Example 71 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project keystore-explorer by kaikramer.
the class JDistinguishedName method editDistinguishedName.
private void editDistinguishedName() {
Container container = getTopLevelAncestor();
DDistinguishedNameChooser dDistinguishedNameChooser = null;
if (container instanceof JDialog) {
dDistinguishedNameChooser = new DDistinguishedNameChooser((JDialog) container, title, distinguishedName, true);
dDistinguishedNameChooser.setLocationRelativeTo(container);
dDistinguishedNameChooser.setVisible(true);
} else if (container instanceof JFrame) {
dDistinguishedNameChooser = new DDistinguishedNameChooser((JFrame) container, title, distinguishedName, true);
dDistinguishedNameChooser.setLocationRelativeTo(container);
dDistinguishedNameChooser.setVisible(true);
}
X500Name newDistinguishedName = dDistinguishedNameChooser.getDistinguishedName();
if (newDistinguishedName == null) {
return;
}
setDistinguishedName(newDistinguishedName);
}Example 72 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project keystore-explorer by kaikramer.
the class SignCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
FileOutputStream fos = null;
File caReplyFile = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
Certificate[] certs = keyStore.getCertificateChain(alias);
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
File csrFile = chooseCsrFile();
if (csrFile == null) {
return;
}
PKCS10CertificationRequest pkcs10Csr = null;
Spkac spkacCsr = null;
try {
CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
if (fileType == CryptoFileType.PKCS10_CSR) {
pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else if (fileType == CryptoFileType.SPKAC_CSR) {
spkacCsr = new Spkac(new FileInputStream(csrFile));
if (!spkacCsr.verify()) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
return;
}
X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
X509Certificate signingCert = signingChain[0];
PublicKey publicKey = null;
X500Name subject = null;
DSignCsr dSignCsr = null;
Provider provider = history.getExplicitProvider();
if (pkcs10Csr != null) {
publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
subject = pkcs10Csr.getSubject();
dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
} else {
publicKey = spkacCsr.getPublicKey();
subject = spkacCsr.getSubject().getName();
dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
}
dSignCsr.setLocationRelativeTo(frame);
dSignCsr.setVisible(true);
X509CertificateVersion version = dSignCsr.getVersion();
SignatureType signatureType = dSignCsr.getSignatureType();
Date validityStart = dSignCsr.getValidityStart();
Date validityEnd = dSignCsr.getValidityEnd();
BigInteger serialNumber = dSignCsr.getSerialNumber();
caReplyFile = dSignCsr.getCaReplyFile();
X509ExtensionSet extensions = dSignCsr.getExtensions();
if (version == null) {
return;
}
X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
// CA Reply is a cert with subject from CSR and issuer from signing cert's subject
X509CertificateGenerator generator = new X509CertificateGenerator(version);
X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
caReplyChain[0] = caReplyCert;
// Add all of the signing chain to the reply
System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
fos = new FileOutputStream(caReplyFile);
fos.write(caCertEncoded);
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used :
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
PrivateKey(java.security.PrivateKey)
FileNotFoundException(java.io.FileNotFoundException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator)
X509CertificateVersion(org.kse.crypto.x509.X509CertificateVersion)
KeyPairType(org.kse.crypto.keypair.KeyPairType)
Password(org.kse.crypto.Password)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
DSignCsr(org.kse.gui.dialogs.sign.DSignCsr)
KeyStoreState(org.kse.utilities.history.KeyStoreState)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
PublicKey(java.security.PublicKey)
SignatureType(org.kse.crypto.signing.SignatureType)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
FileNotFoundException(java.io.FileNotFoundException)
DProblem(org.kse.gui.error.DProblem)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
Provider(java.security.Provider)
X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet)
Spkac(org.kse.crypto.csr.spkac.Spkac)
FileOutputStream(java.io.FileOutputStream)
CryptoFileType(org.kse.crypto.filetype.CryptoFileType)
BigInteger(java.math.BigInteger)
Problem(org.kse.gui.error.Problem)
DProblem(org.kse.gui.error.DProblem)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 73 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project keystore-explorer by kaikramer.
the class SpkacSubject method getRdn.
private String getRdn(X500Name name, ASN1ObjectIdentifier rdnOid) {
RDN[] rdns = name.getRDNs(rdnOid);
if (rdns.length > 0) {
RDN rdn = rdns[0];
String value = rdn.getFirst().getValue().toString();
return value;
}
return null;
}
Also used :
RDN(org.bouncycastle.asn1.x500.RDN)
Example 74 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project ariADDna by StnetixDevTeam.
the class CertFactory method getNewCertificate.
public File getNewCertificate(String alias) throws KeyStoreException {
KeyPairGenerator keyPairGenerator = null;
try {
keyPairGenerator = KeyPairGenerator.getInstance(CRYPTO_ALGORITHM_RSA);
keyPairGenerator.initialize(CERTIFICATE_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
X509CertInfo certInfo = new X509CertInfo();
CertificateValidity interval = new CertificateValidity(FROM, TO);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(SUBJECT_CN + alias + ", " + SUBJECT_L_C);
certInfo.set(X509CertInfo.VALIDITY, interval);
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
certInfo.set(X509CertInfo.SUBJECT, owner);
certInfo.set(X509CertInfo.ISSUER, owner);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algorithm = new AlgorithmId(AlgorithmId.md2WithRSAEncryption_oid);
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithm));
X509CertImpl cert = new X509CertImpl(certInfo);
cert.sign(privateKey, CRYPTO_ALGORITHM_SHA1RSA);
algorithm = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algorithm);
cert = new X509CertImpl(certInfo);
cert.sign(privateKey, CRYPTO_ALGORITHM_SHA1RSA);
File certFile = new File(alias + ".cer");
if (certFile.createNewFile()) {
FileOutputStream fos = new FileOutputStream(certFile);
fos.write(cert.getEncoded());
fos.close();
}
LOGGER.info("Certificate generated with filename {}", certFile.getAbsolutePath());
CertificateDTO storedCert = persistHelper.storeCertificete(new CertificateDTO(alias, true));
LOGGER.info("Certificate stored id DB with id {}", storedCert.getId());
return certFile;
} catch (Exception e) {
LOGGER.error("Exception: ", e);
throw new KeyStoreException("Caused by: ", e);
}
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(sun.security.x509.X500Name)
KeyStoreException(com.stnetix.ariaddna.keystore.exceptions.KeyStoreException)
CertificateX509Key(sun.security.x509.CertificateX509Key)
KeyStoreException(com.stnetix.ariaddna.keystore.exceptions.KeyStoreException)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
CertificateDTO(com.stnetix.ariaddna.commonutils.dto.CertificateDTO)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
FileOutputStream(java.io.FileOutputStream)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
File(java.io.File)
Example 75 with X500Name
use of org.openecard.bouncycastle.asn1.x500.X500Name in project xipki by xipki.
the class BaseX509Certprofile method verifySubjectDnOccurence.
protected void verifySubjectDnOccurence(X500Name requestedSubject) throws BadCertTemplateException {
ParamUtil.requireNonNull("requestedSubject", requestedSubject);
SubjectControl occurences = getSubjectControl();
if (occurences == null) {
return;
}
ASN1ObjectIdentifier[] types = requestedSubject.getAttributeTypes();
for (ASN1ObjectIdentifier type : types) {
RdnControl occu = occurences.getControl(type);
if (occu == null) {
throw new BadCertTemplateException(String.format("subject DN of type %s is not allowed", oidToDisplayName(type)));
}
RDN[] rdns = requestedSubject.getRDNs(type);
if (rdns.length > occu.getMaxOccurs() || rdns.length < occu.getMinOccurs()) {
throw new BadCertTemplateException(String.format("occurrence of subject DN of type %s not within the allowed range. " + "%d is not within [%d, %d]", oidToDisplayName(type), rdns.length, occu.getMinOccurs(), occu.getMaxOccurs()));
}
}
for (ASN1ObjectIdentifier m : occurences.getTypes()) {
RdnControl occurence = occurences.getControl(m);
if (occurence.getMinOccurs() == 0) {
continue;
}
boolean present = false;
for (ASN1ObjectIdentifier type : types) {
if (occurence.getType().equals(type)) {
present = true;
break;
}
}
if (!present) {
throw new BadCertTemplateException(String.format("required subject DN of type %s is not present", oidToDisplayName(occurence.getType())));
}
}
}
Also used :
RdnControl(org.xipki.ca.api.profile.RdnControl)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
RDN(org.bouncycastle.asn1.x500.RDN)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)193
X509Certificate (java.security.cert.X509Certificate)88
Date (java.util.Date)71
BigInteger (java.math.BigInteger)63
X500Name (sun.security.x509.X500Name)53
IOException (java.io.IOException)49
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)47
ContentSigner (org.bouncycastle.operator.ContentSigner)45
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)44
RDN (org.bouncycastle.asn1.x500.RDN)43
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)42
KeyPair (java.security.KeyPair)41
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)41
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)36
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)33
PrivateKey (java.security.PrivateKey)32
KeyPairGenerator (java.security.KeyPairGenerator)31
GeneralName (org.bouncycastle.asn1.x509.GeneralName)31
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)28
SecureRandom (java.security.SecureRandom)27
