List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:com.delcyon.capo.crypto.CertificateRequestProcessor.java
License:Open Source License
@Override public void process(ClientRequest clientRequest) throws Exception { String type = XPath.selectSingleNodeValue(clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.TYPE); if (type == null || type.trim().isEmpty()) { throw new ControllerProcessingException("CertificateRequest missing type attribute", clientRequest.getRequestDocument()); } else {/*from www . j av a 2 s. com*/ Element certificateRequestElement = (Element) XPath.selectSingleNode( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest"); String publicKeyString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.CLIENT_PUBLIC_KEY); String dhGeneratorString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.DH_GENERATOR); String dhLengthString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.DH_LENGTH); String dhPrimeString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.DH_PRIME); String clientID = XPath.selectSingleNodeValue(clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.CLIENT_ID); //process clientID //check to see if client ID is a valid client id, if not, we need to create a new one if (clientID == null || clientID.matches("capo\\.client\\.0") || clientID.matches("capo\\.client\\.\\d+") == false) { clientID = "capo.client." + CapoApplication.getDataManager().nextValue("client_id_sequence") + ""; } //create parameter specs BigInteger dhParameterSpecGenerator = new BigInteger(dhGeneratorString, 16); BigInteger dhParameterSpecPrime = new BigInteger(dhPrimeString, 16); int dhParameterSpecLength = Integer.parseInt(dhLengthString); //on remote generate a key pair using original specs KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("DH"); DHParameterSpec dhParameterSpec2 = new DHParameterSpec(dhParameterSpecPrime, dhParameterSpecGenerator, dhParameterSpecLength); keyPairGenerator2.initialize(dhParameterSpec2); //generate remote key pair KeyPair keyPair2 = keyPairGenerator2.generateKeyPair(); byte[] encodedPublicKey2 = keyPair2.getPublic().getEncoded(); //start remote key agreement KeyAgreement keyAgreement2 = KeyAgreement.getInstance("DH"); keyAgreement2.init(keyPair2.getPrivate()); //read in keyspec KeyFactory keyFactory2 = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509Spec2 = new X509EncodedKeySpec( DatatypeConverter.parseBase64Binary(publicKeyString)); //load keyspec, and finish key agreement PublicKey publicKey1 = keyFactory2.generatePublic(x509Spec2); keyAgreement2.doPhase(publicKey1, true); //get remote secret key byte secret2[] = keyAgreement2.generateSecret(); //use our secret to generate our remote secret key SecretKeyFactory secretKeyFactory2 = SecretKeyFactory.getInstance("DES"); DESKeySpec desKeySpec2 = new DESKeySpec(secret2); SecretKey secretKey2 = secretKeyFactory2.generateSecret(desKeySpec2); //encrypt message Cipher cipher2 = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher2.init(Cipher.ENCRYPT_MODE, secretKey2); byte encryptedMessage[] = cipher2.doFinal(CapoApplication.getCeritifcate()); //populate attributes certificateRequestElement.setAttribute(CertificateRequest.Attributes.SERVER_PUBLIC_KEY.toString(), DatatypeConverter.printBase64Binary(encodedPublicKey2)); certificateRequestElement.setAttribute(CertificateRequest.Attributes.PAYLOAD.toString(), DatatypeConverter.printBase64Binary(encryptedMessage)); certificateRequestElement.setAttribute(CertificateRequest.Attributes.SERVER_ID.toString(), CapoApplication.getConfiguration().getValue(CapoServer.Preferences.SERVER_ID)); certificateRequestElement.setAttribute(CertificateRequest.Attributes.CLIENT_ID.toString(), clientID); String oneTimePassword = CapoApplication.getConfiguration() .getValue(PREFERENCE.CLIENT_VERIFICATION_PASSWORD); if (oneTimePassword.isEmpty()) { oneTimePassword = (new Random().nextInt(Integer.MAX_VALUE)) + ""; CapoApplication.logger.log(Level.INFO, "One time client verification password = '" + oneTimePassword + "'"); } Document originalRequestDocument = clientRequest.getRequestDocument(); //chnage this to a response, and send it back ((CNode) originalRequestDocument.getDocumentElement()).setNodeName("ServerResponse"); ((CNode) originalRequestDocument.getDocumentElement().getElementsByTagName("CertificateRequest") .item(0)).setNodeName("CertificateRequestResponse"); clientRequest.getXmlStreamProcessor().writeDocument(originalRequestDocument); Document requestDocument = clientRequest.getXmlStreamProcessor().readNextDocument(); byte[] encryptedPayload = DatatypeConverter .parseBase64Binary(XPath.selectSingleNodeValue(requestDocument.getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.PAYLOAD)); //decrypt message cipher2.init(Cipher.DECRYPT_MODE, secretKey2); String returnedPassword = new String(cipher2.doFinal(encryptedPayload)); if (oneTimePassword.equals(returnedPassword)) { //create certificate from public key byte[] clientPublicKeyBytes = DatatypeConverter .parseBase64Binary(XPath.selectSingleNodeValue(requestDocument.getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.CLIENT_PUBLIC_KEY)); KeyFactory keyFactory3 = KeyFactory.getInstance("RSA"); X509EncodedKeySpec x509Spec3 = new X509EncodedKeySpec(clientPublicKeyBytes); //load keyspec, and finish key agreement PublicKey clientPublicKey = keyFactory3.generatePublic(x509Spec3); X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); String clientAlias = clientID + ".cert"; x500NameBuilder.addRDN(BCStyle.CN, clientAlias); String serverAlias = CapoApplication.getConfiguration().getValue(Preferences.SERVER_ID) + ".private"; RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) CapoApplication.getKeyStore().getKey(serverAlias, CapoApplication.getConfiguration().getValue(Configuration.PREFERENCE.KEYSTORE_PASSWORD) .toCharArray()); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(rsaPrivateKey); Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.MONTH, CapoApplication.getConfiguration().getIntValue(Preferences.KEY_MONTHS_VALID)); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( x500NameBuilder.build(), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 50000), calendar.getTime(), x500NameBuilder.build(), clientPublicKey); X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certificateBuilder.build(contentSigner)); CapoApplication.getKeyStore().setCertificateEntry(clientAlias, certificate); ((CapoServer) CapoApplication.getApplication()).writeKeyStore(CapoApplication.getKeyStore()); Document responseDocument = CapoApplication.getDefaultDocument("default_response.xml"); responseDocument.getDocumentElement().setAttribute("result", "SUCCESS"); clientRequest.getXmlStreamProcessor().writeDocument(responseDocument); } else { Document responseDocument = CapoApplication.getDefaultDocument("default_response.xml"); responseDocument.getDocumentElement().setAttribute("result", "WRONG_PASSWORD"); clientRequest.getXmlStreamProcessor().writeDocument(responseDocument); } } }
From source file:com.delcyon.capo.server.CapoServer.java
License:Open Source License
/** * This loads an xml file, starts he server, and sends the document as a * request, then returns an array of [requestDocument,responseDocument] * TESTING ONLY/*from w ww. j a v a2 s . c om*/ * * @param filename * @return * @throws Exception */ private KeyStore buildKeyStore() throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); char[] password = getConfiguration().getValue(PREFERENCE.KEYSTORE_PASSWORD).toCharArray(); //generate keys KeyPairGenerator rsakeyPairGenerator = KeyPairGenerator.getInstance("RSA"); rsakeyPairGenerator.initialize(getConfiguration().getIntValue(Preferences.KEY_SIZE)); KeyPair rsaKeyPair = rsakeyPairGenerator.generateKeyPair(); //begin bouncy castle crap X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); x500NameBuilder.addRDN(BCStyle.CN, getConfiguration().getValue(Preferences.SERVER_ID)); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(rsaKeyPair.getPrivate()); Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.MONTH, getConfiguration().getIntValue(Preferences.KEY_MONTHS_VALID)); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 50000), calendar.getTime(), x500NameBuilder.build(), rsaKeyPair.getPublic()); X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certificateBuilder.build(contentSigner)); //end bouncy castle crap keyStore.load(null, password); KeyStore.TrustedCertificateEntry trustedCertificateEntry = new TrustedCertificateEntry(certificate); keyStore.setEntry(getConfiguration().getValue(Preferences.SERVER_ID), trustedCertificateEntry, null); keyStore.setEntry("capo.server.cert", trustedCertificateEntry, null); KeyStore.PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(rsaKeyPair.getPrivate(), new Certificate[] { certificate }); keyStore.setEntry(getConfiguration().getValue(Preferences.SERVER_ID) + ".private", privateKeyEntry, new KeyStore.PasswordProtection(password)); writeKeyStore(keyStore); return keyStore; }
From source file:com.difference.historybook.server.CertManager.java
License:Apache License
private static X509Certificate signCertificate(X509v3CertificateBuilder certificateBuilder, PrivateKey signedWithPrivateKey) throws OperatorCreationException, CertificateException { ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER_NAME) .build(signedWithPrivateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME) .getCertificate(certificateBuilder.build(signer)); return cert;//from w w w . j a va 2 s. co m }
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
void writePfxToFile(OutputStream out, String password) { try {// ww w. j ava 2 s. c o m KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null, null); Certificate[] chain = null; if (authorityCertificate != null) { chain = new Certificate[2]; chain[0] = new JcaX509CertificateConverter().getCertificate(this.holder); chain[1] = new JcaX509CertificateConverter().getCertificate(this.authorityCertificate); } else { chain = new Certificate[1]; chain[0] = new JcaX509CertificateConverter().setProvider("BC").getCertificate(this.holder); } ks.setKeyEntry("private key for " + this.prettyName, privateKey, password.toCharArray(), chain); ks.store(out, password.toCharArray()); } catch (Exception e) { throw new PkiException(e); } }
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
public void writeTrustPfxToFile(String path, String password) { try {//from w w w. j a v a 2 s. c om KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); Certificate ca = new JcaX509CertificateConverter().getCertificate(this.authorityCertificate); ks.setCertificateEntry("JQM-CA", ca); FileOutputStream fos = new FileOutputStream(path); ks.store(fos, password.toCharArray()); fos.close(); } catch (Exception e) { throw new PkiException(e); } }
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Get the Java certificate.//from w w w . j a v a 2 s .c o m * * @return the Java certificate */ public X509Certificate getCertificate() { AssertTools.assertNotNull(certificateHolder, "The certificate is not set"); try { return new JcaX509CertificateConverter().getCertificate(certificateHolder); } catch (CertificateException e) { throw new SmallToolsException("Could not convert the certificate", e); } }
From source file:com.gigaspaces.lrmi.nio.filters.BouncyCastleSelfSignedCertificate.java
License:Open Source License
private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception { PrivateKey key = keypair.getPrivate(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + fqdn); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic());//from w w w. j a va 2s . c o m String keyStoreType = KeyStore.getDefaultType(); final KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert }); return keyStore; }
From source file:com.gitblit.MakeCertificate.java
License:Apache License
public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword) { try {/*from w ww . ja v a2 s . com*/ Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair pair = kpGen.generateKeyPair(); // Generate self-signed certificate X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.OU, Constants.NAME); builder.addRDN(BCStyle.O, Constants.NAME); builder.addRDN(BCStyle.CN, hostname); Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY); Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { FileInputStream fis = new FileInputStream(keystore); store.load(fis, keystorePassword.toCharArray()); fis.close(); } else { store.load(null); } store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert }); FileOutputStream fos = new FileOutputStream(keystore); store.store(fos, keystorePassword.toCharArray()); fos.close(); } catch (Throwable t) { t.printStackTrace(); throw new RuntimeException("Failed to generate self-signed certificate!", t); } }
From source file:com.gitblit.MakeCertificate.java
License:Apache License
public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword, String info) {//from www . j a va 2 s. c o m try { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair pair = kpGen.generateKeyPair(); // Generate self-signed certificate X500Principal principal = new X500Principal(info); Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY); Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial, notBefore, notAfter, principal, pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { FileInputStream fis = new FileInputStream(keystore); store.load(fis, keystorePassword.toCharArray()); fis.close(); } else { store.load(null); } store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert }); FileOutputStream fos = new FileOutputStream(keystore); store.store(fos, keystorePassword.toCharArray()); fos.close(); } catch (Throwable t) { t.printStackTrace(); throw new RuntimeException("Failed to generate self-signed certificate!", t); } }
From source file:com.gitblit.utils.X509Utils.java
License:Apache License
/** * Creates a new SSL certificate signed by the CA private key and stored in * keyStore.//w w w . ja va 2 s .co m * * @param sslMetadata * @param caPrivateKey * @param caCert * @param targetStoreFile * @param x509log */ public static X509Certificate newSSLCertificate(X509Metadata sslMetadata, PrivateKey caPrivateKey, X509Certificate caCert, File targetStoreFile, X509Log x509log) { try { KeyPair pair = newKeyPair(); X500Name webDN = buildDistinguishedName(sslMetadata); X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName()); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerDN, BigInteger.valueOf(System.currentTimeMillis()), sslMetadata.notBefore, sslMetadata.notAfter, webDN, pair.getPublic()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic())); certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey())); // support alternateSubjectNames for SSL certificates List<GeneralName> altNames = new ArrayList<GeneralName>(); if (HttpUtils.isIpAddress(sslMetadata.commonName)) { altNames.add(new GeneralName(GeneralName.iPAddress, sslMetadata.commonName)); } if (altNames.size() > 0) { GeneralNames subjectAltName = new GeneralNames(altNames.toArray(new GeneralName[altNames.size()])); certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName); } ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC) .build(caPrivateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certBuilder.build(caSigner)); cert.checkValidity(new Date()); cert.verify(caCert.getPublicKey()); // Save to keystore KeyStore serverStore = openKeyStore(targetStoreFile, sslMetadata.password); serverStore.setKeyEntry(sslMetadata.commonName, pair.getPrivate(), sslMetadata.password.toCharArray(), new Certificate[] { cert, caCert }); saveKeyStore(targetStoreFile, serverStore, sslMetadata.password); x509log.log(MessageFormat.format("New SSL certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getSubjectDN().getName())); // update serial number in metadata object sslMetadata.serialNumber = cert.getSerialNumber().toString(); return cert; } catch (Throwable t) { throw new RuntimeException("Failed to generate SSL certificate!", t); } }