use of org.spongycastle.asn1.x500.X500Name in project nifi by apache.
the class TlsHelper method createDomainAlternativeNamesExtensions.
public static Extensions createDomainAlternativeNamesExtensions(String domainAlternativeNames, String requestedDn) throws IOException {
List<GeneralName> namesList = new ArrayList<>();
try {
final String cn = IETFUtils.valueToString(new X500Name(requestedDn).getRDNs(BCStyle.CN)[0].getFirst().getValue());
namesList.add(new GeneralName(GeneralName.dNSName, cn));
} catch (Exception e) {
throw new IOException("Failed to extract CN from request DN: " + requestedDn, e);
}
if (StringUtils.isNotBlank(domainAlternativeNames)) {
for (String alternativeName : domainAlternativeNames.split(",")) {
namesList.add(new GeneralName(GeneralName.dNSName, alternativeName));
}
}
GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName[] {}));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
return extGen.generate();
}
use of org.spongycastle.asn1.x500.X500Name in project nifi by apache.
the class OcspCertificateValidatorTest method generateIssuedCertificate.
/**
* Generates a certificate with a specific public key signed by the issuer key.
*
* @param dn the subject DN
* @param publicKey the subject public key
* @param issuerDn the issuer DN
* @param issuerKey the issuer private key
* @return the certificate
* @throws IOException if an exception occurs
* @throws NoSuchAlgorithmException if an exception occurs
* @throws CertificateException if an exception occurs
* @throws NoSuchProviderException if an exception occurs
* @throws SignatureException if an exception occurs
* @throws InvalidKeyException if an exception occurs
* @throws OperatorCreationException if an exception occurs
*/
private static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, String issuerDn, PrivateKey issuerKey) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(issuerKey);
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
Date startDate = new Date(YESTERDAY);
Date endDate = new Date(ONE_YEAR_FROM_NOW);
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(new X500Name(issuerDn), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(dn), subPubKeyInfo);
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certificateHolder);
}
use of org.spongycastle.asn1.x500.X500Name in project nifi by apache.
the class OcspCertificateValidatorTest method generateCertificate.
/**
* Generates a signed certificate with a specific keypair.
*
* @param dn the DN
* @param keyPair the public key will be included in the certificate and the the private key is used to sign the certificate
* @return the certificate
* @throws IOException if an exception occurs
* @throws NoSuchAlgorithmException if an exception occurs
* @throws CertificateException if an exception occurs
* @throws NoSuchProviderException if an exception occurs
* @throws SignatureException if an exception occurs
* @throws InvalidKeyException if an exception occurs
* @throws OperatorCreationException if an exception occurs
*/
private static X509Certificate generateCertificate(String dn, KeyPair keyPair) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException {
PrivateKey privateKey = keyPair.getPrivate();
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKey);
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
Date startDate = new Date(YESTERDAY);
Date endDate = new Date(ONE_YEAR_FROM_NOW);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name(dn), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(dn), subPubKeyInfo);
// Set certificate extensions
// (1) digitalSignature extension
certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement));
// (2) extendedKeyUsage extension
Vector<KeyPurposeId> ekUsages = new Vector<>();
ekUsages.add(KeyPurposeId.id_kp_clientAuth);
ekUsages.add(KeyPurposeId.id_kp_serverAuth);
certBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(ekUsages));
// Sign the certificate
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
return new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certificateHolder);
}
use of org.spongycastle.asn1.x500.X500Name in project coprhd-controller by CoprHD.
the class KeyCertificatePairGenerator method generateCertificate.
/**
* Create a self-signed X.509 Certificate
*
* @param pair the KeyPair
*/
private X509Certificate generateCertificate(KeyPair pair) throws GeneralSecurityException, IOException {
PublicKey pubKey = loadPublicKeyFromBytes(pair.getPublic().getEncoded());
PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = getNotBefore();
Date to = new Date(from.getTime() + valuesHolder.getCertificateValidityInDays() * 86400000L);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(String.format(CERTIFICATE_COMMON_NAME_FORMAT, valuesHolder.getCertificateCommonName()));
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId keyAlgo = AlgorithmId.get(KeyCertificateAlgorithmValuesHolder.DEFAULT_KEY_ALGORITHM);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(keyAlgo));
AlgorithmId signingAlgo = AlgorithmId.get(valuesHolder.getSigningAlgorithm());
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, signingAlgo);
// add extensions
CertificateExtensions ext = new CertificateExtensions();
ext.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey).getIdentifier()));
// CA public key is the same as our public key (self signed)
ext.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(pubKey), null, null));
ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(subjectAltNames()));
info.set(X509CertInfo.EXTENSIONS, ext);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, valuesHolder.getSigningAlgorithm());
return cert;
}
use of org.spongycastle.asn1.x500.X500Name in project coprhd-controller by CoprHD.
the class VdcControllerTest method setup.
@Before
public void setup() throws Exception {
vdcController = new VdcControllerImpl();
MockCoordinatorClient coordinator = new MockCoordinatorClient();
// setup mock objects for vdc controller test
dbClient = new MockDbClient();
vdcController.setDbClient(dbClient);
InternalApiSignatureKeyGenerator secretKeyGenerator = new InternalApiSignatureKeyGenerator() {
public synchronized void loadKeys() {
}
public SecretKey getSignatureKey(SignatureKeyType type) {
return SignatureHelper.createKey("test", InternalApiSignatureKeyGenerator.CURRENT_INTERVDC_API_SIGN_ALGO);
}
};
clientManager = new MockGeoClientCacheManager(coordinator, secretKeyGenerator);
vdcController.setGeoClientManager(clientManager);
vdcController.setVdcOperationLockHelper(new MockVdcOperationLockHelper());
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
password = "some password".toCharArray();
keystore.load(null, password);
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512, new SecureRandom());
CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
X500Name x500Name = new X500Name("EMC", "EMC", "EMC", "EMC", "MA", "US");
keypair.generate(512);
PrivateKey privKey = keypair.getPrivateKey();
chain = new X509Certificate[1];
chain[0] = keypair.getSelfCertificate(x500Name, new Date(), (long) 365 * 24 * 60 * 60);
keystore.setKeyEntry(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, privKey, password, chain);
vdcController.setKeystore(keystore);
vdcController.setSignatureGenerator(secretKeyGenerator);
BasePermissionsHelper permissionsHelper = new BasePermissionsHelper(dbClient);
vdcController.setPermissionsHelper(permissionsHelper);
// Setup helper based on mocked db client
VdcConfigHelper helper = new VdcConfigHelper();
helper.setDbClient(dbClient);
helper.setGeoClientCacheManager(clientManager);
helper.setCoordinatorClient(coordinator);
vdcController.setVdcHelper(helper);
VdcUtil.setDbClient(dbClient);
dbClient.buildGeodbData();
}
Aggregations