List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createIntermediateCert(KeystoreConfig.Entry en, Keys keys, X509Certificate caCert) throws Exception { String label = en.getLabel() + "_INTERMEDIATE"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);//from w w w.j a v a 2 s .c o m X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(caCert, BigInteger.valueOf(2), en.getValidFrom(), en.getValidTo(), subject.build(), keys.intPublic); JcaX509ExtensionUtils eu = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, eu.createSubjectKeyIdentifier(keys.intPublic)); builder.addExtension(Extension.authorityKeyIdentifier, false, eu.createAuthorityKeyIdentifier(caCert)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); X509CertificateHolder holder = builder .build(new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV).build(keys.caPrivate)); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(caCert.getPublicKey()); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); return cert; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createCert(KeystoreConfig.Entry en, Keys keys) throws Exception { X500NameBuilder issuer = new X500NameBuilder(); issuer.addRDN(BCStyle.C, en.getX500_C()); issuer.addRDN(BCStyle.O, en.getX500_O()); issuer.addRDN(BCStyle.OU, en.getX500_OU()); issuer.addRDN(BCStyle.CN, en.getLabel() + "_INTERMEDIATE"); String label = en.getLabel() + "_CERT"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);/*from w ww. ja va 2 s .c o m*/ X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer.build(), BigInteger.valueOf(3), en.getValidFrom(), en.getValidTo(), subject.build(), keys.certPublic); JcaX509ExtensionUtils eu = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, eu.createSubjectKeyIdentifier(keys.certPublic)); builder.addExtension(Extension.authorityKeyIdentifier, false, eu.createAuthorityKeyIdentifier(keys.caPublic)); X509CertificateHolder holder = builder .build(new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV).build(keys.caPrivate)); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(keys.caPublic); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, eu.createSubjectKeyIdentifier(keys.certPublic)); return cert; }
From source file:com.streamsets.pipeline.lib.remote.FTPAndSSHDUnitTest.java
License:Apache License
private X509Certificate generateCertificate(KeyPair keyPair) throws Exception { Date from = new Date(); Date to = new GregorianCalendar(2037, Calendar.DECEMBER, 31).getTime(); X500Name subject = new X500Name("CN=localhost"); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(subject, new BigInteger(64, new SecureRandom()), from, to, subject, subPubKeyInfo); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA512WITHRSA"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded())); X509CertificateHolder certHolder = certBuilder.build(contentSigner); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder); }
From source file:com.trsst.server.Server.java
License:Apache License
/** * Generates a new keystore containing a self-signed certificate. Would * prefer anon SSL ciphers, but this works albeit with scary warnings. * // www . j a v a 2 s . c om * @return a keystore to secure SSL connections. */ private KeyStore getKeyStore() { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair kp = keyPairGenerator.generateKeyPair(); X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder( new X500Name("CN=0.0.0.0, OU=None, O=None, L=None, C=None"), BigInteger.valueOf(new SecureRandom().nextInt()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=0.0.0.0, OU=None, O=None, L=None, C=None"), SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded())); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(kp.getPrivate()); Certificate certificate = new JcaX509CertificateConverter().getCertificate(v3CertGen.build(signer)); final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null); // bogus: required to "initialize" keystore keystore.setEntry("jetty", new KeyStore.PrivateKeyEntry(kp.getPrivate(), new Certificate[] { certificate }), new KeyStore.PasswordProtection("ignored".toCharArray())); return keystore; } catch (NoSuchAlgorithmException e) { log.error("Could not generate self-signed certificate: missing provider", e); } catch (OperatorCreationException e) { log.error("Could not generate self-signed certificate", e); } catch (CertificateException e) { log.error("Could not convert certificate to JCE", e); } catch (KeyStoreException e) { log.error("Could not generate keystore", e); } catch (IOException e) { log.error("Could not initialize keystore", e); } return null; }
From source file:com.vmware.admiral.auth.lightwave.pc.X509CertificateHelper.java
License:Open Source License
private X509Certificate generateCertificate(KeyPair keyPair, String dn, String sigAlg) throws OperatorCreationException, CertificateException { ContentSigner sigGen = new JcaContentSignerBuilder(sigAlg).build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());/* w w w.j a v a2 s . c o m*/ X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.admiral.common.util.CertificateUtil.java
License:Open Source License
/** * Utility method to decode a certificate chain PEM encoded string value to an array of X509Certificate * certificate instances./*from ww w . ja v a2 s. c o m*/ * * @param certChainPEM * - a certificate chain (one or more certificates) PEM encoded string value. * @return - decoded array of X509Certificate certificate instances. * @throws RuntimeException * if a certificate can't be decoded to X509Certificate type certificate. */ public static X509Certificate[] createCertificateChain(String certChainPEM) { AssertUtil.assertNotNull(certChainPEM, "certChainPEM should not be null."); List<X509Certificate> chain = new ArrayList<>(); try (PEMParser parser = new PEMParser(new StringReader(certChainPEM))) { JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); X509CertificateHolder certificateHolder; while ((certificateHolder = (X509CertificateHolder) parser.readObject()) != null) { chain.add(converter.getCertificate(certificateHolder)); } } catch (IOException | CertificateException e) { throw new RuntimeException("Failed to create certificate: " + certChainPEM, e); } if (chain.isEmpty()) { throw new RuntimeException("A valid certificate was not found: " + certChainPEM); } return chain.toArray(new X509Certificate[chain.size()]); }
From source file:com.vmware.admiral.common.util.CertificateUtil.java
License:Open Source License
private static CertChainKeyPair generateCertificateAndSign(String fqdn, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, List<ExtensionHolder> extensions) throws CertificateException, CertIOException, OperatorCreationException { AssertUtil.assertNotNull(issuerCertificate, "issuerCertificate"); AssertUtil.assertNotNull(issuerPrivateKey, "issuerPrivateKey"); // private key that we are creating certificate for KeyPair pair = KeyUtil.generateRSAKeyPair(); PublicKey publicKey = pair.getPublic(); PrivateKey privateKey = convertToSunImpl(pair.getPrivate()); ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(PROVIDER) .build(issuerPrivateKey);/*from w w w . jav a 2 s . c om*/ X500Name subjectName = new X500Name("CN=" + fqdn); // serial number of certificate BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); // valid from Date notBefore = generateNotBeforeDate(); // valid to Date notAfter = generateNotAfterDate(notBefore, DEFAULT_VALIDITY); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerCertificate, serial, notBefore, notAfter, subjectName, publicKey); for (ExtensionHolder extension : extensions) { certBuilder.addExtension(extension.getOID(), extension.isCritical(), extension.getValue()); } X509CertificateHolder certificateHolder = certBuilder.build(signer); X509Certificate certificate = new JcaX509CertificateConverter().setProvider(PROVIDER) .getCertificate(certificateHolder); List<X509Certificate> certificateChain = new ArrayList<>(2); certificateChain.add(certificate); certificateChain.add(issuerCertificate); return new CertChainKeyPair(certificateChain, certificate, privateKey); }
From source file:com.vmware.identity.openidconnect.client.TestUtils.java
License:Open Source License
static X509Certificate generateCertificate(KeyPair keyPair, String dn, String subjectAltName) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//from w ww. j a v a2 s.c o m if (subjectAltName != null) { v3CertGen .addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(subjectAltName)) })))); } X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.openidconnect.protocol.TestContext.java
License:Open Source License
public static X509Certificate generateCertificate(KeyPair keyPair, String dn) throws OperatorCreationException, CertificateException { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());// w w w .java 2 s . co m X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.openidconnect.sample.RelyingPartyInstaller.java
License:Open Source License
private X509Certificate generateCertificate(KeyPair keyPair, String dn) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//w w w .j a v a 2s . c o m X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }