use of org.spongycastle.asn1.x500.X500Name in project fdroidclient by f-droid.
the class LocalRepoKeyStore method generateSelfSignedCertChain.
private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
SecureRandom rand = new SecureRandom();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
// now
Date now = new Date();
/* force it to use a English/Gregorian dates for the cert, hardly anyone
ever looks at the cert metadata anyway, and its very likely that they
understand English/Gregorian dates */
Calendar c = new GregorianCalendar(Locale.ENGLISH);
c.setTime(now);
c.add(Calendar.YEAR, 1);
Time startTime = new Time(now, Locale.ENGLISH);
Time endTime = new Time(c.getTime(), Locale.ENGLISH);
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
if (hostname != null) {
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
}
X509CertificateHolder certHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
use of org.spongycastle.asn1.x500.X500Name in project dcos-commons by mesosphere.
the class CertificateAuthorityClientTest method createCSR.
private byte[] createCSR() throws IOException, OperatorCreationException {
KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
X500Name name = new X500NameBuilder().addRDN(BCStyle.CN, "issuer").build();
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
GeneralNames subAtlNames = new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.dNSName, "test.com"), new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR) });
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, subAtlNames);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic()).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
return PEMUtils.toPEM(csrBuilder.build(signer));
}
use of org.spongycastle.asn1.x500.X500Name in project dcos-commons by mesosphere.
the class CertificateAuthorityClientTest method createCertificate.
private X509Certificate createCertificate() throws Exception {
KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X500Name issuer = new X500NameBuilder().addRDN(BCStyle.CN, "issuer").build();
X500Name subject = new X500NameBuilder().addRDN(BCStyle.CN, "subject").build();
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509CertificateHolder certHolder = new X509v3CertificateBuilder(issuer, new BigInteger("1000"), Date.from(Instant.now()), Date.from(Instant.now().plusSeconds(100000)), subject, subjectPublicKeyInfo).build(signer);
return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
}
use of org.spongycastle.asn1.x500.X500Name in project pac4j by pac4j.
the class SAML2ClientConfiguration method createKeystore.
private void createKeystore() {
try {
if (CommonHelper.isBlank(this.keyStoreAlias)) {
this.keyStoreAlias = getClass().getSimpleName();
LOGGER.warn("Using keystore alias {}", this.keyStoreAlias);
}
if (CommonHelper.isBlank(this.keyStoreType)) {
this.keyStoreType = KeyStore.getDefaultType();
LOGGER.warn("Using keystore type {}", this.keyStoreType);
}
final KeyStore ks = KeyStore.getInstance(this.keyStoreType);
final char[] password = this.keystorePassword.toCharArray();
ks.load(null, password);
final KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
final KeyPair kp = kpg.genKeyPair();
final String sigAlgName = "SHA1WithRSA";
final AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
final String dn = InetAddress.getLocalHost().getHostName();
final PrivateKey signingKey = kp.getPrivate();
final X509Certificate certificate = createSelfSignedCert(new X500Name("CN=" + dn), sigAlgName, sigAlgID, kp);
final char[] keyPassword = this.privateKeyPassword.toCharArray();
ks.setKeyEntry(this.keyStoreAlias, signingKey, keyPassword, new Certificate[] { certificate });
try (final FileOutputStream fos = new FileOutputStream(this.keystoreResource.getFile().getCanonicalPath())) {
ks.store(fos, password);
fos.flush();
}
LOGGER.info("Created keystore {} with key alias {} ", keystoreResource.getFile().getCanonicalPath(), ks.aliases().nextElement());
} catch (final Exception e) {
throw new SAMLException("Could not create keystore", e);
}
}
use of org.spongycastle.asn1.x500.X500Name in project keystore-explorer by kaikramer.
the class DGeneralNameChooser method okPressed.
private void okPressed() {
try {
GeneralName newGeneralName = null;
if (jrbDirectoryName.isSelected()) {
X500Name directoryName = jdnDirectoryName.getDistinguishedName();
if (directoryName == null) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DirectoryNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.directoryName, directoryName);
} else if (jrbDnsName.isSelected()) {
String dnsName = jtfDnsName.getText().trim();
if (dnsName.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DnsNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.dNSName, new DERIA5String(dnsName));
} else if (jrbIpAddress.isSelected()) {
String ipAddress = jtfIpAddress.getText().trim();
if (ipAddress.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.IpAddressValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
if (!IPAddress.isValid(ipAddress)) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.NotAValidIP.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.iPAddress, ipAddress);
} else if (jrbRegisteredId.isSelected()) {
ASN1ObjectIdentifier registeredId = joiRegisteredId.getObjectId();
if (registeredId == null) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.RegisteredIdValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.registeredID, registeredId);
} else if (jrbRfc822Name.isSelected()) {
String rfc822Name = jtfRfc822Name.getText().trim();
if (rfc822Name.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.Rfc822NameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.rfc822Name, new DERIA5String(rfc822Name));
} else if (jrbUniformResourceIdentifier.isSelected()) {
String uniformResourceIdentifier = jtfUniformResourceIdentifier.getText().trim();
if (uniformResourceIdentifier.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.UniformResourceIdentifierValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(uniformResourceIdentifier));
} else if (jrbPrincipalName.isSelected()) {
String upnString = jtfPrincipalName.getText().trim();
if (upnString.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.PrincipalNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
ASN1EncodableVector asn1Vector = new ASN1EncodableVector();
asn1Vector.add(new ASN1ObjectIdentifier(GeneralNameUtil.UPN_OID));
asn1Vector.add(new DERTaggedObject(true, 0, new DERUTF8String(upnString)));
newGeneralName = new GeneralName(GeneralName.otherName, new DERSequence(asn1Vector));
}
generalName = newGeneralName;
} catch (Exception ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
Aggregations