Examples with X500Name org.mozilla.jss.netscape.security.x509.X500Name used on opensource projects

Search in sources :

Example 86 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project snikket-android by snikket-im.

the class XmppDomainVerifier method getCommonNames.

private static List<String> getCommonNames(X509Certificate certificate) {
    List<String> domains = new ArrayList<>();
    try {
        X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
        RDN[] rdns = x500name.getRDNs(BCStyle.CN);
        for (int i = 0; i < rdns.length; ++i) {
            domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
        }
        return domains;
    } catch (CertificateEncodingException e) {
        return domains;
    }
}
Also used : ArrayList(java.util.ArrayList) CertificateEncodingException(java.security.cert.CertificateEncodingException) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN)

Example 87 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project credhub by cloudfoundry.

the class CertificateGeneratorTest method whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated.

@Test
public void whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated() throws Exception {
    final KeyPair childCertificateKeyPair = setupKeyPair();
    final X500Name intermediateCaDn = new X500Name("O=foo,ST=bar,C=intermediate");
    final KeyPair intermediateCaKeyPair = fakeKeyPairGenerator.generate();
    final X509CertificateHolder intermediateCaCertificateHolder = makeCert(intermediateCaKeyPair, rootCaKeyPair.getPrivate(), rootCaDn, intermediateCaDn, true);
    final X509Certificate intermediateX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleFipsProvider.PROVIDER_NAME).getCertificate(intermediateCaCertificateHolder);
    final CertificateCredentialValue intermediateCa = new CertificateCredentialValue(null, CertificateFormatter.pemOf(intermediateX509Certificate), CertificateFormatter.pemOf(intermediateCaKeyPair.getPrivate()), null, true, false, false, false);
    when(certificateAuthorityService.findActiveVersion("/my-ca-name")).thenReturn(intermediateCa);
    when(keyGenerator.generateKeyPair(anyInt())).thenReturn(childCertificateKeyPair);
    final X509CertificateHolder childCertificateHolder = generateChildCertificateSignedByCa(childCertificateKeyPair, intermediateCaKeyPair.getPrivate(), intermediateCaDn);
    childX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleFipsProvider.PROVIDER_NAME).getCertificate(childCertificateHolder);
    when(signedCertificateGenerator.getSignedByIssuer(childCertificateKeyPair, inputParameters, intermediateX509Certificate, intermediateCaKeyPair.getPrivate())).thenReturn(childX509Certificate);
    final CertificateCredentialValue certificateSignedByIntermediate = subject.generateCredential(inputParameters);
    assertThat(certificateSignedByIntermediate.getCa(), equalTo(intermediateCa.getCertificate()));
    assertThat(certificateSignedByIntermediate.getPrivateKey(), equalTo(CertificateFormatter.pemOf(childCertificateKeyPair.getPrivate())));
    assertThat(certificateSignedByIntermediate.getCertificate(), equalTo(CertificateFormatter.pemOf(childX509Certificate)));
    verify(keyGenerator, times(1)).generateKeyPair(2048);
}
Also used : KeyPair(java.security.KeyPair) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 88 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project mockserver by mock-server.

the class BCKeyAndCertificateFactory method createCASignedCert.

/**
 * Create a server certificate for the given domain and subject alternative names, signed by the given Certificate Authority.
 */
private X509Certificate createCASignedCert(PublicKey publicKey, X509Certificate certificateAuthorityCert, PrivateKey certificateAuthorityPrivateKey, PublicKey certificateAuthorityPublicKey, String domain, Set<String> subjectAlternativeNameDomains, Set<String> subjectAlternativeNameIps) throws Exception {
    // signers name
    X500Name issuer = new X509CertificateHolder(certificateAuthorityCert.getEncoded()).getSubject();
    // subjects name - the same as we are self signed.
    X500Name subject = new X500Name("CN=" + domain + ", O=MockServer, L=London, ST=England, C=UK");
    // serial
    BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE));
    // create the certificate - version 3
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, serial, NOT_BEFORE, NOT_AFTER, subject, publicKey);
    builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
    builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
    // subject alternative name
    List<ASN1Encodable> subjectAlternativeNames = new ArrayList<>();
    if (subjectAlternativeNameDomains != null) {
        subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, domain));
        for (String subjectAlternativeNameDomain : subjectAlternativeNameDomains) {
            subjectAlternativeNames.add(new GeneralName(GeneralName.dNSName, subjectAlternativeNameDomain));
        }
    }
    if (subjectAlternativeNameIps != null) {
        for (String subjectAlternativeNameIp : subjectAlternativeNameIps) {
            if (IPAddress.isValidIPv6WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv6(subjectAlternativeNameIp) || IPAddress.isValidIPv4WithNetmask(subjectAlternativeNameIp) || IPAddress.isValidIPv4(subjectAlternativeNameIp)) {
                subjectAlternativeNames.add(new GeneralName(GeneralName.iPAddress, subjectAlternativeNameIp));
            }
        }
    }
    if (subjectAlternativeNames.size() > 0) {
        DERSequence subjectAlternativeNamesExtension = new DERSequence(subjectAlternativeNames.toArray(new ASN1Encodable[0]));
        builder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNamesExtension);
    }
    X509Certificate signedX509Certificate = signCertificate(builder, certificateAuthorityPrivateKey);
    // validate
    signedX509Certificate.checkValidity(new Date());
    signedX509Certificate.verify(certificateAuthorityPublicKey);
    return signedX509Certificate;
}
Also used : X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger)

Example 89 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project mockserver by mock-server.

the class BCKeyAndCertificateFactory method createCACert.

private X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception {
    // signers name
    X500Name issuerName = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK");
    // serial
    BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE));
    // create the certificate - version 3 (with subjects name same as issues as self signed)
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, issuerName, publicKey);
    builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
    builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
    builder.addExtension(Extension.keyUsage, false, usage);
    ASN1EncodableVector purposes = new ASN1EncodableVector();
    purposes.add(KeyPurposeId.id_kp_serverAuth);
    purposes.add(KeyPurposeId.id_kp_clientAuth);
    purposes.add(KeyPurposeId.anyExtendedKeyUsage);
    builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes));
    X509Certificate cert = signCertificate(builder, privateKey);
    cert.checkValidity(new Date());
    cert.verify(publicKey);
    return cert;
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate)

Example 90 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project mockserver by mock-server.

the class X509Generator method generateLeafX509AndPrivateKey.

public X509AndPrivateKey generateLeafX509AndPrivateKey(final CertificateSigningRequest csr, String issuerDistinguishingName, final String caPrivateKey, final X509Certificate caCertificate) throws IOException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException, InvalidKeySpecException {
    final PrivateKey privateKey = KeyFactory.getInstance(csr.getKeyPairAlgorithm()).generatePrivate(keySpecFromPEM(caPrivateKey));
    final KeyPair keyPair = generateKeyPair(csr.getKeyPairAlgorithm(), csr.getKeyPairSize());
    final X500Name subject = new X500Name(buildDistinguishedName(csr.getCommonName()));
    final X500Name issuer = new X500Name(issuerDistinguishingName);
    X509CertInfo x509CertInfo = buildX509CertInfo(subject, issuer, keyPair.getPublic(), csr);
    updateWithCertificateExtensions(x509CertInfo, keyPair.getPublic(), caCertificate.getPublicKey(), csr.getSubjectAlternativeNames());
    X509AndPrivateKey x509AndPrivateKey = signX509KeyPair(privateKey, keyPair, x509CertInfo, csr.getSigningAlgorithm());
    // validate
    X509Certificate signedX509Certificate = x509FromPEM(x509AndPrivateKey.getCert());
    signedX509Certificate.checkValidity(new Date());
    signedX509Certificate.verify(caCertificate.getPublicKey());
    return x509AndPrivateKey;
}
Also used : X509CertInfo(sun.security.x509.X509CertInfo) X500Name(sun.security.x509.X500Name) X509Certificate(java.security.cert.X509Certificate)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)510 X509Certificate (java.security.cert.X509Certificate)182 BigInteger (java.math.BigInteger)175 Date (java.util.Date)168 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158 ContentSigner (org.bouncycastle.operator.ContentSigner)149 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127 IOException (java.io.IOException)104 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93 KeyPair (java.security.KeyPair)79 RDN (org.bouncycastle.asn1.x500.RDN)75 X500Name (sun.security.x509.X500Name)68 PrivateKey (java.security.PrivateKey)64 CertificateException (java.security.cert.CertificateException)64 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55 SecureRandom (java.security.SecureRandom)54
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial