Search in sources :

Example 1 with UTF8String

use of org.mozilla.jss.asn1.UTF8String in project candlepin by candlepin.

the class JSSPKIUtility method createX509Certificate.

@Override
public X509Certificate createX509Certificate(String dn, Set<X509ExtensionWrapper> extensions, Set<X509ByteExtensionWrapper> byteExtensions, Date startDate, Date endDate, KeyPair clientKeyPair, BigInteger serialNumber, String alternateName) throws IOException {
    // Ensure JSS is properly initialized before attempting any operations with it
    JSSProviderLoader.initialize();
    X509CertInfo certInfo = new X509CertInfo();
    try {
        X509Certificate caCert = reader.getCACert();
        byte[] publicKeyEncoded = clientKeyPair.getPublic().getEncoded();
        certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name(caCert.getSubjectX500Principal().getEncoded())));
        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
        certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(startDate, endDate));
        certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(dn)));
        certInfo.set(X509CertInfo.KEY, new CertificateX509Key(X509Key.parse(new DerValue(publicKeyEncoded))));
        certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(SIGNING_ALG_ID)));
        certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
        CertificateExtensions certExtensions = buildStandardExtensions(new CertificateExtensions(), dn, clientKeyPair, extensions, caCert, alternateName);
        certInfo.set(X509CertInfo.EXTENSIONS, certExtensions);
        if (extensions != null) {
            for (X509ExtensionWrapper wrapper : extensions) {
                // Avoid null values. Set them to blank if they are null
                String value = wrapper.getValue() == null ? "" : wrapper.getValue();
                UTF8String der = new UTF8String(value);
                certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
            }
        }
        if (byteExtensions != null) {
            for (X509ByteExtensionWrapper wrapper : byteExtensions) {
                // Avoid null values. Set them to blank if they are null
                byte[] value = wrapper.getValue() == null ? new byte[0] : wrapper.getValue();
                OCTET_STRING der = new OCTET_STRING(value);
                certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
            }
        }
        X509CertImpl certImpl = new X509CertImpl(certInfo);
        certImpl.sign(reader.getCaKey(), SIGNING_ALG_ID);
        // valid, it just won't have any extensions present in the object.
        return new X509CertImpl(certImpl.getEncoded());
    } catch (GeneralSecurityException e) {
        throw new RuntimeException("Could not create X.509 certificate", e);
    }
}
Also used : CertificateSubjectName(org.mozilla.jss.netscape.security.x509.CertificateSubjectName) UTF8String(org.mozilla.jss.asn1.UTF8String) X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo) CertificateIssuerName(org.mozilla.jss.netscape.security.x509.CertificateIssuerName) GeneralSecurityException(java.security.GeneralSecurityException) CertificateVersion(org.mozilla.jss.netscape.security.x509.CertificateVersion) CertificateValidity(org.mozilla.jss.netscape.security.x509.CertificateValidity) CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions) X500Name(org.mozilla.jss.netscape.security.x509.X500Name) UTF8String(org.mozilla.jss.asn1.UTF8String) CertificateX509Key(org.mozilla.jss.netscape.security.x509.CertificateX509Key) X509Certificate(java.security.cert.X509Certificate) CertificateSerialNumber(org.mozilla.jss.netscape.security.x509.CertificateSerialNumber) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException) DerValue(org.mozilla.jss.netscape.security.util.DerValue) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) X509ByteExtensionWrapper(org.candlepin.pki.X509ByteExtensionWrapper) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) CertificateAlgorithmId(org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)

Aggregations

GeneralSecurityException (java.security.GeneralSecurityException)1 X509Certificate (java.security.cert.X509Certificate)1 X509ByteExtensionWrapper (org.candlepin.pki.X509ByteExtensionWrapper)1 X509ExtensionWrapper (org.candlepin.pki.X509ExtensionWrapper)1 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)1 UTF8String (org.mozilla.jss.asn1.UTF8String)1 TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)1 DerValue (org.mozilla.jss.netscape.security.util.DerValue)1 CertificateAlgorithmId (org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)1 CertificateExtensions (org.mozilla.jss.netscape.security.x509.CertificateExtensions)1 CertificateIssuerName (org.mozilla.jss.netscape.security.x509.CertificateIssuerName)1 CertificateSerialNumber (org.mozilla.jss.netscape.security.x509.CertificateSerialNumber)1 CertificateSubjectName (org.mozilla.jss.netscape.security.x509.CertificateSubjectName)1 CertificateValidity (org.mozilla.jss.netscape.security.x509.CertificateValidity)1 CertificateVersion (org.mozilla.jss.netscape.security.x509.CertificateVersion)1 CertificateX509Key (org.mozilla.jss.netscape.security.x509.CertificateX509Key)1 X500Name (org.mozilla.jss.netscape.security.x509.X500Name)1 X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)1 X509CertInfo (org.mozilla.jss.netscape.security.x509.X509CertInfo)1