use of sun.security.x509.CertificateValidity in project OpenAttestation by OpenAttestation.
the class X509Builder method build.
public X509Certificate build() {
if (certificateVersion == null) {
v3();
}
if (certificateValidity == null) {
// 1 year default
expires(365, TimeUnit.DAYS);
}
if (certificateSerialNumber == null) {
randomSerial();
}
if (certificateSubjectName == null) {
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
subjectName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (certificateIssuerName == null) {
//}
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
issuerName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (subjectPublicKey == null) {
fault("missing subject public key");
}
// Note: alternativeName is optional so we don't have any defaults or errors for it here
if (algorithm == null) {
// algorithm.getName() == SHA256withRSA
algorithm(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid));
}
//}
try {
if (getFaults().isEmpty()) {
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
// NoSuchAlgorithMException, InvalidKeyException, NoSuchProviderException, , SignatureException
cert.sign(issuerPrivateKey, algorithm.getName());
/*
* for some unknown reason, if we return the "cert" now then all
* the optioanl fields such as getBasicConstraints() and
* getKeyUsage() are missing even though they are included if you
* call getEncoded() ... but if you re-create the certificate
* then those fields are present in the re-created certificate.
*/
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert2 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
return cert2;
}
return null;
} catch (Exception e) {
fault(e, "cannot sign certificate");
return null;
} finally {
done();
}
}
use of sun.security.x509.CertificateValidity in project OpenAttestation by OpenAttestation.
the class X509Builder method expires.
public X509Builder expires(long expiration, TimeUnit units) {
try {
Date from = new Date();
Date to = new Date(from.getTime() + TimeUnit.MILLISECONDS.convert(expiration, units));
certificateValidity = new CertificateValidity(from, to);
// CertificateException, IOException
info.set(X509CertInfo.VALIDITY, certificateValidity);
} catch (Exception e) {
fault(e, "expires(%d,%s)", expiration, units == null ? "null" : units.name());
}
return this;
}
use of sun.security.x509.CertificateValidity in project OpenAM by OpenRock.
the class JwtGenerator method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
System.exit(1);
}
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair keyPair = keyGen.genKeyPair();
PublicKey publicKey = keyPair.getPublic();
long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
System.out.println("JWT: " + jwt);
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.DAY_OF_YEAR, 7);
X509CertInfo info = new X509CertInfo();
CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA256withRSA");
System.out.println("Certificate:");
BASE64Encoder encoder = new BASE64Encoder();
System.out.println(X509Factory.BEGIN_CERT);
encoder.encodeBuffer(cert.getEncoded(), System.out);
System.out.println(X509Factory.END_CERT);
}
use of sun.security.x509.CertificateValidity in project cdap by caskdata.
the class KeyStores method getCertificate.
/**
* Generate an X.509 certificate
*
* @param dn Distinguished name for the owner of the certificate, it will also be the signer of the certificate.
* @param pair Key pair used for signing the certificate.
* @param days Validity of the certificate.
* @param algorithm Name of the signature algorithm used.
* @return A X.509 certificate
*/
private static X509Certificate getCertificate(String dn, KeyPair pair, int days, String algorithm) throws IOException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
// Calculate the validity interval of the certificate
Date from = new Date();
Date to = DateUtils.addDays(from, days);
CertificateValidity interval = new CertificateValidity(from, to);
// Generate a random number to use as the serial number for the certificate
BigInteger sn = new BigInteger(64, new SecureRandom());
// Create the name of the owner based on the provided distinguished name
X500Name owner = new X500Name(dn);
// Create an info objects with the provided information, which will be used to create the certificate
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
// In java 7, subject is of type CertificateSubjectName and issuer is of type CertificateIssuerName.
// These were changed to X500Name in Java8. So looking at the field type before setting them.
// This certificate will be self signed, hence the subject and the issuer are same.
Field subjectField = null;
try {
subjectField = info.getClass().getDeclaredField("subject");
if (subjectField.getType().equals(X500Name.class)) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
} catch (NoSuchFieldException e) {
// Trying to set it to Java 8 types. If one of the underlying fields has changed then this will throw a
// CertificateException which is handled by the caller.
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Create the certificate and sign it with the private key
X509CertImpl cert = new X509CertImpl(info);
PrivateKey privateKey = pair.getPrivate();
cert.sign(privateKey, algorithm);
return cert;
}
use of sun.security.x509.CertificateValidity in project netty by netty.
the class OpenJdkSelfSignedCertGenerator method generate.
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fqdn, key, cert);
}
Aggregations