Examples with X500Name sun.security.x509.X500Name used on opensource projects

Search in sources :

Example 66 with X500Name

use of sun.security.x509.X500Name in project xipki by xipki.

the class P12ComplexCsrGenCmd method getSubject.

@Override
protected X500Name getSubject(String subject) {
    X500Name name = new X500Name(subject);
    List<RDN> list = new LinkedList<>();
    RDN[] rs = name.getRDNs();
    for (RDN m : rs) {
        list.add(m);
    }
    ASN1ObjectIdentifier id;
    // dateOfBirth
    if (complexSubject.booleanValue()) {
        id = ObjectIdentifiers.DN_DATE_OF_BIRTH;
        RDN[] rdns = name.getRDNs(id);
        if (rdns == null || rdns.length == 0) {
            ASN1Encodable atvValue = new DERGeneralizedTime("19950102120000Z");
            RDN rdn = new RDN(id, atvValue);
            list.add(rdn);
        }
    }
    // postalAddress
    if (complexSubject.booleanValue()) {
        id = ObjectIdentifiers.DN_POSTAL_ADDRESS;
        RDN[] rdns = name.getRDNs(id);
        if (rdns == null || rdns.length == 0) {
            ASN1EncodableVector vec = new ASN1EncodableVector();
            vec.add(new DERUTF8String("my street 1"));
            vec.add(new DERUTF8String("12345 Germany"));
            ASN1Sequence atvValue = new DERSequence(vec);
            RDN rdn = new RDN(id, atvValue);
            list.add(rdn);
        }
    }
    // DN_UNIQUE_IDENTIFIER
    id = ObjectIdentifiers.DN_UNIQUE_IDENTIFIER;
    RDN[] rdns = name.getRDNs(id);
    if (rdns == null || rdns.length == 0) {
        DERUTF8String atvValue = new DERUTF8String("abc-def-ghi");
        RDN rdn = new RDN(id, atvValue);
        list.add(rdn);
    }
    return new X500Name(list.toArray(new RDN[0]));
}
Also used : DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) RDN(org.bouncycastle.asn1.x500.RDN) LinkedList(java.util.LinkedList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 67 with X500Name

use of sun.security.x509.X500Name in project airavata by apache.

the class X509SecurityContext method generateShortLivedCredential.

public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}
Also used : KeyPair(java.security.KeyPair) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPairGenerator(java.security.KeyPairGenerator) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) Random(java.util.Random) X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger)

Example 68 with X500Name

use of sun.security.x509.X500Name in project airavata by apache.

the class MyProxyLogon method generateCertificationRequest.

private PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception {
    X500Name subject = new X500Name(dn);
    PublicKey pubKey = kp.getPublic();
    PrivateKey privKey = kp.getPrivate();
    AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded());
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam);
    PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);
    AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA);
    BcRSAContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1));
    AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded());
    ContentSigner signer = signerBuilder.build(pkParam);
    return builder.build(signer);
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) PrivateKey(java.security.PrivateKey) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) PublicKey(java.security.PublicKey) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 69 with X500Name

use of sun.security.x509.X500Name in project airavata by apache.

the class X509SecurityContext method generateShortLivedCredential.

public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}
Also used : KeyPair(java.security.KeyPair) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPairGenerator(java.security.KeyPairGenerator) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) Random(java.util.Random) X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger)

Example 70 with X500Name

use of sun.security.x509.X500Name in project Bytecoder by mirkosertic.

the class HostnameChecker method matchDNS.

/**
 * Check if the certificate allows use of the given DNS name.
 *
 * From RFC2818:
 * If a subjectAltName extension of type dNSName is present, that MUST
 * be used as the identity. Otherwise, the (most specific) Common Name
 * field in the Subject field of the certificate MUST be used. Although
 * the use of the Common Name is existing practice, it is deprecated and
 * Certification Authorities are encouraged to use the dNSName instead.
 *
 * Matching is performed using the matching rules specified by
 * [RFC5280].  If more than one identity of a given type is present in
 * the certificate (e.g., more than one dNSName name, a match in any one
 * of the set is considered acceptable.)
 */
private void matchDNS(String expectedName, X509Certificate cert, boolean chainsToPublicCA) throws CertificateException {
    // Check that the expected name is a valid domain name.
    try {
        // Using the checking implemented in SNIHostName
        SNIHostName sni = new SNIHostName(expectedName);
    } catch (IllegalArgumentException iae) {
        throw new CertificateException("Illegal given domain name: " + expectedName, iae);
    }
    Collection<List<?>> subjAltNames = cert.getSubjectAlternativeNames();
    if (subjAltNames != null) {
        boolean foundDNS = false;
        for (List<?> next : subjAltNames) {
            if (((Integer) next.get(0)).intValue() == ALTNAME_DNS) {
                foundDNS = true;
                String dnsName = (String) next.get(1);
                if (isMatched(expectedName, dnsName, chainsToPublicCA)) {
                    return;
                }
            }
        }
        if (foundDNS) {
            // but none match, reject
            throw new CertificateException("No subject alternative DNS " + "name matching " + expectedName + " found.");
        }
    }
    X500Name subjectName = getSubjectX500Name(cert);
    DerValue derValue = subjectName.findMostSpecificAttribute(X500Name.commonName_oid);
    if (derValue != null) {
        try {
            if (isMatched(expectedName, derValue.getAsString(), chainsToPublicCA)) {
                return;
            }
        } catch (IOException e) {
        // ignore
        }
    }
    String msg = "No name matching " + expectedName + " found";
    throw new CertificateException(msg);
}
Also used : SNIHostName(javax.net.ssl.SNIHostName) X500Name(sun.security.x509.X500Name) IOException(java.io.IOException)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)214 X509Certificate (java.security.cert.X509Certificate)94 BigInteger (java.math.BigInteger)69 Date (java.util.Date)69 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)59 X500Name (sun.security.x509.X500Name)55 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)54 ContentSigner (org.bouncycastle.operator.ContentSigner)53 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)51 IOException (java.io.IOException)50 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)48 KeyPair (java.security.KeyPair)42 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)37 PrivateKey (java.security.PrivateKey)36 RDN (org.bouncycastle.asn1.x500.RDN)35 GeneralName (org.bouncycastle.asn1.x509.GeneralName)34 KeyPairGenerator (java.security.KeyPairGenerator)32 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)32 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30 CertificateException (java.security.cert.CertificateException)29
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial