Examples with X500Name sun.security.x509.X500Name used on opensource projects

Search in sources :

Example 31 with X500Name

use of sun.security.x509.X500Name in project poi by apache.

the class XAdESXLSignatureFacet method postSign.

@Override
public void postSign(Document document) throws MarshalException {
    LOG.log(POILogger.DEBUG, "XAdES-X-L post sign phase");
    QualifyingPropertiesDocument qualDoc = null;
    QualifyingPropertiesType qualProps = null;
    // check for XAdES-BES
    NodeList qualNl = document.getElementsByTagNameNS(XADES_132_NS, "QualifyingProperties");
    if (qualNl.getLength() == 1) {
        try {
            qualDoc = QualifyingPropertiesDocument.Factory.parse(qualNl.item(0), DEFAULT_XML_OPTIONS);
        } catch (XmlException e) {
            throw new MarshalException(e);
        }
        qualProps = qualDoc.getQualifyingProperties();
    } else {
        throw new MarshalException("no XAdES-BES extension present");
    }
    // create basic XML container structure
    UnsignedPropertiesType unsignedProps = qualProps.getUnsignedProperties();
    if (unsignedProps == null) {
        unsignedProps = qualProps.addNewUnsignedProperties();
    }
    UnsignedSignaturePropertiesType unsignedSigProps = unsignedProps.getUnsignedSignatureProperties();
    if (unsignedSigProps == null) {
        unsignedSigProps = unsignedProps.addNewUnsignedSignatureProperties();
    }
    // create the XAdES-T time-stamp
    NodeList nlSigVal = document.getElementsByTagNameNS(XML_DIGSIG_NS, "SignatureValue");
    if (nlSigVal.getLength() != 1) {
        throw new IllegalArgumentException("SignatureValue is not set.");
    }
    RevocationData tsaRevocationDataXadesT = new RevocationData();
    LOG.log(POILogger.DEBUG, "creating XAdES-T time-stamp");
    XAdESTimeStampType signatureTimeStamp = createXAdESTimeStamp(Collections.singletonList(nlSigVal.item(0)), tsaRevocationDataXadesT);
    // marshal the XAdES-T extension
    unsignedSigProps.addNewSignatureTimeStamp().set(signatureTimeStamp);
    // xadesv141::TimeStampValidationData
    if (tsaRevocationDataXadesT.hasRevocationDataEntries()) {
        ValidationDataType validationData = createValidationData(tsaRevocationDataXadesT);
        insertXChild(unsignedSigProps, validationData);
    }
    if (signatureConfig.getRevocationDataService() == null) {
        /*
             * Without revocation data service we cannot construct the XAdES-C
             * extension.
             */
        return;
    }
    // XAdES-C: complete certificate refs
    CompleteCertificateRefsType completeCertificateRefs = unsignedSigProps.addNewCompleteCertificateRefs();
    CertIDListType certIdList = completeCertificateRefs.addNewCertRefs();
    /*
         * We skip the signing certificate itself according to section
         * 4.4.3.2 of the XAdES 1.4.1 specification.
         */
    List<X509Certificate> certChain = signatureConfig.getSigningCertificateChain();
    int chainSize = certChain.size();
    if (chainSize > 1) {
        for (X509Certificate cert : certChain.subList(1, chainSize)) {
            CertIDType certId = certIdList.addNewCert();
            XAdESSignatureFacet.setCertID(certId, signatureConfig, false, cert);
        }
    }
    // XAdES-C: complete revocation refs
    CompleteRevocationRefsType completeRevocationRefs = unsignedSigProps.addNewCompleteRevocationRefs();
    RevocationData revocationData = signatureConfig.getRevocationDataService().getRevocationData(certChain);
    if (revocationData.hasCRLs()) {
        CRLRefsType crlRefs = completeRevocationRefs.addNewCRLRefs();
        completeRevocationRefs.setCRLRefs(crlRefs);
        for (byte[] encodedCrl : revocationData.getCRLs()) {
            CRLRefType crlRef = crlRefs.addNewCRLRef();
            X509CRL crl;
            try {
                crl = (X509CRL) this.certificateFactory.generateCRL(new ByteArrayInputStream(encodedCrl));
            } catch (CRLException e) {
                throw new RuntimeException("CRL parse error: " + e.getMessage(), e);
            }
            CRLIdentifierType crlIdentifier = crlRef.addNewCRLIdentifier();
            String issuerName = crl.getIssuerDN().getName().replace(",", ", ");
            crlIdentifier.setIssuer(issuerName);
            Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
            cal.setTime(crl.getThisUpdate());
            crlIdentifier.setIssueTime(cal);
            crlIdentifier.setNumber(getCrlNumber(crl));
            DigestAlgAndValueType digestAlgAndValue = crlRef.addNewDigestAlgAndValue();
            XAdESSignatureFacet.setDigestAlgAndValue(digestAlgAndValue, encodedCrl, signatureConfig.getDigestAlgo());
        }
    }
    if (revocationData.hasOCSPs()) {
        OCSPRefsType ocspRefs = completeRevocationRefs.addNewOCSPRefs();
        for (byte[] ocsp : revocationData.getOCSPs()) {
            try {
                OCSPRefType ocspRef = ocspRefs.addNewOCSPRef();
                DigestAlgAndValueType digestAlgAndValue = ocspRef.addNewDigestAlgAndValue();
                XAdESSignatureFacet.setDigestAlgAndValue(digestAlgAndValue, ocsp, signatureConfig.getDigestAlgo());
                OCSPIdentifierType ocspIdentifier = ocspRef.addNewOCSPIdentifier();
                OCSPResp ocspResp = new OCSPResp(ocsp);
                BasicOCSPResp basicOcspResp = (BasicOCSPResp) ocspResp.getResponseObject();
                Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
                cal.setTime(basicOcspResp.getProducedAt());
                ocspIdentifier.setProducedAt(cal);
                ResponderIDType responderId = ocspIdentifier.addNewResponderID();
                RespID respId = basicOcspResp.getResponderId();
                ResponderID ocspResponderId = respId.toASN1Primitive();
                DERTaggedObject derTaggedObject = (DERTaggedObject) ocspResponderId.toASN1Primitive();
                if (2 == derTaggedObject.getTagNo()) {
                    ASN1OctetString keyHashOctetString = (ASN1OctetString) derTaggedObject.getObject();
                    byte[] key = keyHashOctetString.getOctets();
                    responderId.setByKey(key);
                } else {
                    X500Name name = X500Name.getInstance(derTaggedObject.getObject());
                    String nameStr = name.toString();
                    responderId.setByName(nameStr);
                }
            } catch (Exception e) {
                throw new RuntimeException("OCSP decoding error: " + e.getMessage(), e);
            }
        }
    }
    // marshal XAdES-C
    // XAdES-X Type 1 timestamp
    List<Node> timeStampNodesXadesX1 = new ArrayList<Node>();
    timeStampNodesXadesX1.add(nlSigVal.item(0));
    timeStampNodesXadesX1.add(signatureTimeStamp.getDomNode());
    timeStampNodesXadesX1.add(completeCertificateRefs.getDomNode());
    timeStampNodesXadesX1.add(completeRevocationRefs.getDomNode());
    RevocationData tsaRevocationDataXadesX1 = new RevocationData();
    LOG.log(POILogger.DEBUG, "creating XAdES-X time-stamp");
    XAdESTimeStampType timeStampXadesX1 = createXAdESTimeStamp(timeStampNodesXadesX1, tsaRevocationDataXadesX1);
    if (tsaRevocationDataXadesX1.hasRevocationDataEntries()) {
        ValidationDataType timeStampXadesX1ValidationData = createValidationData(tsaRevocationDataXadesX1);
        insertXChild(unsignedSigProps, timeStampXadesX1ValidationData);
    }
    // marshal XAdES-X
    unsignedSigProps.addNewSigAndRefsTimeStamp().set(timeStampXadesX1);
    // XAdES-X-L
    CertificateValuesType certificateValues = unsignedSigProps.addNewCertificateValues();
    for (X509Certificate certificate : certChain) {
        EncapsulatedPKIDataType encapsulatedPKIDataType = certificateValues.addNewEncapsulatedX509Certificate();
        try {
            encapsulatedPKIDataType.setByteArrayValue(certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new RuntimeException("certificate encoding error: " + e.getMessage(), e);
        }
    }
    RevocationValuesType revocationValues = unsignedSigProps.addNewRevocationValues();
    createRevocationValues(revocationValues, revocationData);
    // marshal XAdES-X-L
    Node n = document.importNode(qualProps.getDomNode(), true);
    qualNl.item(0).getParentNode().replaceChild(n, qualNl.item(0));
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) MarshalException(javax.xml.crypto.MarshalException) X509CRL(java.security.cert.X509CRL) ValidationDataType(org.etsi.uri.x01903.v14.ValidationDataType) Node(org.w3c.dom.Node) ResponderID(org.bouncycastle.asn1.ocsp.ResponderID) ArrayList(java.util.ArrayList) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) X500Name(org.bouncycastle.asn1.x500.X500Name) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) CRLException(java.security.cert.CRLException) RevocationData(org.apache.poi.poifs.crypt.dsig.services.RevocationData) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) NodeList(org.w3c.dom.NodeList) Calendar(java.util.Calendar) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) MarshalException(javax.xml.crypto.MarshalException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) XmlException(org.apache.xmlbeans.XmlException) CRLException(java.security.cert.CRLException) CertificateEncodingException(java.security.cert.CertificateEncodingException) ByteArrayInputStream(java.io.ByteArrayInputStream) XmlException(org.apache.xmlbeans.XmlException) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) RespID(org.bouncycastle.cert.ocsp.RespID)

Example 32 with X500Name

use of sun.security.x509.X500Name in project oxAuth by GluuFederation.

the class OxAuthCryptoProvider method generateV3Certificate.

public X509Certificate generateV3Certificate(KeyPair keyPair, String issuer, String signatureAlgorithm, Long expirationTime) throws CertIOException, OperatorCreationException, CertificateException {
    PrivateKey privateKey = keyPair.getPrivate();
    PublicKey publicKey = keyPair.getPublic();
    // Signers name
    X500Name issuerName = new X500Name(issuer);
    // Subjects name - the same as we are self signed.
    X500Name subjectName = new X500Name(issuer);
    // Serial
    BigInteger serial = new BigInteger(256, new SecureRandom());
    // Not before
    Date notBefore = new Date(System.currentTimeMillis() - 10000);
    Date notAfter = new Date(expirationTime);
    // Create the certificate - version 3
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, notBefore, notAfter, subjectName, publicKey);
    ASN1EncodableVector purposes = new ASN1EncodableVector();
    purposes.add(KeyPurposeId.id_kp_serverAuth);
    purposes.add(KeyPurposeId.id_kp_clientAuth);
    purposes.add(KeyPurposeId.anyExtendedKeyUsage);
    ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37").intern();
    builder.addExtension(extendedKeyUsage, false, new DERSequence(purposes));
    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider("BC").build(privateKey);
    X509CertificateHolder holder = builder.build(signer);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder);
    return cert;
}
Also used : PrivateKey(java.security.PrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) DERSequence(org.bouncycastle.asn1.DERSequence) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 33 with X500Name

use of sun.security.x509.X500Name in project oxTrust by GluuFederation.

the class UpdateTrustRelationshipAction method getCertForGeneratedSP.

/**
	 * If there is no certificate selected, or certificate is invalid -
	 * generates one.
	 * 
	 * @author �Oleksiy Tataryn�
	 * @return certificate for generated SP
	 * @throws CertificateEncodingException
	 */
public String getCertForGeneratedSP() {
    X509Certificate cert = null;
    try {
        cert = sslService.getPEMCertificate(certWrapper.getStream());
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    if (cert == null) {
        facesMessages.add(FacesMessage.SEVERITY_INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.");
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGen.initialize(2048);
            KeyPair pair = keyPairGen.generateKeyPair();
            StringWriter keyWriter = new StringWriter();
            PEMWriter pemFormatWriter = new PEMWriter(keyWriter);
            pemFormatWriter.writeObject(pair.getPrivate());
            pemFormatWriter.close();
            String url = trustRelationship.getUrl().replaceFirst(".*//", "");
            X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"), BigInteger.valueOf(new SecureRandom().nextInt()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"), pair.getPublic());
            cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(pair.getPrivate())));
            org.apache.commons.codec.binary.Base64 encoder = new org.apache.commons.codec.binary.Base64(64);
            byte[] derCert = cert.getEncoded();
            String pemCertPre = new String(encoder.encode(derCert));
            log.debug(Shibboleth3ConfService.PUBLIC_CERTIFICATE_START_LINE);
            log.debug(pemCertPre);
            log.debug(Shibboleth3ConfService.PUBLIC_CERTIFICATE_END_LINE);
            saveCert(trustRelationship, pemCertPre);
            saveKey(trustRelationship, keyWriter.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    //			String certName = appConfiguration.getCertDir() + File.separator + StringHelper.removePunctuation(appConfiguration.getOrgInum())
    //					+ "-shib.crt";
    //			File certFile = new File(certName);
    //			if (certFile.exists()) {
    //				cert = SSLService.instance().getPEMCertificate(certName);
    //			}
    }
    String certificate = null;
    if (cert != null) {
        try {
            certificate = new String(Base64.encode(cert.getEncoded()));
            log.info("##### certificate = " + certificate);
        } catch (CertificateEncodingException e) {
            certificate = null;
            facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to encode provided certificate. Please notify Gluu support about this.");
            log.error("Failed to encode certificate to DER", e);
        }
    } else {
        facesMessages.add(FacesMessage.SEVERITY_INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.");
    }
    return certificate;
}
Also used : KeyPair(java.security.KeyPair) Base64(org.bouncycastle.util.encoders.Base64) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) SecureRandom(java.security.SecureRandom) PEMWriter(org.bouncycastle.openssl.PEMWriter) CertificateEncodingException(java.security.cert.CertificateEncodingException) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) LdapMappingException(org.gluu.site.ldap.persistence.exception.LdapMappingException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) Date(java.util.Date) StringWriter(java.io.StringWriter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 34 with X500Name

use of sun.security.x509.X500Name in project jdk8u_jdk by JetBrains.

the class VerifierWrapper method getServername.

/*
     * Extract the name of the SSL server from the certificate.
     *
     * Note this code is essentially a subset of the hostname extraction
     * code in HostnameChecker.
     */
private static String getServername(X509Certificate peerCert) {
    try {
        // compare to subjectAltNames if dnsName is present
        Collection<List<?>> subjAltNames = peerCert.getSubjectAlternativeNames();
        if (subjAltNames != null) {
            for (Iterator<List<?>> itr = subjAltNames.iterator(); itr.hasNext(); ) {
                List<?> next = itr.next();
                if (((Integer) next.get(0)).intValue() == 2) {
                    // compare dNSName with host in url
                    String dnsName = ((String) next.get(1));
                    return dnsName;
                }
            }
        }
        // else check against common name in the subject field
        X500Name subject = HostnameChecker.getSubjectX500Name(peerCert);
        DerValue derValue = subject.findMostSpecificAttribute(X500Name.commonName_oid);
        if (derValue != null) {
            try {
                String name = derValue.getAsString();
                return name;
            } catch (IOException e) {
            // ignore
            }
        }
    } catch (java.security.cert.CertificateException e) {
    // ignore
    }
    return null;
}
Also used : DerValue(sun.security.util.DerValue) List(java.util.List) java.security.cert(java.security.cert) X500Name(sun.security.x509.X500Name) IOException(java.io.IOException)

Example 35 with X500Name

use of sun.security.x509.X500Name in project jdk8u_jdk by JetBrains.

the class X500Principal method readObject.

/**
     * Reads this object from a stream (i.e., deserializes it)
     */
private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, java.io.NotActiveException, ClassNotFoundException {
    s.defaultReadObject();
    // re-create thisX500Name
    thisX500Name = new X500Name(name);
}
Also used : X500Name(sun.security.x509.X500Name)

Aggregations

X500Name (org.bouncycastle.asn1.x500.X500Name)54 X509Certificate (java.security.cert.X509Certificate)38 X500Name (sun.security.x509.X500Name)30 IOException (java.io.IOException)22 Date (java.util.Date)21 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)20 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)18 BigInteger (java.math.BigInteger)17 SecureRandom (java.security.SecureRandom)16 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)15 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)15 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)15 KeyPair (java.security.KeyPair)12 PrivateKey (java.security.PrivateKey)12 CertificateEncodingException (java.security.cert.CertificateEncodingException)12 RDN (org.bouncycastle.asn1.x500.RDN)12 KeyStore (java.security.KeyStore)11 ContentSigner (org.bouncycastle.operator.ContentSigner)11 ArrayList (java.util.ArrayList)10 GeneralName (org.bouncycastle.asn1.x509.GeneralName)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial