List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter getCertificate
public X509Certificate getCertificate(X509CertificateHolder certHolder) throws CertificateException
From source file:CA.java
License:Apache License
private static Certificate build(ContentSigner sigGen, X500Principal issuer, BigInteger serial, Date notBefore, Date notAfter, X500Principal subject, PublicKey publicKey) throws Exception { X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serial, notBefore, notAfter, subject, publicKey);//from www . j av a 2 s . c om X509CertificateHolder certHolder = certBuilder.build(sigGen); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); Certificate cert = null; cert = converter.getCertificate(certHolder); return cert; }
From source file:beta01.SimpleGenCert.java
private X509Certificate toX509Certificate(X509CertificateHolder holder) throws CertificateException { JcaX509CertificateConverter conv = new JcaX509CertificateConverter(); conv.setProvider("BC"); X509Certificate cert = conv.getCertificate(holder); return cert;//from w w w . java2s . c o m }
From source file:com.amazonaws.services.iot.demo.danbo.rpi.SslUtil.java
License:Open Source License
public static SSLSocketFactory getSslSocketFactory(final String caCrtFile, final String crtFile, final String keyFile, final String password) throws InvalidPathException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, Exception { Security.addProvider(new BouncyCastleProvider()); // load CA certificate PEMParser parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509CertificateHolder caCert = (X509CertificateHolder) parser.readObject(); parser.close();/* w w w . j a va 2s .co m*/ // load client certificate parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))))); X509CertificateHolder cert = (X509CertificateHolder) parser.readObject(); parser.close(); // load client private key parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile))))); Object obj = parser.readObject(); KeyPair key = null; JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); if (obj instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray()); converter = new JcaPEMKeyConverter().setProvider("BC"); key = converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(decProv)); } else { key = converter.getKeyPair((PEMKeyPair) obj); } parser.close(); JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter(); certConverter.setProvider("BC"); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", certConverter.getCertificate(caCert)); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // Client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", certConverter.getCertificate(cert)); ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[] { certConverter.getCertificate(cert) }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password.toCharArray()); // Finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:com.android.builder.internal.packaging.sign.SignatureTestUtils.java
License:Apache License
/** * Generates a private key / certificate. * * @param sign the asymmetric cypher, <em>e.g.</em>, {@code RSA} * @param full the full signature algorithm name, <em>e.g.</em>, {@code SHA1withRSA} * @return the pair with the private key and certificate * @throws Exception failed to generate the signature data *//*from ww w .ja v a2s. co m*/ @NonNull public static Pair<PrivateKey, X509Certificate> generateSignature(@NonNull String sign, @NonNull String full) throws Exception { // http://stackoverflow.com/questions/28538785/ // easy-way-to-generate-a-self-signed-certificate-for-java-security-keystore-using KeyPairGenerator generator = null; try { generator = KeyPairGenerator.getInstance(sign); } catch (NoSuchAlgorithmException e) { Assume.assumeNoException("Algorithm " + sign + " not supported.", e); } assertNotNull(generator); KeyPair keyPair = generator.generateKeyPair(); Date notBefore = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date notAfter = new Date(System.currentTimeMillis() + 365L * 24 * 60 * 60 * 1000); X500Name issuer = new X500Name(new X500Principal("cn=Myself").getName()); SubjectPublicKeyInfo publicKeyInfo; if (keyPair.getPublic() instanceof RSAPublicKey) { RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic(); publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo( new RSAKeyParameters(false, rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent())); } else if (keyPair.getPublic() instanceof ECPublicKey) { publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); } else { fail(); publicKeyInfo = null; } X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo); ContentSigner signer = new JcaContentSignerBuilder(full).setProvider(new BouncyCastleProvider()) .build(keyPair.getPrivate()); X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()); return Pair.of(keyPair.getPrivate(), converter.getCertificate(holder)); }
From source file:com.android.ide.common.signing.KeystoreHelper.java
License:Apache License
/** * Generates a key and self-signed certificate pair. * @param asymmetric the asymmetric encryption algorithm (<em>e.g.,</em> {@code RSA}) * @param sign the signature algorithm (<em>e.g.,</em> {@code SHA1withRSA}) * @param validityYears number of years the certificate should be valid, must be greater than * zero/*from w w w . j a v a2 s .com*/ * @param dn the distinguished name of the issuer and owner of the certificate * @return a pair with the private key and the corresponding certificate * @throws KeytoolException failed to generate the pair */ private static Pair<PrivateKey, X509Certificate> generateKeyAndCertificate(@NonNull String asymmetric, @NonNull String sign, int validityYears, @NonNull String dn) throws KeytoolException { Preconditions.checkArgument(validityYears > 0, "validityYears <= 0"); KeyPair keyPair; try { keyPair = KeyPairGenerator.getInstance(asymmetric).generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new KeytoolException( "Failed to generate key and certificate pair for " + "algorithm '" + asymmetric + "'.", e); } Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(System.currentTimeMillis() + validityYears * 365L * 24 * 60 * 60 * 1000); X500Name issuer = new X500Name(new X500Principal(dn).getName()); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo); ContentSigner signer; try { signer = new JcaContentSignerBuilder(sign).setProvider(new BouncyCastleProvider()) .build(keyPair.getPrivate()); } catch (OperatorCreationException e) { throw new KeytoolException("Failed to build content signer with signature algorithm '" + sign + "'.", e); } X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()); X509Certificate certificate; try { certificate = converter.getCertificate(holder); } catch (CertificateException e) { throw new KeytoolException("Failed to obtain the self-signed certificate.", e); } return Pair.of(keyPair.getPrivate(), certificate); }
From source file:com.cordova.plugin.CertPlugin.java
License:Open Source License
private X509Certificate getX509CertificateFromP7cert(String p7cert) { try {/*from ww w. ja v a 2 s . c om*/ byte[] encapSigData = Base64.decode(p7cert, 0); // ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); CMSSignedData s = new CMSSignedData(encapSigData); Store certStore = s.getCertificates(); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); @SuppressWarnings("unchecked") ArrayList<X509CertificateHolder> certificateHolders = (ArrayList<X509CertificateHolder>) certStore .getMatches(null); for (X509CertificateHolder holder : certificateHolders) { X509Certificate cert = converter.getCertificate(holder); X500Name x500Name = holder.getSubject(); RDN[] rdns = x500Name.getRDNs(BCStyle.CN); RDN rdn = rdns[0]; String name = IETFUtils.valueToString(rdn.getFirst().getValue()); if (!name.contains("ROOT")) { //cn ?? ROOT ?? return cert; } // certList.add(cert); } return null; } catch (Exception e) { e.printStackTrace(); } return null; }
From source file:com.gitblit.utils.X509Utils.java
License:Apache License
/** * Creates a new certificate authority PKCS#12 store. This function will * destroy any existing CA store./*from w ww . ja v a 2 s. co m*/ * * @param metadata * @param storeFile * @param keystorePassword * @param x509log * @return */ public static X509Certificate newCertificateAuthority(X509Metadata metadata, File storeFile, X509Log x509log) { try { KeyPair caPair = newKeyPair(); ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC) .build(caPair.getPrivate()); // clone metadata X509Metadata caMetadata = metadata.clone(CA_CN, metadata.password); X500Name issuerDN = buildDistinguishedName(caMetadata); // Generate self-signed certificate X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(issuerDN, BigInteger.valueOf(System.currentTimeMillis()), caMetadata.notBefore, caMetadata.notAfter, issuerDN, caPair.getPublic()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); caBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic())); caBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic())); caBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true)); caBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC); X509Certificate cert = converter.getCertificate(caBuilder.build(caSigner)); // confirm the validity of the CA certificate cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Delete existing keystore if (storeFile.exists()) { storeFile.delete(); } // Save private key and certificate to new keystore KeyStore store = openKeyStore(storeFile, caMetadata.password); store.setKeyEntry(CA_ALIAS, caPair.getPrivate(), caMetadata.password.toCharArray(), new Certificate[] { cert }); saveKeyStore(storeFile, store, caMetadata.password); x509log.log(MessageFormat.format("New CA certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getIssuerDN().getName())); // update serial number in metadata object caMetadata.serialNumber = cert.getSerialNumber().toString(); return cert; } catch (Throwable t) { throw new RuntimeException("Failed to generate Gitblit CA certificate!", t); } }
From source file:com.itextpdf.signatures.SignUtils.java
License:Open Source License
static Iterable<X509Certificate> getCertsFromOcspResponse(BasicOCSPResp ocspResp) { List<X509Certificate> certs = new ArrayList<>(); X509CertificateHolder[] certHolders = ocspResp.getCerts(); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); for (X509CertificateHolder certHolder : certHolders) { try {/* ww w .j a va2 s . c o m*/ certs.add(converter.getCertificate(certHolder)); } catch (Exception ex) { } } return certs; }
From source file:com.liferay.sync.engine.lan.util.LanPEMParserUtil.java
License:Open Source License
public static X509Certificate parseX509Certificate(String certificate) throws Exception { StringBuilder sb = new StringBuilder(); sb.append("-----BEGIN CERTIFICATE-----\n"); sb.append(certificate);/*from ww w .j a v a 2s . c o m*/ if (!certificate.endsWith("\n")) { sb.append("\n"); } sb.append("-----END CERTIFICATE-----"); PEMParser pemParser = new PEMParser(new StringReader(sb.toString())); JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); return jcaX509CertificateConverter.getCertificate((X509CertificateHolder) pemParser.readObject()); }
From source file:com.liferay.sync.util.SyncUtil.java
License:Open Source License
public static void enableLanSync(long companyId) throws Exception { String lanServerUuid = PrefsPropsUtil.getString(companyId, SyncConstants.SYNC_LAN_SERVER_UUID); if (Validator.isNotNull(lanServerUuid)) { return;/* w ww . j av a2 s . co m*/ } lanServerUuid = PortalUUIDUtil.generate(); X500Name x500Name = new X500Name("CN=" + lanServerUuid); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); X509v3CertificateBuilder x509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), new Date(System.currentTimeMillis() - Time.YEAR), new Date(System.currentTimeMillis() + Time.YEAR * 1000), x500Name, keyPair.getPublic()); PrivateKey privateKey = keyPair.getPrivate(); JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption"); JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); jcaX509CertificateConverter.setProvider(_provider); X509Certificate x509Certificate = jcaX509CertificateConverter .getCertificate(x509v3CertificateBuilder.build(jcaContentSignerBuilder.build(privateKey))); x509Certificate.verify(keyPair.getPublic()); PortletPreferences portletPreferences = PrefsPropsUtil.getPreferences(companyId); portletPreferences.setValue(SyncConstants.SYNC_LAN_CERTIFICATE, Base64.encode(x509Certificate.getEncoded())); portletPreferences.setValue(SyncConstants.SYNC_LAN_KEY, Base64.encode(privateKey.getEncoded())); portletPreferences.setValue(SyncConstants.SYNC_LAN_SERVER_UUID, lanServerUuid); portletPreferences.store(); }