use of org.openecard.bouncycastle.asn1.x509.Extension in project felix by apache.
the class CertificateUtil method createSelfSignedCert.
private static X509Certificate createSelfSignedCert(String commonName, KeyPair keypair) throws Exception {
PublicKey publicKey = keypair.getPublic();
String keyAlg = DPSigner.getSignatureAlgorithm(publicKey);
X500Name issuer = new X500Name(commonName);
BigInteger serial = BigInteger.probablePrime(16, new Random());
Date notBefore = new Date(System.currentTimeMillis() - 1000);
Date notAfter = new Date(notBefore.getTime() + 6000);
SubjectPublicKeyInfo pubKeyInfo;
try (ASN1InputStream is = new ASN1InputStream(publicKey.getEncoded())) {
pubKeyInfo = SubjectPublicKeyInfo.getInstance(is.readObject());
}
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, pubKeyInfo);
builder.addExtension(new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(false))));
X509CertificateHolder certHolder = builder.build(new JcaContentSignerBuilder(keyAlg).build(keypair.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
use of org.openecard.bouncycastle.asn1.x509.Extension in project nifi by apache.
the class CertificateUtils method generateSelfSignedX509Certificate.
/**
* Generates a self-signed {@link X509Certificate} suitable for use as a Certificate Authority.
*
* @param keyPair the {@link KeyPair} to generate the {@link X509Certificate} for
* @param dn the distinguished name to user for the {@link X509Certificate}
* @param signingAlgorithm the signing algorithm to use for the {@link X509Certificate}
* @param certificateDurationDays the duration in days for which the {@link X509Certificate} should be valid
* @return a self-signed {@link X509Certificate} suitable for use as a Certificate Authority
* @throws CertificateException if there is an generating the new certificate
*/
public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair, String dn, String signingAlgorithm, int certificateDurationDays) throws CertificateException {
try {
ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date();
Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays));
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(reverseX500Name(new X500Name(dn)), getUniqueSerialNumber(), startDate, endDate, reverseX500Name(new X500Name(dn)), subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
// (2) extendedKeyUsage extension
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(certificateHolder);
} catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new CertificateException(e);
}
}
use of org.openecard.bouncycastle.asn1.x509.Extension in project nifi by apache.
the class OcspCertificateValidatorTest method generateCertificate.
/**
* Generates a signed certificate with a specific keypair.
*
* @param dn the DN
* @param keyPair the public key will be included in the certificate and the the private key is used to sign the certificate
* @return the certificate
* @throws IOException if an exception occurs
* @throws NoSuchAlgorithmException if an exception occurs
* @throws CertificateException if an exception occurs
* @throws NoSuchProviderException if an exception occurs
* @throws SignatureException if an exception occurs
* @throws InvalidKeyException if an exception occurs
* @throws OperatorCreationException if an exception occurs
*/
private static X509Certificate generateCertificate(String dn, KeyPair keyPair) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
PrivateKey privateKey = keyPair.getPrivate();
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKey);
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date(YESTERDAY);
Date endDate = new Date(ONE_YEAR_FROM_NOW);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name(dn), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(dn), subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement));
// (2) extendedKeyUsage extension
Vector<KeyPurposeId> ekUsages = new Vector<>();
ekUsages.add(KeyPurposeId.id_kp_clientAuth);
ekUsages.add(KeyPurposeId.id_kp_serverAuth);
certBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(ekUsages));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certificateHolder);
}
use of org.openecard.bouncycastle.asn1.x509.Extension in project oxTrust by GluuFederation.
the class CopyUtils2 method copy.
/**
* Copy data from GluuCustomPerson object to ScimPerson object "Reda"
*
* @param source
* @param destination
* @return
* @throws Exception
*/
public User copy(GluuCustomPerson source, User destination) throws Exception {
if (source == null) {
return null;
}
if (destination == null) {
log.trace(" creating a new GluuCustomPerson instant ");
destination = new User();
}
log.trace(" setting ID ");
if (source.getInum() != null) {
destination.setId(source.getInum());
}
log.trace(" setting userName ");
if (source.getUid() != null) {
destination.setUserName(source.getUid());
}
log.trace(" setting ExternalID ");
if (source.getAttribute("oxTrustExternalId") != null) {
destination.setExternalId(source.getAttribute("oxTrustExternalId"));
}
log.trace(" setting givenname ");
if (source.getGivenName() != null) {
org.gluu.oxtrust.model.scim2.Name name = new org.gluu.oxtrust.model.scim2.Name();
name.setGivenName(source.getGivenName());
if (source.getSurname() != null)
name.setFamilyName(source.getSurname());
if (source.getAttribute("middleName") != null)
name.setMiddleName(source.getAttribute("middleName"));
/*
if (source.getAttribute("oxTrustMiddleName") != null)
name.setMiddleName(source.getAttribute("oxTrustMiddleName"));
*/
if (source.getAttribute("oxTrusthonorificPrefix") != null)
name.setHonorificPrefix(source.getAttribute("oxTrusthonorificPrefix"));
if (source.getAttribute("oxTrusthonorificSuffix") != null)
name.setHonorificSuffix(source.getAttribute("oxTrusthonorificSuffix"));
name.setFormatted(name.getFormatted());
destination.setName(name);
}
log.trace(" getting displayname ");
if (source.getDisplayName() != null) {
destination.setDisplayName(source.getDisplayName());
}
log.trace(" getting nickname ");
/*
if (source.getAttribute("oxTrustNickName") != null) {
destination.setNickName(source.getAttribute("oxTrustNickName"));
}
*/
if (source.getAttribute("nickname") != null) {
destination.setNickName(source.getAttribute("nickname"));
}
log.trace(" getting profileURL ");
if (source.getAttribute("oxTrustProfileURL") != null) {
destination.setProfileUrl(source.getAttribute("oxTrustProfileURL"));
}
log.trace(" getting emails ");
// source = Utils.syncEmailReverse(source, true);
if (source.getAttributeArray("oxTrustEmail") != null) {
/*
String[] emailArray = source.getAttributeArray("oxTrustEmail");
List<Email> emails = new ArrayList<Email>();
for (String emailStr : emailArray) {
Email email = mapper.readValue(emailStr, Email.class);
emails.add(email);
}
// List<Email> listOfEmails = mapper.readValue(source.getAttribute("oxTrustEmail"), new TypeReference<List<Email>>(){});
// destination.setEmails(listOfEmails);
*/
List<Email> emails = getAttributeListValue(source, Email.class, "oxTrustEmail");
destination.setEmails(emails);
}
log.trace(" getting addresses ");
// getting addresses
if (source.getAttribute("oxTrustAddresses") != null) {
List<Address> addresses = getAttributeListValue(source, Address.class, "oxTrustAddresses");
destination.setAddresses(addresses);
}
log.trace(" setting phoneNumber ");
// getting user's PhoneNumber
if (source.getAttribute("oxTrustPhoneValue") != null) {
List<PhoneNumber> phoneNumbers = getAttributeListValue(source, PhoneNumber.class, "oxTrustPhoneValue");
destination.setPhoneNumbers(phoneNumbers);
}
if ((source.getOxPPID()) != null) {
destination.setPairwiseIdentitifers(source.getOxPPID());
}
log.trace(" getting ims ");
// getting ims
if (source.getAttribute("oxTrustImsValue") != null) {
List<Im> ims = getAttributeListValue(source, Im.class, "oxTrustImsValue");
destination.setIms(ims);
}
log.trace(" setting photos ");
// getting photos
if (source.getAttribute("oxTrustPhotos") != null) {
List<Photo> photos = getAttributeListValue(source, Photo.class, "oxTrustPhotos");
destination.setPhotos(photos);
}
log.trace(" setting userType ");
if (source.getAttribute("oxTrustUserType") != null) {
destination.setUserType(source.getAttribute("oxTrustUserType"));
}
log.trace(" setting title ");
if (source.getAttribute("oxTrustTitle") != null) {
destination.setTitle(source.getAttribute("oxTrustTitle"));
}
log.trace(" setting Locale ");
/*
if (source.getAttribute("oxTrustLocale") != null) {
destination.setLocale(source.getAttribute("oxTrustLocale"));
}
*/
if (source.getAttribute("locale") != null) {
destination.setLocale(source.getAttribute("locale"));
}
log.trace(" setting preferredLanguage ");
if (source.getPreferredLanguage() != null) {
destination.setPreferredLanguage(source.getPreferredLanguage());
}
log.trace(" setting timeZone ");
if (source.getTimezone() != null) {
destination.setTimezone(source.getTimezone());
}
log.trace(" setting active ");
if (source.getAttribute("oxTrustActive") != null) {
destination.setActive(Boolean.parseBoolean(source.getAttribute("oxTrustActive")));
}
log.trace(" setting password ");
destination.setPassword("Hidden for Privacy Reasons");
// getting user groups
log.trace(" setting groups ");
if (source.getMemberOf() != null) {
List<String> listOfGroups = source.getMemberOf();
List<GroupRef> groupRefList = new ArrayList<GroupRef>();
for (String groupDN : listOfGroups) {
GluuGroup gluuGroup = groupService.getGroupByDn(groupDN);
GroupRef groupRef = new GroupRef();
groupRef.setDisplay(gluuGroup.getDisplayName());
groupRef.setValue(gluuGroup.getInum());
String reference = appConfiguration.getBaseEndpoint() + "/scim/v2/Groups/" + gluuGroup.getInum();
groupRef.setReference(reference);
groupRefList.add(groupRef);
}
destination.setGroups(groupRefList);
}
// getting roles
if (source.getAttribute("oxTrustRole") != null) {
List<Role> roles = getAttributeListValue(source, Role.class, "oxTrustRole");
destination.setRoles(roles);
}
log.trace(" getting entitlements ");
// getting entitlements
if (source.getAttribute("oxTrustEntitlements") != null) {
List<Entitlement> entitlements = getAttributeListValue(source, Entitlement.class, "oxTrustEntitlements");
destination.setEntitlements(entitlements);
}
// getting x509Certificates
log.trace(" setting certs ");
if (source.getAttribute("oxTrustx509Certificate") != null) {
List<X509Certificate> x509Certificates = getAttributeListValue(source, X509Certificate.class, "oxTrustx509Certificate");
destination.setX509Certificates(x509Certificates);
}
log.trace(" setting extensions ");
// List<GluuAttribute> scimCustomAttributes = attributeService.getSCIMRelatedAttributesImpl(attributeService.getCustomAttributes());
List<GluuAttribute> scimCustomAttributes = attributeService.getSCIMRelatedAttributes();
if (scimCustomAttributes != null && !scimCustomAttributes.isEmpty()) {
Map<String, Extension> extensionMap = new HashMap<String, Extension>();
Extension.Builder extensionBuilder = new Extension.Builder(Constants.USER_EXT_SCHEMA_ID);
boolean hasExtension = false;
outer: for (GluuCustomAttribute customAttribute : source.getCustomAttributes()) {
for (GluuAttribute scimCustomAttribute : scimCustomAttributes) {
if (customAttribute.getName().equals(scimCustomAttribute.getName())) {
hasExtension = true;
GluuAttributeDataType scimCustomAttributeDataType = scimCustomAttribute.getDataType();
if ((scimCustomAttribute.getOxMultivaluedAttribute() != null) && scimCustomAttribute.getOxMultivaluedAttribute().equals(OxMultivalued.TRUE)) {
extensionBuilder.setFieldAsList(customAttribute.getName(), Arrays.asList(customAttribute.getValues()));
} else {
if (scimCustomAttributeDataType.equals(GluuAttributeDataType.STRING) || scimCustomAttributeDataType.equals(GluuAttributeDataType.PHOTO)) {
String value = ExtensionFieldType.STRING.fromString(customAttribute.getValue());
extensionBuilder.setField(customAttribute.getName(), value);
} else if (scimCustomAttributeDataType.equals(GluuAttributeDataType.DATE)) {
Date value = ExtensionFieldType.DATE_TIME.fromString(customAttribute.getValue());
extensionBuilder.setField(customAttribute.getName(), value);
} else if (scimCustomAttributeDataType.equals(GluuAttributeDataType.NUMERIC)) {
BigDecimal value = ExtensionFieldType.DECIMAL.fromString(customAttribute.getValue());
extensionBuilder.setField(customAttribute.getName(), value);
}
}
continue outer;
}
}
}
if (hasExtension) {
extensionMap.put(Constants.USER_EXT_SCHEMA_ID, extensionBuilder.build());
destination.getSchemas().add(Constants.USER_EXT_SCHEMA_ID);
destination.setExtensions(extensionMap);
}
}
log.trace(" getting meta ");
Meta meta = (destination.getMeta() != null) ? destination.getMeta() : new Meta();
if (source.getAttribute("oxTrustMetaVersion") != null) {
meta.setVersion(source.getAttribute("oxTrustMetaVersion"));
}
String location = source.getAttribute("oxTrustMetaLocation");
if (location != null && !location.isEmpty()) {
if (!location.startsWith("https://") && !location.startsWith("http://")) {
location = appConfiguration.getBaseEndpoint() + location;
}
} else {
location = appConfiguration.getBaseEndpoint() + "/scim/v2/Users/" + source.getInum();
}
meta.setLocation(location);
if (source.getAttribute("oxTrustMetaCreated") != null && !source.getAttribute("oxTrustMetaCreated").isEmpty()) {
try {
DateTime dateTimeUtc = new DateTime(source.getAttribute("oxTrustMetaCreated"), DateTimeZone.UTC);
meta.setCreated(dateTimeUtc.toDate());
} catch (Exception e) {
log.error(" Date parse exception (NEW format), continuing...", e);
// For backward compatibility
try {
meta.setCreated(new SimpleDateFormat("EEE MMM dd HH:mm:ss zzz yyyy").parse(source.getAttribute("oxTrustMetaCreated")));
} catch (Exception ex) {
log.error(" Date parse exception (OLD format)", ex);
}
}
}
if (source.getAttribute("oxTrustMetaLastModified") != null && !source.getAttribute("oxTrustMetaLastModified").isEmpty()) {
try {
DateTime dateTimeUtc = new DateTime(source.getAttribute("oxTrustMetaLastModified"), DateTimeZone.UTC);
meta.setLastModified(dateTimeUtc.toDate());
} catch (Exception e) {
log.error(" Date parse exception (NEW format), continuing...", e);
// For backward compatibility
try {
meta.setLastModified(new SimpleDateFormat("EEE MMM dd HH:mm:ss zzz yyyy").parse(source.getAttribute("oxTrustMetaLastModified")));
} catch (Exception ex) {
log.error(" Date parse exception (OLD format)", ex);
}
}
}
destination.setMeta(meta);
return destination;
}
use of org.openecard.bouncycastle.asn1.x509.Extension in project oxTrust by GluuFederation.
the class PatchUtil method addPatch.
public GluuCustomPerson addPatch(User source, GluuCustomPerson destination) throws Exception {
if (source == null) {
return null;
}
if (destination == null) {
log.trace(" creating a new GluuCustomPerson instant ");
destination = new GluuCustomPerson();
}
log.trace(" setting schemas ");
destination.setSchemas(source.getSchemas());
personService.addCustomObjectClass(destination);
// getting emails
log.trace(" setting emails ");
if (source.getEmails() != null && source.getEmails().size() > 0) {
List<Email> emails = copyUtils2.getAttributeListValue(destination, Email.class, "oxTrustEmail");
if (emails == null) {
emails = new ArrayList<Email>();
}
emails.addAll(source.getEmails());
copyUtils2.setAttributeListValue(destination, emails, "oxTrustEmail");
}
// getting addresses
log.trace(" setting addresses ");
if (source.getAddresses() != null && source.getAddresses().size() > 0) {
List<Address> addresses = copyUtils2.getAttributeListValue(destination, Address.class, "oxTrustAddresses");
if (addresses == null) {
addresses = new ArrayList<Address>();
}
addresses.addAll(source.getAddresses());
copyUtils2.setAttributeListValue(destination, addresses, "oxTrustAddresses");
}
// getting phone numbers;
log.trace(" setting phoneNumbers ");
if (source.getPhoneNumbers() != null && source.getPhoneNumbers().size() > 0) {
List<PhoneNumber> phoneNumbers = copyUtils2.getAttributeListValue(destination, PhoneNumber.class, "oxTrustPhoneValue");
if (phoneNumbers == null) {
phoneNumbers = new ArrayList<PhoneNumber>();
}
phoneNumbers.addAll(source.getPhoneNumbers());
copyUtils2.setAttributeListValue(destination, phoneNumbers, "oxTrustPhoneValue");
}
// getting ims
log.trace(" setting ims ");
if (source.getIms() != null && source.getIms().size() > 0) {
List<Im> ims = copyUtils2.getAttributeListValue(destination, Im.class, "oxTrustImsValue");
if (ims == null) {
ims = new ArrayList<Im>();
}
ims.addAll(source.getIms());
copyUtils2.setAttributeListValue(destination, ims, "oxTrustImsValue");
}
// getting Photos
log.trace(" setting photos ");
if (source.getPhotos() != null && source.getPhotos().size() > 0) {
List<Photo> photos = copyUtils2.getAttributeListValue(destination, Photo.class, "oxTrustPhotos");
if (photos == null) {
photos = new ArrayList<Photo>();
}
photos.addAll(source.getPhotos());
copyUtils2.setAttributeListValue(destination, photos, "oxTrustPhotos");
}
// getting user groups
log.trace(" setting groups ");
if (source.getGroups() != null && source.getGroups().size() > 0) {
List<String> groupsList = destination.getMemberOf();
List<GroupRef> listGroups = source.getGroups();
for (GroupRef group : listGroups) {
String groupToAdd = groupService.getDnForGroup(group.getValue());
if (groupToAdd != null || !groupToAdd.trim().equalsIgnoreCase("")) {
groupsList.add(groupToAdd);
}
}
destination.setMemberOf(groupsList);
}
// getting roles
log.trace(" setting roles ");
if (source.getRoles() != null && source.getRoles().size() > 0) {
List<Role> roles = copyUtils2.getAttributeListValue(destination, Role.class, "oxTrustRole");
if (roles == null) {
roles = new ArrayList<Role>();
}
roles.addAll(source.getRoles());
copyUtils2.setAttributeListValue(destination, roles, "oxTrustRole");
}
// getting entitlements
log.trace(" setting entitlements ");
if (source.getEntitlements() != null && source.getEntitlements().size() > 0) {
List<Entitlement> entitlements = copyUtils2.getAttributeListValue(destination, Entitlement.class, "oxTrustEntitlements");
if (entitlements == null) {
entitlements = new ArrayList<Entitlement>();
}
entitlements.addAll(source.getEntitlements());
copyUtils2.setAttributeListValue(destination, entitlements, "oxTrustEntitlements");
}
// getting x509Certificates
log.trace(" setting certs ");
if (source.getX509Certificates() != null && source.getX509Certificates().size() > 0) {
List<X509Certificate> X509Certificates = copyUtils2.getAttributeListValue(destination, X509Certificate.class, "oxTrustx509Certificate");
if (X509Certificates == null) {
X509Certificates = new ArrayList<X509Certificate>();
}
X509Certificates.addAll(source.getX509Certificates());
copyUtils2.setAttributeListValue(destination, X509Certificates, "oxTrustx509Certificate");
}
log.trace(" setting extensions ");
if (source.getExtensions() != null && (source.getExtensions().size() > 0)) {
Map<String, Extension> destMap = destination.fetchExtensions();
if (destMap == null) {
destMap = new HashMap<String, Extension>();
}
destMap.putAll(source.getExtensions());
destination.setExtensions(destMap);
}
if (source.isActive() != null) {
copyUtils2.setGluuStatus(source, destination);
}
return destination;
}
Aggregations