Examples with InternalCertificate org.mozilla.jss.crypto.InternalCertificate used on opensource projects

Search in sources :

Example 1 with InternalCertificate

use of org.mozilla.jss.crypto.InternalCertificate in project jss by dogtagpki.

the class GenerateTestCert method doIt.

/**
 * Based on the input parameters, generate a cert
 * pair.
 */
private void doIt(String[] args) throws Exception {
    String caCertNick = CACERT_NICKNAME;
    String serverCertNick = SERVERCERT_NICKNAME;
    String clientCertNick = CLIENTCERT_NICKNAME;
    if (args.length < 3) {
        usage();
    }
    try {
        CryptoManager cm = CryptoManager.getInstance();
        CryptoToken tok = cm.getInternalKeyStorageToken();
        PasswordCallback cb = new FilePasswordCallback(args[1]);
        tok.login(cb);
        int serialNum = Integer.parseInt(args[2]);
        X509Certificate[] permCerts = cm.getPermCerts();
        int originalPermCerts = permCerts.length;
        System.out.println("Number of certificates stored in the " + " database: " + originalPermCerts);
        String hostname = "localhost";
        if (args.length > 4) {
            hostname = args[3];
        }
        String alg = "SHA-256/RSA";
        if (args.length > 5) {
            alg = args[4];
        }
        setSigAlg(alg);
        X509Certificate[] certs;
        if (args.length > 6) {
            caCertNick = args[5];
        }
        /* ensure certificate does not already exists */
        certs = cm.findCertsByNickname(caCertNick);
        if (certs.length > 0) {
            System.out.println(caCertNick + " already exists!");
            System.exit(1);
        }
        if (args.length > 7) {
            serverCertNick = args[6];
        }
        certs = cm.findCertsByNickname(serverCertNick);
        if (certs.length > 0) {
            System.out.println(serverCertNick + " already exists!");
            System.exit(1);
        }
        if (args.length == 8) {
            clientCertNick = args[7];
        }
        certs = cm.findCertsByNickname(clientCertNick);
        if (certs.length > 0) {
            System.out.println(clientCertNick + " already exists!");
            System.exit(1);
        }
        // generate CA cert
        java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance(keyType, "Mozilla-JSS");
        kpg.initialize(keyLength);
        KeyPair caPair = kpg.genKeyPair();
        SEQUENCE extensions = new SEQUENCE();
        extensions.addElement(makeBasicConstraintsExtension());
        Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
        X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), caCertNick);
        InternalCertificate intern = (InternalCertificate) nssCaCert;
        intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
        // generate server cert
        kpg.initialize(keyLength);
        KeyPair serverPair = kpg.genKeyPair();
        Certificate serverCert = makeCert("CACert", hostname, serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
        nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
        // generate client auth cert
        kpg.initialize(keyLength);
        KeyPair clientPair = kpg.genKeyPair();
        Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
        nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
        System.out.println("\nThis program created certificates with \n" + "following cert nicknames:" + "\n\t" + caCertNick + "\n\t" + serverCertNick + "\n\t" + clientCertNick);
        permCerts = cm.getPermCerts();
        if ((originalPermCerts + 3) != permCerts.length) {
            System.out.println("Error there should be three more " + " certificates stored in the database");
            System.exit(1);
        } else {
            System.out.println("Number of certificates stored in the " + " database: " + permCerts.length);
        }
        /* ensure certificates exists */
        certs = cm.findCertsByNickname(caCertNick);
        if (certs.length == 0) {
            System.out.println(caCertNick + " should exist!");
            System.exit(1);
        }
        certs = cm.findCertsByNickname(serverCertNick);
        if (certs.length == 0) {
            System.out.println(serverCertNick + " should exist!");
            System.exit(1);
        }
        certs = cm.findCertsByNickname(clientCertNick);
        if (certs.length == 0) {
            System.out.println(clientCertNick + " should exist!");
            System.exit(1);
        }
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
    System.exit(0);
}
Also used : KeyPair(java.security.KeyPair) CryptoToken(org.mozilla.jss.crypto.CryptoToken) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) PasswordCallback(org.mozilla.jss.util.PasswordCallback) Certificate(org.mozilla.jss.pkix.cert.Certificate) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 2 with InternalCertificate

use of org.mozilla.jss.crypto.InternalCertificate in project jss by dogtagpki.

the class TestCertApprovalCallback method approve.

@Override
public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert, SSLCertificateApprovalCallback.ValidityStatus status) {
    SSLCertificateApprovalCallback.ValidityItem item;
    System.out.println("in TestCertApprovalCallback.approve()");
    /* dump out server cert details */
    System.out.println("Peer cert details: " + "\n     subject: " + servercert.getSubjectDN().toString() + "\n     issuer:  " + servercert.getIssuerDN().toString() + "\n     serial:  " + servercert.getSerialNumber().toString());
    /* iterate through all the problems */
    boolean trust_the_server_cert = false;
    Enumeration<ValidityItem> errors = status.getReasons();
    int i = 0;
    while (errors.hasMoreElements()) {
        i++;
        item = errors.nextElement();
        System.out.println("item " + i + " reason=" + item.getReason() + " depth=" + item.getDepth());
        org.mozilla.jss.crypto.X509Certificate cert = item.getCert();
        if (item.getReason() == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER) {
            trust_the_server_cert = true;
        }
        System.out.println(" cert details: " + "\n     subject: " + cert.getSubjectDN().toString() + "\n     issuer:  " + cert.getIssuerDN().toString() + "\n     serial:  " + cert.getSerialNumber().toString());
    }
    if (trust_the_server_cert) {
        System.out.println("importing certificate.");
        try {
            InternalCertificate newcert = org.mozilla.jss.CryptoManager.getInstance().importCertToPerm(servercert, "testnick");
            newcert.setSSLTrust(PK11Cert.TRUSTED_PEER | PK11Cert.VALID_PEER);
        } catch (Exception e) {
            System.out.println("thrown exception: " + e);
        }
    }
    /* allow the connection to continue.
        	returning false here would abort the connection */
    return true;
}
Also used : InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)

Example 3 with InternalCertificate

use of org.mozilla.jss.crypto.InternalCertificate in project jss by dogtagpki.

the class SSLClientAuth method generateCerts.

private void generateCerts(CryptoManager cm, int serialNum) {
    // RSA Key with default exponent
    int keyLength = 4096;
    try {
        java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
        kpg.initialize(keyLength);
        KeyPair caPair = kpg.genKeyPair();
        // Generate CA cert
        SEQUENCE extensions = new SEQUENCE();
        extensions.addElement(makeBasicConstraintsExtension());
        Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
        X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), "SSLCA-" + serialNum);
        InternalCertificate intern = (InternalCertificate) nssCaCert;
        intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
        // generate server cert
        kpg.initialize(keyLength);
        KeyPair serverPair = kpg.genKeyPair();
        Certificate serverCert = makeCert("CACert", "localhost", serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
        nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
        // generate client auth cert
        kpg.initialize(keyLength);
        KeyPair clientPair = kpg.genKeyPair();
        Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
        nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
    } catch (CertificateEncodingException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchAlgorithmException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchProviderException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NicknameConflictException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (UserCertConflictException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (TokenException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchItemOnTokenException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (Exception ex) {
        ex.printStackTrace();
        System.exit(1);
    }
}
Also used : UserCertConflictException(org.mozilla.jss.UserCertConflictException) KeyPair(java.security.KeyPair) NicknameConflictException(org.mozilla.jss.NicknameConflictException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) CertificateEncodingException(java.security.cert.CertificateEncodingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(org.mozilla.jss.crypto.X509Certificate) NicknameConflictException(org.mozilla.jss.NicknameConflictException) SocketException(java.net.SocketException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) EOFException(java.io.EOFException) UserCertConflictException(org.mozilla.jss.UserCertConflictException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) NoSuchProviderException(java.security.NoSuchProviderException) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) Certificate(org.mozilla.jss.pkix.cert.Certificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 4 with InternalCertificate

use of org.mozilla.jss.crypto.InternalCertificate in project jss by dogtagpki.

the class TestCertificateApprovalCallback method approve.

@Override
public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert, SSLCertificateApprovalCallback.ValidityStatus status) {
    SSLCertificateApprovalCallback.ValidityItem item;
    logger.debug("in TestCertificateApprovalCallback.approve()");
    /* dump out server cert details */
    logger.debug("Peer cert details:");
    logger.debug("     subject: " + servercert.getSubjectDN());
    logger.debug("     issuer:  " + servercert.getIssuerDN());
    logger.debug("     serial:  " + servercert.getSerialNumber());
    /* iterate through all the problems */
    boolean trust_the_server_cert = false;
    Enumeration<ValidityItem> errors = status.getReasons();
    int i = 0;
    while (errors.hasMoreElements()) {
        i++;
        item = errors.nextElement();
        logger.debug("item " + i + " reason=" + item.getReason() + " depth=" + item.getDepth());
        org.mozilla.jss.crypto.X509Certificate cert = item.getCert();
        if (item.getReason() == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER) {
            trust_the_server_cert = true;
        }
        logger.debug(" cert details:");
        logger.debug("     subject: " + cert.getSubjectDN());
        logger.debug("     issuer:  " + cert.getIssuerDN());
        logger.debug("     serial:  " + cert.getSerialNumber());
    }
    if (trust_the_server_cert) {
        logger.debug("importing certificate.");
        try {
            InternalCertificate newcert = org.mozilla.jss.CryptoManager.getInstance().importCertToPerm(servercert, "testnick");
            newcert.setSSLTrust(PK11Cert.TRUSTED_PEER | PK11Cert.VALID_PEER);
        } catch (Exception e) {
            System.out.println("thrown exception: " + e);
        }
    }
    /* don't do this in production code!                 */
    return true;
}
Also used : SSLCertificateApprovalCallback(org.mozilla.jss.ssl.SSLCertificateApprovalCallback) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)

Aggregations

InternalCertificate (org.mozilla.jss.crypto.InternalCertificate)4 KeyPair (java.security.KeyPair)2 SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)2 X509Certificate (org.mozilla.jss.crypto.X509Certificate)2 Certificate (org.mozilla.jss.pkix.cert.Certificate)2 EOFException (java.io.EOFException)1 SocketException (java.net.SocketException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 CryptoManager (org.mozilla.jss.CryptoManager)1 NicknameConflictException (org.mozilla.jss.NicknameConflictException)1 UserCertConflictException (org.mozilla.jss.UserCertConflictException)1 CryptoToken (org.mozilla.jss.crypto.CryptoToken)1 NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)1 ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)1 TokenException (org.mozilla.jss.crypto.TokenException)1 SSLCertificateApprovalCallback (org.mozilla.jss.ssl.SSLCertificateApprovalCallback)1 PasswordCallback (org.mozilla.jss.util.PasswordCallback)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial