Search in sources :

Example 66 with X500Name

use of org.spongycastle.asn1.x500.X500Name in project fdroidclient by f-droid.

the class LocalRepoKeyStore method generateSelfSignedCertChain.

private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
    SecureRandom rand = new SecureRandom();
    PrivateKey privKey = kp.getPrivate();
    PublicKey pubKey = kp.getPublic();
    ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
    SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
    // now
    Date now = new Date();
    /* force it to use a English/Gregorian dates for the cert, hardly anyone
           ever looks at the cert metadata anyway, and its very likely that they
           understand English/Gregorian dates */
    Calendar c = new GregorianCalendar(Locale.ENGLISH);
    c.setTime(now);
    c.add(Calendar.YEAR, 1);
    Time startTime = new Time(now, Locale.ENGLISH);
    Time endTime = new Time(c.getTime(), Locale.ENGLISH);
    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
    if (hostname != null) {
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
        v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
    }
    X509CertificateHolder certHolder = v3CertGen.build(sigGen);
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.spongycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ContentSigner(org.spongycastle.operator.ContentSigner) GregorianCalendar(java.util.GregorianCalendar) SecureRandom(java.security.SecureRandom) Time(org.spongycastle.asn1.x509.Time) SubjectPublicKeyInfo(org.spongycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) GeneralNames(org.spongycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.spongycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder) GeneralName(org.spongycastle.asn1.x509.GeneralName)

Example 67 with X500Name

use of org.spongycastle.asn1.x500.X500Name in project dcos-commons by mesosphere.

the class CertificateAuthorityClientTest method createCSR.

private byte[] createCSR() throws IOException, OperatorCreationException {
    KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
    X500Name name = new X500NameBuilder().addRDN(BCStyle.CN, "issuer").build();
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
    GeneralNames subAtlNames = new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.dNSName, "test.com"), new GeneralName(GeneralName.iPAddress, TEST_IP_ADDR) });
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, subAtlNames);
    ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, keyPair.getPublic()).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
    return PEMUtils.toPEM(csrBuilder.build(signer));
}
Also used : KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name)

Example 68 with X500Name

use of org.spongycastle.asn1.x500.X500Name in project dcos-commons by mesosphere.

the class CertificateAuthorityClientTest method createCertificate.

private X509Certificate createCertificate() throws Exception {
    KeyPair keyPair = KEY_PAIR_GENERATOR.generateKeyPair();
    SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    X500Name issuer = new X500NameBuilder().addRDN(BCStyle.CN, "issuer").build();
    X500Name subject = new X500NameBuilder().addRDN(BCStyle.CN, "subject").build();
    ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
    X509CertificateHolder certHolder = new X509v3CertificateBuilder(issuer, new BigInteger("1000"), Date.from(Instant.now()), Date.from(Instant.now().plusSeconds(100000)), subject, subjectPublicKeyInfo).build(signer);
    return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
}
Also used : KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate)

Example 69 with X500Name

use of org.spongycastle.asn1.x500.X500Name in project pac4j by pac4j.

the class SAML2ClientConfiguration method createKeystore.

private void createKeystore() {
    try {
        if (CommonHelper.isBlank(this.keyStoreAlias)) {
            this.keyStoreAlias = getClass().getSimpleName();
            LOGGER.warn("Using keystore alias {}", this.keyStoreAlias);
        }
        if (CommonHelper.isBlank(this.keyStoreType)) {
            this.keyStoreType = KeyStore.getDefaultType();
            LOGGER.warn("Using keystore type {}", this.keyStoreType);
        }
        final KeyStore ks = KeyStore.getInstance(this.keyStoreType);
        final char[] password = this.keystorePassword.toCharArray();
        ks.load(null, password);
        final KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(2048);
        final KeyPair kp = kpg.genKeyPair();
        final String sigAlgName = "SHA1WithRSA";
        final AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
        final String dn = InetAddress.getLocalHost().getHostName();
        final PrivateKey signingKey = kp.getPrivate();
        final X509Certificate certificate = createSelfSignedCert(new X500Name("CN=" + dn), sigAlgName, sigAlgID, kp);
        final char[] keyPassword = this.privateKeyPassword.toCharArray();
        ks.setKeyEntry(this.keyStoreAlias, signingKey, keyPassword, new Certificate[] { certificate });
        try (final FileOutputStream fos = new FileOutputStream(this.keystoreResource.getFile().getCanonicalPath())) {
            ks.store(fos, password);
            fos.flush();
        }
        LOGGER.info("Created keystore {} with key alias {} ", keystoreResource.getFile().getCanonicalPath(), ks.aliases().nextElement());
    } catch (final Exception e) {
        throw new SAMLException("Could not create keystore", e);
    }
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) FileOutputStream(java.io.FileOutputStream) KeyPairGenerator(java.security.KeyPairGenerator) DERBitString(org.bouncycastle.asn1.DERBitString) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStore(java.security.KeyStore) SAMLException(org.pac4j.saml.exceptions.SAMLException) X509Certificate(java.security.cert.X509Certificate) TechnicalException(org.pac4j.core.exception.TechnicalException) MalformedURLException(java.net.MalformedURLException) SAMLException(org.pac4j.saml.exceptions.SAMLException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 70 with X500Name

use of org.spongycastle.asn1.x500.X500Name in project keystore-explorer by kaikramer.

the class DGeneralNameChooser method okPressed.

private void okPressed() {
    try {
        GeneralName newGeneralName = null;
        if (jrbDirectoryName.isSelected()) {
            X500Name directoryName = jdnDirectoryName.getDistinguishedName();
            if (directoryName == null) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DirectoryNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.directoryName, directoryName);
        } else if (jrbDnsName.isSelected()) {
            String dnsName = jtfDnsName.getText().trim();
            if (dnsName.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DnsNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.dNSName, new DERIA5String(dnsName));
        } else if (jrbIpAddress.isSelected()) {
            String ipAddress = jtfIpAddress.getText().trim();
            if (ipAddress.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.IpAddressValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            if (!IPAddress.isValid(ipAddress)) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.NotAValidIP.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.iPAddress, ipAddress);
        } else if (jrbRegisteredId.isSelected()) {
            ASN1ObjectIdentifier registeredId = joiRegisteredId.getObjectId();
            if (registeredId == null) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.RegisteredIdValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.registeredID, registeredId);
        } else if (jrbRfc822Name.isSelected()) {
            String rfc822Name = jtfRfc822Name.getText().trim();
            if (rfc822Name.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.Rfc822NameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.rfc822Name, new DERIA5String(rfc822Name));
        } else if (jrbUniformResourceIdentifier.isSelected()) {
            String uniformResourceIdentifier = jtfUniformResourceIdentifier.getText().trim();
            if (uniformResourceIdentifier.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.UniformResourceIdentifierValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            newGeneralName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(uniformResourceIdentifier));
        } else if (jrbPrincipalName.isSelected()) {
            String upnString = jtfPrincipalName.getText().trim();
            if (upnString.length() == 0) {
                JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.PrincipalNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
                return;
            }
            ASN1EncodableVector asn1Vector = new ASN1EncodableVector();
            asn1Vector.add(new ASN1ObjectIdentifier(GeneralNameUtil.UPN_OID));
            asn1Vector.add(new DERTaggedObject(true, 0, new DERUTF8String(upnString)));
            newGeneralName = new GeneralName(GeneralName.otherName, new DERSequence(asn1Vector));
        }
        generalName = newGeneralName;
    } catch (Exception ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(this);
        dError.setVisible(true);
        return;
    }
    closeDialog();
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) UnknownHostException(java.net.UnknownHostException) DError(org.kse.gui.error.DError)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)193 X509Certificate (java.security.cert.X509Certificate)88 Date (java.util.Date)72 BigInteger (java.math.BigInteger)63 X500Name (sun.security.x509.X500Name)53 IOException (java.io.IOException)49 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)47 ContentSigner (org.bouncycastle.operator.ContentSigner)45 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)44 RDN (org.bouncycastle.asn1.x500.RDN)43 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)42 KeyPair (java.security.KeyPair)41 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)41 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)36 PrivateKey (java.security.PrivateKey)33 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)33 KeyPairGenerator (java.security.KeyPairGenerator)31 GeneralName (org.bouncycastle.asn1.x509.GeneralName)31 SecureRandom (java.security.SecureRandom)28 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)28