Example 11 with SubjectPublicKeyInfo
use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project platformlayer by platformlayer.
the class SimpleCertificateAuthority method signCsr.
public X509Certificate signCsr(PKCS10CertificationRequest csr) throws OpsException {
SubjectPublicKeyInfo subjectPublicKeyInfo = csr.getSubjectPublicKeyInfo();
X500Name subject = csr.getSubject();
Certificate certificate = signCertificate(BouncyCastleHelpers.toX500Name(caCertificate[0].getSubjectX500Principal()), caPrivateKey, subject, subjectPublicKeyInfo);
return toX509(certificate);
}
Also used :
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 12 with SubjectPublicKeyInfo
use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project platformlayer by platformlayer.
the class SimpleCertificateAuthority method signCertificate.
private static Certificate signCertificate(X500Name signer, PrivateKey signerPrivateKey, X500Name subject, SubjectPublicKeyInfo subjectPublicKeyInfo) throws OpsException {
try {
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(SIGNATURE_ALGORITHM);
AlgorithmIdentifier digestAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
long days = 3650;
long now = System.currentTimeMillis();
Date notBefore = new Date(now - ONE_DAY);
Date notAfter = new Date(notBefore.getTime() + (days * ONE_DAY));
BigInteger serialNumber;
synchronized (SimpleCertificateAuthority.class) {
long nextSerialNumber = System.currentTimeMillis();
serialNumber = BigInteger.valueOf(nextSerialNumber);
}
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(signer, serialNumber, notBefore, notAfter, subject, subjectPublicKeyInfo);
// {
// boolean isCritical = false;
// certificateBuilder.addExtension(X509Extensions.SubjectKeyIdentifier, isCritical,
// csr.getSubjectPublicKeyInfo());
// }
AsymmetricKeyParameter caPrivateKeyParameters = PrivateKeyFactory.createKey(signerPrivateKey.getEncoded());
ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digestAlgId).build(caPrivateKeyParameters);
X509CertificateHolder certificateHolder = certificateBuilder.build(contentSigner);
Certificate certificate = certificateHolder.toASN1Structure();
return certificate;
} catch (OperatorCreationException e) {
throw new OpsException("Error signing certificate", e);
} catch (IOException e) {
throw new OpsException("Error signing certificate", e);
}
}
Also used :
OpsException(org.platformlayer.ops.OpsException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
IOException(java.io.IOException)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
Date(java.util.Date)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 13 with SubjectPublicKeyInfo
use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project robovm by robovm.
the class CertPathValidatorUtilities method getAlgorithmIdentifier.
protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey key) throws CertPathValidatorException {
try {
ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
return info.getAlgorithmId();
} catch (Exception e) {
throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CRLException(java.security.cert.CRLException)
CertificateParsingException(java.security.cert.CertificateParsingException)
StoreException(org.bouncycastle.util.StoreException)
IOException(java.io.IOException)
Example 14 with SubjectPublicKeyInfo
use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project felix by apache.
the class CertificateUtil method createSelfSignedCert.
private static X509Certificate createSelfSignedCert(String commonName, KeyPair keypair) throws Exception {
PublicKey publicKey = keypair.getPublic();
String keyAlg = DPSigner.getSignatureAlgorithm(publicKey);
X500Name issuer = new X500Name(commonName);
BigInteger serial = BigInteger.probablePrime(16, new Random());
Date notBefore = new Date(System.currentTimeMillis() - 1000);
Date notAfter = new Date(notBefore.getTime() + 6000);
SubjectPublicKeyInfo pubKeyInfo;
try (ASN1InputStream is = new ASN1InputStream(publicKey.getEncoded())) {
pubKeyInfo = SubjectPublicKeyInfo.getInstance(is.readObject());
}
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, pubKeyInfo);
builder.addExtension(new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(false))));
X509CertificateHolder certHolder = builder.build(new JcaContentSignerBuilder(keyAlg).build(keypair.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
PublicKey(java.security.PublicKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
Random(java.util.Random)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 15 with SubjectPublicKeyInfo
use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project ambry by linkedin.
the class TestSSLUtils method generateCertificate.
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN(commonName)=Test, O(organizationName)=Org"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws java.security.cert.CertificateException thrown if a security error or an IO error ocurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
EOFException(java.io.EOFException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Aggregations
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)77
X500Name (org.bouncycastle.asn1.x500.X500Name)37
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)37
Date (java.util.Date)34
IOException (java.io.IOException)31
ContentSigner (org.bouncycastle.operator.ContentSigner)24
BigInteger (java.math.BigInteger)22
KeyPair (java.security.KeyPair)21
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)21
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)19
KeyPairGenerator (java.security.KeyPairGenerator)17
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17
X509Certificate (java.security.cert.X509Certificate)17
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)16
InvalidKeyException (java.security.InvalidKeyException)15
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)15
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)13
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)13
PublicKey (java.security.PublicKey)12
