X509CertInfo info = new X509CertInfo(); X500Name owner = new X500Name("CN=" + fqdn); info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random))); try { info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); } catch (CertificateException ignore) { info.set(X509CertInfo.SUBJECT, owner); info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner)); } catch (CertificateException ignore) { info.set(X509CertInfo.ISSUER, owner); info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter)); info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic())); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid)));
X509CertInfo aCertInfo = new X509CertInfo(); Calendar aEndDate = Calendar.getInstance(); sIssuer = aSubject.toString(); aCertChain = new X509Certificate[1]; new CertificateValidity(rStartDate, aEndDate.getTime()); new CertificateX509Key(aSigningKeys.getPublic()); new CertificateAlgorithmId(AlgorithmId.get(sCertAlgorithm)); aIssuer = new X500Name(sIssuer); aCertInfo.set(X509CertInfo.SUBJECT, aSubject); aCertInfo.set(X509CertInfo.ISSUER, aIssuer); aCertInfo.set(X509CertInfo.VALIDITY, aCertValidity); aCertInfo.set(X509CertInfo.VERSION, new CertificateVersion(V3)); aCertInfo.set(X509CertInfo.SERIAL_NUMBER, aSerial); aCertInfo.set(X509CertInfo.ALGORITHM_ID, aAlgorithmId);
X500Name x500Name = new X500Name(commonName, organizationalUnit, organization, city, state, country);
/** Write a .RSA file with a digital signature. */ @SuppressWarnings("all") protected void writeSignatureBlock(byte[] signature, OutputStream out) throws IOException { try { SignerInfo signerInfo = new SignerInfo(new X500Name(cert.getIssuerX500Principal().getName()), cert.getSerialNumber(), AlgorithmId.get(digestAlg), AlgorithmId.get("RSA"), signature); PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get(digestAlg) }, new ContentInfo( ContentInfo.DATA_OID, null), new X509Certificate[] { cert }, new SignerInfo[] { signerInfo }); pkcs7.encodeSignedData(out); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } }
public X509Builder issuerName(String dn) { try { certificateIssuerName = new CertificateIssuerName(new X500Name(dn)); info.set(X509CertInfo.ISSUER, certificateIssuerName); // CertificateException, IOException } catch(Exception e) { fault(e, "issuerName(%s)", dn); } return this; }
/** * * @param dn like "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US" * @return */ public X509Builder subjectName(String dn) { try { certificateSubjectName = new CertificateSubjectName(new X500Name(dn)); info.set(X509CertInfo.SUBJECT, certificateSubjectName); // CertificateException, IOException } catch(Exception e) { fault(e, "subjectName(%s)", dn); } return this; }
@Override public String generateAlias(final X509Certificate certificate) throws CertificateException { String alias = null; try { X500Name dnName = new X500Name(certificate.getSubjectDN().getName()); alias = dnName.getCommonName(); } catch (IOException e) { throw new CertificateException("SubjectDN problem - cannot generate alias", e); } if (alias == null || alias.isEmpty()) { throw new CertificateException("CN is null - cannot accept as alias"); } return alias; } }
/** * Creates a self-signed X.509 certificate using SHA-256 with RSA * encryption. * * XXX This method uses Sun "internal" API's, which may be removed in a * future JRE release. * * @param dn * @param alternativeName a string like "ip:1.2.3.4" * @param pair * @param days * @return * @throws GeneralSecurityException * @throws IOException */ public static X509Certificate generateX509Certificate(String dn, String alternativeName, KeyPair pair, int days) throws CryptographyException, IOException { X500Name owner = new X500Name(dn, "Mt Wilson", "Trusted Data Center", "US"); // the constructor X500Name(dn) was throwing an exception; replaced "Intel" with "Trusted Data Center" to avoid confusion about the owner of the certificate... this is not an "Intel certificate", it's generated at the customer site. return createX509CertificateWithIssuer(pair.getPublic(), dn, alternativeName, days, pair.getPrivate(), new CertificateIssuerName(owner)); }
if( commonName != null || organizationUnit != null || organizationName != null || country != null ) { try { subjectName(new X500Name(commonName, organizationUnit, organizationName, country)); issuerName(new X500Name(commonName, organizationUnit, organizationName, country)); algorithm(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid)); // algorithm.getName() == SHA256withRSA cert.sign(issuerPrivateKey, algorithm.getName()); // NoSuchAlgorithMException, InvalidKeyException, NoSuchProviderException, , SignatureException
if ( removeEmptyRDNs ) { try { X500Name x500Name = X500Name.asX500Name( x500Principal ); List<RDN> rdns = new ArrayList<RDN>(); for ( RDN eachRDN : x500Name.rdns() ) { if ( !isEmpty( eachRDN ) ) { rdns.add( eachRDN ); X500Name afterX500Name = new X500Name( rdns.toArray( new RDN[ rdns.size() ] ) ); ppalToUse = new X500Principal( afterX500Name.getRFC2253Name( ADDITIONAL_KEYWORDS ), ADDITIONAL_KEYWORDS ); } catch ( IOException ignored ) {
X500Name x500name = new X500Name ("CN="+CN+",OU="+OU+",O="+O+",L="+L+",S="+S+",C="+C); pkcs10.encodeAndSign(x500name, signature); ByteArrayOutputStream bs = new ByteArrayOutputStream(); cert.setSubjectDN(pkcs10.getSubjectName().asX500Principal()); cert.setIssuerDN(pkcs10.getSubjectName().asX500Principal()); //same since it is self-signed cert.setPublicKey(pkcs10.getSubjectPublicKeyInfo()); Date now = new Date(); cert.setNotBefore(now);
/** * Creates an X.509 certificate on the given subject's public key and * distinguished name, using the given issuer private key and certificate * (used as the source of issuer's name on the newly created certificate). * * @param subjectPublicKey * @param dn * @param alternativeName a string like "ip:1.2.3.4" * @param days * @param issuerPrivateKey * @param issuerCertificate * @return * @throws GeneralSecurityException * @throws IOException */ public static X509Certificate createX509CertificateWithIssuer(PublicKey subjectPublicKey, String dn, String alternativeName, int days, PrivateKey issuerPrivateKey, X509Certificate issuerCertificate) throws CryptographyException, IOException { X500Name issuerName = X500Name.asX500Name(issuerCertificate.getSubjectX500Principal()); return createX509CertificateWithIssuer(subjectPublicKey, dn, alternativeName, days, issuerPrivateKey, new CertificateIssuerName(issuerName)); }
@SuppressWarnings("restriction") public NameInfo(sun.security.x509.X500Name name) throws IOException { this.commonName = name.getCommonName(); this.organisation = name.getOrganization(); this.organisationUnit = name.getOrganizationalUnit(); this.locality = name.getLocality(); this.state = name.getState(); this.country = name.getCountry(); }
try { X500Principal prin = new X500Principal(in509); X500Name name500 = X500Name.asX500Name(prin); for (AVA ava : name500.allAvas()) { if (X500Name.userid_oid == ava.getObjectIdentifier()) { userVal = ava.getValueString();
@Override public String getCN() { if (pkcs10 == null) { return null; } try { return pkcs10.getSubjectName().getCommonName(); } catch (IOException e) { throw new GeneralException("Could not get common name", e); } }
public X509Builder issuerName(X509Certificate issuerCertificate) { X500Name issuerName = X500Name.asX500Name(issuerCertificate.getSubjectX500Principal()); issuerName(issuerName); return this; }
private static X500Name x500Name(SelfSignedCertInfo info) throws IOException { return new X500Name(info.name(), info.unit(), info.organization(), info.locality(), info.state(), info.country()); }
/** Write a .RSA file with a digital signature. */ private static void writeSignatureBlock(Signature signature, X509Certificate publicKey, OutputStream out) throws IOException, GeneralSecurityException { SignerInfo signerInfo = new SignerInfo(new X500Name(publicKey .getIssuerX500Principal().getName()), publicKey.getSerialNumber(), AlgorithmId.get("SHA1"), AlgorithmId.get("RSA"), signature.sign()); PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get("SHA1") }, new ContentInfo(ContentInfo.DATA_OID, null), new X509Certificate[] { publicKey }, new SignerInfo[] { signerInfo }); pkcs7.encodeSignedData(out); }
ctx = new InitialDirContext(getLdapBindProps()); X500Name name = new X500Name(userDN); String _username = name.getCommonName(); if (_username == null && userDN != null && userDN.startsWith("uid")) {