Examples with BitArray org.mozilla.jss.netscape.security.util.BitArray used on opensource projects

Example 1 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project jss by dogtagpki.

the class IssuingDistributionPointExtension method main.

/**
 * Test driver.
 */
public static void main(String[] args) {
    BufferedOutputStream bos = null;
    try {
        if (args.length != 1) {
            System.out.println("Usage: IssuingDistributionPointExtension " + "<outfile>");
            System.exit(-1);
        }
        bos = new BufferedOutputStream(new FileOutputStream(args[0]));
        // URI only
        IssuingDistributionPoint idp = new IssuingDistributionPoint();
        URIName uri = new URIName("http://www.mycrl.com/go/here");
        GeneralNames generalNames = new GeneralNames();
        generalNames.addElement(uri);
        idp.setFullName(generalNames);
        IssuingDistributionPointExtension idpExt = new IssuingDistributionPointExtension(idp);
        // DN only
        idp = new IssuingDistributionPoint();
        X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + ",OU=Certificate Server,O=Fedora,C=US");
        generalNames = new GeneralNames();
        generalNames.addElement(dn);
        idp.setFullName(generalNames);
        idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp);
        // DN + reason
        BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 });
        idp = new IssuingDistributionPoint();
        idp.setFullName(generalNames);
        idp.setOnlySomeReasons(ba);
        idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp);
        // relative DN + reason + crlIssuer
        idp = new IssuingDistributionPoint();
        RDN rdn = new RDN("OU=foobar dept");
        idp.setRelativeName(rdn);
        idp.setOnlySomeReasons(ba);
        idp.setOnlyContainsCACerts(true);
        idp.setOnlyContainsUserCerts(true);
        idp.setIndirectCRL(true);
        idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp);
        idpExt.setCritical(false);
        idpExt.encode(bos);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bos != null) {
            try {
                bos.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}

Example 2 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project jss by dogtagpki.

the class CRLDistributionPointsExtension method main.

/**
 * Test driver.
 */
public static void main(String[] args) {
    BufferedOutputStream bos = null;
    try {
        if (args.length != 1) {
            System.out.println("Usage: CRLDistributionPointsExtentions " + "<outfile>");
            System.exit(-1);
        }
        bos = new BufferedOutputStream(new FileOutputStream(args[0]));
        // URI only
        CRLDistributionPoint cdp = new CRLDistributionPoint();
        URIName uri = new URIName("http://www.mycrl.com/go/here");
        GeneralNames generalNames = new GeneralNames();
        generalNames.addElement(uri);
        cdp.setFullName(generalNames);
        CRLDistributionPointsExtension crldpExt = new CRLDistributionPointsExtension(cdp);
        // DN only
        cdp = new CRLDistributionPoint();
        X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + ",OU=Certificate Server,O=Fedora,C=US");
        generalNames = new GeneralNames();
        generalNames.addElement(dn);
        cdp.setFullName(generalNames);
        crldpExt.addPoint(cdp);
        // DN + reason
        BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 });
        cdp = new CRLDistributionPoint();
        cdp.setFullName(generalNames);
        cdp.setReasons(ba);
        crldpExt.addPoint(cdp);
        // relative DN + reason + crlIssuer
        cdp = new CRLDistributionPoint();
        RDN rdn = new RDN("OU=foobar dept");
        cdp.setRelativeName(rdn);
        cdp.setReasons(ba);
        cdp.setCRLIssuer(generalNames);
        crldpExt.addPoint(cdp);
        crldpExt.setCritical(true);
        crldpExt.encode(bos);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bos != null) {
            try {
                bos.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}

Example 3 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project candlepin by candlepin.

the class JSSPKIUtility method buildAuthorityKeyIdentifier.

/**
 * Calculate the KeyIdentifier for a public key and place it in an AuthorityKeyIdentifier extension.
 *
 * Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
 * <pre>
 * SubjectPublicKeyInfo  ::=  SEQUENCE  {
 *   algorithm            AlgorithmIdentifier,
 *   subjectPublicKey     BIT STRING  }
 *
 * AlgorithmIdentifier  ::=  SEQUENCE  {
 *   algorithm               OBJECT IDENTIFIER,
 *   parameters              ANY DEFINED BY algorithm OPTIONAL  }
 * </pre>
 *
 * A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
 *
 * @param key the public key to use
 * @return an AuthorityKeyIdentifierExtension based on the key
 * @throws IOException if we can't construct a MessageDigest object.
 */
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(PublicKey key) throws IOException {
    try {
        Provider provider = JSSProviderLoader.getProvider(true);
        MessageDigest d = MessageDigest.getInstance("SHA-1", provider);
        byte[] encodedKey = key.getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the key's bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return new AuthorityKeyIdentifierExtension(ki, null, null);
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not find SHA1 implementation", e);
    }
}

Example 4 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project candlepin by candlepin.

the class JSSPKIUtility method buildAuthorityKeyIdentifier.

/**
 * Calculate the KeyIdentifier for an RSAPublicKey and place it in an AuthorityKeyIdentifier extension.
 *
 * Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
 * <pre>
 * SubjectPublicKeyInfo  ::=  SEQUENCE  {
 *   algorithm            AlgorithmIdentifier,
 *   subjectPublicKey     BIT STRING  }
 *
 * AlgorithmIdentifier  ::=  SEQUENCE  {
 *   algorithm               OBJECT IDENTIFIER,
 *   parameters              ANY DEFINED BY algorithm OPTIONAL  }
 * </pre>
 *
 * A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
 *
 * @param key the RSAPublicKey to use
 * @return an AuthorityKeyIdentifierExtension based on the key
 * @throws IOException if we can't construct a MessageDigest object.
 */
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(RSAPublicKey key) throws IOException {
    try {
        MessageDigest d = MessageDigest.getInstance("SHA-1");
        byte[] encodedKey = key.getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the key's bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return new AuthorityKeyIdentifierExtension(ki, null, null);
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not find SHA1 implementation", e);
    }
}

Example 5 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project candlepin by candlepin.

the class DefaultSubjectKeyIdentifierWriter method getSubjectKeyIdentifier.

@Override
public byte[] getSubjectKeyIdentifier(KeyPair clientKeyPair, Set<X509ExtensionWrapper> extensions) throws IOException {
    try {
        MessageDigest d = MessageDigest.getInstance("SHA-1");
        byte[] encodedKey = clientKeyPair.getPublic().getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the key's bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return ASN1Util.encode(new OCTET_STRING(ki.getIdentifier()));
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not create KeyIdentifier", e);
    }
}