Example 51 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project tomee by apache.
the class SslTomEETest method test.
@Test
public void test() throws Exception {
final File keystore = new File("target/keystore");
{
// generate keystore/trustore
if (keystore.exists()) {
Files.delete(keystore);
}
keystore.getParentFile().mkdirs();
try (final FileOutputStream fos = new FileOutputStream(keystore)) {
final KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
keyGenerator.initialize(1024);
final KeyPair pair = keyGenerator.generateKeyPair();
final boolean addBc = Security.getProvider("BC") == null;
if (addBc) {
Security.addProvider(new BouncyCastleProvider());
}
try {
final X509v1CertificateBuilder x509v1CertificateBuilder = new JcaX509v1CertificateBuilder(new X500Name("cn=serveralias"), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1)), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)), new X500Name("cn=serveralias"), pair.getPublic());
final X509CertificateHolder certHldr = x509v1CertificateBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(pair.getPrivate()));
final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHldr);
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, "changeit".toCharArray());
ks.setKeyEntry("serveralias", pair.getPrivate(), "changeit".toCharArray(), new Certificate[] { cert });
ks.store(fos, "changeit".toCharArray());
} finally {
if (addBc) {
Security.removeProvider("BC");
}
}
} catch (final Exception e) {
Assert.fail(e.getMessage());
}
}
final Configuration configuration = new Configuration();
configuration.setSsl(true);
configuration.setKeystoreFile(keystore.getAbsolutePath());
configuration.setKeystorePass("changeit");
configuration.setKeyAlias("serveralias");
final Container container = new Container();
container.setup(configuration);
container.start();
try {
assertEquals(8443, ManagementFactory.getPlatformMBeanServer().getAttribute(new ObjectName("Tomcat:type=ProtocolHandler,port=8443"), "port"));
} finally {
container.stop();
}
// ensure it is not always started
configuration.setSsl(false);
container.setup(configuration);
container.start();
try {
assertFalse(ManagementFactory.getPlatformMBeanServer().isRegistered(new ObjectName("Tomcat:type=ProtocolHandler,port=8443")));
} finally {
container.close();
}
}
Also used :
KeyPair(java.security.KeyPair)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStore(java.security.KeyStore)
JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
ObjectName(javax.management.ObjectName)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
FileOutputStream(java.io.FileOutputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder)
JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)
File(java.io.File)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Test(org.junit.Test)
Example 52 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project jdk8u_jdk by JetBrains.
the class X509CertSelectorTest method testNameConstraints.
// Tests matching on the name constraints contained in the certificate.
private void testNameConstraints() throws IOException {
System.out.println("X.509 Certificate Match on name constraints");
// bad match
GeneralSubtrees subjectTree = new GeneralSubtrees();
subjectTree.add(getGeneralSubtree((X500Name) cert.getSubjectDN()));
NameConstraintsExtension ext = new NameConstraintsExtension((GeneralSubtrees) null, subjectTree);
X509CertSelector selector = new X509CertSelector();
selector.setNameConstraints(ext.getExtensionValue());
checkMatch(selector, cert, false);
// good match
ext = new NameConstraintsExtension(subjectTree, null);
selector.setNameConstraints(ext.getExtensionValue());
checkMatch(selector, cert, true);
}
Also used :
GeneralSubtrees(sun.security.x509.GeneralSubtrees)
X509CertSelector(java.security.cert.X509CertSelector)
X500Name(sun.security.x509.X500Name)
NameConstraintsExtension(sun.security.x509.NameConstraintsExtension)
Example 53 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project jdk8u_jdk by JetBrains.
the class EmailKeyword method main.
public static void main(String[] arg) throws Exception {
X500Name dN;
dN = new X500Name("EMAIL=johndoe@example.com");
System.out.println(dN.getName());
dN = new X500Name("EMAILADDRESS=johndoe@example.com");
System.out.println(dN.getName());
}
Also used :
X500Name(sun.security.x509.X500Name)
Example 54 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project jdk8u_jdk by JetBrains.
the class BadName method main.
public static void main(String[] args) throws Exception {
try {
// This used to throw java.lang.OutOfMemoryError, from which no
// recovery is possible.
// In the example below, the correct DN would be: "CN=John Doe"
X500Name name = new X500Name("John Doe");
System.out.println(name.toString());
} catch (IOException ioe) {
}
}
Also used :
X500Name(sun.security.x509.X500Name)
IOException(java.io.IOException)
Example 55 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project syncany by syncany.
the class CipherUtil method generateSelfSignedCertificate.
/**
* Generates a self-signed certificate, given a public/private key pair.
*
* @see <a href="https://code.google.com/p/gitblit/source/browse/src/com/gitblit/MakeCertificate.java?r=88598bb2f779b73479512d818c675dea8fa72138">Original source of this method</a>
*/
public static X509Certificate generateSelfSignedCertificate(String commonName, KeyPair keyPair) throws OperatorCreationException, CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
// Certificate CN, O and OU
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.CN, commonName);
builder.addRDN(BCStyle.O, CipherParams.CERTIFICATE_ORGANIZATION);
builder.addRDN(BCStyle.OU, CipherParams.CERTIFICATE_ORGUNIT);
// Dates and serial
Date notBefore = new Date(System.currentTimeMillis() - 1 * 24 * 60 * 60 * 1000L);
Date notAfter = new Date(System.currentTimeMillis() + 5 * 365 * 24 * 60 * 60 * 1000L);
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
// Issuer and subject (identical, because self-signed)
X500Name issuer = builder.build();
X500Name subject = issuer;
X509v3CertificateBuilder certificateGenerator = new JcaX509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, keyPair.getPublic());
ContentSigner signatureGenerator = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(CipherParams.CRYPTO_PROVIDER).build(keyPair.getPrivate());
X509Certificate certificate = new JcaX509CertificateConverter().setProvider(CipherParams.CRYPTO_PROVIDER).getCertificate(certificateGenerator.build(signatureGenerator));
certificate.checkValidity(new Date());
certificate.verify(certificate.getPublicKey());
return certificate;
}
Also used :
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
BigInteger(java.math.BigInteger)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)193
X509Certificate (java.security.cert.X509Certificate)88
Date (java.util.Date)71
BigInteger (java.math.BigInteger)63
X500Name (sun.security.x509.X500Name)53
IOException (java.io.IOException)49
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)47
ContentSigner (org.bouncycastle.operator.ContentSigner)45
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)44
RDN (org.bouncycastle.asn1.x500.RDN)43
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)42
KeyPair (java.security.KeyPair)41
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)41
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)36
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)33
PrivateKey (java.security.PrivateKey)32
KeyPairGenerator (java.security.KeyPairGenerator)31
GeneralName (org.bouncycastle.asn1.x509.GeneralName)31
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)28
SecureRandom (java.security.SecureRandom)27
