Search in sources :

Example 1 with CertificateSerialNumber

use of ru.CryptoPro.JCP.ASN.PKIX1Explicit88.CertificateSerialNumber in project AppManager by MuntashirAkon.

the class KeyStoreUtils method generateCert.

@NonNull
private static X509Certificate generateCert(PrivateKey privateKey, PublicKey publicKey, @NonNull String formattedSubject, long expiryDate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException, IOException {
    String algorithmName = "SHA512withRSA";
    CertificateExtensions certificateExtensions = new CertificateExtensions();
    certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
    X500Name x500Name = new X500Name(formattedSubject);
    Date notBefore = new Date();
    Date notAfter = new Date(expiryDate);
    certificateExtensions.set("PrivateKeyUsage", new PrivateKeyUsageExtension(notBefore, notAfter));
    CertificateValidity certificateValidity = new CertificateValidity(notBefore, notAfter);
    X509CertInfo x509CertInfo = new X509CertInfo();
    x509CertInfo.set("version", new CertificateVersion(2));
    x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
    x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(algorithmName)));
    x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
    x509CertInfo.set("key", new CertificateX509Key(publicKey));
    x509CertInfo.set("validity", certificateValidity);
    x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
    x509CertInfo.set("extensions", certificateExtensions);
    X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
    x509CertImpl.sign(privateKey, algorithmName);
    return x509CertImpl;
}
Also used : CertificateSubjectName(android.sun.security.x509.CertificateSubjectName) KeyIdentifier(android.sun.security.x509.KeyIdentifier) X509CertInfo(android.sun.security.x509.X509CertInfo) CertificateIssuerName(android.sun.security.x509.CertificateIssuerName) CertificateVersion(android.sun.security.x509.CertificateVersion) CertificateExtensions(android.sun.security.x509.CertificateExtensions) CertificateValidity(android.sun.security.x509.CertificateValidity) X500Name(android.sun.security.x509.X500Name) CertificateX509Key(android.sun.security.x509.CertificateX509Key) Date(java.util.Date) SubjectKeyIdentifierExtension(android.sun.security.x509.SubjectKeyIdentifierExtension) CertificateSerialNumber(android.sun.security.x509.CertificateSerialNumber) Random(java.util.Random) SecureRandom(java.security.SecureRandom) X509CertImpl(android.sun.security.x509.X509CertImpl) CertificateAlgorithmId(android.sun.security.x509.CertificateAlgorithmId) PrivateKeyUsageExtension(android.sun.security.x509.PrivateKeyUsageExtension) NonNull(androidx.annotation.NonNull)

Example 2 with CertificateSerialNumber

use of ru.CryptoPro.JCP.ASN.PKIX1Explicit88.CertificateSerialNumber in project xap by xap.

the class SelfSignedCertificate method generateKeyStore.

private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    String keyStoreType = KeyStore.getDefaultType();
    final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
    keyStore.load(null, null);
    // keyStore.setCertificateEntry("CAcert-root", cert);
    keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert });
    return keyStore;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) KeyStore(java.security.KeyStore) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 3 with CertificateSerialNumber

use of ru.CryptoPro.JCP.ASN.PKIX1Explicit88.CertificateSerialNumber in project CipherTrust_Application_Protection by thalescpl-io.

the class SelfSignedCertificateUtility method generateCertificate.

private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
    String dn = makeDN(certificateProeprties);
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
    CertificateValidity interval = new CertificateValidity(from, to);
    X500Name owner = new X500Name(dn);
    boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
    KeyUsageExtension kue = new KeyUsageExtension(kueOk);
    CertificateExtensions ext = new CertificateExtensions();
    ext.set(KeyUsageExtension.NAME, kue);
    info.set(X509CertInfo.VALIDITY, interval);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    boolean justName = isJavaAtLeast(1.8);
    if (justName) {
        info.set(X509CertInfo.SUBJECT, owner);
        info.set(X509CertInfo.ISSUER, owner);
    } else {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    }
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = null;
    String provider = null;
    switch(certificateProeprties.get("Algorithm")) {
        case "SHA1WithRSA":
            break;
        case "SHA256WithRSA":
            break;
        case "SHA384WithRSA":
            break;
        case "SHA512WithRSA":
            provider = "BC";
            break;
        case "SHA1WithECDSA":
            provider = "BC";
            break;
        case "SHA224WithECDSA":
            provider = "BC";
            break;
        case "SHA256WithECDSA":
            provider = "BC";
            break;
        case "SHA384WithECDSA":
            provider = "BC";
            break;
        case "SHA512WithECDSA":
            provider = "BC";
            break;
        default:
            throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
    }
    algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    info.set(X509CertInfo.EXTENSIONS, ext);
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    if (provider != null)
        cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
    else
        cert.sign(privateKey, certificateProeprties.get("Algorithm"));
    return cert;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) NAEException(com.ingrian.security.nae.NAEException) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateExtensions(sun.security.x509.CertificateExtensions) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) KeyUsageExtension(sun.security.x509.KeyUsageExtension)

Example 4 with CertificateSerialNumber

use of ru.CryptoPro.JCP.ASN.PKIX1Explicit88.CertificateSerialNumber in project diadocsdk-java by diadoc.

the class CertificateHelper method createCMS.

public static byte[] createCMS(byte[] buffer, byte[] sign, Certificate cert, boolean detached, GOSTSignInfoProvider gostSignInfoProvider) throws Exception {
    final ContentInfo all = new ContentInfo();
    all.contentType = new Asn1ObjectIdentifier(new OID(STR_CMS_OID_SIGNED).value);
    final SignedData cms = new SignedData();
    all.content = cms;
    cms.version = new CMSVersion(1);
    // digest
    cms.digestAlgorithms = new DigestAlgorithmIdentifiers(1);
    final DigestAlgorithmIdentifier a = new DigestAlgorithmIdentifier(new OID(gostSignInfoProvider.getDigestOID()).value);
    a.parameters = new Asn1Null();
    cms.digestAlgorithms.elements[0] = a;
    if (detached) {
        cms.encapContentInfo = new EncapsulatedContentInfo(new Asn1ObjectIdentifier(new OID(STR_CMS_OID_DATA).value), null);
    } else {
        cms.encapContentInfo = new EncapsulatedContentInfo(new Asn1ObjectIdentifier(new OID(STR_CMS_OID_DATA).value), new Asn1OctetString(buffer));
    }
    // certificate
    cms.certificates = new CertificateSet(1);
    final ru.CryptoPro.JCP.ASN.PKIX1Explicit88.Certificate certificate = new ru.CryptoPro.JCP.ASN.PKIX1Explicit88.Certificate();
    final Asn1BerDecodeBuffer decodeBuffer = new Asn1BerDecodeBuffer(cert.getEncoded());
    certificate.decode(decodeBuffer);
    cms.certificates.elements = new CertificateChoices[1];
    cms.certificates.elements[0] = new CertificateChoices();
    cms.certificates.elements[0].set_certificate(certificate);
    // signer info
    cms.signerInfos = new SignerInfos(1);
    cms.signerInfos.elements[0] = new SignerInfo();
    cms.signerInfos.elements[0].version = new CMSVersion(1);
    cms.signerInfos.elements[0].sid = new SignerIdentifier();
    final byte[] encodedName = ((X509Certificate) cert).getIssuerX500Principal().getEncoded();
    final Asn1BerDecodeBuffer nameBuf = new Asn1BerDecodeBuffer(encodedName);
    final Name name = new Name();
    name.decode(nameBuf);
    final CertificateSerialNumber num = new CertificateSerialNumber(((X509Certificate) cert).getSerialNumber());
    cms.signerInfos.elements[0].sid.set_issuerAndSerialNumber(new IssuerAndSerialNumber(name, num));
    cms.signerInfos.elements[0].digestAlgorithm = new DigestAlgorithmIdentifier(new OID(gostSignInfoProvider.getDigestOID()).value);
    cms.signerInfos.elements[0].digestAlgorithm.parameters = new Asn1Null();
    cms.signerInfos.elements[0].signatureAlgorithm = new SignatureAlgorithmIdentifier(new OID(gostSignInfoProvider.getSignOID()).value);
    cms.signerInfos.elements[0].signatureAlgorithm.parameters = new Asn1Null();
    cms.signerInfos.elements[0].signature = new SignatureValue(sign);
    // encode
    final Asn1BerEncodeBuffer asnBuf = new Asn1BerEncodeBuffer();
    all.encode(asnBuf, true);
    return asnBuf.getMsgCopy();
}
Also used : Name(ru.CryptoPro.JCP.ASN.PKIX1Explicit88.Name) CertificateSerialNumber(ru.CryptoPro.JCP.ASN.PKIX1Explicit88.CertificateSerialNumber) OID(ru.CryptoPro.JCP.params.OID) Certificate(java.security.cert.Certificate)

Example 5 with CertificateSerialNumber

use of ru.CryptoPro.JCP.ASN.PKIX1Explicit88.CertificateSerialNumber in project mockserver by mock-server.

the class X509Generator method buildX509CertInfo.

private X509CertInfo buildX509CertInfo(final X500Name subject, final X500Name issuer, final PublicKey publicKey, final CertificateSigningRequest csr) throws IOException, NoSuchAlgorithmException, CertificateException {
    X509CertInfo x509CertInfo = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(NOT_BEFORE, NOT_AFTER);
    // replaced secure random with random in order to prevent entropy depletion
    BigInteger sn = new BigInteger(64, new Random());
    x509CertInfo.set(X509CertInfo.VALIDITY, interval);
    x509CertInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    x509CertInfo.set(X509CertInfo.SUBJECT, subject);
    x509CertInfo.set(X509CertInfo.ISSUER, issuer);
    x509CertInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    x509CertInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.get(csr.getSigningAlgorithm()).getOID());
    x509CertInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    return x509CertInfo;
}
Also used : CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertInfo(sun.security.x509.X509CertInfo) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) BigInteger(java.math.BigInteger) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Aggregations

CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)13 BigInteger (java.math.BigInteger)12 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)12 CertificateValidity (sun.security.x509.CertificateValidity)12 CertificateX509Key (sun.security.x509.CertificateX509Key)12 X509CertInfo (sun.security.x509.X509CertInfo)12 CertificateVersion (sun.security.x509.CertificateVersion)11 X509CertImpl (sun.security.x509.X509CertImpl)11 AlgorithmId (sun.security.x509.AlgorithmId)10 X500Name (sun.security.x509.X500Name)9 SecureRandom (java.security.SecureRandom)8 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8 PrivateKey (java.security.PrivateKey)7 Date (java.util.Date)6 CertificateException (java.security.cert.CertificateException)5 IOException (java.io.IOException)3 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 PublicKey (java.security.PublicKey)2