Example 11 with Sequence
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class GenerateTestCert method doIt.
/**
* Based on the input parameters, generate a cert
* pair.
*/
private void doIt(String[] args) throws Exception {
String caCertNick = CACERT_NICKNAME;
String serverCertNick = SERVERCERT_NICKNAME;
String clientCertNick = CLIENTCERT_NICKNAME;
if (args.length < 3) {
usage();
}
try {
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
PasswordCallback cb = new FilePasswordCallback(args[1]);
tok.login(cb);
int serialNum = Integer.parseInt(args[2]);
X509Certificate[] permCerts = cm.getPermCerts();
int originalPermCerts = permCerts.length;
System.out.println("Number of certificates stored in the " + " database: " + originalPermCerts);
String hostname = "localhost";
if (args.length > 4) {
hostname = args[3];
}
String alg = "SHA-256/RSA";
if (args.length > 5) {
alg = args[4];
}
setSigAlg(alg);
X509Certificate[] certs;
if (args.length > 6) {
caCertNick = args[5];
}
/* ensure certificate does not already exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length > 0) {
System.out.println(caCertNick + " already exists!");
System.exit(1);
}
if (args.length > 7) {
serverCertNick = args[6];
}
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length > 0) {
System.out.println(serverCertNick + " already exists!");
System.exit(1);
}
if (args.length == 8) {
clientCertNick = args[7];
}
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length > 0) {
System.out.println(clientCertNick + " already exists!");
System.exit(1);
}
// generate CA cert
java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance(keyType, "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), caCertNick);
InternalCertificate intern = (InternalCertificate) nssCaCert;
intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", hostname, serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
System.out.println("\nThis program created certificates with \n" + "following cert nicknames:" + "\n\t" + caCertNick + "\n\t" + serverCertNick + "\n\t" + clientCertNick);
permCerts = cm.getPermCerts();
if ((originalPermCerts + 3) != permCerts.length) {
System.out.println("Error there should be three more " + " certificates stored in the database");
System.exit(1);
} else {
System.out.println("Number of certificates stored in the " + " database: " + permCerts.length);
}
/* ensure certificates exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length == 0) {
System.out.println(caCertNick + " should exist!");
System.exit(1);
}
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
System.out.println(serverCertNick + " should exist!");
System.exit(1);
}
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length == 0) {
System.out.println(clientCertNick + " should exist!");
System.exit(1);
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
Also used :
KeyPair(java.security.KeyPair)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
CryptoManager(org.mozilla.jss.CryptoManager)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
PasswordCallback(org.mozilla.jss.util.PasswordCallback)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Example 12 with Sequence
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class GenerateTestCert method makeBasicConstraintsExtension.
/**
* Make basic extension.
*/
private Extension makeBasicConstraintsExtension() throws Exception {
SEQUENCE bc = new SEQUENCE();
// cA
bc.addElement(new BOOLEAN(true));
OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
new long[] { 2, 5, 29, 19 });
OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
return new Extension(bcOID, true, enc);
}
Also used :
Extension(org.mozilla.jss.pkix.cert.Extension)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
BOOLEAN(org.mozilla.jss.asn1.BOOLEAN)
Example 13 with Sequence
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class CertReqMsg method encode.
/**
* Encodes this <i>CertReqMsg</i> to the given OutputStream using
* DER encoding, with the given implicit tag.
*/
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
// Assert.notYetImplemented("CertReqMsg encoding");
SEQUENCE sequence = new SEQUENCE();
sequence.addElement(certReq);
if (pop != null)
sequence.addElement(pop);
if (regInfo != null)
sequence.addElement(regInfo);
sequence.encode(implicit, ostream);
}
Also used :
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
Example 14 with Sequence
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class CertTemplate method encode.
@Override
public void encode(Tag t, OutputStream ostream) throws IOException {
SEQUENCE seq = new SEQUENCE();
seq.addElement(Tag.get(0), version);
seq.addElement(Tag.get(1), serialNumber);
seq.addElement(Tag.get(2), signingAlg);
if (issuer != null) {
// issuer is a CHOICE, so it must be EXPLICITly tagged
seq.addElement(new EXPLICIT(Tag.get(3), issuer));
}
if (notBefore != null || notAfter != null) {
SEQUENCE optionalVal = new SEQUENCE();
// notBefore & notAfter are CHOICES, so must be EXPLICITly tagged
if (notBefore != null) {
optionalVal.addElement(new EXPLICIT(Tag.get(0), dateToASN1(notBefore)));
}
if (notAfter != null) {
optionalVal.addElement(new EXPLICIT(Tag.get(1), dateToASN1(notAfter)));
}
seq.addElement(Tag.get(4), optionalVal);
}
if (subject != null) {
// subject is a CHOICE, so it must be EXPLICITly tagged
seq.addElement(new EXPLICIT(Tag.get(5), subject));
}
seq.addElement(Tag.get(6), publicKey);
seq.addElement(Tag.get(7), issuerUID);
seq.addElement(Tag.get(8), subjectUID);
seq.addElement(Tag.get(9), extensions);
seq.encode(t, ostream);
}Example 15 with Sequence
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class KeyFactorySpi1_2 method engineGeneratePublic.
@Override
protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
if (keySpec instanceof RSAPublicKeySpec) {
RSAPublicKeySpec spec = (RSAPublicKeySpec) keySpec;
// Generate a DER RSA public key
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(spec.getModulus()));
seq.addElement(new INTEGER(spec.getPublicExponent()));
return PK11PubKey.fromRaw(PrivateKey.RSA, ASN1Util.encode(seq));
} else if (keySpec instanceof DSAPublicKeySpec) {
// We need to import both the public value and the PQG parameters.
// The only way to get all that information in DER is to send
// a full SubjectPublicKeyInfo. So we encode all the information
// into an SPKI.
DSAPublicKeySpec spec = (DSAPublicKeySpec) keySpec;
SEQUENCE pqg = new SEQUENCE();
pqg.addElement(new INTEGER(spec.getP()));
pqg.addElement(new INTEGER(spec.getQ()));
pqg.addElement(new INTEGER(spec.getG()));
OBJECT_IDENTIFIER oid = null;
try {
oid = SignatureAlgorithm.DSASignature.toOID();
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("No such algorithm: " + e.getMessage(), e);
}
AlgorithmIdentifier algID = new AlgorithmIdentifier(oid, pqg);
INTEGER publicValue = new INTEGER(spec.getY());
byte[] encodedPublicValue = ASN1Util.encode(publicValue);
SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algID, new BIT_STRING(encodedPublicValue, 0));
return PK11PubKey.fromSPKI(ASN1Util.encode(spki));
//
// requires JAVA 1.5
//
// } else if( keySpec instanceof ECPublicKeySpec ) {
// // We need to import both the public value and the curve.
// // The only way to get all that information in DER is to send
// // a full SubjectPublicKeyInfo. So we encode all the information
// // into an SPKI.
//
// ECPublicKeySpec spec = (ECPublicKeySpec) keySpec;
// AlgorithmParameters algParams = getInstance("ECParameters");
//
// algParameters.init(spec.getECParameters());
// OBJECT_IDENTIFIER oid = null;
// try {
// oid = SignatureAlgorithm.ECSignature.toOID();
// } catch(NoSuchAlgorithmException ex ) {
// Assert.notReached("no such algorithm as DSA?");
// }
// AlgorithmIdentifier algID =
// new AlgorithmIdentifier(oid, ecParams.getParams() );
// INTEGER publicValueX = new INTEGER(spec.getW().getAffineX());
// INTEGER publicValueY = new INTEGER(spec.getW().getAffineY());
// byte[] encodedPublicValue;
// encodedPublicValue[0] = EC_UNCOMPRESSED_POINT;
// encodedPublicValue += spec.getW().getAffineX().toByteArray();
// encodedPublicValue += spec.getW().getAffineY().toByteArray();
//
// byte[] encodedPublicValue = ASN1Util.encode(publicValue);
// SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(
// algID, new BIT_STRING(encodedPublicValue, 0) );
//
// return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
//
// use the following for EC keys in 1.4.2
} else if (keySpec instanceof X509EncodedKeySpec) {
//
// SubjectPublicKeyInfo
//
X509EncodedKeySpec spec = (X509EncodedKeySpec) keySpec;
return PK11PubKey.fromSPKI(spec.getEncoded());
}
throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
}
Also used :
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
SubjectPublicKeyInfo(org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo)
BIT_STRING(org.mozilla.jss.asn1.BIT_STRING)
INTEGER(org.mozilla.jss.asn1.INTEGER)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
Aggregations
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)50
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)16
Sequence (org.sbolstandard.core2.Sequence)11
SET (org.mozilla.jss.asn1.SET)9
ANY (org.mozilla.jss.asn1.ANY)8
InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)8
OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8
URI (java.net.URI)7
BMPString (org.mozilla.jss.asn1.BMPString)7
CryptoToken (org.mozilla.jss.crypto.CryptoToken)7
ASN1Value (org.mozilla.jss.asn1.ASN1Value)6
INTEGER (org.mozilla.jss.asn1.INTEGER)6
AuthenticatedSafes (org.mozilla.jss.pkcs12.AuthenticatedSafes)6
FileOutputStream (java.io.FileOutputStream)5
IOException (java.io.IOException)5
SignatureException (java.security.SignatureException)5
EXPLICIT (org.mozilla.jss.asn1.EXPLICIT)5
SafeBag (org.mozilla.jss.pkcs12.SafeBag)5
Certificate (org.mozilla.jss.pkix.cert.Certificate)5
ComponentDefinition (org.sbolstandard.core2.ComponentDefinition)5
