use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project cdap by caskdata.
the class KeyStores method getCertificate.
/**
* Generate an X.509 certificate
*
* @param dn Distinguished name for the owner of the certificate, it will also be the signer of the certificate.
* @param pair Key pair used for signing the certificate.
* @param days Validity of the certificate.
* @param algorithm Name of the signature algorithm used.
* @return A X.509 certificate
*/
private static X509Certificate getCertificate(String dn, KeyPair pair, int days, String algorithm) throws IOException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
// Calculate the validity interval of the certificate
Date from = new Date();
Date to = DateUtils.addDays(from, days);
CertificateValidity interval = new CertificateValidity(from, to);
// Generate a random number to use as the serial number for the certificate
BigInteger sn = new BigInteger(64, new SecureRandom());
// Create the name of the owner based on the provided distinguished name
X500Name owner = new X500Name(dn);
// Create an info objects with the provided information, which will be used to create the certificate
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
// In java 7, subject is of type CertificateSubjectName and issuer is of type CertificateIssuerName.
// These were changed to X500Name in Java8. So looking at the field type before setting them.
// This certificate will be self signed, hence the subject and the issuer are same.
Field subjectField = null;
try {
subjectField = info.getClass().getDeclaredField("subject");
if (subjectField.getType().equals(X500Name.class)) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
} catch (NoSuchFieldException e) {
// Trying to set it to Java 8 types. If one of the underlying fields has changed then this will throw a
// CertificateException which is handled by the caller.
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Create the certificate and sign it with the private key
X509CertImpl cert = new X509CertImpl(info);
PrivateKey privateKey = pair.getPrivate();
cert.sign(privateKey, algorithm);
return cert;
}
use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project OpenAttestation by OpenAttestation.
the class X509Builder method subjectName.
/**
*
* @param dn like "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US"
* @return
*/
public X509Builder subjectName(String dn) {
try {
certificateSubjectName = new CertificateSubjectName(new X500Name(dn));
// CertificateException, IOException
info.set(X509CertInfo.SUBJECT, certificateSubjectName);
} catch (Exception e) {
fault(e, "subjectName(%s)", dn);
}
return this;
}
use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project OpenAttestation by OpenAttestation.
the class X509Builder method subjectName.
public X509Builder subjectName(X500Name subjectName) {
try {
certificateSubjectName = new CertificateSubjectName(subjectName);
// CertificateException, IOException
info.set(X509CertInfo.SUBJECT, certificateSubjectName);
} catch (Exception e) {
fault(e, "subjectName(%s)", subjectName == null ? "null" : subjectName.getRFC2253Name());
}
return this;
}
use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project baseio by generallycloud.
the class SelfSignedCertificate method generate.
private File[] generate(String fileRoot, String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509
// certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fileRoot, fqdn, key, cert);
}
use of org.mozilla.jss.netscape.security.x509.CertificateSubjectName in project wiremock by wiremock.
the class X509CertificateSpecification method certificateFor.
@Override
public X509Certificate certificateFor(KeyPair keyPair) throws CertificateException, InvalidKeyException, SignatureException {
try {
SecureRandom random = new SecureRandom();
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VERSION, version.getVersion());
// On Java >= 1.8 it has to be an `X500Name`
try {
info.set(X509CertInfo.SUBJECT, subject);
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
}
// On Java >= 1.8 it has to be an `X500Name`
try {
info.set(X509CertInfo.ISSUER, issuer);
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.SHA256_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA256withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA256withRSA");
cert.verify(keyPair.getPublic());
return cert;
} catch (IOException | NoSuchAlgorithmException | NoSuchProviderException e) {
return throwUnchecked(e, null);
}
}
Aggregations