/** * Create a certificate to use by a Certificate Authority, signed by a self signed certificate. */ private X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception { // signers name X500Name issuerName = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK"); // subjects name - the same as we are self signed. X500Name subjectName = issuerName; // serial BigInteger serial = BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE)); // create the certificate - version 3 X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, NOT_BEFORE, NOT_AFTER, subjectName, publicKey); builder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign); builder.addExtension(Extension.keyUsage, false, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); purposes.add(KeyPurposeId.id_kp_clientAuth); purposes.add(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); X509Certificate cert = signCertificate(builder, privateKey); cert.checkValidity(new Date()); cert.verify(publicKey); return cert; }
Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); return buildAndSignCertificate(keyPair.getPrivate(), builder);
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, HOSTNAME); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)); }
private X509Certificate[] createSelfSignedCertifcateChain(String ipAddress, String hostname) throws Exception { X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, "NOT_LOCALHOST"); Date notBefore = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(notBefore); cal.add(Calendar.YEAR, 1); Date notAfter = cal.getTime(); BigInteger serialNumber = new BigInteger(128, new Random()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic()) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); List<GeneralName> generalNames = new ArrayList<>(); if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); } if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); return new X509Certificate[] { new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner)) }; }
builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); // not a CA builder.addExtension( Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); builder.addExtension( Extension.extendedKeyUsage,
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign));
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation));
new BasicConstraints(true)); KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(rootCertificatePublicKey)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(true)) .addExtension(Extension.keyUsage, false, new KeyUsage( KeyUsage.keyCertSign | KeyUsage.digitalSignature
.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); } else {
private static KeyUsage buildKeyUsage(boolean digitalSigning, boolean dataEncryption) { int usage = 0; if (digitalSigning) { usage = KeyUsage.digitalSignature; } if (dataEncryption) { usage = usage | KeyUsage.dataEncipherment; } return new KeyUsage(usage); }
private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san) throws Exception { X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair); // Basic constraints BasicConstraints constraints = new BasicConstraints(false); certBuilder.addExtension( Extension.basicConstraints, true, constraints.getEncoded()); // Key usage KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature); certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded()); // Extended key usage certBuilder.addExtension( Extension.extendedKeyUsage, false, certType.keyUsage().getEncoded()); if (san != null) { addSAN(certBuilder, san); } ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm) .build(keyPair.getPrivate()); X509CertificateHolder holder = certBuilder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); converter.setProvider(new BouncyCastleProvider()); return converter.getCertificate(holder); }
private static KeyUsage setToKeyUsage(Set<String> flags) { int usageBitString = 0; for (String key: flags) { Integer flagBit = keyUsageFlags.get(key); if (flagBit == null) { throw new IllegalArgumentException( "The provided usage key does not exist: '" + key + "'"); } usageBitString |= flagBit; } return new KeyUsage(usageBitString); }
private static KeyUsage setToKeyUsage(Set<String> flags) { int usageBitString = 0; for (String key: flags) { Integer flagBit = keyUsageFlags.get(key); if (flagBit == null) { throw new IllegalArgumentException( "The provided usage key does not exist: '" + key + "'"); } usageBitString |= flagBit; } return new KeyUsage(usageBitString); }
public ASN1Primitive toASN1Primitive() { return new KeyUsage(usage).toASN1Primitive(); } }
public static org.bouncycastle.asn1.x509.KeyUsage createKeyUsage(Set<KeyUsage> usages) { if (CollectionUtil.isEmpty(usages)) { return null; } int usage = 0; for (KeyUsage keyUsage : usages) { usage |= keyUsage.getBcUsage(); } return new org.bouncycastle.asn1.x509.KeyUsage(usage); }
public static org.bouncycastle.asn1.x509.KeyUsage createKeyUsage(final Set<KeyUsage> usages) { if (CollectionUtil.isEmpty(usages)) { return null; } int usage = 0; for (KeyUsage keyUsage : usages) { usage |= keyUsage.bcUsage(); } return new org.bouncycastle.asn1.x509.KeyUsage(usage); }
private static List<ExtensionHolder> getClientExtensions() { List<ExtensionHolder> extensions = new ArrayList<>(); extensions.add(new ExtensionHolder(Extension.basicConstraints, true, new BasicConstraints(false))); extensions.add(new ExtensionHolder(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature))); extensions.add(new ExtensionHolder(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth))); return extensions; }
private void addKeyUsage(X509ExtensionSet extensionSet, int usage) throws IOException { KeyUsage ku = new KeyUsage(usage); byte[] kuEncoded = wrapInOctetString(ku.getEncoded()); extensionSet.addExtension(X509ExtensionType.KEY_USAGE.oid(), false, kuEncoded); }