmId (sun.security.x509.AlgorithmId)10 X500Name (sun.security.x509.X500Name)9 SecureRandom (java.security.SecureRandom)8 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8 PrivateKey (java.security.PrivateKey)7 Date (java.util.Date)6 CertificateException (java.security.cert.CertificateException)5 IOException (java.io.IOException)3 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 PublicKey (java.security.PublicKey)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial