List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:org.apache.zookeeper.server.quorum.QuorumSSLTest.java
License:Apache License
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, HOSTNAME); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)); }
From source file:org.apache.zookeeper.server.quorum.QuorumSSLTest.java
License:Apache License
public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey, String hostname, String ipAddress, String crlPath, Integer ocspPort) throws Exception { X509CertificateHolder holder = new JcaX509CertificateHolder(caCert); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey); List<GeneralName> generalNames = new ArrayList<>(); if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); }// w w w. j a v a 2 s .c o m if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory .createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic().getEncoded())); X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils(); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()), certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic()) .addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(holder)) .addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(entityKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(false)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } if (crlPath != null) { DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, "file://" + crlPath))); certificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[] { new DistributionPoint(distPointOne, null, null) })); } if (ocspPort != null) { certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort))); } return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(signer)); }
From source file:org.atteo.moonshine.webserver.crypto.Crypto.java
License:Apache License
public static void createSelfSignedCertificate(File keystore, String alias, String keystorePassword) { try {/*from ww w . ja va2 s.c om*/ Provider bouncyCastleProvider = new BouncyCastleProvider(); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", bouncyCastleProvider); keyPairGenerator.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // Generate self-signed certificate X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, "localhost"); X500Name name = nameBuilder.build(); Date notBefore = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date notAfter = new Date(System.currentTimeMillis() + 10 * 365 * 24 * 60 * 60 * 1000); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(name, serial, notBefore, notAfter, name, keyPair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .setProvider(bouncyCastleProvider).build(keyPair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { try (FileInputStream fis = new FileInputStream(keystore)) { store.load(fis, keystorePassword.toCharArray()); } } else { store.load(null); } store.setKeyEntry(alias, keyPair.getPrivate(), keystorePassword.toCharArray(), new Certificate[] { cert }); try (FileOutputStream fos = new FileOutputStream(keystore)) { store.store(fos, keystorePassword.toCharArray()); } } catch (NoSuchAlgorithmException | OperatorCreationException | CertificateException | InvalidKeyException | NoSuchProviderException | SignatureException | KeyStoreException | IOException e) { throw new RuntimeException(e); } }
From source file:org.bitrepository.protocol.security.BasicSecurityManager.java
License:Open Source License
/** * Attempts to load the pillars private key and certificate from a PEM formatted file. * @param privateKeyFile, path to the file containing the components private key and certificate, may be null * @throws IOException if the file cannot be found or read. * @throws KeyStoreException if there is problems with adding the privateKeyEntry to keyStore * @throws CertificateException //from w ww .j a va 2s . c o m */ private void loadPrivateKey(String privateKeyFile) throws IOException, KeyStoreException, CertificateException { PrivateKey privKey = null; X509Certificate privCert = null; if (!(new File(privateKeyFile)).isFile()) { log.info("Key file '" + privateKeyFile + "' with private key and certificate does not exist!"); return; } BufferedReader bufferedReader = new BufferedReader(new FileReader(privateKeyFile)); PEMParser pemParser = new PEMParser(bufferedReader); Object pemObj = pemParser.readObject(); while (pemObj != null) { if (pemObj instanceof X509Certificate) { log.debug("Certificate for PrivateKeyEntry found"); privCert = (X509Certificate) pemObj; } else if (pemObj instanceof PrivateKey) { log.debug("Key for PrivateKeyEntry found"); privKey = (PrivateKey) pemObj; } else if (pemObj instanceof X509CertificateHolder) { log.debug("X509CertificateHolder found"); privCert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) pemObj); } else if (pemObj instanceof PrivateKeyInfo) { log.debug("PrivateKeyInfo found"); PrivateKeyInfo pki = (PrivateKeyInfo) pemObj; JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); privKey = converter.getPrivateKey(pki); } else { log.debug("Got something, that we don't (yet) recognize. Class: " + pemObj.getClass().getSimpleName()); } pemObj = pemParser.readObject(); } pemParser.close(); if (privKey == null || privCert == null) { log.info("No material to create private key entry found!"); } else { privCert.checkValidity(); privateKeyEntry = new PrivateKeyEntry(privKey, new Certificate[] { privCert }); keyStore.setEntry(SecurityModuleConstants.privateKeyAlias, privateKeyEntry, new KeyStore.PasswordProtection(defaultPassword.toCharArray())); } }
From source file:org.cesecore.certificates.certificate.HashID.java
License:Open Source License
/** * @param cert The issuer DN of the certificate should be the identifier. * @return the ID/* w w w .jav a 2 s .com*/ * @throws CertificateException */ public static HashID getFromIssuerDN(X509CertificateHolder certificateHolder) throws CertificateException { return getFromIssuerDN(new JcaX509CertificateConverter().getCertificate(certificateHolder)); }
From source file:org.cesecore.util.CertTools.java
License:Open Source License
/** * Converts a X509CertificateHolder chain into a X509Certificate chain. * //from ww w.j a va 2 s .c o m * @param certificateHolderChain input chain to be converted * @return the result * @throws CertificateException if there is a problem extracting the certificate information. */ public static final List<X509Certificate> convertToX509CertificateList( Collection<X509CertificateHolder> certificateHolderChain) throws CertificateException { final List<X509Certificate> ret = new ArrayList<X509Certificate>(); final JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); for (final X509CertificateHolder certificateHolder : certificateHolderChain) { ret.add(jcaX509CertificateConverter.getCertificate(certificateHolder)); } return ret; }
From source file:org.cloudfoundry.identity.uaa.util.SocketUtils.java
License:Open Source License
public static X509Certificate getSelfCertificate(KeyPair keyPair, String organisation, String orgUnit, String commonName, Date issueDate, long validForSeconds, String signatureAlgorithm) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException { try {/*from www. j av a2s. c om*/ Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.OU, orgUnit); builder.addRDN(BCStyle.O, organisation); builder.addRDN(BCStyle.CN, commonName); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); Date notAfter = new DateTime(issueDate).plusSeconds((int) validForSeconds).toDate(); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, issueDate, notAfter, builder.build(), keyPair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC) .build(keyPair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); return cert; } catch (OperatorCreationException ioe) { throw new CertificateEncodingException( "Error during creation of self-signed Certificate: " + ioe.getMessage(), ioe); } }
From source file:org.codice.ddf.security.certificate.generator.CertificateAuthority.java
License:Open Source License
JcaX509CertificateConverter newCertConverter() {
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
}
From source file:org.commonjava.util.jhttpc.INTERNAL.util.BouncyCastleUtils.java
License:Apache License
public static KeyStore readKeyAndCertFromPem(String pemContent, String keyPass) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, JHttpCException { Logger logger = LoggerFactory.getLogger(BouncyCastleUtils.class); final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null);/* ww w. ja v a2s .com*/ // final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( // KeyManagerFactory.getDefaultAlgorithm()); // // kmfactory.init(ks, keyPass.toCharArray()); // final CertificateFactory certFactory = CertificateFactory.getInstance( "X.509" ); // Pattern keyTypePattern = Pattern.compile( KEY_TYPE_PATTERN ); // Matcher matcher = keyTypePattern.matcher( pemContent ); // String keyType = "RSA"; // if ( matcher.find() ) // { // String type = matcher.group( 1 ); // if ( "ENCRYPTED".equals( type ) ) // { // keyType = "PKCS8"; // } // else // { // keyType = type; // } // } // // logger.trace( "Using key factory for type: {}", keyType ); // final KeyFactory keyFactory = KeyFactory.getInstance( keyType ); // final List<String> lines = SSLUtils.readLines( pemContent ); // // String currentHeader = null; // final StringBuilder current = new StringBuilder(); int certIdx = 0; BouncyCastleProvider bcProvider = new BouncyCastleProvider(); InputDecryptorProvider provider = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bcProvider) .build(keyPass.toCharArray()); final List<Certificate> certs = new ArrayList<Certificate>(); PrivateKey key = null; PEMParser pemParser = new PEMParser(new StringReader(pemContent)); Object pemObj = null; while ((pemObj = pemParser.readObject()) != null) { logger.trace("Got PEM object: {}", pemObj); if (pemObj instanceof X509CertificateHolder) { X509CertificateHolder holder = (X509CertificateHolder) pemObj; X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider) .getCertificate(holder); certs.add(certificate); Set<String> aliases = new HashSet<String>(); aliases.add("certificate" + certIdx); extractAliases(certificate, aliases); KeyStore.TrustedCertificateEntry ksEntry = new KeyStore.TrustedCertificateEntry(certificate); for (String alias : aliases) { ks.setEntry(alias, ksEntry, null); logger.trace("Storing trusted cert under alias: {}\n with DN: {}", alias, certificate.getSubjectDN().getName()); } certIdx++; } else if (pemObj instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo keyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObj; PrivateKeyInfo privateKeyInfo = null; try { privateKeyInfo = keyInfo.decryptPrivateKeyInfo(provider); } catch (PKCSException e) { throw new JHttpCException("Failed to decrypt key/certificate: %s", e, e.getMessage()); } key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else if (pemObj instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair keyPair = (PEMEncryptedKeyPair) pemObj; PEMKeyPair decryptedKeyPair = keyPair .decryptKeyPair(new BcPEMDecryptorProvider(keyPass.toCharArray())); PrivateKeyInfo privateKeyInfo = decryptedKeyPair.getPrivateKeyInfo(); key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else { logger.trace("Got unrecognized PEM object: {} (class: {})", pemObj, (pemObj == null ? "NULL" : pemObj.getClass().getName())); } logger.trace("Got private key:\n{}\n", key); } if (key != null && !certs.isEmpty()) { logger.trace("Setting key entry: {}", key); ks.setKeyEntry(MonolithicKeyStrategy.KEY, key, keyPass.toCharArray(), certs.toArray(new Certificate[certs.size()])); } else { logger.warn("No private key found in PEM!"); } return ks; }
From source file:org.computerist.ssltools.zap.FixedSslCertificateService.java
License:Apache License
public KeyStore createCertForHost(String hostname) throws NoSuchAlgorithmException, InvalidKeyException, CertificateException, NoSuchProviderException, SignatureException, KeyStoreException, IOException, UnrecoverableKeyException { if (hostname == null) { throw new IllegalArgumentException("Error, 'hostname' is not allowed to be null!"); }/*from w w w .jav a2 s .c om*/ if (this.caCert == null || this.caPrivKey == null || this.caPubKey == null) { throw new RuntimeException( this.getClass() + " wasn't initialized! Got to options 'Dynamic SSL Certs' and create one."); } final KeyPair mykp = this.createKeyPair(); final PrivateKey privKey = mykp.getPrivate(); final PublicKey pubKey = mykp.getPublic(); X500NameBuilder namebld = new X500NameBuilder(BCStyle.INSTANCE); namebld.addRDN(BCStyle.CN, hostname); namebld.addRDN(BCStyle.OU, "Zed Attack Proxy Project"); namebld.addRDN(BCStyle.O, "OWASP"); namebld.addRDN(BCStyle.C, "xx"); namebld.addRDN(BCStyle.EmailAddress, "owasp-zed-attack-proxy@lists.owasp.org"); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder( new X509CertificateHolder(caCert.getEncoded()).getSubject(), BigInteger.valueOf(serial.getAndIncrement()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + 100 * (1000L * 60 * 60 * 24 * 30)), namebld.build(), pubKey); certGen.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(pubKey)); certGen.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); ContentSigner sigGen; try { sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivKey); } catch (OperatorCreationException e) { throw new CertificateException(e); } final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(caPubKey); final Certificate[] chain = new Certificate[2]; chain[1] = this.caCert; chain[0] = cert; userKs.setKeyEntry(hostname, privKey, PASSPHRASE, chain); return userKs; }