Search in sources :

Example 6 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentity method getTransportCertificateCn.

/**
 * Return the unique TppIdentifier. This can be overridden for different ApiClientIdentity types. For example,
 * OBWacs should use the NCA registration ID found in the organisationIdentifier (oid 2.5.4.97) of the subject
 * Name in the certificate. For an OB Transport (legacy OB Directory issued certs) we might need to use the OU
 * field from the certificate subject....
 * @return a UID for the TPP.
 */
public String getTransportCertificateCn() {
    try {
        X509Certificate transportCert = getTransportCertificate();
        if (transportCert != null) {
            X500Name x500name = new JcaX509CertificateHolder(transportCert).getSubject();
            RDN cn = x500name.getRDNs(BCStyle.CN)[0];
            String cnString = IETFUtils.valueToString(cn.getFirst().getValue());
            return cnString;
        } else {
            log.info("getTppIdentifier() No certificates available from authentication; '{}'", authentication);
            throw new ApiClientException("No certificates available from request");
        }
    } catch (CertificateEncodingException | ApiClientException e) {
        log.info("getTransportCertificateCn() failed to get CN from transport certificate. X509Authentication; {}", authentication, e);
        return null;
    }
}
Also used : CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN) X509Certificate(java.security.cert.X509Certificate)

Example 7 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project openbanking-aspsp by OpenBankingToolkit.

the class X509CertificateHelper method getCn.

public static String getCn(X509Certificate x509Certificate) {
    try {
        X500Name x500name = new JcaX509CertificateHolder(x509Certificate).getSubject();
        RDN cn = x500name.getRDNs(BCStyle.CN)[0];
        return IETFUtils.valueToString(cn.getFirst().getValue());
    } catch (CertificateEncodingException e) {
        return null;
    }
}
Also used : CertificateEncodingException(java.security.cert.CertificateEncodingException) X500Name(org.bouncycastle.asn1.x500.X500Name) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) RDN(org.bouncycastle.asn1.x500.RDN)

Example 8 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project vitam-ui by ProgrammeVitam.

the class OperationController method extractInfoFromTimestamp.

@ApiOperation(value = "extract information from timestamp")
@PostMapping(value = "/timestamp")
public ObjectNode extractInfoFromTimestamp(@RequestBody final String timestamp) {
    final ObjectNode result = JsonHandler.createObjectNode();
    try {
        ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(org.bouncycastle.util.encoders.Base64.decode(timestamp.getBytes())));
        ASN1Primitive obj = bIn.readObject();
        TimeStampResponse tsResp = new TimeStampResponse(obj.toASN1Primitive().getEncoded());
        SignerId signerId = tsResp.getTimeStampToken().getSID();
        X500Name signerCertIssuer = signerId.getIssuer();
        result.put("genTime", LocalDateUtil.getString(LocalDateUtil.fromDate(tsResp.getTimeStampToken().getTimeStampInfo().getGenTime())));
        result.put("signerCertIssuer", signerCertIssuer.toString());
    } catch (TSPException | IOException e) {
        LOGGER.error("Error while transforming timestamp", e);
        throw new BadRequestException("Error while transforming timestamp", e);
    }
    return result;
}
Also used : TimeStampResponse(org.bouncycastle.tsp.TimeStampResponse) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) ByteArrayInputStream(java.io.ByteArrayInputStream) SignerId(org.bouncycastle.cms.SignerId) BadRequestException(fr.gouv.vitamui.commons.api.exception.BadRequestException) X500Name(org.bouncycastle.asn1.x500.X500Name) TSPException(org.bouncycastle.tsp.TSPException) IOException(java.io.IOException) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) ApiOperation(io.swagger.annotations.ApiOperation)

Example 9 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project openhab-addons by openhab.

the class BoschSslUtil method generateClientCertificate.

private X509Certificate generateClientCertificate(KeyPair keyPair) throws GeneralSecurityException, OperatorCreationException {
    final String dirName = "CN=" + getBoschShcClientId() + ", O=openHAB, L=None, ST=None, C=None";
    logger.debug("Creating a new self signed certificate: {}", dirName);
    final Instant now = Instant.now();
    final Date notBefore = Date.from(now);
    final Date notAfter = Date.from(now.plus(Duration.ofDays(365 * 10)));
    X500Name name = new X500Name(dirName);
    // create the certificate
    X509v3CertificateBuilder certificateBuilder = new // Issuer
    JcaX509v3CertificateBuilder(// Issuer
    name, // Subject
    BigInteger.valueOf(now.toEpochMilli()), // Subject
    notBefore, // Subject
    notAfter, // Subject
    name, // Public key to be associated with the certificate
    keyPair.getPublic());
    // and sign it
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificateBuilder.build(contentSigner));
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) Instant(java.time.Instant) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 10 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project efm-integrasjonspunkt by felleslosninger.

the class CmsUtilTest method generateCertificate.

private Certificate generateCertificate(PublicKey subjectPublicKey, PrivateKey issuerPrivateKey) throws ParseException, OperatorCreationException, CertificateException, IOException {
    SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
    X500Name issuer = new X500Name("CN=Issuer and subject (self signed)");
    BigInteger serial = new BigInteger("100");
    Date notBefore = df.parse("2010-01-01");
    Date notAfter = df.parse("2050-01-01");
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(subjectPublicKey.getEncoded()));
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, publicKeyInfo);
    ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(issuerPrivateKey);
    X509CertificateHolder holder = certBuilder.build(signer);
    CertificateFactory factory = CertificateFactory.getInstance("X.509");
    return factory.generateCertificate(new ByteArrayInputStream(holder.getEncoded()));
}
Also used : X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) SimpleDateFormat(java.text.SimpleDateFormat) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertificateFactory(java.security.cert.CertificateFactory) Date(java.util.Date)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)510 X509Certificate (java.security.cert.X509Certificate)182 BigInteger (java.math.BigInteger)175 Date (java.util.Date)168 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158 ContentSigner (org.bouncycastle.operator.ContentSigner)149 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127 IOException (java.io.IOException)104 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93 KeyPair (java.security.KeyPair)79 RDN (org.bouncycastle.asn1.x500.RDN)75 X500Name (sun.security.x509.X500Name)68 PrivateKey (java.security.PrivateKey)64 CertificateException (java.security.cert.CertificateException)64 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55 SecureRandom (java.security.SecureRandom)54