use of android.sun.security.x509.X509CertInfo in project mockserver by mock-server.
the class X509Generator method generateRootX509AndPrivateKey.
public X509AndPrivateKey generateRootX509AndPrivateKey(final CertificateSigningRequest csr) throws IOException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException {
final KeyPair keyPair = generateKeyPair(csr.getKeyPairAlgorithm(), csr.getKeyPairSize());
final X500Name subjectAndIssuer = new X500Name(buildDistinguishedName(csr.getCommonName()));
X509CertInfo x509CertInfo = buildX509CertInfo(subjectAndIssuer, subjectAndIssuer, keyPair.getPublic(), csr);
updateWithRootCertificateExtensions(x509CertInfo, keyPair.getPublic());
return signX509KeyPair(keyPair.getPrivate(), keyPair, x509CertInfo, csr.getSigningAlgorithm());
}
use of android.sun.security.x509.X509CertInfo in project mockserver by mock-server.
the class X509Generator method updateWithCertificateExtensions.
private void updateWithCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey, final PublicKey caPublicKey, final Set<String> subjectAlternativeNames) throws IOException, CertificateException {
CertificateExtensions certificateExtensions = new CertificateExtensions();
GeneralNames generalNames = subjectAlternativeNames.stream().filter(StringUtils::isNotBlank).map(this::buildGeneralName).filter(Objects::nonNull).collect(Collector.of(GeneralNames::new, GeneralNames::add, // do nothing
(generalNames1, generalNames2) -> null));
if (!generalNames.isEmpty()) {
certificateExtensions.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(Boolean.FALSE, generalNames));
}
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(caPublicKey), null, null));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.1
x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
use of android.sun.security.x509.X509CertInfo in project jss by dogtagpki.
the class CertPrettyPrint method X509toString.
public String X509toString(Locale clientLocale) {
// get I18N resources
ResourceBundle resource = ResourceBundle.getBundle(PrettyPrintResources.class.getName());
DateFormat dateFormater = DateFormat.getDateTimeInstance(DateFormat.FULL, DateFormat.FULL, clientLocale);
// get timezone and timezone ID
String tz = " ";
String tzid = " ";
StringBuffer sb = new StringBuffer();
try {
X509CertInfo info = (X509CertInfo) mX509Cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
String serial2 = mX509Cert.getSerialNumber().toString(16).toUpperCase();
// get correct instance of key
PublicKey pKey = mX509Cert.getPublicKey();
X509Key key = null;
if (pKey instanceof CertificateX509Key) {
CertificateX509Key certKey = (CertificateX509Key) pKey;
key = (X509Key) certKey.get(CertificateX509Key.KEY);
}
if (pKey instanceof X509Key) {
key = (X509Key) pKey;
}
// take care of spki
sb.append(pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_CERTIFICATE) + "\n");
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_DATA) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VERSION) + " v");
sb.append((mX509Cert.getVersion() + 1) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + serial2 + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGALG) + mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n");
// XXX I18N IssuerDN ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ISSUER) + mX509Cert.getIssuerX500Principal() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VALIDITY) + "\n");
String notBefore = dateFormater.format(mX509Cert.getNotBefore());
String notAfter = dateFormater.format(mX509Cert.getNotAfter());
// get timezone and timezone ID
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mX509Cert.getNotBefore()), TimeZone.SHORT, clientLocale);
tzid = TimeZone.getDefault().getID();
}
// Specify notBefore
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_BEFORE) + notBefore + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_BEFORE) + notBefore + " " + tzid + "\n");
}
// re-get timezone (just in case it is different . . .)
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mX509Cert.getNotAfter()), TimeZone.SHORT, clientLocale);
}
// Specify notAfter
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_AFTER) + notAfter + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_AFTER) + notAfter + " " + tzid + "\n");
}
// XXX I18N SubjectDN ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SUBJECT) + mX509Cert.getSubjectX500Principal() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SPKI) + "\n");
PubKeyPrettyPrint pkpp = new PubKeyPrettyPrint(key);
sb.append(pkpp.toString(clientLocale, 16, 16));
// take care of extensions
CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
if (extensions != null)
for (int i = 0; i < extensions.size(); i++) {
Extension ext = extensions.elementAt(i);
ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 16);
sb.append(extpp.toString());
}
// take care of signature
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ALGORITHM) + mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
sb.append(pp.toHexString(mX509Cert.getSignature(), 16, 16));
// fingerprints
String[] hashes = new String[] { "MD2", "MD5", "SHA-1", "SHA-256", "SHA-512" };
StringBuffer certFingerprints = new StringBuffer();
sb.append(pp.indent(8) + "FingerPrint\n");
for (int i = 0; i < hashes.length; i++) {
MessageDigest md = MessageDigest.getInstance(hashes[i]);
md.update(mX509Cert.getEncoded());
certFingerprints.append(pp.indent(12) + hashes[i] + ":\n" + pp.toHexString(md.digest(), 16, 16));
}
sb.append(certFingerprints.toString());
} catch (Exception e) {
e.printStackTrace();
}
return sb.toString();
}
use of android.sun.security.x509.X509CertInfo in project jss by dogtagpki.
the class X509CertTest method createX509CertInfo.
public static X509CertInfo createX509CertInfo(X509Key x509key, BigInteger serialno, CertificateIssuerName issuernameObj, String subjname, Date notBefore, Date notAfter, String alg) throws Exception {
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialno));
if (issuernameObj != null) {
info.set(X509CertInfo.ISSUER, issuernameObj);
}
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(subjname)));
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(alg)));
info.set(X509CertInfo.KEY, new CertificateX509Key(x509key));
info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions());
return info;
}
use of android.sun.security.x509.X509CertInfo in project jss by dogtagpki.
the class X509CertTest method testRSA.
public static void testRSA(CryptoToken token, Date notBefore, Date notAfter) throws Exception {
X509CertImpl certImpl = null;
X509CertInfo certInfo = null;
KeyPairGenerator gen = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
gen.initialize(4096);
KeyPair keypairCA = gen.genKeyPair();
testKeys(keypairCA);
PublicKey pubCA = keypairCA.getPublic();
gen.initialize(4096);
KeyPair keypairUser = gen.genKeyPair();
testKeys(keypairUser);
PublicKey pubUser = keypairUser.getPublic();
CertificateIssuerName issuernameObj = new CertificateIssuerName(new X500Name(issuerDN));
certInfo = createX509CertInfo(convertPublicKeyToX509Key(pubUser), BigInteger.valueOf(1), issuernameObj, subjectDN, notBefore, notAfter, "SHA256withRSA");
certImpl = new X509CertImpl(certInfo);
certImpl.sign(keypairCA.getPrivate(), "SHA256withRSA");
String certOutput = certImpl.toString();
System.out.println("Test certificate output: \n" + certOutput);
}
Aggregations