Java Code Examples for org.bouncycastle.asn1.x500.style.RFC4519Style#INSTANCE
The following examples show how to use
org.bouncycastle.asn1.x500.style.RFC4519Style#INSTANCE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TlsResourceBuilder.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
private static X509Certificate createSelfSignedCertificate(final KeyPair keyPair,
final String dn,
final ValidityPeriod period,
final AlternativeName... alternativeName)
throws CertificateException
{
try
{
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
new X500Name(RFC4519Style.INSTANCE, dn),
generateSerialNumber(),
new Date(period.getFrom().toEpochMilli()),
new Date(period.getTo().toEpochMilli()),
new X500Name(RFC4519Style.INSTANCE, dn),
keyPair.getPublic());
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
builder.addExtension(createKeyUsageExtension());
builder.addExtension(createSubjectKeyExtension(keyPair.getPublic()));
builder.addExtension(createAlternateNamesExtension(alternativeName));
return buildX509Certificate(builder, keyPair.getPrivate());
}
catch (OperatorException | IOException e)
{
throw new CertificateException(e);
}
}
Example 2
| Source File: TlsResourceBuilder.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
private static X509Certificate createRootCACertificate(final KeyPair keyPair,
final String dn,
final ValidityPeriod validityPeriod)
throws CertificateException
{
try
{
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
new X500Name(RFC4519Style.INSTANCE, dn),
generateSerialNumber(),
new Date(validityPeriod.getFrom().toEpochMilli()),
new Date(validityPeriod.getTo().toEpochMilli()),
new X500Name(RFC4519Style.INSTANCE, dn),
keyPair.getPublic());
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
builder.addExtension(createSubjectKeyExtension(keyPair.getPublic()));
builder.addExtension(createAuthorityKeyExtension(keyPair.getPublic()));
return buildX509Certificate(builder, keyPair.getPrivate());
}
catch (OperatorException | IOException e)
{
throw new CertificateException(e);
}
}
Example 3
| Source File: TlsResourceBuilder.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
private static X509Certificate generateIntermediateCertificate(final KeyPair keyPair,
final KeyCertificatePair rootCA,
final String dn,
final ValidityPeriod validityPeriod,
final String crlUri)
throws CertificateException
{
try
{
final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
rootCA.getCertificate(),
generateSerialNumber(),
new Date(validityPeriod.getFrom().toEpochMilli()),
new Date(validityPeriod.getTo().toEpochMilli()),
new X500Name(RFC4519Style.INSTANCE, dn),
keyPair.getPublic());
//builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.keyCertSign));
builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
builder.addExtension(createSubjectKeyExtension(keyPair.getPublic()));
builder.addExtension(createAuthorityKeyExtension(rootCA.getCertificate().getPublicKey()));
if (crlUri != null)
{
builder.addExtension(createDistributionPointExtension(crlUri));
}
return buildX509Certificate(builder, rootCA.getPrivateKey());
}
catch (OperatorException | IOException e)
{
throw new CertificateException(e);
}
}
Example 4
| Source File: CertificateGeneratorTest.java From haven-platform with Apache License 2.0 | 5 votes |
|
private static JcaX509v3CertificateBuilder createRootCert(KeyPair keypair) throws Exception {
X500NameBuilder ib = new X500NameBuilder(RFC4519Style.INSTANCE);
ib.addRDN(RFC4519Style.c, "AQ");
ib.addRDN(RFC4519Style.o, "Test");
ib.addRDN(RFC4519Style.l, "Vostok Station");
ib.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "[email protected]");
X500Name issuer = ib.build();
return createCert(keypair, issuer, issuer);
}
Example 5
| Source File: KafkaTestUtils.java From ranger with Apache License 2.0 | 5 votes |
|
public static String createAndStoreKey(String subjectName, String issuerName, BigInteger serial, String keystorePassword,
String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception {
// Create KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
Date currentDate = new Date();
Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);
// Create X509Certificate
X509v3CertificateBuilder certBuilder =
new X509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate, expiryDate,
new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner));
// Store Private Key + Certificate in Keystore
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, keystorePassword.toCharArray());
keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[] {certificate});
File keystoreFile = File.createTempFile("kafkakeystore", ".jks");
try (OutputStream output = new FileOutputStream(keystoreFile)) {
keystore.store(output, keystorePassword.toCharArray());
}
// Now store the Certificate in the truststore
trustStore.setCertificateEntry(keystoreAlias, certificate);
return keystoreFile.getPath();
}
Example 6
| Source File: DeviceCertificateManager.java From enmasse with Apache License 2.0 | 4 votes |
|
public Device createDevice(final String deviceName, final Instant notBefore, final Instant notAfter, final Consumer<X509v3CertificateBuilder> customizer) throws Exception {
// create the fill device name
final X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
Arrays
.asList(new X500Name(this.baseName.getName()).getRDNs())
.forEach(e -> builder.addMultiValuedRDN(e.getTypesAndValues()));
builder.addRDN(RFC4519Style.cn, deviceName);
final X500Principal name = new X500Principal(builder.build().toString());
// create a new key pair for the device
final KeyPair deviceKey = this.keyPairGenerator.generateKeyPair();
// sign certificate with CA key
final ContentSigner contentSigner = new JcaContentSignerBuilder(mode.getSignatureAlgorithm())
.build(this.keyPair.getPrivate());
// create certificate
final X509v3CertificateBuilder deviceCertificateBuilder = new JcaX509v3CertificateBuilder(
this.baseName,
BigInteger.valueOf(this.serialNumber.getAndIncrement()),
Date.from(notBefore),
Date.from(notAfter),
name,
deviceKey.getPublic())
.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyId(deviceKey.getPublic()))
.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyId(this.keyPair.getPublic()));
// customize
if (customizer != null) {
customizer.accept(deviceCertificateBuilder);
}
// convert to JCA certificate
final X509Certificate deviceCertificate = new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(deviceCertificateBuilder.build(contentSigner));
// return result
return new Device(deviceKey, deviceCertificate);
}
Example 7
| Source File: SAML2ITCase.java From syncope with Apache License 2.0 | 4 votes |
|
private static void createKeystores() throws Exception {
// Create KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
Date currentDate = new Date();
Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);
// Create X509Certificate
String issuerName = "CN=Issuer";
String subjectName = "CN=Subject";
BigInteger serial = new BigInteger("123456");
X509v3CertificateBuilder certBuilder =
new X509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, issuerName), serial, currentDate,
expiryDate,
new X500Name(RFC4519Style.INSTANCE, subjectName),
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner));
// Store Private Key + Certificate in Keystore
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null, "security".toCharArray());
keystore.setKeyEntry("subject", keyPair.getPrivate(), "security".toCharArray(),
new Certificate[] { certificate });
File keystoreFile = File.createTempFile("samlkeystore", ".jks");
try (OutputStream output = Files.newOutputStream(keystoreFile.toPath())) {
keystore.store(output, "security".toCharArray());
}
keystorePath = keystoreFile.toPath();
// Now store the Certificate in the truststore
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, "security".toCharArray());
trustStore.setCertificateEntry("subject", certificate);
File truststoreFile = File.createTempFile("samltruststore", ".jks");
try (OutputStream output = Files.newOutputStream(truststoreFile.toPath())) {
trustStore.store(output, "security".toCharArray());
}
truststorePath = truststoreFile.toPath();
}
