use of org.mozilla.jss.netscape.security.x509.X500Name in project laverca by laverca.
the class CmsSignature method readIssuer.
/**
* Read the Issuer from a SignedInfo object
* @param si data
* @return Issuer as String
*/
public static String readIssuer(final SignerInfo si) {
if (si == null) {
return null;
}
final IssuerAndSerialNumber ias = si.getIssuerAndSerialNumber();
final X500Name issuerName = ias.getName();
return issuerName.toString();
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project laverca by laverca.
the class Pkcs7 method readIssuer.
/**
* Read the Issuer from a SignedInfo object
* @param si data
* @return Issuer as String
*/
public static String readIssuer(final SignerInfo si) {
if (si == null) {
return null;
}
final IssuerAndSerialNumber ias = si.getIssuerAndSerialNumber();
final X500Name issuerName = ias.getName();
return issuerName.toString();
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project solarnetwork-node by SolarNetwork.
the class PKITestUtils method generateNewCACert.
public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
final X500Name subjectDn = new X500Name(subject);
final BigInteger serial = getNextSerialNumber();
final Date notBefore = new Date();
final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
// add "CA" extension
BasicConstraints basicConstraints;
if (issuer == null) {
basicConstraints = new BasicConstraints(true);
} else {
int issuerPathLength = issuer.getBasicConstraints();
basicConstraints = new BasicConstraints(issuerPathLength - 1);
}
builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
// add subjectKeyIdentifier
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
// add authorityKeyIdentifier
GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
// add keyUsage
X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
builder.addExtension(X509Extension.keyUsage, true, keyUsage);
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
ContentSigner signer = signerBuilder.build(issuerKey);
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
return converter.getCertificate(holder);
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project Gene by Nervousync.
the class CertificateUtils method x509.
/**
* Convert public key instance to X.509 certificate
*
* @param publicKey Public key
* @param serialNumber Certificate serial number
* @param beginDate Certificate begin date
* @param endDate Certificate end date
* @param certName Certificate name
* @param signKey Certificate signer private key
* @param signAlgorithm Signature algorithm
* @return Generated X.509 certificate
*/
public static X509Certificate x509(PublicKey publicKey, long serialNumber, Date beginDate, Date endDate, String certName, PrivateKey signKey, String signAlgorithm) {
if (publicKey == null || signKey == null || StringUtils.isEmpty(signAlgorithm)) {
return null;
}
X500Name subjectDN = new X500Name("CN=" + certName);
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(subjectDN, BigInteger.valueOf(serialNumber), beginDate, endDate, subjectDN, publicKeyInfo);
try {
x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE, new BasicConstraints(Boolean.FALSE));
ContentSigner contentSigner = new JcaContentSignerBuilder(signAlgorithm).setProvider("BC").build(signKey);
X509CertificateHolder certificateHolder = x509v3CertificateBuilder.build(contentSigner);
return new JcaX509CertificateConverter().getCertificate(certificateHolder);
} catch (OperatorCreationException | GeneralSecurityException | IOException e) {
LOGGER.error("Generate PKCS12 Certificate Failed! ");
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Stack message: ", e);
}
}
return null;
}
use of org.mozilla.jss.netscape.security.x509.X500Name in project jss by dogtagpki.
the class X509CertTest method testEC.
public static void testEC(CryptoToken token, Date notBefore, Date notAfter) throws Exception {
X509CertImpl certImpl = null;
X509CertInfo certInfo = null;
KeyPairGenerator gen = token.getKeyPairGenerator(KeyPairAlgorithm.EC);
gen.initialize(gen.getCurveCodeByName("secp521r1"));
KeyPair keypairCA = gen.genKeyPair();
testKeys(keypairCA);
PublicKey pubCA = keypairCA.getPublic();
gen.initialize(gen.getCurveCodeByName("secp521r1"));
KeyPair keypairUser = gen.genKeyPair();
testKeys(keypairUser);
PublicKey pubUser = keypairUser.getPublic();
CertificateIssuerName issuernameObj = new CertificateIssuerName(new X500Name(issuerDN));
certInfo = createX509CertInfo(convertPublicKeyToX509Key(pubUser), BigInteger.valueOf(1), issuernameObj, subjectDN, notBefore, notAfter, "SHA256withEC");
certImpl = new X509CertImpl(certInfo);
certImpl.sign(keypairCA.getPrivate(), "SHA256withEC");
String certOutput = certImpl.toString();
System.out.println("Test certificate output: \n" + certOutput);
}
Aggregations