Example 1 with UTF8String
use of org.mozilla.jss.asn1.UTF8String in project candlepin by candlepin.
the class JSSPKIUtility method createX509Certificate.
@Override
public X509Certificate createX509Certificate(String dn, Set<X509ExtensionWrapper> extensions, Set<X509ByteExtensionWrapper> byteExtensions, Date startDate, Date endDate, KeyPair clientKeyPair, BigInteger serialNumber, String alternateName) throws IOException {
// Ensure JSS is properly initialized before attempting any operations with it
JSSProviderLoader.initialize();
X509CertInfo certInfo = new X509CertInfo();
try {
X509Certificate caCert = reader.getCACert();
byte[] publicKeyEncoded = clientKeyPair.getPublic().getEncoded();
certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name(caCert.getSubjectX500Principal().getEncoded())));
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(startDate, endDate));
certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(dn)));
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(X509Key.parse(new DerValue(publicKeyEncoded))));
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(SIGNING_ALG_ID)));
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
CertificateExtensions certExtensions = buildStandardExtensions(new CertificateExtensions(), dn, clientKeyPair, extensions, caCert, alternateName);
certInfo.set(X509CertInfo.EXTENSIONS, certExtensions);
if (extensions != null) {
for (X509ExtensionWrapper wrapper : extensions) {
// Avoid null values. Set them to blank if they are null
String value = wrapper.getValue() == null ? "" : wrapper.getValue();
UTF8String der = new UTF8String(value);
certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
}
}
if (byteExtensions != null) {
for (X509ByteExtensionWrapper wrapper : byteExtensions) {
// Avoid null values. Set them to blank if they are null
byte[] value = wrapper.getValue() == null ? new byte[0] : wrapper.getValue();
OCTET_STRING der = new OCTET_STRING(value);
certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
}
}
X509CertImpl certImpl = new X509CertImpl(certInfo);
certImpl.sign(reader.getCaKey(), SIGNING_ALG_ID);
// valid, it just won't have any extensions present in the object.
return new X509CertImpl(certImpl.getEncoded());
} catch (GeneralSecurityException e) {
throw new RuntimeException("Could not create X.509 certificate", e);
}
}
Also used :
CertificateSubjectName(org.mozilla.jss.netscape.security.x509.CertificateSubjectName)
UTF8String(org.mozilla.jss.asn1.UTF8String)
X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo)
CertificateIssuerName(org.mozilla.jss.netscape.security.x509.CertificateIssuerName)
GeneralSecurityException(java.security.GeneralSecurityException)
CertificateVersion(org.mozilla.jss.netscape.security.x509.CertificateVersion)
CertificateValidity(org.mozilla.jss.netscape.security.x509.CertificateValidity)
CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
UTF8String(org.mozilla.jss.asn1.UTF8String)
CertificateX509Key(org.mozilla.jss.netscape.security.x509.CertificateX509Key)
X509Certificate(java.security.cert.X509Certificate)
CertificateSerialNumber(org.mozilla.jss.netscape.security.x509.CertificateSerialNumber)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException)
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
X509ByteExtensionWrapper(org.candlepin.pki.X509ByteExtensionWrapper)
X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper)
CertificateAlgorithmId(org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)
Aggregations
GeneralSecurityException (java.security.GeneralSecurityException)1
X509Certificate (java.security.cert.X509Certificate)1
X509ByteExtensionWrapper (org.candlepin.pki.X509ByteExtensionWrapper)1
X509ExtensionWrapper (org.candlepin.pki.X509ExtensionWrapper)1
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)1
UTF8String (org.mozilla.jss.asn1.UTF8String)1
TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)1
DerValue (org.mozilla.jss.netscape.security.util.DerValue)1
CertificateAlgorithmId (org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)1
CertificateExtensions (org.mozilla.jss.netscape.security.x509.CertificateExtensions)1
CertificateIssuerName (org.mozilla.jss.netscape.security.x509.CertificateIssuerName)1
CertificateSerialNumber (org.mozilla.jss.netscape.security.x509.CertificateSerialNumber)1
CertificateSubjectName (org.mozilla.jss.netscape.security.x509.CertificateSubjectName)1
CertificateValidity (org.mozilla.jss.netscape.security.x509.CertificateValidity)1
CertificateVersion (org.mozilla.jss.netscape.security.x509.CertificateVersion)1
CertificateX509Key (org.mozilla.jss.netscape.security.x509.CertificateX509Key)1
X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1
X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)1
X509CertInfo (org.mozilla.jss.netscape.security.x509.X509CertInfo)1
