List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:net.maritimecloud.pki.CertificateBuilder.java
License:Apache License
/** * Builds and signs a certificate. The certificate will be build on the given subject-public-key and signed with * the given issuer-private-key. The issuer and subject will be identified in the strings provided. * * @param serialNumber The serialnumber of the new certificate. * @param signerPrivateKey Private key for signing the certificate * @param signerPublicKey Public key of the signing certificate * @param subjectPublicKey Public key for the new certificate * @param issuer DN of the signing certificate * @param subject DN of the new certificate * @param customAttrs The custom MC attributes to include in the certificate * @param type Type of certificate, can be "ROOT", "INTERMEDIATE" or "ENTITY". * @param ocspUrl OCSP endpoint/*w w w . j a va 2 s .c om*/ * @param crlUrl CRL endpoint - can be null * @return A signed X509Certificate * @throws Exception Throws exception on certificate generation errors. */ public X509Certificate buildAndSignCert(BigInteger serialNumber, PrivateKey signerPrivateKey, PublicKey signerPublicKey, PublicKey subjectPublicKey, X500Name issuer, X500Name subject, Map<String, String> customAttrs, String type, String ocspUrl, String crlUrl) throws Exception { // Dates are converted to GMT/UTC inside the cert builder Calendar cal = Calendar.getInstance(); Date now = cal.getTime(); Date expire = new GregorianCalendar(CERT_EXPIRE_YEAR, 0, 1).getTime(); X509v3CertificateBuilder certV3Bldr = new JcaX509v3CertificateBuilder(issuer, serialNumber, now, // Valid from now... expire, // until CERT_EXPIRE_YEAR subject, subjectPublicKey); JcaX509ExtensionUtils extensionUtil = new JcaX509ExtensionUtils(); // Create certificate extensions if ("ROOTCA".equals(type)) { certV3Bldr = certV3Bldr.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)) .addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign)); } else if ("INTERMEDIATE".equals(type)) { certV3Bldr = certV3Bldr.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)) .addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign)); } else { // Subject Alternative Name GeneralName[] genNames = null; if (customAttrs != null && !customAttrs.isEmpty()) { genNames = new GeneralName[customAttrs.size()]; Iterator<Map.Entry<String, String>> it = customAttrs.entrySet().iterator(); int idx = 0; while (it.hasNext()) { Map.Entry<String, String> pair = it.next(); if (PKIConstants.X509_SAN_DNSNAME.equals(pair.getKey())) { genNames[idx] = new GeneralName(GeneralName.dNSName, pair.getValue()); } else { //genNames[idx] = new GeneralName(GeneralName.otherName, new DERUTF8String(pair.getKey() + ";" + pair.getValue())); DERSequence othernameSequence = new DERSequence( new ASN1Encodable[] { new ASN1ObjectIdentifier(pair.getKey()), new DERTaggedObject(true, 0, new DERUTF8String(pair.getValue())) }); genNames[idx] = new GeneralName(GeneralName.otherName, othernameSequence); } idx++; } } if (genNames != null) { certV3Bldr = certV3Bldr.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(genNames)); } } // Basic extension setup certV3Bldr = certV3Bldr .addExtension(Extension.authorityKeyIdentifier, false, extensionUtil.createAuthorityKeyIdentifier(signerPublicKey)) .addExtension(Extension.subjectKeyIdentifier, false, extensionUtil.createSubjectKeyIdentifier(subjectPublicKey)); // CRL Distribution Points DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlUrl))); DistributionPoint[] distPoints = new DistributionPoint[1]; distPoints[0] = new DistributionPoint(distPointOne, null, null); certV3Bldr.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(distPoints)); // OCSP endpoint - is not available for the CAs if (ocspUrl != null) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUrl); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); certV3Bldr.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess); } // Create the key signer JcaContentSignerBuilder builder = new JcaContentSignerBuilder(SIGNER_ALGORITHM); builder.setProvider(BC_PROVIDER_NAME); ContentSigner signer = builder.build(signerPrivateKey); return new JcaX509CertificateConverter().setProvider(BC_PROVIDER_NAME) .getCertificate(certV3Bldr.build(signer)); }
From source file:net.markenwerk.utils.mail.smime.SmimeUtil.java
License:Open Source License
private static X509Certificate getCertificate(@SuppressWarnings("rawtypes") Store certificates, SignerId signerId) throws CertificateException { @SuppressWarnings({ "unchecked" }) X509CertificateHolder certificateHolder = (X509CertificateHolder) certificates.getMatches(signerId) .iterator().next();/*from w w w . j av a 2 s . c o m*/ JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter(); certificateConverter.setProvider(BouncyCastleProvider.PROVIDER_NAME); return certificateConverter.getCertificate(certificateHolder); }
From source file:net.ripe.rpki.commons.crypto.util.BouncyCastleUtil.java
License:BSD License
public static X509Certificate holderToCertificate(X509CertificateHolder holder) throws CertificateException { return new JcaX509CertificateConverter().getCertificate(holder); }
From source file:net.ripe.rpki.commons.crypto.util.KeyStoreUtil.java
License:BSD License
public static X509Certificate generateCertificate(KeyPair keyPair, String signatureProvider) { X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(new X500Principal("CN=issuer"), BigInteger.ONE, new DateTime().minusYears(2).toDate(), new DateTime().minusYears(1).toDate(), new X500Principal("CN=subject"), keyPair.getPublic()); try {/* w ww. j ava 2 s. c o m*/ ContentSigner sigGen = new JcaContentSignerBuilder( X509CertificateBuilderHelper.DEFAULT_SIGNATURE_ALGORITHM).setProvider(signatureProvider) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().getCertificate(builder.build(sigGen)); } catch (OperatorCreationException e) { throw new RuntimeException(e); } catch (CertificateException e) { throw new RuntimeException(e); } }
From source file:net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper.java
License:BSD License
public X509Certificate generateCertificate() { X509v3CertificateBuilder certificateGenerator = createCertificateGenerator(); try {/*from ww w . j a v a 2 s . c o m*/ ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(signatureProvider) .build(signingKeyPair.getPrivate()); return new JcaX509CertificateConverter().getCertificate(certificateGenerator.build(signer)); } catch (CertificateEncodingException e) { throw new X509ResourceCertificateBuilderException(e); } catch (IllegalStateException e) { throw new X509ResourceCertificateBuilderException(e); } catch (OperatorCreationException e) { throw new X509ResourceCertificateBuilderException(e); } catch (CertificateException e) { throw new X509ResourceCertificateBuilderException(e); } }
From source file:net.sf.keystore_explorer.crypto.x509.X509CertificateGenerator.java
License:Open Source License
private X509Certificate generateVersion1(X500Name subject, X500Name issuer, long validity, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber) throws CryptoException { Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(System.currentTimeMillis() + validity); JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); try {//w w w . j a v a 2 s. c o m ContentSigner certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC") .build(privateKey); return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certBuilder.build(certSigner)); } catch (CertificateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (IllegalStateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:net.sf.keystore_explorer.crypto.x509.X509CertificateGenerator.java
License:Open Source License
private X509Certificate generateVersion3(X500Name subject, X500Name issuer, long validity, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber, X509Extension extensions, Provider provider) throws CryptoException, CertIOException { Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(System.currentTimeMillis() + validity); JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); if (extensions != null) { for (String oid : extensions.getCriticalExtensionOIDs()) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), true, getExtensionValue(extensions, oid)); }/*w w w . j a v a2s. c om*/ for (String oid : extensions.getNonCriticalExtensionOIDs()) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, getExtensionValue(extensions, oid)); } } try { ContentSigner certSigner = null; if (provider == null) { certSigner = new JcaContentSignerBuilder(signatureType.jce()).build(privateKey); } else { certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider) .build(privateKey); } return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certBuilder.build(certSigner)); } catch (CertificateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (IllegalStateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:net.sf.portecle.crypto.X509CertUtil.java
License:Open Source License
/** * Generate a self-signed X509 Version 1 certificate for the supplied key pair and signature algorithm. * /*from w w w. j a v a 2s. c o m*/ * @return The generated certificate * @param sCommonName Common name certificate attribute * @param sOrganisationUnit Organization Unit certificate attribute * @param sOrganisation Organization certificate attribute * @param sLocality Locality certificate * @param sState State certificate attribute * @param sEmailAddress Email Address certificate attribute * @param sCountryCode Country Code certificate attribute * @param iValidity Validity period of certificate in days * @param publicKey Public part of key pair * @param privateKey Private part of key pair * @param signatureType Signature Type * @throws CryptoException If there was a problem generating the certificate */ public static X509Certificate generateCert(String sCommonName, String sOrganisationUnit, String sOrganisation, String sLocality, String sState, String sCountryCode, String sEmailAddress, int iValidity, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType) throws CryptoException { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); if (sEmailAddress != null) { nameBuilder.addRDN(BCStyle.E, sEmailAddress); } if (sCountryCode != null) { nameBuilder.addRDN(BCStyle.C, sCountryCode); } if (sState != null) { nameBuilder.addRDN(BCStyle.ST, sState); } if (sLocality != null) { nameBuilder.addRDN(BCStyle.L, sLocality); } if (sOrganisation != null) { nameBuilder.addRDN(BCStyle.O, sOrganisation); } if (sOrganisationUnit != null) { nameBuilder.addRDN(BCStyle.OU, sOrganisationUnit); } if (sCommonName != null) { nameBuilder.addRDN(BCStyle.CN, sCommonName); } BigInteger serial = generateX509SerialNumber(); Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(notBefore.getTime() + ((long) iValidity * 24 * 60 * 60 * 1000)); JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(nameBuilder.build(), serial, notBefore, notAfter, nameBuilder.build(), publicKey); try { ContentSigner signer = new JcaContentSignerBuilder(signatureType.name()).build(privateKey); X509CertificateHolder certHolder = certBuilder.build(signer); return new JcaX509CertificateConverter().getCertificate(certHolder); } catch (CertificateException | OperatorCreationException ex) { throw new CryptoException(RB.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:net.sf.portecle.crypto.X509CertUtil.java
License:Open Source License
/** * Renew a self-signed X509 Version 1 certificate. * //from w ww .jav a 2 s. c o m * @return The renewed certificate * @param oldCert old certificate * @param iValidity Validity period of certificate in days to add to the old cert's expiry date, or * current time if the certificate has expired * @param publicKey Public part of key pair * @param privateKey Private part of key pair * @throws CryptoException If there was a problem generating the certificate */ public static X509Certificate renewCert(X509Certificate oldCert, int iValidity, PublicKey publicKey, PrivateKey privateKey) throws CryptoException { BigInteger serial = generateX509SerialNumber(); // Valid before and after dates now to iValidity days in the future from now or existing expiry date Date notBefore = new Date(); Date oldExpiry = oldCert.getNotAfter(); if (oldExpiry == null || oldExpiry.before(notBefore)) { oldExpiry = notBefore; } Date notAfter = new Date(oldExpiry.getTime() + ((long) iValidity * 24 * 60 * 60 * 1000)); // TODO: verify/force self-signedness JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(oldCert.getIssuerX500Principal(), serial, notBefore, notAfter, oldCert.getSubjectX500Principal(), publicKey); try { ContentSigner signer = new JcaContentSignerBuilder(oldCert.getSigAlgName()).build(privateKey); X509CertificateHolder certHolder = certBuilder.build(signer); return new JcaX509CertificateConverter().getCertificate(certHolder); } catch (CertificateException | OperatorCreationException ex) { throw new CryptoException(RB.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:net.sf.sahi.ssl.SSLHelper.java
License:Apache License
/** * Read certificate and adds it to the keystore. * * @throws IOException/*from ww w . j ava 2s .c om*/ * @throws CertificateException * @throws KeyStoreException */ private void readRootCA() throws IOException, CertificateException, KeyStoreException { Key _privateKey = readPrivateKey(Configuration.getRootKeyPath()); X509CertificateHolder holder = (X509CertificateHolder) readWithPemParser(Configuration.getRootCaPath()); rootCA = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(holder); keystore.setKeyEntry(Configuration.getRootCaName(), _privateKey, KEYSTORE_PASSWORD.toCharArray(), new X509Certificate[] { rootCA }); }