use of org.mozilla.jss.netscape.security.x509.X500Name in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentity method getTransportCertificateCn.
/**
* Return the unique TppIdentifier. This can be overridden for different ApiClientIdentity types. For example,
* OBWacs should use the NCA registration ID found in the organisationIdentifier (oid 2.5.4.97) of the subject
* Name in the certificate. For an OB Transport (legacy OB Directory issued certs) we might need to use the OU
* field from the certificate subject....
* @return a UID for the TPP.
*/
public String getTransportCertificateCn() {
try {
X509Certificate transportCert = getTransportCertificate();
if (transportCert != null) {
X500Name x500name = new JcaX509CertificateHolder(transportCert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnString = IETFUtils.valueToString(cn.getFirst().getValue());
return cnString;
} else {
log.info("getTppIdentifier() No certificates available from authentication; '{}'", authentication);
throw new ApiClientException("No certificates available from request");
}
} catch (CertificateEncodingException | ApiClientException e) {
log.info("getTransportCertificateCn() failed to get CN from transport certificate. X509Authentication; {}", authentication, e);
return null;
}
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project openbanking-aspsp by OpenBankingToolkit.
the class X509CertificateHelper method getCn.
public static String getCn(X509Certificate x509Certificate) {
try {
X500Name x500name = new JcaX509CertificateHolder(x509Certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(cn.getFirst().getValue());
} catch (CertificateEncodingException e) {
return null;
}
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project vitam-ui by ProgrammeVitam.
the class OperationController method extractInfoFromTimestamp.
@ApiOperation(value = "extract information from timestamp")
@PostMapping(value = "/timestamp")
public ObjectNode extractInfoFromTimestamp(@RequestBody final String timestamp) {
final ObjectNode result = JsonHandler.createObjectNode();
try {
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(org.bouncycastle.util.encoders.Base64.decode(timestamp.getBytes())));
ASN1Primitive obj = bIn.readObject();
TimeStampResponse tsResp = new TimeStampResponse(obj.toASN1Primitive().getEncoded());
SignerId signerId = tsResp.getTimeStampToken().getSID();
X500Name signerCertIssuer = signerId.getIssuer();
result.put("genTime", LocalDateUtil.getString(LocalDateUtil.fromDate(tsResp.getTimeStampToken().getTimeStampInfo().getGenTime())));
result.put("signerCertIssuer", signerCertIssuer.toString());
} catch (TSPException | IOException e) {
LOGGER.error("Error while transforming timestamp", e);
throw new BadRequestException("Error while transforming timestamp", e);
}
return result;
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project openhab-addons by openhab.
the class BoschSslUtil method generateClientCertificate.
private X509Certificate generateClientCertificate(KeyPair keyPair) throws GeneralSecurityException, OperatorCreationException {
final String dirName = "CN=" + getBoschShcClientId() + ", O=openHAB, L=None, ST=None, C=None";
logger.debug("Creating a new self signed certificate: {}", dirName);
final Instant now = Instant.now();
final Date notBefore = Date.from(now);
final Date notAfter = Date.from(now.plus(Duration.ofDays(365 * 10)));
X500Name name = new X500Name(dirName);
// create the certificate
X509v3CertificateBuilder certificateBuilder = new // Issuer
JcaX509v3CertificateBuilder(// Issuer
name, // Subject
BigInteger.valueOf(now.toEpochMilli()), // Subject
notBefore, // Subject
notAfter, // Subject
name, // Public key to be associated with the certificate
keyPair.getPublic());
// and sign it
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificateBuilder.build(contentSigner));
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project efm-integrasjonspunkt by felleslosninger.
the class CmsUtilTest method generateCertificate.
private Certificate generateCertificate(PublicKey subjectPublicKey, PrivateKey issuerPrivateKey) throws ParseException, OperatorCreationException, CertificateException, IOException {
SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
X500Name issuer = new X500Name("CN=Issuer and subject (self signed)");
BigInteger serial = new BigInteger("100");
Date notBefore = df.parse("2010-01-01");
Date notAfter = df.parse("2050-01-01");
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(subjectPublicKey.getEncoded()));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, publicKeyInfo);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(issuerPrivateKey);
X509CertificateHolder holder = certBuilder.build(signer);
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return factory.generateCertificate(new ByteArrayInputStream(holder.getEncoded()));
}
Aggregations