use of org.mozilla.jss.asn1.UTF8String in project candlepin by candlepin.
the class JSSPKIUtility method createX509Certificate.
@Override
public X509Certificate createX509Certificate(String dn, Set<X509ExtensionWrapper> extensions, Set<X509ByteExtensionWrapper> byteExtensions, Date startDate, Date endDate, KeyPair clientKeyPair, BigInteger serialNumber, String alternateName) throws IOException {
// Ensure JSS is properly initialized before attempting any operations with it
JSSProviderLoader.initialize();
X509CertInfo certInfo = new X509CertInfo();
try {
X509Certificate caCert = reader.getCACert();
byte[] publicKeyEncoded = clientKeyPair.getPublic().getEncoded();
certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name(caCert.getSubjectX500Principal().getEncoded())));
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(startDate, endDate));
certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(dn)));
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(X509Key.parse(new DerValue(publicKeyEncoded))));
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(SIGNING_ALG_ID)));
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
CertificateExtensions certExtensions = buildStandardExtensions(new CertificateExtensions(), dn, clientKeyPair, extensions, caCert, alternateName);
certInfo.set(X509CertInfo.EXTENSIONS, certExtensions);
if (extensions != null) {
for (X509ExtensionWrapper wrapper : extensions) {
// Avoid null values. Set them to blank if they are null
String value = wrapper.getValue() == null ? "" : wrapper.getValue();
UTF8String der = new UTF8String(value);
certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
}
}
if (byteExtensions != null) {
for (X509ByteExtensionWrapper wrapper : byteExtensions) {
// Avoid null values. Set them to blank if they are null
byte[] value = wrapper.getValue() == null ? new byte[0] : wrapper.getValue();
OCTET_STRING der = new OCTET_STRING(value);
certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
}
}
X509CertImpl certImpl = new X509CertImpl(certInfo);
certImpl.sign(reader.getCaKey(), SIGNING_ALG_ID);
// valid, it just won't have any extensions present in the object.
return new X509CertImpl(certImpl.getEncoded());
} catch (GeneralSecurityException e) {
throw new RuntimeException("Could not create X.509 certificate", e);
}
}
Aggregations