Search in sources :

Example 51 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project documentproduction by qld-gov-au.

the class SigningServiceTest method setUpKeys.

private static void setUpKeys() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
    KeyPair keyPair = keyGen.generateKeyPair();
    X500Name x500Name = new X500Name("CN=test");
    SubjectPublicKeyInfo pubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    final X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, new BigInteger(10, new SecureRandom()), new Date(), new LocalDateTime().plusDays(1).toDate(), x500Name, pubKeyInfo);
    contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificateBuilder.build(contentSigner));
}
Also used : LocalDateTime(org.joda.time.LocalDateTime) KeyPair(java.security.KeyPair) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) BigInteger(java.math.BigInteger) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 52 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project dgc-gateway by eu-digital-green-certificates.

the class CertificateTestUtils method generateCertificate.

public static X509Certificate generateCertificate(KeyPair keyPair, String country, String commonName, Date validFrom, Date validTo) throws Exception {
    X500Name subject = new X500NameBuilder().addRDN(X509ObjectIdentifiers.countryName, country).addRDN(X509ObjectIdentifiers.commonName, commonName).build();
    BigInteger certSerial = new BigInteger(Long.toString(System.currentTimeMillis()));
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate());
    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(subject, certSerial, validFrom, validTo, subject, keyPair.getPublic());
    BasicConstraints basicConstraints = new BasicConstraints(false);
    certBuilder.addExtension(Extension.basicConstraints, true, basicConstraints);
    return new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner));
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 53 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project dgc-gateway by eu-digital-green-certificates.

the class CertificateTestUtils method generateCertificate.

public static X509Certificate generateCertificate(KeyPair keyPair, String country, String commonName, Date validFrom, Date validTo, X509Certificate ca, PrivateKey caKey) throws Exception {
    X500Name subject = new X500NameBuilder().addRDN(X509ObjectIdentifiers.countryName, country).addRDN(X509ObjectIdentifiers.commonName, commonName).build();
    X500Name issuer = new X509CertificateHolder(ca.getEncoded()).getSubject();
    BigInteger certSerial = new BigInteger(Long.toString(System.currentTimeMillis()));
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withECDSA").build(caKey);
    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, certSerial, validFrom, validTo, subject, keyPair.getPublic());
    BasicConstraints basicConstraints = new BasicConstraints(false);
    certBuilder.addExtension(Extension.basicConstraints, true, basicConstraints);
    return new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner));
}
Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 54 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project fabric-gateway by hyperledger.

the class X509Credentials method generateCertificate.

private X509Certificate generateCertificate(KeyPair keyPair) {
    X500Name dnName = new X500Name("CN=John Doe");
    // Yesterday
    Date validityBeginDate = new Date(System.currentTimeMillis() - 24L * 60 * 60 * 1000);
    // 2 years from now
    Date validityEndDate = new Date(System.currentTimeMillis() + 2L * 365 * 24 * 60 * 60 * 1000);
    SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    X509v3CertificateBuilder builder = new X509v3CertificateBuilder(dnName, BigInteger.valueOf(System.currentTimeMillis()), validityBeginDate, validityEndDate, Locale.getDefault(), dnName, subPubKeyInfo);
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    try {
        ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()));
        X509CertificateHolder holder = builder.build(contentSigner);
        return new JcaX509CertificateConverter().getCertificate(holder);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    } catch (OperatorCreationException | CertificateException e) {
        throw new RuntimeException(e);
    }
}
Also used : ContentSigner(org.bouncycastle.operator.ContentSigner) UncheckedIOException(java.io.UncheckedIOException) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) Date(java.util.Date) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)

Example 55 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project attestation by TokenScript.

the class IdentifierAttestationTest method testOtherSubject.

@Test
public void testOtherSubject() throws Exception {
    IdentifierAttestation initial = HelperTest.makeUnsignedStandardAtt(subjectKeys.getPublic(), BigInteger.ONE, mail);
    Field field = initial.getClass().getSuperclass().getDeclaredField("subject");
    field.setAccessible(true);
    // Change the subject
    field.set(initial, new X500Name("CN=John Doe"));
    // Common Names are allowed
    assertTrue(initial.checkValidity());
}
Also used : Field(java.lang.reflect.Field) X500Name(org.bouncycastle.asn1.x500.X500Name) Test(org.junit.jupiter.api.Test)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)510 X509Certificate (java.security.cert.X509Certificate)182 BigInteger (java.math.BigInteger)175 Date (java.util.Date)168 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158 ContentSigner (org.bouncycastle.operator.ContentSigner)149 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127 IOException (java.io.IOException)104 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93 KeyPair (java.security.KeyPair)79 RDN (org.bouncycastle.asn1.x500.RDN)75 X500Name (sun.security.x509.X500Name)68 PrivateKey (java.security.PrivateKey)64 CertificateException (java.security.cert.CertificateException)64 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55 SecureRandom (java.security.SecureRandom)54