List of usage examples for java.security.cert X509Certificate checkValidity
public abstract void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException;
From source file:com.thoughtworks.go.security.X509CertificateGenerator.java
private X509Certificate createIntermediateCertificate(PrivateKey caPrivKey, X509Certificate caCert, Date startDate, KeyPair keyPair) throws Exception { X500Name issuerDn = JcaX500NameUtil.getSubject(caCert); X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE); subjectBuilder.addRDN(BCStyle.OU, INTERMEDIATE_CERT_OU); subjectBuilder.addRDN(BCStyle.EmailAddress, CERT_EMAIL); X500Name subjectDn = subjectBuilder.build(); X509CertificateGenerator.V3X509CertificateGenerator v3CertGen = new V3X509CertificateGenerator(startDate, issuerDn, subjectDn, keyPair.getPublic(), serialNumber()); // extensions v3CertGen.addSubjectKeyIdExtension(keyPair.getPublic()); v3CertGen.addAuthorityKeyIdExtension(caCert); v3CertGen.addBasicConstraintsExtension(); X509Certificate cert = v3CertGen.generate(caPrivKey); Date now = new Date(); cert.checkValidity(now); cert.verify(caCert.getPublicKey());//from w ww . j a v a 2 s . co m PKCS12BagAttributeSetter.usingBagAttributeCarrier(cert).setFriendlyName(INTERMEDIATE_CERT_OU); PKCS12BagAttributeSetter.usingBagAttributeCarrier(keyPair.getPrivate()).setFriendlyName(FRIENDLY_NAME) .setLocalKeyId(keyPair.getPublic()); return cert; }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
public X509Certificate createClass3RootCert(KeyPair keyPair, PrivateKey ppk, X509Certificate caCert) throws Exception { X500Name idn = CertificateUtil.getSubject(caCert); BigInteger sno = BigInteger.valueOf(5); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X500Name sdn = X500NameUtil.createClass3RootPrincipal(); PublicKey pubKey = keyPair.getPublic(); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, sdn, pubKey); addSubjectKID(certBuilder, pubKey);//from w w w . j a v a 2 s . c om addAuthorityKID(certBuilder, caCert.getPublicKey()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(Boolean.TRUE)); X509Certificate certificate = signCert(certBuilder, ppk); certificate.checkValidity(new Date()); certificate.verify(caCert.getPublicKey()); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
public X509Certificate createClass1CaCert(KeyPair keyPair, PrivateKey ppk, X509Certificate caCert) throws Exception { X500Name idn = CertificateUtil.getSubject(caCert); BigInteger sno = BigInteger.valueOf(3); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X500Name sdn = X500NameUtil.createClass1RootPrincipal(); PublicKey pubKey = keyPair.getPublic(); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, sdn, pubKey); addSubjectKID(certBuilder, pubKey);/*from w w w . ja va 2s . c om*/ addAuthorityKID(certBuilder, caCert.getPublicKey()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(3)); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU)); X509Certificate certificate = signCert(certBuilder, ppk); certificate.checkValidity(new Date()); certificate.verify(caCert.getPublicKey()); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
private X509Certificate createRootCaCert(X500Name idn, KeyPair keyPair) throws Exception { PublicKey pubKey = keyPair.getPublic(); PrivateKey privKey = keyPair.getPrivate(); BigInteger sno = BigInteger.valueOf(1); Date nb = new Date(System.currentTimeMillis() - ONE_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, idn, pubKey); addSubjectKID(certBuilder, pubKey);//from www . jav a2s.c o m addAuthorityKID(certBuilder, pubKey); addCRLDistributionPoints(certBuilder); addAuthorityInfoAccess(certBuilder); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(Boolean.TRUE)); X509Certificate certificate = signCert(certBuilder, privKey); certificate.checkValidity(new Date()); certificate.verify(pubKey); setPKCS9Info(certificate); return certificate; }
From source file:org.ejbca.ui.web.pub.AutoEnrollServlet.java
/** * Return "OK" if renewal isn't needed.// w ww. j a v a 2 s . co m */ private String returnStatus(AuthenticationToken admin, String username) { if (!endEntityManagementSession.existsUser(username)) { return "NO_SUCH_USER"; } Collection<Certificate> certificates = certificateStoreSession.findCertificatesByUsername(username); Iterator<Certificate> iter = certificates.iterator(); if (!iter.hasNext()) { return "NO_CERTIFICATES"; } while (iter.hasNext()) { X509Certificate cert = (X509Certificate) iter.next(); try { cert.checkValidity(new Date(System.currentTimeMillis() + 14 * 24 * 3600 * 1000)); return "OK"; } catch (CertificateExpiredException e) { try { cert.checkValidity(new Date(System.currentTimeMillis())); return "EXPIRING"; } catch (CertificateExpiredException e1) { } catch (CertificateNotYetValidException e1) { return "ERROR"; } } catch (CertificateNotYetValidException e) { return "ERROR"; } } return "EXPIRED"; }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
public X509Certificate createRootCaCert(final KeyPair keyPair) throws Exception { PublicKey pubKey = keyPair.getPublic(); PrivateKey privKey = keyPair.getPrivate(); X500Name idn = X500NameUtil.createRootPrincipal(); BigInteger sno = BigInteger.valueOf(1); Date nb = new Date(System.currentTimeMillis() - ONE_DAY); Date na = new Date(nb.getTime() + TWENTY_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, sno, nb, na, idn, pubKey); addSubjectKID(certBuilder, pubKey);//from w w w . ja v a2s . c o m addAuthorityKID(certBuilder, pubKey); addCRLDistributionPoints(certBuilder); addAuthorityInfoAccess(certBuilder); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(Boolean.TRUE)); X509Certificate certificate = signCert(certBuilder, privKey); certificate.checkValidity(new Date()); certificate.verify(pubKey); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.encrypt.cert.gen.BCCertGenerator.java
public X509Certificate createClass1EndCert(X500Name sdn, PublicKey pubKey, KeyPair pKeyPair) throws Exception { PublicKey pPubKey = pKeyPair.getPublic(); PrivateKey pPrivKey = pKeyPair.getPrivate(); X500Name issuer = X500NameUtil.createClass1RootPrincipal(); BigInteger sno = BigInteger.valueOf(System.currentTimeMillis()); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + FIVE_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, sno, nb, na, sdn, pubKey); addSubjectKID(certBuilder, pubKey);//from ww w . ja v a2 s. co m addAuthorityKID(certBuilder, pPubKey); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU)); certBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(END_KEY_USAGE)); X509Certificate certificate = signCert(certBuilder, pPrivKey); certificate.checkValidity(new Date()); certificate.verify(pPubKey); setPKCS9Info(certificate); return certificate; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
private X509Certificate createEndCert(X500Name subject, PublicKey pubKey, KeyPair pKeyPair, X500Name issuer) throws Exception { PublicKey pPubKey = pKeyPair.getPublic(); PrivateKey pPrivKey = pKeyPair.getPrivate(); BigInteger sno = BigInteger.valueOf(System.currentTimeMillis()); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + FIVE_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, sno, nb, na, subject, pubKey);/*from w w w . java 2s .com*/ addSubjectKID(certBuilder, pubKey); addAuthorityKID(certBuilder, pPubKey); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(BASE_EKU)); certBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(END_KEY_USAGE)); X509Certificate certificate = signCert(certBuilder, pPrivKey); certificate.checkValidity(new Date()); certificate.verify(pPubKey); setPKCS9Info(certificate); return certificate; }
From source file:com.thoughtworks.go.security.X509CertificateGenerator.java
private X509Certificate createAgentCertificate(PublicKey publicKey, PrivateKey intermediatePrivateKey, PublicKey intermediatePublicKey, String hostname, Date startDate) throws Exception { X500NameBuilder issuerBuilder = new X500NameBuilder(BCStyle.INSTANCE); issuerBuilder.addRDN(BCStyle.OU, INTERMEDIATE_CERT_OU); issuerBuilder.addRDN(BCStyle.EmailAddress, CERT_EMAIL); X500Name issuerDn = issuerBuilder.build(); X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE); subjectBuilder.addRDN(BCStyle.OU, AGENT_CERT_OU); subjectBuilder.addRDN(BCStyle.CN, hostname); subjectBuilder.addRDN(BCStyle.EmailAddress, CERT_EMAIL); X500Name subjectDn = subjectBuilder.build(); X509CertificateGenerator.V3X509CertificateGenerator v3CertGen = new V3X509CertificateGenerator(startDate, issuerDn, subjectDn, publicKey, BigInteger.valueOf(3)); // add the extensions v3CertGen.addSubjectKeyIdExtension(publicKey); v3CertGen.addAuthorityKeyIdExtension(intermediatePublicKey); X509Certificate cert = v3CertGen.generate(intermediatePrivateKey); Date now = new Date(); cert.checkValidity(now); cert.verify(intermediatePublicKey);/*from w w w . ja v a2 s .c om*/ PKCS12BagAttributeSetter.usingBagAttributeCarrier(cert).setFriendlyName("cruise-agent") .setLocalKeyId(publicKey); return cert; }
From source file:com.aqnote.shared.cryptology.cert.gen.CertGenerator.java
public X509Certificate createClass3EndCert(long sno, X500Name sdn, Map<String, String> exts, PublicKey pubKey, KeyPair pKeyPair) throws Exception { PublicKey pPubKey = pKeyPair.getPublic(); PrivateKey pPrivKey = pKeyPair.getPrivate(); X500Name idn = X500NameUtil.createClass3CaPrincipal(); BigInteger _sno = BigInteger.valueOf(sno <= 0 ? System.currentTimeMillis() : sno); Date nb = new Date(System.currentTimeMillis() - HALF_DAY); Date na = new Date(nb.getTime() + FIVE_YEAR); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(idn, _sno, nb, na, sdn, pubKey); addSubjectKID(certBuilder, pubKey);//from w w w . java2 s . co m addAuthorityKID(certBuilder, pPubKey); certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(MOST_EKU)); certBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(END_KEY_USAGE)); if (exts != null) { Set<String> key = exts.keySet(); for (Iterator<String> it = key.iterator(); it.hasNext();) { String oid = it.next(); String value = exts.get(oid); if (!StringUtils.isBlank(value)) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, new DEROctetString(value.getBytes())); } } } X509Certificate certificate = signCert(certBuilder, pPrivKey); certificate.checkValidity(new Date()); certificate.verify(pPubKey); setPKCS9Info(certificate); return certificate; }