use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project snowflake-jdbc by snowflakedb.
the class SFTrustManager method createRequest.
/**
* Creates a OCSP Request
*
* @param pairIssuerSubject a pair of issuer and subject certificates
* @return OCSPReq object
*/
private OCSPReq createRequest(SFPair<Certificate, Certificate> pairIssuerSubject) throws IOException {
Certificate issuer = pairIssuerSubject.left;
Certificate subject = pairIssuerSubject.right;
OCSPReqBuilder gen = new OCSPReqBuilder();
try {
DigestCalculator digest = new SHA1DigestCalculator();
X509CertificateHolder certHolder = new X509CertificateHolder(issuer.getEncoded());
CertificateID certId = new CertificateID(digest, certHolder, subject.getSerialNumber().getValue());
gen.addRequest(certId);
return gen.build();
} catch (OCSPException ex) {
throw new IOException("Failed to build a OCSPReq.", ex);
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project apksig by venshine.
the class X509CertificateUtils method generateCertificate.
/**
* Generates an {@code X509Certificate} from the encoded form using the provided
* {@code CertificateFactory}.
*
* @throws CertificateException if the encodedForm cannot be decoded to a valid certificate.
*/
public static X509Certificate generateCertificate(byte[] encodedForm, CertificateFactory certFactory) throws CertificateException {
X509Certificate certificate;
try {
certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(encodedForm));
return certificate;
} catch (CertificateException e) {
// This could be expected if the certificate is encoded using a BER encoding that does
// not use the minimum number of bytes to represent the length of the contents; attempt
// to decode the certificate using the BER parser and re-encode using the DER encoder
// below.
}
try {
// Some apps were previously signed with a BER encoded certificate that now results
// in exceptions from the CertificateFactory generateCertificate(s) methods. Since
// the original BER encoding of the certificate is used as the signature for these
// apps that original encoding must be maintained when signing updated versions of
// these apps and any new apps that may require capabilities guarded by the
// signature. To maintain the same signature the BER parser can be used to parse
// the certificate, then it can be re-encoded to its DER equivalent which is
// accepted by the generateCertificate method. The positions in the ByteBuffer can
// then be used with the GuaranteedEncodedFormX509Certificate object to ensure the
// getEncoded method returns the original signature of the app.
ByteBuffer encodedCertBuffer = getNextDEREncodedCertificateBlock(ByteBuffer.wrap(encodedForm));
int startingPos = encodedCertBuffer.position();
Certificate reencodedCert = Asn1BerParser.parse(encodedCertBuffer, Certificate.class);
byte[] reencodedForm = Asn1DerEncoder.encode(reencodedCert);
certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(reencodedForm));
// If the reencodedForm is successfully accepted by the CertificateFactory then copy the
// original encoding from the ByteBuffer and use that encoding in the Guaranteed object.
byte[] originalEncoding = new byte[encodedCertBuffer.position() - startingPos];
encodedCertBuffer.position(startingPos);
encodedCertBuffer.get(originalEncoding);
GuaranteedEncodedFormX509Certificate guaranteedEncodedCert = new GuaranteedEncodedFormX509Certificate(certificate, originalEncoding);
return guaranteedEncodedCert;
} catch (Asn1DecodingException | Asn1EncodingException | CertificateException e) {
throw new CertificateException("Failed to parse certificate", e);
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class CreateCertificate method createCertificate.
// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
// The public key used to sign the certificate can be generated using any crypto
// library/framework.
public static void createCertificate(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, ByteString publicKeyBytes) throws InterruptedException, ExecutionException, IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// commonName: Enter a title for your certificate.
// orgName: Provide the name of your company.
// domainName: List the fully qualified domain name.
// certificateLifetime: The validity of the certificate in seconds.
String commonName = "common-name";
String orgName = "org-name";
String domainName = "dns.your-domain.com";
long certificateLifetime = 1000L;
// Set the Public Key and its format.
PublicKey publicKey = PublicKey.newBuilder().setKey(publicKeyBytes).setFormat(KeyFormat.PEM).build();
SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
// Set the X.509 fields required for the certificate.
X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).setCertSign(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).buildPartial()).build();
// Create certificate.
Certificate certificate = Certificate.newBuilder().setConfig(CertificateConfig.newBuilder().setPublicKey(publicKey).setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
// Create the Certificate Request.
CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateId(certificateName).setCertificate(certificate).setIssuingCertificateAuthorityId(certificateAuthorityName).build();
// Get the Certificate response.
ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
Certificate response = future.get();
// Get the PEM encoded, signed X.509 certificate.
System.out.println(response.getPemCertificate());
// To verify the obtained certificate, use this intermediate chain list.
System.out.println(response.getPemCertificateChainList());
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class FilterCertificates method filterCertificates.
// Filter certificates based on a condition and list them.
public static void filterCertificates(String project, String location, String pool_Id) throws IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
CaPoolName caPool = CaPoolName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).build();
// Create the certificate request and set the filter condition.
ListCertificatesRequest listCertificatesRequest = ListCertificatesRequest.newBuilder().setParent(caPool.toString()).setFilter("certificate_description.subject_description.subject.organization=csr-org-name").build();
// Retrieve and print the certificate names.
System.out.println("Available certificates: ");
for (Certificate certificate : certificateAuthorityServiceClient.listCertificates(listCertificatesRequest).iterateAll()) {
System.out.println(certificate.getName());
}
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class ListCertificates method listCertificates.
// List Certificates present in the given CA pool.
public static void listCertificates(String project, String location, String pool_Id) throws IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
CaPoolName caPool = CaPoolName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).build();
// Retrieve and print the certificate names.
System.out.println("Available certificates: ");
for (Certificate certificate : certificateAuthorityServiceClient.listCertificates(caPool).iterateAll()) {
System.out.println(certificate.getName());
}
}
}
Aggregations