List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:jp.pigumer.mqtt.Client.java
License:Apache License
Optional<KeyStore> loadKeyStore() {
X509Certificate cert;//w w w . j a va 2 s.c om
if (caFile == null) {
return Optional.empty();
}
try (InputStream is = caFile.getInputStream()) {
InputStreamReader isr = new InputStreamReader(is);
PEMParser parser = new PEMParser(isr);
X509CertificateHolder holder = (X509CertificateHolder) parser.readObject();
cert = new JcaX509CertificateConverter().getCertificate(holder);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", cert);
return Optional.of(keyStore);
} catch (Exception e) {
LOGGER.log(Level.SEVERE, "failed load", e);
return Optional.empty();
}
}
From source file:mitm.common.security.certificate.impl.StandardX509CertificateBuilder.java
License:Open Source License
private X509Certificate getCertificate(X509CertificateHolder holder) throws CertificateException { JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); converter.setProvider(certificateProvider); return converter.getCertificate(holder); }
From source file:mitm.common.security.cms.AbstractCMSSignedDataAdapterImpl.java
License:Open Source License
@Override public List<X509Certificate> getCertificates(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException { List<X509Certificate> certificates = new LinkedList<X509Certificate>(); Store store = getCertificateStore(); if (store != null) { Collection<?> holders = store.getMatches(null); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); converter.setProvider(provider); for (Object holder : holders) { if (holder instanceof X509CertificateHolder) { try { certificates.add(converter.getCertificate((X509CertificateHolder) holder)); } catch (CertificateException e) { if (logger.isDebugEnabled()) { logger.warn("Certificate is not valid.", e); } else { logger.warn("Certificate is not valid."); }/*from w ww . ja va 2 s .c o m*/ } } else { logger.warn("object not an X509CertificateHolder"); } } } return certificates; }
From source file:net.e6tech.elements.security.JCEKS.java
License:Apache License
public static X509Certificate generateSelfSignedCertificate(String info, KeyPair pair, int years) { try {/*from ww w . j av a 2 s . co m*/ X500Principal principal = new X500Principal(info); Date notBefore = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000L); Date notAfter = new Date(System.currentTimeMillis() + years * 365 * 24 * 60 * 60 * 1000L); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial, notBefore, notAfter, principal, pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC") .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); return cert; } catch (Exception t) { throw new SystemException("Failed to generate self-signed certificate!", t); } }
From source file:net.etfbl.cryptodigitalcertificate.tool.CryptoDCTool.java
public void signCSR() { assertParameter(inputFile, "-in"); assertParameter(clientKeysFile, "-keys"); assertParameter(outputFile, "-out"); try {/* w ww.ja v a 2 s .c om*/ CryptoPEMExtractor exctractor = new CryptoPEMExtractor(); //Load CA keys and CA certificate KeyPair caKeys = exctractor.loadKeyPair(this.getClass().getResourceAsStream("/keys/caprivate.key")); CertificateFactory fact = CertificateFactory.getInstance("X.509"); X509Certificate cacert = (X509Certificate) fact .generateCertificate(this.getClass().getResourceAsStream("/certs/cacert.pem")); //Load certificate request PKCS10CertificationRequest request = (PKCS10CertificationRequest) exctractor.loadObject(inputFile); //Setup X509 certificate generator with specified certificate data X509v3CertificateBuilder certgen = setupCertificateData(cacert, request); ContentSigner signer = setupHashAndSignAlgorythm(caKeys); //Create certificate X509CertificateHolder holder = certgen.build(signer); X509Certificate clientCert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder); //Generate password String exportPassword = java.util.UUID.randomUUID().toString().substring(0, 4); //Save certificate in keystore storeCertificateInKeyStore(cacert, clientCert, exportPassword); System.out.println("\nGenerated PKCS#12 file. Password is: " + exportPassword); } catch (CertificateException | OperatorCreationException | KeyStoreException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException | IOException ex) { System.out.println(ex.getMessage()); } }
From source file:net.jmhertlein.mcanalytics.api.auth.SSLUtil.java
License:Open Source License
/** * Creates a new self-signed X509 certificate * * @param pair the public/private keypair- the pubkey will be added to the cert and the private * key will be used to sign the certificate * @param subject the distinguished name of the subject * @param isAuthority true to make the cert a CA cert, false otherwise * @return//from w ww . j ava2s.c o m */ public static X509Certificate newSelfSignedCertificate(KeyPair pair, X500Name subject, boolean isAuthority) { X509v3CertificateBuilder b = new JcaX509v3CertificateBuilder(subject, BigInteger.probablePrime(128, new SecureRandom()), Date.from(Instant.now().minusSeconds(1)), Date.from(LocalDateTime.now().plusYears(3).toInstant(ZoneOffset.UTC)), subject, pair.getPublic()); try { b.addExtension(Extension.basicConstraints, true, new BasicConstraints(isAuthority)); } catch (CertIOException ex) { Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex); } try { X509CertificateHolder bcCert = b.build( new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider("BC").build(pair.getPrivate())); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(bcCert); } catch (CertificateException | OperatorCreationException ex) { Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex); return null; } }
From source file:net.jmhertlein.mcanalytics.api.auth.SSLUtil.java
License:Open Source License
/** * Given a certificate signing request, produce a signed certificate. * * @param caKey/*www . j a v a2 s .c o m*/ * @param caCert * @param r * @param makeAuthority * @return */ public static X509Certificate fulfillCertRequest(PrivateKey caKey, X509Certificate caCert, PKCS10CertificationRequest r, boolean makeAuthority) { X509v3CertificateBuilder b = new JcaX509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()), // the order of O,OU,CN returned is very important BigInteger.probablePrime(128, new SecureRandom()), Date.from(Instant.now().minusSeconds(1)), Date.from(LocalDateTime.now().plusYears(3).toInstant(ZoneOffset.UTC)), r.getSubject(), getPublicKeyFromInfo(r.getSubjectPublicKeyInfo())); try { b.addExtension(Extension.basicConstraints, true, new BasicConstraints(makeAuthority)); } catch (CertIOException ex) { Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex); } try { ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider("BC").build(caKey); X509CertificateHolder build = b.build(signer); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(build); } catch (OperatorCreationException | CertificateException ex) { Logger.getLogger(SSLUtil.class.getName()).log(Level.SEVERE, null, ex); return null; } }
From source file:net.link.util.common.KeyUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, PrivateKey issuerPrivateKey, @Nullable X509Certificate issuerCert, DateTime notBefore, DateTime notAfter, String inSignatureAlgorithm, boolean caCert, boolean timeStampingPurpose, @Nullable URI ocspUri) {//from w ww .j a v a 2 s . co m try { String signatureAlgorithm = inSignatureAlgorithm; if (null == signatureAlgorithm) signatureAlgorithm = String.format("SHA1With%s", issuerPrivateKey.getAlgorithm()); X509Principal issuerDN; if (null != issuerCert) issuerDN = new X509Principal(issuerCert.getSubjectX500Principal().toString()); else issuerDN = new X509Principal(subjectDn); // new bc 2.0 API X509Principal subject = new X509Principal(subjectDn); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); BigInteger serialNumber = new BigInteger(SERIALNUMBER_NUM_BITS, new SecureRandom()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( X500Name.getInstance(issuerDN.toASN1Primitive()), serialNumber, notBefore.toDate(), notAfter.toDate(), X500Name.getInstance(subject.toASN1Primitive()), publicKeyInfo); // prepare signer ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(issuerPrivateKey); certificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey)); PublicKey issuerPublicKey; if (null != issuerCert) issuerPublicKey = issuerCert.getPublicKey(); else issuerPublicKey = subjectPublicKey; certificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey)); certificateBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(caCert)); if (timeStampingPurpose) certificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri.toString()); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); certificateBuilder.addExtension(X509Extension.authorityInfoAccess, false, authorityInformationAccess); } // build return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateBuilder.build(signer)); } catch (CertificateException e) { throw new InternalInconsistencyException("X.509 is not supported.", e); } catch (OperatorCreationException e) { throw new InternalInconsistencyException(e); } catch (CertIOException e) { throw new InternalInconsistencyException(e); } }
From source file:net.link.util.test.pkix.PkiTestUtils.java
License:Open Source License
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, PrivateKey issuerPrivateKey, @Nullable X509Certificate issuerCert, DateTime notBefore, DateTime notAfter, @Nullable String signatureAlgorithm, boolean includeAuthorityKeyIdentifier, boolean caCert, boolean timeStampingPurpose, @Nullable URI ocspUri) throws IOException, CertificateException, OperatorCreationException { String finalSignatureAlgorithm = signatureAlgorithm; if (null == signatureAlgorithm) finalSignatureAlgorithm = "SHA512WithRSAEncryption"; X509Principal issuerDN;//from w ww .j a va 2s . c om if (null != issuerCert) issuerDN = new X509Principal(issuerCert.getSubjectX500Principal().toString()); else issuerDN = new X509Principal(subjectDn); // new bc 2.0 API X509Principal subject = new X509Principal(subjectDn); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded()); BigInteger serialNumber = new BigInteger(SERIALNUMBER_NUM_BITS, new SecureRandom()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( X500Name.getInstance(issuerDN.toASN1Primitive()), serialNumber, notBefore.toDate(), notAfter.toDate(), X500Name.getInstance(subject.toASN1Primitive()), publicKeyInfo); // prepare signer ContentSigner signer = new JcaContentSignerBuilder(finalSignatureAlgorithm).build(issuerPrivateKey); // add extensions certificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey)); PublicKey issuerPublicKey; if (null != issuerCert) issuerPublicKey = issuerCert.getPublicKey(); else issuerPublicKey = subjectPublicKey; if (includeAuthorityKeyIdentifier) certificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey)); certificateBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(caCert)); if (timeStampingPurpose) certificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(ocspUri.toString())); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); certificateBuilder.addExtension(X509Extension.authorityInfoAccess, false, authorityInformationAccess); } // build return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateBuilder.build(signer)); }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
License:Apache License
/** * Builds and signs a certificate. The certificate will be build on the given subject-public-key and signed with * the given issuer-private-key. The issuer and subject will be identified in the strings provided. * * @return A signed X509Certificate/*w ww . j a v a 2 s . c om*/ * @throws Exception */ public X509Certificate buildAndSignCert(BigInteger serialNumber, PrivateKey signerPrivateKey, PublicKey signerPublicKey, PublicKey subjectPublicKey, X500Name issuer, X500Name subject, Map<String, String> customAttrs, String type) throws Exception { // Dates are converted to GMT/UTC inside the cert builder Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); Date expire = new GregorianCalendar(CERT_EXPIRE_YEAR, 0, 1).getTime(); X509v3CertificateBuilder certV3Bldr = new JcaX509v3CertificateBuilder(issuer, serialNumber, now, // Valid from now... expire, // until CERT_EXPIRE_YEAR subject, subjectPublicKey); JcaX509ExtensionUtils extensionUtil = new JcaX509ExtensionUtils(); // Create certificate extensions if ("ROOTCA".equals(type)) { certV3Bldr = certV3Bldr.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)) .addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign)); } else if ("INTERMEDIATE".equals(type)) { certV3Bldr = certV3Bldr.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)) .addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign)); } else { // Subject Alternative Name GeneralName[] genNames = null; if (customAttrs != null && !customAttrs.isEmpty()) { genNames = new GeneralName[customAttrs.size()]; Iterator<Map.Entry<String, String>> it = customAttrs.entrySet().iterator(); int idx = 0; while (it.hasNext()) { Map.Entry<String, String> pair = it.next(); //genNames[idx] = new GeneralName(GeneralName.otherName, new DERUTF8String(pair.getKey() + ";" + pair.getValue())); DERSequence othernameSequence = new DERSequence( new ASN1Encodable[] { new ASN1ObjectIdentifier(pair.getKey()), new DERTaggedObject(true, 0, new DERUTF8String(pair.getValue())) }); genNames[idx] = new GeneralName(GeneralName.otherName, othernameSequence); idx++; } } if (genNames != null) { certV3Bldr = certV3Bldr.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(genNames)); } } // Basic extension setup certV3Bldr = certV3Bldr .addExtension(Extension.authorityKeyIdentifier, false, extensionUtil.createAuthorityKeyIdentifier(signerPublicKey)) .addExtension(Extension.subjectKeyIdentifier, false, extensionUtil.createSubjectKeyIdentifier(subjectPublicKey)); // CRL Distribution Points DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, CRL_URL))); DistributionPoint[] distPoints = new DistributionPoint[1]; distPoints[0] = new DistributionPoint(distPointOne, null, null); certV3Bldr.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(distPoints)); // OCSP endpoint GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, OCSP_URL); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); certV3Bldr.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess); // Create the key signer JcaContentSignerBuilder builder = new JcaContentSignerBuilder(SIGNER_ALGORITHM); builder.setProvider(BC_PROVIDER_NAME); ContentSigner signer = builder.build(signerPrivateKey); return new JcaX509CertificateConverter().setProvider(BC_PROVIDER_NAME) .getCertificate(certV3Bldr.build(signer)); }