List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:com.guardtime.ksi.trust.CMSSignatureVerifier.java
License:Apache License
private X509Certificate getCertificate(X509CertificateHolder certHolder) throws InvalidCmsSignatureException { try {/*ww w. j a v a 2s .c o m*/ return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(certHolder); } catch (CertificateException e) { throw new InvalidCmsSignatureException("Invalid certificate in CMS signature. " + e.getMessage(), e); } }
From source file:com.helger.ebinterface.signature.CreateCertHelper.java
License:Apache License
@Nonnull public static X509Certificate generateCertificate(@Nonnull @Nonempty final String sCommonName, @Nonnull @Nonempty final String sOrganization, @Nonnull @Nonempty final String sCountry, @Nonnull final KeyPair keypair, @Nonnull final Date notAfter) throws Exception { final PrivateKey key = keypair.getPrivate(); // Prepare the information required for generating an X.509 certificate. final X500Name owner = x500(sCommonName, sOrganization, sCountry); final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, SecureRandom.getInstanceStrong()), now(), notAfter, owner, keypair.getPublic()); final ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGO).build(key); final X509CertificateHolder certHolder = builder.build(signer); final X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER) .getCertificate(certHolder); cert.verify(keypair.getPublic());//from w w w . j a va 2s .c o m return cert; }
From source file:com.helger.security.keystore.KeyStoreHelperTest.java
License:Apache License
private static X509Certificate _createX509V1Certificate(final KeyPair aKeyPair) throws Exception { // generate the certificate final PublicKey aPublicKey = aKeyPair.getPublic(); final PrivateKey aPrivateKey = aKeyPair.getPrivate(); final ContentSigner aContentSigner = new JcaContentSignerBuilder("SHA256WithRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(aPrivateKey); final X509CertificateHolder aCertHolder = new JcaX509v1CertificateBuilder( new X500Principal("CN=Test Certificate"), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), new X500Principal("CN=Test Certificate"), aPublicKey).build(aContentSigner); // Convert to JCA X509Certificate return new JcaX509CertificateConverter().getCertificate(aCertHolder); }
From source file:com.helger.xmldsig.XMLDSigCreatorTest.java
License:Apache License
/** * Create a new dummy certificate based on the passed key pair * * @param kp// w ww . j a va2 s. com * KeyPair to use. May not be <code>null</code>. * @return A {@link X509Certificate} for further usage */ @Nonnull private X509Certificate _createCert(@Nonnull final KeyPair kp) throws Exception { final PublicKey aPublicKey = kp.getPublic(); final PrivateKey aPrivateKey = kp.getPrivate(); final ContentSigner aContentSigner = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(PBCProvider.getProvider()).build(aPrivateKey); // Form yesterday final Date aStartDate = new Date(System.currentTimeMillis() - 24 * CGlobal.MILLISECONDS_PER_HOUR); // For one year from now final Date aEndDate = new Date(System.currentTimeMillis() + 365 * 24 * CGlobal.MILLISECONDS_PER_HOUR); final X509v1CertificateBuilder aCertBuilder = new JcaX509v1CertificateBuilder( new X500Principal("CN=TestIssuer"), BigInteger.ONE, aStartDate, aEndDate, new X500Principal("CN=TestSubject"), aPublicKey); final X509CertificateHolder aCertHolder = aCertBuilder.build(aContentSigner); // Convert to JCA X509Certificate return new JcaX509CertificateConverter().setProvider(PBCProvider.getProvider()).getCertificate(aCertHolder); }
From source file:com.hypersocket.certs.X509CertificateUtils.java
License:Open Source License
public static X509Certificate[] loadCertificateChainFromPEM(InputStream certfile) throws IOException, CertificateException, FileFormatException { List<X509Certificate> certs = new ArrayList<X509Certificate>(); PEMParser parser = new PEMParser(new InputStreamReader(certfile)); try {//from ww w . j a va 2 s.c om Object obj = null; while ((obj = parser.readObject()) != null) { if (obj instanceof X509CertificateHolder) { certs.add(new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) obj)); } else { throw new FileFormatException("Failed to read X509Certificate from InputStream provided"); } } return certs.toArray(new X509Certificate[0]); } finally { parser.close(); } }
From source file:com.hypersocket.certs.X509CertificateUtils.java
License:Open Source License
public static X509Certificate loadCertificateFromPEM(InputStream certfile) throws IOException, CertificateException, FileFormatException { PEMParser parser = new PEMParser(new InputStreamReader(certfile)); try {//w w w. j av a 2s .co m Object obj = parser.readObject(); if (obj instanceof X509CertificateHolder) { return new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) obj); } else { throw new FileFormatException("Failed to read X509Certificate from InputStream provided"); } } finally { parser.close(); } }
From source file:com.hypersocket.certs.X509CertificateUtils.java
License:Open Source License
public static X509Certificate generateSelfSignedCertificate(String cn, String ou, String o, String l, String s, String c, KeyPair pair, String signatureType) { try {/*w w w .j a v a 2 s. c om*/ // Generate self-signed certificate X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.OU, ou); builder.addRDN(BCStyle.O, o); builder.addRDN(BCStyle.L, l); builder.addRDN(BCStyle.ST, s); builder.addRDN(BCStyle.CN, cn); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder(signatureType).setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); return cert; } catch (Throwable t) { throw new RuntimeException("Failed to generate self-signed certificate!", t); } }
From source file:com.ipseorama.webapp.baddtls.CertHolder.java
License:Open Source License
private void mkSelfSignedCert() throws Exception { //Security.addProvider(PROVIDER); SecureRandom random = new SecureRandom(); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA"); kpGen.initialize(1024, random);/*from ww w . j a va 2 s . c o m*/ KeyPair keypair = kpGen.generateKeyPair(); PrivateKey key = keypair.getPrivate(); Date notBefore = new Date(System.currentTimeMillis() - 10000); Date notAfter = new Date(System.currentTimeMillis() + 100000); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + "evil@baddtls.com"); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic()); org.bouncycastle.asn1.x509.Certificate carry[] = new org.bouncycastle.asn1.x509.Certificate[1]; carry[0] = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()); _cert = new Certificate(carry); }
From source file:com.itextpdf.signatures.SignUtils.java
License:Open Source License
static Iterable<X509Certificate> getCertsFromOcspResponse(BasicOCSPResp ocspResp) { List<X509Certificate> certs = new ArrayList<>(); X509CertificateHolder[] certHolders = ocspResp.getCerts(); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); for (X509CertificateHolder certHolder : certHolders) { try {/*w w w.j a va2 s .co m*/ certs.add(converter.getCertificate(certHolder)); } catch (Exception ex) { } } return certs; }
From source file:com.itextpdf.text.pdf.security.OCSPVerifier.java
License:Open Source License
/** * Verifies if an OCSP response is genuine * @param ocspResp the OCSP response// w ww . ja v a 2 s .c om * @param issuerCert the issuer certificate * @throws GeneralSecurityException * @throws IOException */ public void isValidResponse(BasicOCSPResp ocspResp, X509Certificate issuerCert) throws GeneralSecurityException, IOException { // by default the OCSP responder certificate is the issuer certificate X509Certificate responderCert = issuerCert; // check if there's a responder certificate X509CertificateHolder[] certHolders = ocspResp.getCerts(); if (certHolders.length > 0) { responderCert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolders[0]); try { responderCert.verify(issuerCert.getPublicKey()); } catch (GeneralSecurityException e) { if (super.verify(responderCert, issuerCert, null).size() == 0) throw new VerificationException(responderCert, "Responder certificate couldn't be verified"); } } // verify if the signature of the response is valid if (!verifyResponse(ocspResp, responderCert)) throw new VerificationException(responderCert, "OCSP response could not be verified"); }