Search in sources :

Example 6 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project jss by dogtagpki.

the class PKCS7 method encodeSignedData.

/**
 * Encodes the signed data to a DerOutputStream.
 *
 * @param out the DerOutputStream to write the encoded data to.
 * @exception IOException on encoding errors.
 */
public void encodeSignedData(DerOutputStream out, boolean sort) throws IOException {
    DerOutputStream signedData = new DerOutputStream();
    // version
    signedData.putInteger(version);
    // digestAlgorithmIds
    signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds);
    // contentInfo
    contentInfo.encode(signedData);
    // cast to X509CertImpl[] since X509CertImpl implements DerEncoder
    X509CertImpl[] implCerts = new X509CertImpl[certificates.length];
    try {
        for (int i = 0; i < certificates.length; i++) {
            implCerts[i] = (X509CertImpl) certificates[i];
        }
    } catch (ClassCastException e) {
        throw new IOException("Certificates in PKCS7 must be of class " + "org.mozilla.jss.netscape.security.X509CertImpl: " + e.getMessage(), e);
    }
    // to the signed data
    if (sort) {
        signedData.putOrderedSetOf((byte) 0xA0, implCerts);
    } else {
        signedData.putSet((byte) 0xA0, implCerts);
    }
    // no crls (OPTIONAL field)
    // signerInfos
    signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
    // making it a signed data block
    DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, signedData.toByteArray());
    // making it a content info sequence
    ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, signedDataSeq);
    // writing out the contentInfo sequence
    block.encode(out);
}
Also used : DerOutputStream(org.mozilla.jss.netscape.security.util.DerOutputStream) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) DerValue(org.mozilla.jss.netscape.security.util.DerValue) IOException(java.io.IOException)

Example 7 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project jss by dogtagpki.

the class PKCS7 method parseSignedData.

private void parseSignedData(DerValue val) throws ParsingException, IOException {
    DerInputStream dis = val.toDerInputStream();
    // Version
    version = dis.getInteger();
    // digestAlgorithmIds
    DerValue[] digestAlgorithmIdVals = dis.getSet(1);
    int len = digestAlgorithmIdVals.length;
    digestAlgorithmIds = new AlgorithmId[len];
    try {
        for (int i = 0; i < len; i++) {
            DerValue oid = digestAlgorithmIdVals[i];
            digestAlgorithmIds[i] = AlgorithmId.parse(oid);
        }
    } catch (IOException e) {
        ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
        pe.fillInStackTrace();
        throw pe;
    }
    // contentInfo
    contentInfo = new ContentInfo(dis);
    /*
         * check if certificates (implicit tag) are provided
         * (certificates are OPTIONAL)
         */
    if ((byte) (dis.peekByte()) == (byte) 0xA0) {
        DerValue[] certificateVals = dis.getSet(2, true);
        len = certificateVals.length;
        certificates = new X509Certificate[len];
        for (int i = 0; i < len; i++) {
            try {
                X509Certificate cert = new X509CertImpl(certificateVals[i]);
                certificates[i] = cert;
            } catch (CertificateException e) {
                ParsingException pe = new ParsingException("CertificateException: " + e.getMessage());
                pe.fillInStackTrace();
                throw pe;
            }
        }
    }
    // check if crls (implicit tag) are provided (crls are OPTIONAL)
    if ((byte) (dis.peekByte()) == (byte) 0xA1) {
        dis.getSet(0, true);
    }
    // signerInfos
    DerValue[] signerInfoVals = dis.getSet(1);
    len = signerInfoVals.length;
    signerInfos = new SignerInfo[len];
    for (int i = 0; i < len; i++) {
        DerInputStream in = signerInfoVals[i].toDerInputStream();
        signerInfos[i] = new SignerInfo(in);
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate)

Example 8 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project jss by dogtagpki.

the class PKCS12Util method createCertInfoFromNSS.

public PKCS12CertInfo createCertInfoFromNSS(X509Certificate cert, String friendlyName) throws Exception {
    // generate cert ID from SHA-1 hash of cert data
    byte[] id = SafeBag.getLocalKeyIDFromCert(cert.getEncoded());
    if (friendlyName == null) {
        friendlyName = cert.getNickname();
    }
    X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
    PK11Cert p11Cert = (PK11Cert) cert;
    String trustFlags = p11Cert.getTrustFlags();
    PKCS12CertInfo certInfo = new PKCS12CertInfo();
    certInfo.setID(id);
    certInfo.setFriendlyName(friendlyName);
    certInfo.setCert(certImpl);
    certInfo.setTrustFlags(trustFlags);
    return certInfo;
}
Also used : X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) BMPString(org.mozilla.jss.asn1.BMPString) PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)

Example 9 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project xap by xap.

the class SelfSignedCertificate method generateKeyStore.

private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    String keyStoreType = KeyStore.getDefaultType();
    final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
    keyStore.load(null, null);
    // keyStore.setCertificateEntry("CAcert-root", cert);
    keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert });
    return keyStore;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) KeyStore(java.security.KeyStore) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 10 with X509CertImpl

use of android.sun.security.x509.X509CertImpl in project CipherTrust_Application_Protection by thalescpl-io.

the class SelfSignedCertificateUtility method generateCertificate.

private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
    String dn = makeDN(certificateProeprties);
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
    CertificateValidity interval = new CertificateValidity(from, to);
    X500Name owner = new X500Name(dn);
    boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
    KeyUsageExtension kue = new KeyUsageExtension(kueOk);
    CertificateExtensions ext = new CertificateExtensions();
    ext.set(KeyUsageExtension.NAME, kue);
    info.set(X509CertInfo.VALIDITY, interval);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    boolean justName = isJavaAtLeast(1.8);
    if (justName) {
        info.set(X509CertInfo.SUBJECT, owner);
        info.set(X509CertInfo.ISSUER, owner);
    } else {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    }
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = null;
    String provider = null;
    switch(certificateProeprties.get("Algorithm")) {
        case "SHA1WithRSA":
            break;
        case "SHA256WithRSA":
            break;
        case "SHA384WithRSA":
            break;
        case "SHA512WithRSA":
            provider = "BC";
            break;
        case "SHA1WithECDSA":
            provider = "BC";
            break;
        case "SHA224WithECDSA":
            provider = "BC";
            break;
        case "SHA256WithECDSA":
            provider = "BC";
            break;
        case "SHA384WithECDSA":
            provider = "BC";
            break;
        case "SHA512WithECDSA":
            provider = "BC";
            break;
        default:
            throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
    }
    algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    info.set(X509CertInfo.EXTENSIONS, ext);
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    if (provider != null)
        cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
    else
        cert.sign(privateKey, certificateProeprties.get("Algorithm"));
    return cert;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) NAEException(com.ingrian.security.nae.NAEException) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateExtensions(sun.security.x509.CertificateExtensions) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) KeyUsageExtension(sun.security.x509.KeyUsageExtension)

Aggregations

X509CertImpl (sun.security.x509.X509CertImpl)92 CertificateException (java.security.cert.CertificateException)41 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)23 CertPathValidatorException (java.security.cert.CertPathValidatorException)17 BigInteger (java.math.BigInteger)16 PublicKey (java.security.PublicKey)15 X500Name (sun.security.x509.X500Name)14 X509CertInfo (sun.security.x509.X509CertInfo)14 AlgorithmId (sun.security.x509.AlgorithmId)13 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13 X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11 CertificateValidity (sun.security.x509.CertificateValidity)11 CertificateX509Key (sun.security.x509.CertificateX509Key)11 CertificateFactory (java.security.cert.CertificateFactory)10 CertificateVersion (sun.security.x509.CertificateVersion)10 SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8