Java Code Examples for org.bouncycastle.cert.jcajce.JcaX509CertificateConverter#getCertificate()
The following examples show how to use
org.bouncycastle.cert.jcajce.JcaX509CertificateConverter#getCertificate() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: OcspServerExample.java From netty-4.1.22 with Apache License 2.0 | 7 votes |
|
private static X509Certificate[] parseCertificates(Reader reader) throws Exception {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider());
List<X509Certificate> dst = new ArrayList<X509Certificate>();
PEMParser parser = new PEMParser(reader);
try {
X509CertificateHolder holder = null;
while ((holder = (X509CertificateHolder) parser.readObject()) != null) {
X509Certificate certificate = converter.getCertificate(holder);
if (certificate == null) {
continue;
}
dst.add(certificate);
}
} finally {
parser.close();
}
return dst.toArray(new X509Certificate[0]);
}
Example 2
| Source File: CertificateTool.java From peer-os with Apache License 2.0 | 6 votes |
|
/**
* Convert X509 certificate in PEM format to X509Certificate object
*
* @param x509InPem X509 certificate in PEM format
*
* @return {@code X509Certificate}
*/
public X509Certificate convertX509PemToCert( String x509InPem )
{
try
{
PEMParser pemParser = new PEMParser( new StringReader( x509InPem ) );
JcaX509CertificateConverter x509CertificateConverter = new JcaX509CertificateConverter();
Object o = pemParser.readObject();
return x509CertificateConverter.getCertificate( ( X509CertificateHolder ) o );
}
catch ( Exception e )
{
throw new ActionFailedException( "Failed to convert PEM to certificate", e );
}
}
Example 3
| Source File: SslConfigurer.java From ambari-logsearch with Apache License 2.0 | 5 votes |
|
private X509Certificate createCert(KeyPair keyPair, String signatureAlgoritm, String domainName)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, OperatorCreationException, CertificateException, IOException {
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgoritm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BcContentSignerBuilder sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
ASN1InputStream publicKeyStream = new ASN1InputStream(rsaPublicKey.getEncoded());
SubjectPublicKeyInfo pubKey = SubjectPublicKeyInfo.getInstance(publicKeyStream.readObject());
publicKeyStream.close();
X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(
new X500Name("CN=" + domainName + ", OU=None, O=None L=None, C=None"),
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())),
new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)),
new X500Name("CN=" + domainName + ", OU=None, O=None L=None, C=None"),
pubKey);
RSAKeyParameters keyParams = new RSAKeyParameters(true, rsaPrivateKey.getPrivateExponent(), rsaPrivateKey.getModulus());
ContentSigner contentSigner = sigGen.build(keyParams);
X509CertificateHolder certificateHolder = v3CertBuilder.build(contentSigner);
JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter().setProvider("BC");
return certConverter.getCertificate(certificateHolder);
}
Example 4
| Source File: CertUtil.java From nitmproxy with MIT License | 5 votes |
|
public static Certificate newCert(String parentCertFile, String keyFile, String host) {
try {
Date before = Date.from(Instant.now());
Date after = Date.from(Year.now().plus(3, ChronoUnit.YEARS).atDay(1).atStartOfDay(ZoneId.systemDefault()).toInstant());
X509CertificateHolder parent = readPemFromFile(parentCertFile);
PEMKeyPair pemKeyPair = readPemFromFile(keyFile);
KeyPair keyPair = new JcaPEMKeyConverter()
.setProvider(PROVIDER)
.getKeyPair(pemKeyPair);
X509v3CertificateBuilder x509 = new JcaX509v3CertificateBuilder(
parent.getSubject(),
new BigInteger(64, new SecureRandom()),
before,
after,
new X500Name("CN=" + host),
keyPair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
.build(keyPair.getPrivate());
JcaX509CertificateConverter x509CertificateConverter = new JcaX509CertificateConverter()
.setProvider(PROVIDER);
return new Certificate(
keyPair,
x509CertificateConverter.getCertificate(x509.build(signer)),
x509CertificateConverter.getCertificate(parent));
} catch (Exception e) {
throw new IllegalStateException(e);
}
}
Example 5
| Source File: ApkUtils.java From NBANDROID-V2 with Apache License 2.0 | 5 votes |
|
private static Pair<PrivateKey, X509Certificate> generateKeyAndCertificate(String asymmetric, String sign, int validityYears, String dn) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException {
Preconditions.checkArgument(validityYears > 0, "validityYears <= 0");
KeyPair keyPair = KeyPairGenerator.getInstance(asymmetric).generateKeyPair();
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + validityYears * 31536000000l);
X500Name issuer = new X500Name(new X500Principal(dn).getName());
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuer, BigInteger.ONE, notBefore, notAfter, issuer, publicKeyInfo);
ContentSigner signer = new JcaContentSignerBuilder(sign).setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate());
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
X509Certificate certificate = converter.getCertificate(holder);
return Pair.of(keyPair.getPrivate(), certificate);
}
Example 6
| Source File: TLSCertificateBuilder.java From fabric-sdk-java with Apache License 2.0 | 5 votes |
|
private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san) throws Exception {
X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair);
// Basic constraints
BasicConstraints constraints = new BasicConstraints(false);
certBuilder.addExtension(
Extension.basicConstraints,
true,
constraints.getEncoded());
// Key usage
KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature);
certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded());
// Extended key usage
certBuilder.addExtension(
Extension.extendedKeyUsage,
false,
certType.keyUsage().getEncoded());
if (san != null) {
addSAN(certBuilder, san);
}
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm)
.build(keyPair.getPrivate());
X509CertificateHolder holder = certBuilder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider(new BouncyCastleProvider());
return converter.getCertificate(holder);
}
Example 7
| Source File: CertificateSupplierModule.java From nomulus with Apache License 2.0 | 5 votes |
|
@Provides
@PemFile
static ImmutableList<X509Certificate> providePemCertificates(
@PemFile ImmutableList<Object> pemObject) {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider("BC");
Function<X509CertificateHolder, X509Certificate> certificateConverter =
certificateHolder -> {
try {
return converter.getCertificate(certificateHolder);
} catch (CertificateException e) {
throw new RuntimeException(
String.format("Error converting certificate: %s", certificateHolder), e);
}
};
ImmutableList<X509Certificate> certificates =
filterAndConvert(pemObject, X509CertificateHolder.class, certificateConverter);
checkState(!certificates.isEmpty(), "No certificates found in the pem file");
X509Certificate lastCert = null;
for (X509Certificate cert : certificates) {
if (lastCert != null) {
checkState(
lastCert.getIssuerX500Principal().equals(cert.getSubjectX500Principal()),
"Certificate chain error:\n%s\nis not signed by\n%s",
lastCert,
cert);
}
lastCert = cert;
}
return certificates;
}
Example 8
| Source File: CertificateUtil.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
/**
* Decodes a PEM formatted certificate.
*
* @param pemFormattedCertificate text to be decoded as a PEM certificate.
* @return the Certificate decoded from the input text.
* @throws CertificateParsingException
* thrown if the PEM formatted string cannot be parsed into a Certificate.
*/
public static Certificate decodePEMFormattedCertificate(final String pemFormattedCertificate)
throws CertificateException
{
log.trace("Parsing PEM formatted certificate string:\n{}", pemFormattedCertificate);
// make sure we have something to parse
if (pemFormattedCertificate != null) {
StringReader stringReader = new StringReader(pemFormattedCertificate);
try (PEMParser pemReader = new PEMParser(stringReader)) {
Object object = pemReader.readObject();
log.trace("Object found while paring PEM formatted string: {}", object);
if (object instanceof X509CertificateHolder) {
X509CertificateHolder holder = (X509CertificateHolder)object;
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
return converter.getCertificate(holder);
}
}
catch (IOException e) {
throw new CertificateParsingException(
"Failed to parse valid certificate from expected PEM formatted certificate:\n"
+ pemFormattedCertificate, e);
}
}
// cert was not a valid object
throw new CertificateParsingException(
"Failed to parse valid certificate from expected PEM formatted certificate:\n" + pemFormattedCertificate);
}
Example 9
| Source File: DSSASN1Utils.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
public static CertificateToken getCertificate(final X509CertificateHolder x509CertificateHolder) {
try {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(DSSSecurityProvider.getSecurityProviderName());
X509Certificate x509Certificate = converter.getCertificate(x509CertificateHolder);
return new CertificateToken(x509Certificate);
} catch (CertificateException e) {
throw new DSSException(e);
}
}
Example 10
| Source File: SslClientCertificateImplTest.java From hivemq-community-edition with Apache License 2.0 | 3 votes |
|
private Certificate getCertificate(final KeyPair keyPair, final JcaX509v3CertificateBuilder certificateBuilder) throws OperatorCreationException, CertificateException {
Security.addProvider(new BouncyCastleProvider());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
signerBuilder = signerBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
final ContentSigner contentSigner = signerBuilder.build(keyPair.getPrivate());
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter = converter.setProvider(BouncyCastleProvider.PROVIDER_NAME);
return converter.getCertificate(certificateBuilder.build(contentSigner));
}
