Example 46 with X500Name
use of sun.security.x509.X500Name in project groovity by disney.
the class TestKeys method testCertificate.
@Test
public void testCertificate() throws Exception {
URI keyLoc = new URI("mem:myCertificate");
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair keyPair = generator.generateKeyPair();
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name("CN=Some authority, OU=DATG, O=Disney, C=US"), new BigInteger(64, new SecureRandom()), // yesterday
new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000), // 10 years
new Date(System.currentTimeMillis() + 10 * 365 * 24 * 60 * 60 * 1000), new X500Name("DN=mySubject"), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = builder.build(keyPair.getPrivate());
byte[] certBytes = certBuilder.build(signer).getEncoded();
Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certBytes));
URIParcel<Certificate> certParcel = new URIParcel<Certificate>(Certificate.class, keyLoc);
certParcel.put(cert);
byte[] rawBytes = URIParcel.get(keyLoc, byte[].class);
Assert.assertTrue("Expected X509 certificate", new String(rawBytes).startsWith("-----BEGIN CERTIFICATE-----"));
Certificate rc = URIParcel.get(keyLoc, Certificate.class);
Assert.assertEquals(keyPair.getPublic(), rc.getPublicKey());
}
Also used :
KeyPair(java.security.KeyPair)
URIParcel(com.disney.uriparcel.URIParcel)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
URI(java.net.URI)
Date(java.util.Date)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
Certificate(java.security.cert.Certificate)
Test(org.junit.Test)
Example 47 with X500Name
use of sun.security.x509.X500Name in project keystore-explorer by kaikramer.
the class DGeneralNameChooser method okPressed.
private void okPressed() {
try {
GeneralName newGeneralName = null;
if (jrbDirectoryName.isSelected()) {
X500Name directoryName = jdnDirectoryName.getDistinguishedName();
if (directoryName == null) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DirectoryNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.directoryName, directoryName);
} else if (jrbDnsName.isSelected()) {
String dnsName = jtfDnsName.getText().trim();
if (dnsName.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.DnsNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.dNSName, new DERIA5String(dnsName));
} else if (jrbIpAddress.isSelected()) {
String ipAddress = jtfIpAddress.getText().trim();
if (ipAddress.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.IpAddressValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
if (!IPAddress.isValid(ipAddress)) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.NotAValidIP.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.iPAddress, ipAddress);
} else if (jrbRegisteredId.isSelected()) {
ASN1ObjectIdentifier registeredId = joiRegisteredId.getObjectId();
if (registeredId == null) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.RegisteredIdValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.registeredID, registeredId);
} else if (jrbRfc822Name.isSelected()) {
String rfc822Name = jtfRfc822Name.getText().trim();
if (rfc822Name.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.Rfc822NameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.rfc822Name, new DERIA5String(rfc822Name));
} else if (jrbUniformResourceIdentifier.isSelected()) {
String uniformResourceIdentifier = jtfUniformResourceIdentifier.getText().trim();
if (uniformResourceIdentifier.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.UniformResourceIdentifierValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
newGeneralName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(uniformResourceIdentifier));
} else if (jrbPrincipalName.isSelected()) {
String upnString = jtfPrincipalName.getText().trim();
if (upnString.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGeneralNameChooser.PrincipalNameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
ASN1EncodableVector asn1Vector = new ASN1EncodableVector();
asn1Vector.add(new ASN1ObjectIdentifier(GeneralNameUtil.UPN_OID));
asn1Vector.add(new DERTaggedObject(true, 0, new DERUTF8String(upnString)));
newGeneralName = new GeneralName(GeneralName.otherName, new DERSequence(asn1Vector));
}
generalName = newGeneralName;
} catch (Exception ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
Also used :
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERSequence(org.bouncycastle.asn1.DERSequence)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
UnknownHostException(java.net.UnknownHostException)
DError(org.kse.gui.error.DError)
Example 48 with X500Name
use of sun.security.x509.X500Name in project keystore-explorer by kaikramer.
the class DDistinguishedNameChooser method okPressed.
private void okPressed() {
if (editable) {
X500Name dn = distinguishedNameChooser.getDN();
if (dn == null) {
return;
}
if (dn.toString().isEmpty()) {
JOptionPane.showMessageDialog(this, res.getString("DDistinguishedNameChooser.ValueReqAtLeastOneField.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
for (RDN rdn : dn.getRDNs(BCStyle.C)) {
String countryCode = rdn.getFirst().getValue().toString();
if ((countryCode != null) && (countryCode.length() != 2)) {
JOptionPane.showMessageDialog(this, res.getString("DDistinguishedNameChooser.CountryCodeTwoChars.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
}
distinguishedName = dn;
}
closeDialog();
}Example 49 with X500Name
use of sun.security.x509.X500Name in project keystore-explorer by kaikramer.
the class JDistinguishedName method editDistinguishedName.
private void editDistinguishedName() {
Container container = getTopLevelAncestor();
DDistinguishedNameChooser dDistinguishedNameChooser = null;
if (container instanceof JDialog) {
dDistinguishedNameChooser = new DDistinguishedNameChooser((JDialog) container, title, distinguishedName, true);
dDistinguishedNameChooser.setLocationRelativeTo(container);
dDistinguishedNameChooser.setVisible(true);
} else if (container instanceof JFrame) {
dDistinguishedNameChooser = new DDistinguishedNameChooser((JFrame) container, title, distinguishedName, true);
dDistinguishedNameChooser.setLocationRelativeTo(container);
dDistinguishedNameChooser.setVisible(true);
}
X500Name newDistinguishedName = dDistinguishedNameChooser.getDistinguishedName();
if (newDistinguishedName == null) {
return;
}
setDistinguishedName(newDistinguishedName);
}Example 50 with X500Name
use of sun.security.x509.X500Name in project keystore-explorer by kaikramer.
the class SignCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
FileOutputStream fos = null;
File caReplyFile = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
Certificate[] certs = keyStore.getCertificateChain(alias);
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
File csrFile = chooseCsrFile();
if (csrFile == null) {
return;
}
PKCS10CertificationRequest pkcs10Csr = null;
Spkac spkacCsr = null;
try {
CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
if (fileType == CryptoFileType.PKCS10_CSR) {
pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else if (fileType == CryptoFileType.SPKAC_CSR) {
spkacCsr = new Spkac(new FileInputStream(csrFile));
if (!spkacCsr.verify()) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
return;
}
X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
X509Certificate signingCert = signingChain[0];
PublicKey publicKey = null;
X500Name subject = null;
DSignCsr dSignCsr = null;
Provider provider = history.getExplicitProvider();
if (pkcs10Csr != null) {
publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
subject = pkcs10Csr.getSubject();
dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
} else {
publicKey = spkacCsr.getPublicKey();
subject = spkacCsr.getSubject().getName();
dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
}
dSignCsr.setLocationRelativeTo(frame);
dSignCsr.setVisible(true);
X509CertificateVersion version = dSignCsr.getVersion();
SignatureType signatureType = dSignCsr.getSignatureType();
Date validityStart = dSignCsr.getValidityStart();
Date validityEnd = dSignCsr.getValidityEnd();
BigInteger serialNumber = dSignCsr.getSerialNumber();
caReplyFile = dSignCsr.getCaReplyFile();
X509ExtensionSet extensions = dSignCsr.getExtensions();
if (version == null) {
return;
}
X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
// CA Reply is a cert with subject from CSR and issuer from signing cert's subject
X509CertificateGenerator generator = new X509CertificateGenerator(version);
X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
caReplyChain[0] = caReplyCert;
// Add all of the signing chain to the reply
System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
fos = new FileOutputStream(caReplyFile);
fos.write(caCertEncoded);
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used :
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
PrivateKey(java.security.PrivateKey)
FileNotFoundException(java.io.FileNotFoundException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator)
X509CertificateVersion(org.kse.crypto.x509.X509CertificateVersion)
KeyPairType(org.kse.crypto.keypair.KeyPairType)
Password(org.kse.crypto.Password)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
DSignCsr(org.kse.gui.dialogs.sign.DSignCsr)
KeyStoreState(org.kse.utilities.history.KeyStoreState)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
PublicKey(java.security.PublicKey)
SignatureType(org.kse.crypto.signing.SignatureType)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
FileNotFoundException(java.io.FileNotFoundException)
DProblem(org.kse.gui.error.DProblem)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
Provider(java.security.Provider)
X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet)
Spkac(org.kse.crypto.csr.spkac.Spkac)
FileOutputStream(java.io.FileOutputStream)
CryptoFileType(org.kse.crypto.filetype.CryptoFileType)
BigInteger(java.math.BigInteger)
Problem(org.kse.gui.error.Problem)
DProblem(org.kse.gui.error.DProblem)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
X500Name (org.bouncycastle.asn1.x500.X500Name)214
X509Certificate (java.security.cert.X509Certificate)94
BigInteger (java.math.BigInteger)69
Date (java.util.Date)69
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)59
X500Name (sun.security.x509.X500Name)55
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)54
ContentSigner (org.bouncycastle.operator.ContentSigner)53
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)51
IOException (java.io.IOException)50
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)48
KeyPair (java.security.KeyPair)42
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)37
PrivateKey (java.security.PrivateKey)36
RDN (org.bouncycastle.asn1.x500.RDN)35
GeneralName (org.bouncycastle.asn1.x509.GeneralName)34
KeyPairGenerator (java.security.KeyPairGenerator)32
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)32
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30
CertificateException (java.security.cert.CertificateException)29
