Search in sources :

Example 1 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project X-Road by nordic-institute.

the class FISubjectClientIdDecoderTest method generateSelfSignedCertificate.

private X509Certificate generateSelfSignedCertificate(String dn, KeyPair pair) throws OperatorCreationException, CertificateException {
    ContentSigner signer = new JcaContentSignerBuilder(CryptoUtils.SHA256WITHRSA_ID).build(pair.getPrivate());
    X500Name name = new X500Name(dn);
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(name, BigInteger.ONE, new Date(), new Date(), name, pair.getPublic());
    return new JcaX509CertificateConverter().getCertificate(builder.build(signer));
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date)

Example 2 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project X-Road by nordic-institute.

the class AbstractGenerateCertRequest method buildSignedCertRequest.

PKCS10CertificationRequest buildSignedCertRequest(TokenAndKey tokenAndKey, String subjectName) throws Exception {
    if (tokenAndKey.getKey().getPublicKey() == null) {
        throw new CodedException(X_INTERNAL_ERROR, "Key '%s' has no public key", tokenAndKey.getKeyId());
    }
    PublicKey publicKey = readPublicKey(tokenAndKey.getKey().getPublicKey());
    JcaPKCS10CertificationRequestBuilder certRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(subjectName), publicKey);
    ContentSigner signer = new TokenContentSigner(tokenAndKey, this);
    PKCS10CertificationRequest request = certRequestBuilder.build(signer);
    return request;
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) CodedException(ee.ria.xroad.common.CodedException) CryptoUtils.readX509PublicKey(ee.ria.xroad.common.util.CryptoUtils.readX509PublicKey) PublicKey(java.security.PublicKey) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 3 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project X-Road by nordic-institute.

the class CertUtils method getSubjectSerialNumber.

/**
 * @param cert certificate from which to get the subject serial number
 * @return the SerialNumber component of the Subject field.
 */
public static String getSubjectSerialNumber(X509Certificate cert) {
    X500Principal principal = cert.getSubjectX500Principal();
    X500Name x500name = new X500Name(principal.getName());
    return getRDNValue(x500name, BCStyle.SERIALNUMBER);
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 4 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project X-Road by nordic-institute.

the class FISubjectClientIdDecoder method getSubjectClientId.

/**
 * @param cert certificate from which to construct the client ID
 * @return a fully constructed Client identifier from DN of the certificate.
 */
public static ClientId getSubjectClientId(X509Certificate cert) {
    X500Principal principal = cert.getSubjectX500Principal();
    X500Name x500name = new X500Name(principal.getName());
    if (getRDNValue(x500name, BCStyle.SERIALNUMBER) == null) {
        if (getRDNValue(x500name, BCStyle.OU) == null) {
            return CertUtils.getSubjectClientId(cert);
        }
        return parseClientIdFromLegacyName(x500name);
    }
    return parseClientId(x500name);
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 5 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project bitcoinj by bitcoinj.

the class X509Utils method getDisplayNameFromCertificate.

/**
 * Returns either a string that "sums up" the certificate for humans, in a similar manner to what you might see
 * in a web browser, or null if one cannot be extracted. This will typically be the common name (CN) field, but
 * can also be the org (O) field, org+location+country if withLocation is set, or the email
 * address for S/MIME certificates.
 */
@Nullable
public static String getDisplayNameFromCertificate(@Nonnull X509Certificate certificate, boolean withLocation) throws CertificateParsingException {
    X500Name name = new X500Name(certificate.getSubjectX500Principal().getName());
    String commonName = null, org = null, location = null, country = null;
    for (RDN rdn : name.getRDNs()) {
        AttributeTypeAndValue pair = rdn.getFirst();
        String val = ((ASN1String) pair.getValue()).getString();
        ASN1ObjectIdentifier type = pair.getType();
        if (type.equals(RFC4519Style.cn))
            commonName = val;
        else if (type.equals(RFC4519Style.o))
            org = val;
        else if (type.equals(RFC4519Style.l))
            location = val;
        else if (type.equals(RFC4519Style.c))
            country = val;
    }
    final Collection<List<?>> subjectAlternativeNames = certificate.getSubjectAlternativeNames();
    String altName = null;
    if (subjectAlternativeNames != null)
        for (final List<?> subjectAlternativeName : subjectAlternativeNames) if (// rfc822name
        (Integer) subjectAlternativeName.get(0) == 1)
            altName = (String) subjectAlternativeName.get(1);
    if (org != null) {
        return withLocation ? Joiner.on(", ").skipNulls().join(org, location, country) : org;
    } else if (commonName != null) {
        return commonName;
    } else {
        return altName;
    }
}
Also used : List(java.util.List) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1String(org.bouncycastle.asn1.ASN1String) ASN1String(org.bouncycastle.asn1.ASN1String) RDN(org.bouncycastle.asn1.x500.RDN) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Nullable(javax.annotation.Nullable)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)510 X509Certificate (java.security.cert.X509Certificate)182 BigInteger (java.math.BigInteger)175 Date (java.util.Date)168 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158 ContentSigner (org.bouncycastle.operator.ContentSigner)149 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127 IOException (java.io.IOException)104 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93 KeyPair (java.security.KeyPair)79 RDN (org.bouncycastle.asn1.x500.RDN)75 X500Name (sun.security.x509.X500Name)68 PrivateKey (java.security.PrivateKey)64 CertificateException (java.security.cert.CertificateException)64 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55 SecureRandom (java.security.SecureRandom)54