Search in sources :

Example 6 with CertificateSubjectName

use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project cdap by caskdata.

the class KeyStores method getCertificate.

/**
 * Generate an X.509 certificate
 *
 * @param dn Distinguished name for the owner of the certificate, it will also be the signer of the certificate.
 * @param pair Key pair used for signing the certificate.
 * @param days Validity of the certificate.
 * @param algorithm Name of the signature algorithm used.
 * @return A X.509 certificate
 */
private static X509Certificate getCertificate(String dn, KeyPair pair, int days, String algorithm) throws IOException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
    // Calculate the validity interval of the certificate
    Date from = new Date();
    Date to = DateUtils.addDays(from, days);
    CertificateValidity interval = new CertificateValidity(from, to);
    // Generate a random number to use as the serial number for the certificate
    BigInteger sn = new BigInteger(64, new SecureRandom());
    // Create the name of the owner based on the provided distinguished name
    X500Name owner = new X500Name(dn);
    // Create an info objects with the provided information, which will be used to create the certificate
    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    // In java 7, subject is of type CertificateSubjectName and issuer is of type CertificateIssuerName.
    // These were changed to X500Name in Java8. So looking at the field type before setting them.
    // This certificate will be self signed, hence the subject and the issuer are same.
    Field subjectField = null;
    try {
        subjectField = info.getClass().getDeclaredField("subject");
        if (subjectField.getType().equals(X500Name.class)) {
            info.set(X509CertInfo.SUBJECT, owner);
            info.set(X509CertInfo.ISSUER, owner);
        } else {
            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
        }
    } catch (NoSuchFieldException e) {
        // Trying to set it to Java 8 types. If one of the underlying fields has changed then this will throw a
        // CertificateException which is handled by the caller.
        info.set(X509CertInfo.SUBJECT, owner);
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Create the certificate and sign it with the private key
    X509CertImpl cert = new X509CertImpl(info);
    PrivateKey privateKey = pair.getPrivate();
    cert.sign(privateKey, algorithm);
    return cert;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) Field(java.lang.reflect.Field) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 7 with CertificateSubjectName

use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project OpenAttestation by OpenAttestation.

the class X509Builder method subjectName.

/**
     * 
     * @param dn like "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US"
     * @return 
     */
public X509Builder subjectName(String dn) {
    try {
        certificateSubjectName = new CertificateSubjectName(new X500Name(dn));
        // CertificateException, IOException
        info.set(X509CertInfo.SUBJECT, certificateSubjectName);
    } catch (Exception e) {
        fault(e, "subjectName(%s)", dn);
    }
    return this;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) X500Name(sun.security.x509.X500Name)

Example 8 with CertificateSubjectName

use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project OpenAttestation by OpenAttestation.

the class X509Builder method subjectName.

public X509Builder subjectName(X500Name subjectName) {
    try {
        certificateSubjectName = new CertificateSubjectName(subjectName);
        // CertificateException, IOException
        info.set(X509CertInfo.SUBJECT, certificateSubjectName);
    } catch (Exception e) {
        fault(e, "subjectName(%s)", subjectName == null ? "null" : subjectName.getRFC2253Name());
    }
    return this;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName)

Example 9 with CertificateSubjectName

use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project baseio by generallycloud.

the class SelfSignedCertificate method generate.

private File[] generate(String fileRoot, String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509
    // certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fileRoot, fqdn, key, cert);
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 10 with CertificateSubjectName

use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project wiremock by wiremock.

the class X509CertificateSpecification method certificateFor.

@Override
public X509Certificate certificateFor(KeyPair keyPair) throws CertificateException, InvalidKeyException, SignatureException {
    try {
        SecureRandom random = new SecureRandom();
        X509CertInfo info = new X509CertInfo();
        info.set(X509CertInfo.VERSION, version.getVersion());
        // On Java >= 1.8 it has to be an `X500Name`
        try {
            info.set(X509CertInfo.SUBJECT, subject);
        } catch (CertificateException ignore) {
            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
        }
        // On Java >= 1.8 it has to be an `X500Name`
        try {
            info.set(X509CertInfo.ISSUER, issuer);
        } catch (CertificateException ignore) {
            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
        }
        info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
        info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.SHA256_oid)));
        // Sign the cert to identify the algorithm that's used.
        X509CertImpl cert = new X509CertImpl(info);
        cert.sign(keyPair.getPrivate(), "SHA256withRSA");
        // Update the algorithm and sign again.
        info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
        cert = new X509CertImpl(info);
        cert.sign(keyPair.getPrivate(), "SHA256withRSA");
        cert.verify(keyPair.getPublic());
        return cert;
    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException e) {
        return throwUnchecked(e, null);
    }
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) NoSuchProviderException(java.security.NoSuchProviderException) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Aggregations

CertificateSubjectName (sun.security.x509.CertificateSubjectName)10 BigInteger (java.math.BigInteger)8 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)8 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)8 CertificateValidity (sun.security.x509.CertificateValidity)8 CertificateX509Key (sun.security.x509.CertificateX509Key)8 X500Name (sun.security.x509.X500Name)8 X509CertImpl (sun.security.x509.X509CertImpl)8 X509CertInfo (sun.security.x509.X509CertInfo)8 AlgorithmId (sun.security.x509.AlgorithmId)7 CertificateVersion (sun.security.x509.CertificateVersion)7 PrivateKey (java.security.PrivateKey)5 SecureRandom (java.security.SecureRandom)5 CertificateException (java.security.cert.CertificateException)5 Date (java.util.Date)4 CertificateAlgorithmId (org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)2 CertificateExtensions (org.mozilla.jss.netscape.security.x509.CertificateExtensions)2 CertificateSerialNumber (org.mozilla.jss.netscape.security.x509.CertificateSerialNumber)2 CertificateSubjectName (org.mozilla.jss.netscape.security.x509.CertificateSubjectName)2