Examples of org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils

org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils

    endDate.add(Calendar.YEAR, 100);


    BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
    X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
    certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
    certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
    certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
    if (isCertAuthority) {
      certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    }
    X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
    return new X509CertificateObject(cert.toASN1Structure());

View Full Code Here


    if ((request.getIssuerPrivateKey() != null) && (request.getIssuerCertificate() != null)) {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerCertificate(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Principal(), request.getPublicKey());


      if (request.isCa()) {
        AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(request.getIssuerCertificate().getPublicKey());
        builder.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
      }


      SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(request.getIssuerCertificate().getPublicKey());
      builder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);


      contentSigner = contentSignerBuilder.build(request.getIssuerPrivateKey());
    } else {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerAsX500Name(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Name(), request.getPublicKey());


      SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(request.getPublicKey());
      builder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);


      contentSigner = contentSignerBuilder.build(request.getPrivateKey());
    }

View Full Code Here

          sslMetadata.notBefore,
          sslMetadata.notAfter,
          webDN,
          pair.getPublic());


      JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
      certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));
      certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
      certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));


      // support alternateSubjectNames for SSL certificates
      List<GeneralName> altNames = new ArrayList<GeneralName>();
      if (HttpUtils.isIpAddress(sslMetadata.commonName)) {
        altNames.add(new GeneralName(GeneralName.iPAddress, sslMetadata.commonName));

View Full Code Here

          caMetadata.notBefore,
          caMetadata.notAfter,
          issuerDN,
          caPair.getPublic());


      JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
      caBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic()));
      caBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic()));
      caBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));
      caBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));


      JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC);
      X509Certificate cert = converter.getCertificate(caBuilder.build(caSigner));

View Full Code Here

          clientMetadata.notBefore,
          clientMetadata.notAfter,
          userDN,
          pair.getPublic());


      JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
      certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));
      certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
      certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));
      certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature));
      if (!StringUtils.isEmpty(clientMetadata.emailAddress)) {
        GeneralNames subjectAltName = new GeneralNames(
                    new GeneralName(GeneralName.rfc822Name, clientMetadata.emailAddress));
        certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
      }


      ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);


      X509Certificate userCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certBuilder.build(signer));
      PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)pair.getPrivate();
      bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId,
          extUtils.createSubjectKeyIdentifier(pair.getPublic()));


      // confirm the validity of the user certificate
      userCert.checkValidity();
      userCert.verify(caCert.getPublicKey());
      userCert.getIssuerDN().equals(caCert.getSubjectDN());

View Full Code Here

        if (subject.equals(issuer)) {
            certificateBuilder.addExtension(
                    X509Extension.basicConstraints, true,
                    new BasicConstraints(5));
        } else {
            JcaX509ExtensionUtils jxeu = new JcaX509ExtensionUtils();


            if (baseCrt != null) {
                byte[] sans = baseCrt.getExtensionValue(X509Extension.subjectAlternativeName.getId());
                if (sans != null) {
                    certificateBuilder.copyAndAddExtension(X509Extension.subjectAlternativeName, true, baseCrt);
                }
            }


            SubjectKeyIdentifier subjectKeyIdentifier = jxeu.createSubjectKeyIdentifier(pubKey);
            certificateBuilder.addExtension(
                    X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);


            AuthorityKeyIdentifier authorityKeyIdentifier = jxeu.createAuthorityKeyIdentifier(caPubKey);
            certificateBuilder.addExtension(
                    X509Extension.authorityKeyIdentifier, false,
                    authorityKeyIdentifier);


            certificateBuilder.addExtension(

View Full Code Here

        PublicKey caPubKey = caKeyPair.getPublic();
        PrivateKey caKey = caKeyPair.getPrivate();
        Date begin = new Date();
        Date ends = new Date(begin.getTime() + (long) 1000 * 60 * 60 * 24 * 30);
        BigInteger serialNo = BigInteger.valueOf(1234);
        JcaX509ExtensionUtils jxeu = new JcaX509ExtensionUtils();


        // operate
        X509Certificate resultCert = SunCertificateUtils.sign(subject, pubKey, issuer, caPubKey, caKey, begin, ends, serialNo, null);


        // verify
        assertNotNull(resultCert);
        LOG.debug("result certificate: " + resultCert);
        resultCert.verify(caPubKey);
        assertEquals(subject, resultCert.getSubjectX500Principal());
        assertEquals(issuer, resultCert.getIssuerX500Principal());
        assertEquals(serialNo, resultCert.getSerialNumber());
        assertEquals(pubKey, resultCert.getPublicKey());
        LOG.debug("expected begin: " + begin.getTime());
        LOG.debug("actual begin: " + resultCert.getNotBefore().getTime());
        /*
         * BouncyCastle drops the milliseconds.
         */
        assertTrue(Math.abs(begin.getTime() - resultCert.getNotBefore().getTime()) < 1000);
        assertTrue(Math.abs(ends.getTime() - resultCert.getNotAfter().getTime()) < 1000);


        byte[] subjectKeyIdentifierExtValue = resultCert.getExtensionValue(X509Extension.subjectKeyIdentifier.getId());
        assertNotNull(subjectKeyIdentifierExtValue);
        ASN1Primitive subjectKeyIdentifier = JcaX509ExtensionUtils.parseExtensionValue(
                subjectKeyIdentifierExtValue);
        ASN1Primitive expSKI = jxeu.createSubjectKeyIdentifier(pubKey).toASN1Primitive();
        assertArrayEquals(expSKI.getEncoded(), subjectKeyIdentifier.getEncoded());


        byte[] authorityKeyIdentifierExtValue = resultCert.getExtensionValue(X509Extension.authorityKeyIdentifier.getId());
        ASN1Primitive authorityKeyIdentifier = JcaX509ExtensionUtils.parseExtensionValue(
                authorityKeyIdentifierExtValue);
        ASN1Primitive expAKI = jxeu.createAuthorityKeyIdentifier(caPubKey).toASN1Primitive();
        assertArrayEquals(expAKI.getEncoded(), authorityKeyIdentifier.getEncoded());


        assertEquals(-1, resultCert.getBasicConstraints());


        byte[] netscapeCertTypeExtValue = resultCert.getExtensionValue(MiscObjectIdentifiers.netscapeCertType.getId());

View Full Code Here

    endDate.add(Calendar.YEAR, 100);


    BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
    X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
    certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
    certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
    certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
    if (isCertAuthority) {
      certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    }
    X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
    return new X509CertificateObject(cert.toASN1Structure());

View Full Code Here

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(request.getSignAlgorithm());
    contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);


    if ((request.getIssuerPrivateKey() != null) && (request.getIssuerCertificate() != null)) {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerCertificate(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Principal(), request.getPublicKey());
      AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(request.getIssuerCertificate());
      builder.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
      contentSigner = contentSignerBuilder.build(request.getIssuerPrivateKey());
    } else {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerAsX500Name(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Name(), request.getPublicKey());
      contentSigner = contentSignerBuilder.build(request.getPrivateKey());
    }


    SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(request.getPublicKey());
    builder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);


    this.addV3KeyUsage(builder, request);
    this.addV3ExtendedKeyUsage(builder, request);
    this.addV3CertificatePolicies(builder, request);

View Full Code Here


      X509v2CRLBuilder builder = new X509v2CRLBuilder(bcRequest.getIssuerX500Name(), now);
      builder.setNextUpdate(bcRequest.getNextUpdate());


      X509Certificate certificate = bcRequest.getIssuerCertificate();
      AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(certificate);
      builder.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);


      builder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(bcRequest.getNumber()));


      if (bcRequest.getOldCrl() != null) {

View Full Code Here

0 1

TOP

Related Classes of org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateBuilder

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateGenerator

br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator

com.gitblit.utils.X509Utils

org.apache.accumulo.test.util.CertUtils

org.owasp.webscarab.util.SunCertificateUtils

test.unit.org.owasp.webscarab.util.SunCertificateUtilsTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.