JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); certBuilder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(pubKey)); certBuilder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(pubKey));
public void addSubjectKeyIdExtension(PublicKey key) throws IOException, NoSuchAlgorithmException { SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(key); v3CertGen.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier); }
public void addAuthorityKeyIdExtension(X509Certificate cert) throws CertificateEncodingException, CertIOException, NoSuchAlgorithmException { AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(cert); v3CertGen.addExtension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); }
@Test public void getSelfSigned_generatesACertificateWithTheRightValues() throws Exception { final X509Certificate generatedCertificate = subject.getSelfSigned(generatedCertificateKeyPair, certificateGenerationParameters); assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=my cert name")); assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name")); generatedCertificate.verify(generatedCertificateKeyPair.getPublic()); final byte[] authorityKeyIdDer = generatedCertificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer)); final byte[] authorityKeyId = authorityKeyIdentifier.getKeyIdentifier(); expectedSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(generatedCertificateKeyPair.getPublic()).getKeyIdentifier(); assertThat(authorityKeyId, equalTo(expectedSubjectKeyIdentifier)); assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337))); }
try asn1Prim = JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue);
new JcaX509ExtensionUtils().createSubjectKeyIdentifier(certPubKey); certGenerator.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
@Test public void getSignedByIssuer_setsSubjectKeyIdentifier() throws Exception { final X509Certificate generatedCertificate = subject .getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate()); expectedSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(generatedCertificateKeyPair.getPublic()).getKeyIdentifier(); final byte[] actual = generatedCertificate.getExtensionValue(Extension.subjectKeyIdentifier.getId()); // four bit type field is added at the beginning as per RFC 5280 assertThat(Arrays.copyOfRange(actual, 4, actual.length), equalTo(expectedSubjectKeyIdentifier)); }
public static byte[] getKeyIdentifier(PublicKey publicKey) throws NoSuchAlgorithmException { return new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey).getKeyIdentifier(); }
public void addAuthorityKeyIdExtension(PublicKey key) throws CertIOException, NoSuchAlgorithmException { AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(key); v3CertGen.addExtension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier); }
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue); Enumeration<?> objects = asn1Seq.getObjects();
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic())); certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
private static JcaX509v3CertificateBuilder addJcaX509Extension(String commonsName, RSAPublicKey publicKey, X509Certificate issuerCertificate, long duration, boolean isCaCertificate) throws NoSuchAlgorithmException, CertIOException { long end = System.currentTimeMillis() + duration; BigInteger serial = BigInteger.valueOf(new SecureRandom(publicKey.getEncoded()).nextLong()); JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(new org.bouncycastle.asn1.x500.X500Name(issuerCertificate.getSubjectDN().getName()), serial, new Date(), new Date(end), new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName), publicKey); JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils(); certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey)); certificateBuilder.addExtension(basicConstraints, isCaCertificate, new BasicConstraints(isCaCertificate)); return certificateBuilder; }
private void buildCRL(X509Certificate x509Certificate, String crlPath) throws Exception { X509v2CRLBuilder builder = new JcaX509v2CRLBuilder(x509Certificate.getIssuerX500Principal(), certStartTime); builder.addCRLEntry(x509Certificate.getSerialNumber(), certStartTime, CRLReason.cACompromise); builder.setNextUpdate(certEndTime); builder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils() .createAuthorityKeyIdentifier(rootCertificate)); builder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("1000"))); X509CRLHolder cRLHolder = builder.build(contentSigner); PemWriter pemWriter = new PemWriter(new FileWriter(crlPath)); pemWriter.writeObject(new MiscPEMGenerator(cRLHolder)); pemWriter.flush(); pemWriter.close(); }
ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(authorityExtensionValue); Enumeration<?> objects = asn1Seq.getObjects(); while (objects.hasMoreElements())
subPubKeyInfo); certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey)); certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerKeyPair.getPublic()));
public static SSLKeyPair createSelfSignedSSLKeyPair(String commonsName, RSAPrivateKey caPrivateKey, RSAPublicKey caPublicKey) { try { BigInteger serial = BigInteger.valueOf(new Random().nextInt()); long end = System.currentTimeMillis() + DEFAULT_CERTIFICATE_DURATION_VALIDITY; org.bouncycastle.asn1.x500.X500Name commonsX500Name = new org.bouncycastle.asn1.x500.X500Name(COMMON_NAME_ENTRY + commonsName); JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(commonsX500Name, serial, new Date(), new Date(end), commonsX500Name, caPublicKey); JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils(); certificateBuilder.addExtension(subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(caPublicKey)); certificateBuilder.addExtension(basicConstraints, true, new BasicConstraints(true)); addASN1AndKeyUsageExtensions(certificateBuilder); X509Certificate cert = verifyCertificate(caPrivateKey, caPublicKey, certificateBuilder); return new SSLKeyPair(caPrivateKey, caPublicKey, new X509Certificate[]{cert}); } catch (NoSuchAlgorithmException | CertIOException | CertificateException | InvalidKeyException | OperatorCreationException | SignatureException | NoSuchProviderException e) { throw new RuntimeException("Unable to generate SSL certificate for " + commonsName, e); } }
private static List<ExtensionHolder> getServerExtensions(X509Certificate issuerCertificate) throws CertificateEncodingException, NoSuchAlgorithmException, IOException { List<ExtensionHolder> extensions = new ArrayList<>(); // SSO forces us to allow data encipherment extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth))); Extension authorityKeyExtension = new Extension(Extension.authorityKeyIdentifier, false, new DEROctetString(new JcaX509ExtensionUtils() .createAuthorityKeyIdentifier(issuerCertificate))); extensions.add(new ExtensionHolder(authorityKeyExtension.getExtnId(), authorityKeyExtension.isCritical(), authorityKeyExtension.getParsedValue())); return extensions; }
CertSignatureInformation certInfo) throws IOException ASN1Sequence asn1Seq = (ASN1Sequence) JcaX509ExtensionUtils.parseExtensionValue(extensionValue); Enumeration<?> objects = asn1Seq.getObjects(); while (objects.hasMoreElements())
final JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); final X509v3CertificateBuilder certBuilder; if (caCert == null) { clientPublicKey); certBuilder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)); certBuilder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(clientPublicKey));
private X509Certificate generateCertificate(final KeyPair keypair) throws Exception { val dn = new X500Name("CN=" + hostname); val notBefore = new GregorianCalendar(); val notOnOrAfter = new GregorianCalendar(); notOnOrAfter.set(GregorianCalendar.YEAR, notOnOrAfter.get(GregorianCalendar.YEAR) + certificateLifetimeInYears); val builder = new JcaX509v3CertificateBuilder( dn, new BigInteger(X509_CERT_BITS_SIZE, RandomUtils.getNativeInstance()), notBefore.getTime(), notOnOrAfter.getTime(), dn, keypair.getPublic() ); val extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keypair.getPublic())); builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(buildSubjectAltNames()))); val certHldr = builder.build(new JcaContentSignerBuilder(certificateAlgorithm).build(keypair.getPrivate())); val cert = new JcaX509CertificateConverter().getCertificate(certHldr); cert.checkValidity(new Date()); cert.verify(keypair.getPublic()); return cert; }