Example 61 with X500Name
use of org.mozilla.jss.netscape.security.x509.X500Name in project PCNGateway-Java-SDK by BSNDA.
the class R1Algorithm method getUserCertInfo.
/**
* Get certificate CSR
*
* @param DN
* @return
*/
@Override
public UserCertInfo getUserCertInfo(String DN) throws Exception {
Security.addProvider(new BouncyCastleProvider());
int algSize = 256;
String sigAlg = "SHA256withECDSA";
KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDSA");
kpg.initialize(algSize, new SecureRandom());
KeyPair kp = kpg.generateKeyPair();
PrivateKey privateKey = kp.getPrivate();
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
X500Name x500Name = new X500Name(DN);
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded());
PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(x500Name, subjectPublicKeyInfo);
JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(sigAlg);
Provider BC = new BouncyCastleProvider();
jcaContentSignerBuilder.setProvider(BC);
ContentSigner contentSigner = jcaContentSignerBuilder.build(kp.getPrivate());
PKCS10CertificationRequest csr = builder.build(contentSigner);
byte[] der = csr.getEncoded();
String strPEMCSR = "-----BEGIN CERTIFICATE REQUEST-----\n";
strPEMCSR += new String(org.bouncycastle.util.encoders.Base64.encode(der));
strPEMCSR += "\n-----END CERTIFICATE REQUEST-----\n";
UserCertInfo user = new UserCertInfo();
user.setCSRPem(strPEMCSR);
user.setKey(privateKey);
return user;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
UserCertInfo(com.bsnbase.sdk.util.common.UserCertInfo)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 62 with X500Name
use of org.mozilla.jss.netscape.security.x509.X500Name in project bitbreeds-webrtc by IIlllII.
the class WebrtcDtlsServer method getCertificateRequest.
@Override
public CertificateRequest getCertificateRequest() {
short[] certificateTypes = new short[] { ClientCertificateType.rsa_sign, ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
Vector serverSigAlgs = null;
if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(ProtocolVersion.DTLSv12)) {
serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms(this.context);
}
Vector<X500Name> certificateAuthorities = new Vector<>();
certificateAuthorities.addElement(certLoaded.getSubject());
return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
}Example 63 with X500Name
use of org.mozilla.jss.netscape.security.x509.X500Name in project kdeconnect-android by KDE.
the class SslHelper method getCommonNameFromCertificate.
private static String getCommonNameFromCertificate(X509Certificate cert) {
X500Principal principal = cert.getSubjectX500Principal();
X500Name x500name = new X500Name(principal.getName());
RDN rdn = x500name.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(rdn.getFirst().getValue());
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
X500Name(org.spongycastle.asn1.x500.X500Name)
RDN(org.spongycastle.asn1.x500.RDN)
Example 64 with X500Name
use of org.mozilla.jss.netscape.security.x509.X500Name in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesDNS.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the DNS subjectAltName value</li>
* <li>explicitly not the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>a subjectAltName entry of type DNS </li>
* </ul>
*/
@Test
public void testServerIdentitiesDNS() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final String subjectAltNameDNS = "MySubjectAltNameDNS";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final GeneralNames generalNames = new GeneralNames(new GeneralName(GeneralName.dNSName, subjectAltNameDNS));
builder.addExtension(Extension.subjectAlternativeName, false, generalNames);
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertTrue(serverIdentities.contains(subjectAltNameDNS));
assertFalse(serverIdentities.contains(subjectCommonName));
}
Also used :
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SecureRandom(java.security.SecureRandom)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 65 with X500Name
use of org.mozilla.jss.netscape.security.x509.X500Name in project Openfire by igniterealtime.
the class CertificateManagerTest method testServerIdentitiesCommonNameOnly.
/**
* {@link CertificateManager#getServerIdentities(X509Certificate)} should return:
* <ul>
* <li>the Common Name</li>
* </ul>
*
* when a certificate contains:
* <ul>
* <li>no other identifiers than its CommonName</li>
* </ul>
*/
@Test
public void testServerIdentitiesCommonNameOnly() throws Exception {
// Setup fixture.
final String subjectCommonName = "MySubjectCommonName";
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// Issuer
new X500Name("CN=MyIssuer"), // Random serial number
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())), // Not before 30 days ago
new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24 * 30)), // Not after 99 days from now
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 99)), // Subject
new X500Name("CN=" + subjectCommonName), subjectKeyPair.getPublic());
final X509CertificateHolder certificateHolder = builder.build(contentSigner);
final X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certificateHolder);
// Execute system under test
final List<String> serverIdentities = CertificateManager.getServerIdentities(cert);
// Verify result
assertEquals(1, serverIdentities.size());
assertEquals(subjectCommonName, serverIdentities.get(0));
}
Also used :
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SecureRandom(java.security.SecureRandom)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)510
X509Certificate (java.security.cert.X509Certificate)182
BigInteger (java.math.BigInteger)175
Date (java.util.Date)168
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158
ContentSigner (org.bouncycastle.operator.ContentSigner)149
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127
IOException (java.io.IOException)104
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93
KeyPair (java.security.KeyPair)79
RDN (org.bouncycastle.asn1.x500.RDN)75
X500Name (sun.security.x509.X500Name)68
PrivateKey (java.security.PrivateKey)64
CertificateException (java.security.cert.CertificateException)64
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55
SecureRandom (java.security.SecureRandom)54
