Examples with KeyIdentifier android.sun.security.x509.KeyIdentifier used on opensource projects

Search in sources :

Example 11 with KeyIdentifier

use of android.sun.security.x509.KeyIdentifier in project candlepin by candlepin.

the class DefaultSubjectKeyIdentifierWriter method getSubjectKeyIdentifier.

@Override
public byte[] getSubjectKeyIdentifier(KeyPair clientKeyPair, Set<X509ExtensionWrapper> extensions) throws IOException {
    try {
        MessageDigest d = MessageDigest.getInstance("SHA-1");
        byte[] encodedKey = clientKeyPair.getPublic().getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the key's bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return ASN1Util.encode(new OCTET_STRING(ki.getIdentifier()));
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not create KeyIdentifier", e);
    }
}
Also used : OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier) DerValue(org.mozilla.jss.netscape.security.util.DerValue) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) BitArray(org.mozilla.jss.netscape.security.util.BitArray) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) MessageDigest(java.security.MessageDigest)

Example 12 with KeyIdentifier

use of android.sun.security.x509.KeyIdentifier in project j2objc by google.

the class AdaptableX509CertSelector method parseAuthorityKeyIdentifierExtension.

/**
 * Parse the authority key identifier extension.
 *
 * If the keyIdentifier field of the extension is non-null, set the
 * subjectKeyIdentifier criterion. If the authorityCertSerialNumber
 * field is non-null, set the serialNumber criterion.
 *
 * Note that we will not set the subject criterion according to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before call match().
 *
 * @param akidext the authorityKeyIdentifier extension
 */
void parseAuthorityKeyIdentifierExtension(AuthorityKeyIdentifierExtension akidext) throws IOException {
    if (akidext != null) {
        KeyIdentifier akid = (KeyIdentifier) akidext.get(AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            // Do not override the previous setting for initial selection.
            if (isSKIDSensitive || getSubjectKeyIdentifier() == null) {
                DerOutputStream derout = new DerOutputStream();
                derout.putOctetString(akid.getIdentifier());
                super.setSubjectKeyIdentifier(derout.toByteArray());
                isSKIDSensitive = true;
            }
        }
        SerialNumber asn = (SerialNumber) akidext.get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            // Do not override the previous setting for initial selection.
            if (isSNSensitive || getSerialNumber() == null) {
                super.setSerialNumber(asn.getNumber());
                isSNSensitive = true;
            }
        }
    // the subject criterion should be set by the caller.
    }
}
Also used : KeyIdentifier(sun.security.x509.KeyIdentifier) SerialNumber(sun.security.x509.SerialNumber) DerOutputStream(sun.security.util.DerOutputStream)

Example 13 with KeyIdentifier

use of android.sun.security.x509.KeyIdentifier in project j2objc by google.

the class Vertex method certToString.

/**
 * Return string representation of this vertex's
 * certificate information.
 *
 * @returns String representation of certificate info
 */
public String certToString() {
    StringBuilder sb = new StringBuilder();
    X509CertImpl x509Cert = null;
    try {
        x509Cert = X509CertImpl.toImpl(cert);
    } catch (CertificateException ce) {
        if (debug != null) {
            debug.println("Vertex.certToString() unexpected exception");
            ce.printStackTrace();
        }
        return sb.toString();
    }
    sb.append("Issuer:     ").append(x509Cert.getIssuerX500Principal()).append("\n");
    sb.append("Subject:    ").append(x509Cert.getSubjectX500Principal()).append("\n");
    sb.append("SerialNum:  ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
    sb.append("Expires:    ").append(x509Cert.getNotAfter().toString()).append("\n");
    boolean[] iUID = x509Cert.getIssuerUniqueID();
    if (iUID != null) {
        sb.append("IssuerUID:  ");
        for (boolean b : iUID) {
            sb.append(b ? 1 : 0);
        }
        sb.append("\n");
    }
    boolean[] sUID = x509Cert.getSubjectUniqueID();
    if (sUID != null) {
        sb.append("SubjectUID: ");
        for (boolean b : sUID) {
            sb.append(b ? 1 : 0);
        }
        sb.append("\n");
    }
    try {
        SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
        if (sKeyID != null) {
            KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
            sb.append("SubjKeyID:  ").append(keyID.toString());
        }
        AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
        if (aKeyID != null) {
            KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
            sb.append("AuthKeyID:  ").append(keyID.toString());
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("Vertex.certToString() unexpected exception");
            e.printStackTrace();
        }
    }
    return sb.toString();
}
Also used : SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension) KeyIdentifier(sun.security.x509.KeyIdentifier) X509CertImpl(sun.security.x509.X509CertImpl) AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException)

Example 14 with KeyIdentifier

use of android.sun.security.x509.KeyIdentifier in project mockserver by mock-server.

the class X509Generator method updateWithCertificateExtensions.

private void updateWithCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey, final PublicKey caPublicKey, final Set<String> subjectAlternativeNames) throws IOException, CertificateException {
    CertificateExtensions certificateExtensions = new CertificateExtensions();
    GeneralNames generalNames = subjectAlternativeNames.stream().filter(StringUtils::isNotBlank).map(this::buildGeneralName).filter(Objects::nonNull).collect(Collector.of(GeneralNames::new, GeneralNames::add, // do nothing
    (generalNames1, generalNames2) -> null));
    if (!generalNames.isEmpty()) {
        certificateExtensions.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(Boolean.FALSE, generalNames));
    }
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
    certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
    certificateExtensions.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(caPublicKey), null, null));
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.1
    x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
Also used : CertificateValidity(sun.security.x509.CertificateValidity) X509Certificate(java.security.cert.X509Certificate) java.util(java.util) InternetDomainName(com.google.common.net.InternetDomainName) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) StringUtils(org.apache.commons.lang3.StringUtils) GeneralName(sun.security.x509.GeneralName) IPAddressName(sun.security.x509.IPAddressName) X500Name(sun.security.x509.X500Name) Level(org.slf4j.event.Level) CertificateExtensions(sun.security.x509.CertificateExtensions) BigInteger(java.math.BigInteger) SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension) Collector(java.util.stream.Collector) BasicConstraintsExtension(sun.security.x509.BasicConstraintsExtension) DerValue(sun.security.util.DerValue) KeyUsageExtension(sun.security.x509.KeyUsageExtension) java.security(java.security) KeyIdentifier(sun.security.x509.KeyIdentifier) AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension) CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) IOException(java.io.IOException) DNSName(sun.security.x509.DNSName) CertificateException(java.security.cert.CertificateException) X509CertImpl(sun.security.x509.X509CertImpl) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) CertificateX509Key(sun.security.x509.CertificateX509Key) PEMToFile(org.mockserver.socket.tls.PEMToFile) LogEntry(org.mockserver.log.model.LogEntry) CertificateVersion(sun.security.x509.CertificateVersion) MockServerLogger(org.mockserver.logging.MockServerLogger) InetAddresses(com.google.common.net.InetAddresses) GeneralNames(sun.security.x509.GeneralNames) AlgorithmId(sun.security.x509.AlgorithmId) X509CertInfo(sun.security.x509.X509CertInfo) SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension) GeneralNames(sun.security.x509.GeneralNames) KeyIdentifier(sun.security.x509.KeyIdentifier) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension) CertificateExtensions(sun.security.x509.CertificateExtensions)

Example 15 with KeyIdentifier

use of android.sun.security.x509.KeyIdentifier in project mockserver by mock-server.

the class X509Generator method updateWithRootCertificateExtensions.

private void updateWithRootCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey) throws IOException, CertificateException {
    CertificateExtensions certificateExtensions = new CertificateExtensions();
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.9
    certificateExtensions.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(// is critical
    true, // is CA
    true, // path length
    -1));
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
    boolean[] keyUsage = new boolean[9];
    // keyCertSign
    keyUsage[5] = true;
    certificateExtensions.set(KeyUsageExtension.NAME, new KeyUsageExtension(keyUsage));
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
    certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
    x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
Also used : SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension) BasicConstraintsExtension(sun.security.x509.BasicConstraintsExtension) KeyIdentifier(sun.security.x509.KeyIdentifier) CertificateExtensions(sun.security.x509.CertificateExtensions) KeyUsageExtension(sun.security.x509.KeyUsageExtension)

Aggregations

IOException (java.io.IOException)10 KeyIdentifier (sun.security.x509.KeyIdentifier)9 KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)8 AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)6 AuthorityKeyIdentifierExtension (sun.security.x509.AuthorityKeyIdentifierExtension)6 SubjectKeyIdentifierExtension (sun.security.x509.SubjectKeyIdentifierExtension)5 X509CertImpl (sun.security.x509.X509CertImpl)5 MessageDigest (java.security.MessageDigest)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 CertificateException (java.security.cert.CertificateException)4 BitArray (org.mozilla.jss.netscape.security.util.BitArray)4 DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)4 DerValue (org.mozilla.jss.netscape.security.util.DerValue)4 BigInteger (java.math.BigInteger)2 SecureRandom (java.security.SecureRandom)2 Date (java.util.Date)2 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)2 BasicConstraintsExtension (sun.security.x509.BasicConstraintsExtension)2 CertificateExtensions (sun.security.x509.CertificateExtensions)2 KeyUsageExtension (sun.security.x509.KeyUsageExtension)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial