List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private X509Certificate crtFromPEMObject(Object pemObject) throws IOException { X509Certificate crt;/*from w ww . j a v a 2 s . c om*/ try { X509CertificateHolder crtHolder = (X509CertificateHolder) pemObject; JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); crt = converter.getCertificate(crtHolder); } catch (Exception e) { throw new IOException(e.getLocalizedMessage(), e); } return crt; }
From source file:de.petendi.commons.crypto.connector.BCConnector.java
License:Apache License
@Override public X509Certificate createCertificate(String dn, String issuer, String crlUri, PublicKey publicKey, PrivateKey privateKey) throws CryptoException { Calendar date = Calendar.getInstance(); // Serial Number BigInteger serialNumber = BigInteger.valueOf(date.getTimeInMillis()); // Subject and Issuer DN X500Name subjectDN = new X500Name(dn); X500Name issuerDN = new X500Name(issuer); // Validity/* www .ja va2 s.c o m*/ Date notBefore = date.getTime(); date.add(Calendar.YEAR, 20); Date notAfter = date.getTime(); // SubjectPublicKeyInfo SubjectPublicKeyInfo subjPubKeyInfo = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(publicKey.getEncoded())); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo); DigestCalculator digCalc = null; try { digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); // Subject Key Identifier certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo)); // Authority Key Identifier certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo)); // Key Usage certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.dataEncipherment)); if (crlUri != null) { // CRL Distribution Points DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlUri))); DistributionPoint[] distPoints = new DistributionPoint[1]; distPoints[0] = new DistributionPoint(distPointOne, null, null); certGen.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(distPoints)); } // Content Signer ContentSigner sigGen = new JcaContentSignerBuilder(getSignAlgorithm()).setProvider(getProviderName()) .build(privateKey); // Certificate return new JcaX509CertificateConverter().setProvider(getProviderName()) .getCertificate(certGen.build(sigGen)); } catch (Exception e) { throw new CryptoException(e); } }
From source file:de.petendi.commons.crypto.connector.BCConnector.java
License:Apache License
@Override public X509Certificate extractCertificate(Reader pemReader) throws CryptoException { try {//w w w . j av a 2 s. c om PEMParser parser = new PEMParser(pemReader); Object object = parser.readObject(); pemReader.close(); parser.close(); if (object instanceof X509CertificateHolder) { X509CertificateHolder x509Holder = (X509CertificateHolder) object; return new JcaX509CertificateConverter().setProvider(getProviderName()).getCertificate(x509Holder); } else { throw new IllegalArgumentException("no certificate found in pem"); } } catch (IOException e) { throw new CryptoException(e); } catch (CertificateException e) { throw new CryptoException(e); } }
From source file:de.r2soft.empires.framework.security.CertificateUtil.java
License:Open Source License
public void generateCertificate(String username) throws OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeySpecException, CertificateException, InvalidKeyException, SignatureException { X500Name name = new X500Name(username); // Generate RSA key pair /**/*w w w. ja va 2s .co m*/ * Auto corrected changes. Do they break it? Please take a look at it :) */ AsymmetricCipherKeyPair keyPair = generateKeypair(); PublicKey publicKey = generatePublicKey((AsymmetricKeyParameter) keyPair.getPublic()); PrivateKey privateKey = generatePrivateKey(keyPair.getPrivate(), keyPair.getPublic()); // Generate usage time and serial number Date notBefore = TimeUtil.getTimeNow(); Date notAfter = TimeUtil.getTimeThen(CERTIFICATE_VALIDITY, 0, 0, 0); BigInteger serial = BigInteger.valueOf(TimeUtil.getTimeNow().getTime()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(name, serial, notBefore, notAfter, name, publicKey); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); // Verify success of creation cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); }
From source file:de.rub.nds.tlsattacker.tlsserver.KeyStoreGenerator.java
License:Apache License
private static X509Certificate signCertificate(String algorithm, X509v3CertificateBuilder builder, PrivateKey privateKey) throws OperatorCreationException, CertificateException { ContentSigner signer = new JcaContentSignerBuilder(algorithm).build(privateKey); return new JcaX509CertificateConverter().getCertificate(builder.build(signer)); }
From source file:dk.itst.oiosaml.security.SecurityHelper.java
License:Mozilla Public License
public static X509Certificate generateCertificate(Credential credential, String entityId) throws Exception { X500Name issuer = new X500Name("o=keymanager, ou=oiosaml-sp"); BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); Date notBefore = new Date(); Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L * 24L * 365L * 10L); X500Name subject = new X500Name("cn=" + entityId + ", ou=oiosaml-sp"); ByteArrayInputStream bIn = new ByteArrayInputStream(credential.getPublicKey().getEncoded()); SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(bIn).readObject()); X509v3CertificateBuilder gen = new X509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKeyInfo);//from w w w.ja va 2s.c o m gen.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(credential.getPublicKey())); gen.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(credential.getPublicKey())); ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(credential.getPrivateKey()); X509CertificateHolder certificateHolder = gen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateHolder); return x509Certificate; }
From source file:ee.ria.xroad.common.util.FISubjectClientIdDecoderTest.java
License:Open Source License
private X509Certificate generateSelfSignedCertificate(String dn, KeyPair pair) throws OperatorCreationException, CertificateException { ContentSigner signer = new JcaContentSignerBuilder(CryptoUtils.SHA256WITHRSA_ID).build(pair.getPrivate()); X500Name name = new X500Name(dn); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(name, BigInteger.ONE, new Date(), new Date(), name, pair.getPublic()); return new JcaX509CertificateConverter().getCertificate(builder.build(signer)); }
From source file:ee.ria.xroad.signer.util.SignerUtil.java
License:Open Source License
/** * Creates a certificate. The certificate is valid for 2 years. * @param commonName the common name attribute * @param keyPair the key pair containing the public key * @param signer the signer of the certificate * @return the certificate/*from ww w . j a va 2 s . c o m*/ * @throws Exception if an error occurs */ public static X509Certificate createCertificate(String commonName, KeyPair keyPair, ContentSigner signer) throws Exception { Calendar cal = GregorianCalendar.getInstance(); cal.add(Calendar.YEAR, -1); Date notBefore = cal.getTime(); cal.add(Calendar.YEAR, 2); Date notAfter = cal.getTime(); X500Name subject = new X500Name("CN=" + commonName); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(subject, BigInteger.ONE, notBefore, notAfter, subject, keyPair.getPublic()); X509CertificateHolder holder = builder.build(signer); return new JcaX509CertificateConverter().getCertificate(holder); }
From source file:esteidhacker.CLI.java
License:Open Source License
public static void main(String argv[]) throws Exception { String pin1 = EstEID.PIN1String; String pin2 = EstEID.PIN2String; String puk = EstEID.PUKString; OptionSet args = parseArguments(argv); // Do the work, based on arguments if (args.has(OPT_VERSION)) { System.out.println("EstEID hacker v0.1"); }/*from w w w . j av a2 s . c o m*/ // Load or generate a CA FakeEstEIDCA ca = new FakeEstEIDCA(); if (args.has(OPT_CA)) { File f = (File) args.valueOf(OPT_CA); if (!f.exists()) { ca.generate(); ca.storeToFile(f); } else { ca.loadFromFile(f); } } else if (args.has(OPT_EMULATE)) { ca.generate(); } else if (args.has(OPT_NEW) || args.has(OPT_GENAUTH) || args.has(OPT_GENSIGN) || args.has(OPT_RESIGN)) { throw new IllegalArgumentException("Need a CA!"); } if (args.has(OPT_PIN1)) { pin1 = (String) args.valueOf(OPT_PIN1); } if (args.has(OPT_PIN2)) { pin2 = (String) args.valueOf(OPT_PIN2); } if (args.has(OPT_PUK)) { puk = (String) args.valueOf(OPT_PUK); } if (args.has(OPT_RESIGN)) { File f = (File) args.valueOf(OPT_RESIGN); PEMParser pem = new PEMParser(new FileReader(f)); X509Certificate crt = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate((X509CertificateHolder) pem.readObject()); pem.close(); X509Certificate newcert = ca.cloneUserCertificate((RSAPublicKey) crt.getPublicKey(), crt); JcaPEMWriter wr = new JcaPEMWriter(new OutputStreamWriter(System.out)); wr.writeObject(newcert); wr.close(); } Card card = null; CardTerminal term = null; try { if (args.has(OPT_EMULATE)) { // Load FakeEstEIDApplet into vJCRE emulator VRE vre = VRE.getInstance(); VRE.debugMode = false; AID aid = AID.fromBytes(FakeEstEIDApplet.aid); vre.load(FakeEstEIDApplet.class, aid); vre.install(aid, true); // Establish connection to the applet term = TerminalFactory.getInstance("PC/SC", vre, new VJCREProvider()).terminals().list().get(0); } else { if (args.has(OPT_LIST)) { TerminalFactory tf = TerminalManager.getTerminalFactory(true); CardTerminals terms = tf.terminals(); for (CardTerminal t : terms.list()) { EstEID eid = EstEID.getInstance(t); String s = ""; if (t.isCardPresent()) { s = ": not EstEID"; CardType ct = eid.identify(); if (ct != null) { s = ": " + ct.toString(); } } System.out.println((t.isCardPresent() ? "[*] " : "[ ] ") + t.getName() + s); } } else { // Connect to a real card term = TerminalManager.getTheReader(); } } if (args.has(OPT_DEBUG)) term = LoggingCardTerminal.getInstance(term); if (args.has(OPT_CLONE)) { // Connect to card. System.out.println("Enter card you want to clone and press enter."); System.console().readLine(); EstEID esteid = EstEID.getInstance(term); esteid.identify(); // Read certificates X509Certificate authcert = esteid.readAuthCert(); X509Certificate signcert = esteid.readSignCert(); // Read personal data file HashMap<PersonalData, String> pdf = new HashMap<PersonalData, String>(); for (PersonalData pd : PersonalData.values()) { pdf.put(pd, esteid.getPersonalData(pd)); } esteid.getCard().disconnect(false); System.out.println("Enter card with FakeEstEID and press enter."); System.console().readLine(); // XXX: this identify requirement and accessing fake via esteid is silly esteid = EstEID.getInstance(term); esteid.identify(); FakeEstEID fake = FakeEstEID.getInstance(esteid); fake.send_cert(authcert.getEncoded(), 1); fake.send_cert(signcert.getEncoded(), 2); // Generate random keys fake.send_new_key(1); fake.send_new_key(2); // Wipe personal data CommandAPDU wipe = new CommandAPDU(0x80, 0x04, 0x00, 0x01); esteid.getCard().getBasicChannel().transmit(wipe); // Store basic data for (PersonalData pd : PersonalData.values()) { CommandAPDU cmd = new CommandAPDU(0x80, 0x04, pd.getRec(), 0x00, pdf.get(pd).getBytes("ISO8859-15")); esteid.getCard().getBasicChannel().transmit(cmd); } esteid.getCard().disconnect(true); } if (args.has(OPT_INSTALL)) { // Install the applet Card c = term.connect("*"); GlobalPlatform gp = new GlobalPlatform(c.getBasicChannel()); gp.imFeelingLucky(); gp.uninstallDefaultSelected(true); System.err.println("Use GP utility directly for loading"); TerminalManager.disconnect(c, true); } EstEID esteid = EstEID.getInstance(term); esteid.identify(); if (args.has(OPT_RELAX)) { esteid.strict = false; } if (args.has(OPT_VERBOSE) || args.has(OPT_INFO)) { System.out.println("ATR: " + HexUtils.encodeHexString(esteid.getCard().getATR().getBytes())); System.out.println("Type: " + esteid.getType()); } FakeEstEID fake = FakeEstEID.getInstance(esteid); if (args.has(OPT_AUTHCERT)) { File f = (File) args.valueOf(OPT_AUTHCERT); fake.send_cert_pem(f, 1); } if (args.has(OPT_SIGNCERT)) { File f = (File) args.valueOf(OPT_SIGNCERT); fake.send_cert_pem(f, 2); } if (args.has(OPT_AUTHKEY)) { File f = (File) args.valueOf(OPT_AUTHKEY); fake.send_key_pem(f, 1); } if (args.has(OPT_SIGNKEY)) { File f = (File) args.valueOf(OPT_SIGNKEY); fake.send_key_pem(f, 2); } if (args.has(OPT_GENAUTH)) { fake.send_new_key(1); } if (args.has(OPT_GENSIGN)) { fake.send_new_key(2); } if (args.has(OPT_NEW) || args.has(OPT_EMULATE)) { fake.make_sample_card(ca, args.has(OPT_CHECK)); } // FIXME: this is ugly and bad code. if (args.has(OPT_DATA)) { for (PersonalData pd : PersonalData.values()) { CommandAPDU cmd = new CommandAPDU(0x80, 0x04, pd.getRec(), 0x00, 256); ResponseAPDU resp = esteid.getCard().getBasicChannel().transmit(cmd); String value = new String(resp.getData(), Charset.forName("ISO8859-15")); System.out.println("Enter new value (for " + pd.name() + "): " + value); String input = System.console().readLine(); cmd = new CommandAPDU(0x80, 0x04, pd.getRec(), 0x00, input.getBytes("ISO8859-15")); esteid.getCard().getBasicChannel().transmit(cmd); } } // Following assumes a "ready" card (-new). if (args.has(OPT_INFO)) { Map<PIN, Byte> counts = esteid.getPINCounters(); System.out.print("PIN tries remaining:"); for (PIN p : PIN.values()) { System.out.print(" " + p.toString() + ": " + counts.get(p) + ";"); } System.out.println(); String docnr = esteid.getPersonalData(PersonalData.DOCUMENT_NR); System.out.println("Doc#: " + docnr); if (!docnr.startsWith("N")) { System.out.println("Cardholder: " + esteid.getPersonalData(PersonalData.GIVEN_NAMES1) + " " + esteid.getPersonalData(PersonalData.SURNAME)); } X509Certificate authcert = esteid.readAuthCert(); System.out.println("Certificate subject: " + authcert.getSubjectDN()); } if (args.has(OPT_TEST_PINS) || args.has(OPT_TEST)) { if (args.has(OPT_PIN1) ^ args.has(OPT_PIN2) || args.has(OPT_PIN2) ^ args.has(OPT_PUK)) { System.out.println("Need any or all of PIN options if testing for PINS"); System.exit(1); } esteid.pin_tests(pin1, pin2, puk); } if (args.has(OPT_TEST_CRYPTO) || args.has(OPT_TEST)) { esteid.crypto_tests(pin1, pin2); } } catch (Exception e) { if (TerminalManager.getExceptionMessage(e) != null) { System.out.println("PC/SC Error: " + TerminalManager.getExceptionMessage(e)); } else { throw e; } } finally { if (card != null) { TerminalManager.disconnect(card, true); } } }
From source file:esteidhacker.FakeEstEIDCA.java
License:Open Source License
private X509Certificate makeRootCert(KeyPair kp) throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException { // Load real root certificate X509CertificateHolder real = getRealCert("/resources/sk-root.pem"); // Use values from real certificate // TODO/FIXME: GeneralizedTime instead of UTCTime for root JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(), kp.getPublic()); @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions verbatim for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); }// w w w . java 2 s . co m // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate()); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(cert); }