Example 11 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project baseio by generallycloud.
the class SelfSignedCertificate method generate.
private File[] generate(String fileRoot, String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509
// certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fileRoot, fqdn, key, cert);
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateException(java.security.cert.CertificateException)
CertificateValidity(sun.security.x509.CertificateValidity)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 12 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project coprhd-controller by CoprHD.
the class KeyCertificatePairGenerator method generateCertificate.
/**
* Create a self-signed X.509 Certificate
*
* @param pair the KeyPair
*/
private X509Certificate generateCertificate(KeyPair pair) throws GeneralSecurityException, IOException {
PublicKey pubKey = loadPublicKeyFromBytes(pair.getPublic().getEncoded());
PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = getNotBefore();
Date to = new Date(from.getTime() + valuesHolder.getCertificateValidityInDays() * 86400000L);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(String.format(CERTIFICATE_COMMON_NAME_FORMAT, valuesHolder.getCertificateCommonName()));
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId keyAlgo = AlgorithmId.get(KeyCertificateAlgorithmValuesHolder.DEFAULT_KEY_ALGORITHM);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(keyAlgo));
AlgorithmId signingAlgo = AlgorithmId.get(valuesHolder.getSigningAlgorithm());
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, signingAlgo);
// add extensions
CertificateExtensions ext = new CertificateExtensions();
ext.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey).getIdentifier()));
// CA public key is the same as our public key (self signed)
ext.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(pubKey), null, null));
ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(subjectAltNames()));
info.set(X509CertInfo.EXTENSIONS, ext);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, valuesHolder.getSigningAlgorithm());
return cert;
}
Also used :
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertInfo(sun.security.x509.X509CertInfo)
PublicKey(java.security.PublicKey)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
CertificateExtensions(sun.security.x509.CertificateExtensions)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
Date(java.util.Date)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
AlgorithmId(sun.security.x509.AlgorithmId)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 13 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project Bytecoder by mirkosertic.
the class PKCS7 method populateCertIssuerNames.
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert = new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal) tbsCert.get(X509CertInfo.ISSUER + "." + X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Also used :
X509CertInfo(sun.security.x509.X509CertInfo)
X500Name(sun.security.x509.X500Name)
X509Certificate(java.security.cert.X509Certificate)
CertificateException(java.security.cert.CertificateException)
CRLException(java.security.cert.CRLException)
Example 14 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project cdap by caskdata.
the class KeyStores method getCertificate.
/**
* Generate an X.509 certificate
*
* @param dn Distinguished name for the owner of the certificate, it will also be the signer of the certificate.
* @param pair Key pair used for signing the certificate.
* @param days Validity of the certificate.
* @param algorithm Name of the signature algorithm used.
* @return A X.509 certificate
*/
private static X509Certificate getCertificate(String dn, KeyPair pair, int days, String algorithm) throws IOException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
// Calculate the validity interval of the certificate
Date from = new Date();
Date to = DateUtils.addDays(from, days);
CertificateValidity interval = new CertificateValidity(from, to);
// Generate a random number to use as the serial number for the certificate
BigInteger sn = new BigInteger(64, new SecureRandom());
// Create the name of the owner based on the provided distinguished name
X500Name owner = new X500Name(dn);
// Create an info objects with the provided information, which will be used to create the certificate
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
// In java 7, subject is of type CertificateSubjectName and issuer is of type CertificateIssuerName.
// These were changed to X500Name in Java8. So looking at the field type before setting them.
// This certificate will be self signed, hence the subject and the issuer are same.
Field subjectField = null;
try {
subjectField = info.getClass().getDeclaredField("subject");
if (subjectField.getType().equals(X500Name.class)) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
} catch (NoSuchFieldException e) {
// Trying to set it to Java 8 types. If one of the underlying fields has changed then this will throw a
// CertificateException which is handled by the caller.
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Create the certificate and sign it with the private key
X509CertImpl cert = new X509CertImpl(info);
PrivateKey privateKey = pair.getPrivate();
cert.sign(privateKey, algorithm);
return cert;
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
Date(java.util.Date)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
Field(java.lang.reflect.Field)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 15 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project spring-cloud-digital-sign by SpringForAll.
the class DistinguishNameBuilder method build.
public CertificateBuilder build() throws IOException, CertificateException {
String dn = stringBuilder.toString();
X500Name owner = new X500Name(dn.substring(0, dn.length() - 1));
X509CertInfo info = certificateBuilder.getInfo();
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
return certificateBuilder;
}
Also used :
X509CertInfo(sun.security.x509.X509CertInfo)
X500Name(sun.security.x509.X500Name)
Aggregations
X509CertInfo (sun.security.x509.X509CertInfo)24
X500Name (sun.security.x509.X500Name)19
X509CertImpl (sun.security.x509.X509CertImpl)15
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13
CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)13
CertificateValidity (sun.security.x509.CertificateValidity)13
CertificateX509Key (sun.security.x509.CertificateX509Key)13
BigInteger (java.math.BigInteger)12
CertificateVersion (sun.security.x509.CertificateVersion)12
AlgorithmId (sun.security.x509.AlgorithmId)11
CertificateException (java.security.cert.CertificateException)9
CertificateIssuerName (sun.security.x509.CertificateIssuerName)8
CertificateSubjectName (sun.security.x509.CertificateSubjectName)8
PrivateKey (java.security.PrivateKey)7
SecureRandom (java.security.SecureRandom)6
X509Certificate (java.security.cert.X509Certificate)6
CertificateExtensions (sun.security.x509.CertificateExtensions)6
PublicKey (java.security.PublicKey)5
Date (java.util.Date)5
KeyPair (java.security.KeyPair)4
