Search in sources :

Example 11 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class GenerateTestCert method doIt.

/**
 * Based on the input parameters, generate a cert
 * pair.
 */
private void doIt(String[] args) throws Exception {
    String caCertNick = CACERT_NICKNAME;
    String serverCertNick = SERVERCERT_NICKNAME;
    String clientCertNick = CLIENTCERT_NICKNAME;
    if (args.length < 3) {
        usage();
    }
    try {
        CryptoManager cm = CryptoManager.getInstance();
        CryptoToken tok = cm.getInternalKeyStorageToken();
        PasswordCallback cb = new FilePasswordCallback(args[1]);
        tok.login(cb);
        int serialNum = Integer.parseInt(args[2]);
        X509Certificate[] permCerts = cm.getPermCerts();
        int originalPermCerts = permCerts.length;
        System.out.println("Number of certificates stored in the " + " database: " + originalPermCerts);
        String hostname = "localhost";
        if (args.length > 4) {
            hostname = args[3];
        }
        String alg = "SHA-256/RSA";
        if (args.length > 5) {
            alg = args[4];
        }
        setSigAlg(alg);
        X509Certificate[] certs;
        if (args.length > 6) {
            caCertNick = args[5];
        }
        /* ensure certificate does not already exists */
        certs = cm.findCertsByNickname(caCertNick);
        if (certs.length > 0) {
            System.out.println(caCertNick + " already exists!");
            System.exit(1);
        }
        if (args.length > 7) {
            serverCertNick = args[6];
        }
        certs = cm.findCertsByNickname(serverCertNick);
        if (certs.length > 0) {
            System.out.println(serverCertNick + " already exists!");
            System.exit(1);
        }
        if (args.length == 8) {
            clientCertNick = args[7];
        }
        certs = cm.findCertsByNickname(clientCertNick);
        if (certs.length > 0) {
            System.out.println(clientCertNick + " already exists!");
            System.exit(1);
        }
        // generate CA cert
        java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance(keyType, "Mozilla-JSS");
        kpg.initialize(keyLength);
        KeyPair caPair = kpg.genKeyPair();
        SEQUENCE extensions = new SEQUENCE();
        extensions.addElement(makeBasicConstraintsExtension());
        Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
        X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), caCertNick);
        InternalCertificate intern = (InternalCertificate) nssCaCert;
        intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
        // generate server cert
        kpg.initialize(keyLength);
        KeyPair serverPair = kpg.genKeyPair();
        Certificate serverCert = makeCert("CACert", hostname, serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
        nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
        // generate client auth cert
        kpg.initialize(keyLength);
        KeyPair clientPair = kpg.genKeyPair();
        Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
        nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
        System.out.println("\nThis program created certificates with \n" + "following cert nicknames:" + "\n\t" + caCertNick + "\n\t" + serverCertNick + "\n\t" + clientCertNick);
        permCerts = cm.getPermCerts();
        if ((originalPermCerts + 3) != permCerts.length) {
            System.out.println("Error there should be three more " + " certificates stored in the database");
            System.exit(1);
        } else {
            System.out.println("Number of certificates stored in the " + " database: " + permCerts.length);
        }
        /* ensure certificates exists */
        certs = cm.findCertsByNickname(caCertNick);
        if (certs.length == 0) {
            System.out.println(caCertNick + " should exist!");
            System.exit(1);
        }
        certs = cm.findCertsByNickname(serverCertNick);
        if (certs.length == 0) {
            System.out.println(serverCertNick + " should exist!");
            System.exit(1);
        }
        certs = cm.findCertsByNickname(clientCertNick);
        if (certs.length == 0) {
            System.out.println(clientCertNick + " should exist!");
            System.exit(1);
        }
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
    System.exit(0);
}
Also used : KeyPair(java.security.KeyPair) CryptoToken(org.mozilla.jss.crypto.CryptoToken) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) PasswordCallback(org.mozilla.jss.util.PasswordCallback) Certificate(org.mozilla.jss.pkix.cert.Certificate) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 12 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class GenerateTestCert method makeBasicConstraintsExtension.

/**
 * Make basic extension.
 */
private Extension makeBasicConstraintsExtension() throws Exception {
    SEQUENCE bc = new SEQUENCE();
    // cA
    bc.addElement(new BOOLEAN(true));
    OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
    new long[] { 2, 5, 29, 19 });
    OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
    return new Extension(bcOID, true, enc);
}
Also used : Extension(org.mozilla.jss.pkix.cert.Extension) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) BOOLEAN(org.mozilla.jss.asn1.BOOLEAN)

Example 13 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class CertReqMsg method encode.

/**
 * Encodes this <i>CertReqMsg</i> to the given OutputStream using
 * DER encoding, with the given implicit tag.
 */
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
    // Assert.notYetImplemented("CertReqMsg encoding");
    SEQUENCE sequence = new SEQUENCE();
    sequence.addElement(certReq);
    if (pop != null)
        sequence.addElement(pop);
    if (regInfo != null)
        sequence.addElement(regInfo);
    sequence.encode(implicit, ostream);
}
Also used : SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)

Example 14 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class CertTemplate method encode.

@Override
public void encode(Tag t, OutputStream ostream) throws IOException {
    SEQUENCE seq = new SEQUENCE();
    seq.addElement(Tag.get(0), version);
    seq.addElement(Tag.get(1), serialNumber);
    seq.addElement(Tag.get(2), signingAlg);
    if (issuer != null) {
        // issuer is a CHOICE, so it must be EXPLICITly tagged
        seq.addElement(new EXPLICIT(Tag.get(3), issuer));
    }
    if (notBefore != null || notAfter != null) {
        SEQUENCE optionalVal = new SEQUENCE();
        // notBefore & notAfter are CHOICES, so must be EXPLICITly tagged
        if (notBefore != null) {
            optionalVal.addElement(new EXPLICIT(Tag.get(0), dateToASN1(notBefore)));
        }
        if (notAfter != null) {
            optionalVal.addElement(new EXPLICIT(Tag.get(1), dateToASN1(notAfter)));
        }
        seq.addElement(Tag.get(4), optionalVal);
    }
    if (subject != null) {
        // subject is a CHOICE, so it must be EXPLICITly tagged
        seq.addElement(new EXPLICIT(Tag.get(5), subject));
    }
    seq.addElement(Tag.get(6), publicKey);
    seq.addElement(Tag.get(7), issuerUID);
    seq.addElement(Tag.get(8), subjectUID);
    seq.addElement(Tag.get(9), extensions);
    seq.encode(t, ostream);
}
Also used : SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) EXPLICIT(org.mozilla.jss.asn1.EXPLICIT)

Example 15 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class KeyFactorySpi1_2 method engineGeneratePublic.

@Override
protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
    if (keySpec instanceof RSAPublicKeySpec) {
        RSAPublicKeySpec spec = (RSAPublicKeySpec) keySpec;
        // Generate a DER RSA public key
        SEQUENCE seq = new SEQUENCE();
        seq.addElement(new INTEGER(spec.getModulus()));
        seq.addElement(new INTEGER(spec.getPublicExponent()));
        return PK11PubKey.fromRaw(PrivateKey.RSA, ASN1Util.encode(seq));
    } else if (keySpec instanceof DSAPublicKeySpec) {
        // We need to import both the public value and the PQG parameters.
        // The only way to get all that information in DER is to send
        // a full SubjectPublicKeyInfo. So we encode all the information
        // into an SPKI.
        DSAPublicKeySpec spec = (DSAPublicKeySpec) keySpec;
        SEQUENCE pqg = new SEQUENCE();
        pqg.addElement(new INTEGER(spec.getP()));
        pqg.addElement(new INTEGER(spec.getQ()));
        pqg.addElement(new INTEGER(spec.getG()));
        OBJECT_IDENTIFIER oid = null;
        try {
            oid = SignatureAlgorithm.DSASignature.toOID();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No such algorithm: " + e.getMessage(), e);
        }
        AlgorithmIdentifier algID = new AlgorithmIdentifier(oid, pqg);
        INTEGER publicValue = new INTEGER(spec.getY());
        byte[] encodedPublicValue = ASN1Util.encode(publicValue);
        SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algID, new BIT_STRING(encodedPublicValue, 0));
        return PK11PubKey.fromSPKI(ASN1Util.encode(spki));
    // 
    // requires JAVA 1.5
    // 
    // } else if( keySpec instanceof ECPublicKeySpec ) {
    // // We need to import both the public value and the curve.
    // // The only way to get all that information in DER is to send
    // // a full SubjectPublicKeyInfo. So we encode all the information
    // // into an SPKI.
    // 
    // ECPublicKeySpec spec = (ECPublicKeySpec) keySpec;
    // AlgorithmParameters algParams = getInstance("ECParameters");
    // 
    // algParameters.init(spec.getECParameters());
    // OBJECT_IDENTIFIER oid = null;
    // try {
    // oid = SignatureAlgorithm.ECSignature.toOID();
    // } catch(NoSuchAlgorithmException ex ) {
    // Assert.notReached("no such algorithm as DSA?");
    // }
    // AlgorithmIdentifier algID =
    // new AlgorithmIdentifier(oid, ecParams.getParams() );
    // INTEGER publicValueX = new INTEGER(spec.getW().getAffineX());
    // INTEGER publicValueY = new INTEGER(spec.getW().getAffineY());
    // byte[] encodedPublicValue;
    // encodedPublicValue[0] = EC_UNCOMPRESSED_POINT;
    // encodedPublicValue += spec.getW().getAffineX().toByteArray();
    // encodedPublicValue += spec.getW().getAffineY().toByteArray();
    // 
    // byte[] encodedPublicValue = ASN1Util.encode(publicValue);
    // SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(
    // algID, new BIT_STRING(encodedPublicValue, 0) );
    // 
    // return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
    // 
    // use the following for EC keys in 1.4.2
    } else if (keySpec instanceof X509EncodedKeySpec) {
        // 
        // SubjectPublicKeyInfo
        // 
        X509EncodedKeySpec spec = (X509EncodedKeySpec) keySpec;
        return PK11PubKey.fromSPKI(spec.getEncoded());
    }
    throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
}
Also used : SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SubjectPublicKeyInfo(org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo) BIT_STRING(org.mozilla.jss.asn1.BIT_STRING) INTEGER(org.mozilla.jss.asn1.INTEGER) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)

Aggregations

SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)50 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)16 Sequence (org.sbolstandard.core2.Sequence)11 SET (org.mozilla.jss.asn1.SET)9 ANY (org.mozilla.jss.asn1.ANY)8 InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)8 OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8 URI (java.net.URI)7 BMPString (org.mozilla.jss.asn1.BMPString)7 CryptoToken (org.mozilla.jss.crypto.CryptoToken)7 ASN1Value (org.mozilla.jss.asn1.ASN1Value)6 INTEGER (org.mozilla.jss.asn1.INTEGER)6 AuthenticatedSafes (org.mozilla.jss.pkcs12.AuthenticatedSafes)6 FileOutputStream (java.io.FileOutputStream)5 IOException (java.io.IOException)5 SignatureException (java.security.SignatureException)5 EXPLICIT (org.mozilla.jss.asn1.EXPLICIT)5 SafeBag (org.mozilla.jss.pkcs12.SafeBag)5 Certificate (org.mozilla.jss.pkix.cert.Certificate)5 ComponentDefinition (org.sbolstandard.core2.ComponentDefinition)5