Search in sources :

Example 16 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project laverca by laverca.

the class CmsSignature method readIssuer.

/**
 * Read the Issuer from a SignedInfo object
 * @param si data
 * @return Issuer as String
 */
public static String readIssuer(final SignerInfo si) {
    if (si == null) {
        return null;
    }
    final IssuerAndSerialNumber ias = si.getIssuerAndSerialNumber();
    final X500Name issuerName = ias.getName();
    return issuerName.toString();
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 17 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project laverca by laverca.

the class Pkcs7 method readIssuer.

/**
 * Read the Issuer from a SignedInfo object
 * @param si data
 * @return Issuer as String
 */
public static String readIssuer(final SignerInfo si) {
    if (si == null) {
        return null;
    }
    final IssuerAndSerialNumber ias = si.getIssuerAndSerialNumber();
    final X500Name issuerName = ias.getName();
    return issuerName.toString();
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 18 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project solarnetwork-node by SolarNetwork.

the class PKITestUtils method generateNewCACert.

public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
    final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
    final X500Name subjectDn = new X500Name(subject);
    final BigInteger serial = getNextSerialNumber();
    final Date notBefore = new Date();
    final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
    // add "CA" extension
    BasicConstraints basicConstraints;
    if (issuer == null) {
        basicConstraints = new BasicConstraints(true);
    } else {
        int issuerPathLength = issuer.getBasicConstraints();
        basicConstraints = new BasicConstraints(issuerPathLength - 1);
    }
    builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
    // add subjectKeyIdentifier
    JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
    SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
    builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
    // add authorityKeyIdentifier
    GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
    AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
    aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
    builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
    // add keyUsage
    X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
    builder.addExtension(X509Extension.keyUsage, true, keyUsage);
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
    ContentSigner signer = signerBuilder.build(issuerKey);
    X509CertificateHolder holder = builder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    return converter.getCertificate(holder);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) Date(java.util.Date) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)

Example 19 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project Gene by Nervousync.

the class CertificateUtils method x509.

/**
 * Convert public key instance to X.509 certificate
 *
 * @param publicKey     Public key
 * @param serialNumber  Certificate serial number
 * @param beginDate     Certificate begin date
 * @param endDate       Certificate end date
 * @param certName      Certificate name
 * @param signKey       Certificate signer private key
 * @param signAlgorithm Signature algorithm
 * @return Generated X.509 certificate
 */
public static X509Certificate x509(PublicKey publicKey, long serialNumber, Date beginDate, Date endDate, String certName, PrivateKey signKey, String signAlgorithm) {
    if (publicKey == null || signKey == null || StringUtils.isEmpty(signAlgorithm)) {
        return null;
    }
    X500Name subjectDN = new X500Name("CN=" + certName);
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(subjectDN, BigInteger.valueOf(serialNumber), beginDate, endDate, subjectDN, publicKeyInfo);
    try {
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE, new BasicConstraints(Boolean.FALSE));
        ContentSigner contentSigner = new JcaContentSignerBuilder(signAlgorithm).setProvider("BC").build(signKey);
        X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(contentSigner);
        return new JcaX509CertificateConverter().getCertificate(certificateHolder);
    } catch (OperatorCreationException | GeneralSecurityException | IOException e) {
        LOGGER.error("Generate PKCS12 Certificate Failed! ");
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Stack message: ", e);
        }
    }
    return null;
}
Also used : X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 20 with X500Name

use of org.mozilla.jss.netscape.security.x509.X500Name in project jss by dogtagpki.

the class X509CertTest method testEC.

public static void testEC(CryptoToken token, Date notBefore, Date notAfter) throws Exception {
    X509CertImpl certImpl = null;
    X509CertInfo certInfo = null;
    KeyPairGenerator gen = token.getKeyPairGenerator(KeyPairAlgorithm.EC);
    gen.initialize(gen.getCurveCodeByName("secp521r1"));
    KeyPair keypairCA = gen.genKeyPair();
    testKeys(keypairCA);
    PublicKey pubCA = keypairCA.getPublic();
    gen.initialize(gen.getCurveCodeByName("secp521r1"));
    KeyPair keypairUser = gen.genKeyPair();
    testKeys(keypairUser);
    PublicKey pubUser = keypairUser.getPublic();
    CertificateIssuerName issuernameObj = new CertificateIssuerName(new X500Name(issuerDN));
    certInfo = createX509CertInfo(convertPublicKeyToX509Key(pubUser), BigInteger.valueOf(1), issuernameObj, subjectDN, notBefore, notAfter, "SHA256withEC");
    certImpl = new X509CertImpl(certInfo);
    certImpl.sign(keypairCA.getPrivate(), "SHA256withEC");
    String certOutput = certImpl.toString();
    System.out.println("Test certificate output: \n" + certOutput);
}
Also used : KeyPair(java.security.KeyPair) X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) PK11ECPublicKey(org.mozilla.jss.pkcs11.PK11ECPublicKey) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) CertificateIssuerName(org.mozilla.jss.netscape.security.x509.CertificateIssuerName) KeyPairGenerator(org.mozilla.jss.crypto.KeyPairGenerator) X500Name(org.mozilla.jss.netscape.security.x509.X500Name)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)510 X509Certificate (java.security.cert.X509Certificate)182 BigInteger (java.math.BigInteger)175 Date (java.util.Date)168 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)158 ContentSigner (org.bouncycastle.operator.ContentSigner)149 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)145 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)127 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)127 IOException (java.io.IOException)104 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)100 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)93 KeyPair (java.security.KeyPair)79 RDN (org.bouncycastle.asn1.x500.RDN)75 X500Name (sun.security.x509.X500Name)68 PrivateKey (java.security.PrivateKey)64 CertificateException (java.security.cert.CertificateException)64 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)55 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)55 SecureRandom (java.security.SecureRandom)54