Search in sources :

Example 6 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project jss by dogtagpki.

the class CRLDistributionPoint method main.

public static void main(String[] args) throws GeneralNamesException, IOException, InvalidBERException {
    try (FileOutputStream fos = new FileOutputStream(args[0]);
        ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
        if (args.length != 1) {
            System.out.println("Usage: CRLDistributionPoint <outfile>");
            System.exit(-1);
        }
        SEQUENCE cdps = new SEQUENCE();
        // URI only
        CRLDistributionPoint cdp = new CRLDistributionPoint();
        URIName uri = new URIName("http://www.mycrl.com/go/here");
        GeneralNames generalNames = new GeneralNames();
        generalNames.addElement(uri);
        cdp.setFullName(generalNames);
        cdps.addElement(cdp);
        // DN only
        cdp = new CRLDistributionPoint();
        X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + ",OU=Certificate Server,O=Fedora,C=US");
        generalNames = new GeneralNames();
        generalNames.addElement(dn);
        cdp.setFullName(generalNames);
        cdps.addElement(cdp);
        // DN + reason
        BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 });
        cdp = new CRLDistributionPoint();
        cdp.setFullName(generalNames);
        cdp.setReasons(ba);
        cdps.addElement(cdp);
        // relative DN + reason + crlIssuer
        cdp = new CRLDistributionPoint();
        RDN rdn = new RDN("OU=foobar dept");
        cdp.setRelativeName(rdn);
        cdp.setReasons(ba);
        cdp.setCRLIssuer(generalNames);
        cdps.addElement(cdp);
        cdps.encode(bos);
        byte[] encoded = bos.toByteArray();
        fos.write(encoded);
        SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(getTemplate());
        cdps = (SEQUENCE) ASN1Util.decode(seqt, encoded);
        int size = cdps.size();
        System.out.println("Total number of CDPs: " + size);
        for (int i = 0; i < size; i++) {
            System.out.println("\nCDP " + i);
            cdp = (CRLDistributionPoint) cdps.elementAt(i);
            GeneralNames gn = cdp.getFullName();
            if (gn == null) {
                System.out.println("No full name");
            } else {
                System.out.println(gn);
            }
            rdn = cdp.getRelativeName();
            if (rdn == null) {
                System.out.println("No relative name");
            } else {
                System.out.println(rdn);
            }
            if (cdp.getReasons() == null) {
                System.out.println("No reasons");
            } else {
                System.out.println(cdp.getReasons());
            }
            gn = cdp.getCRLIssuer();
            if (gn == null) {
                System.out.println("No cRLIssuer");
            } else {
                System.out.println(gn);
            }
        }
        System.out.println("Done");
    }
}
Also used : ByteArrayOutputStream(java.io.ByteArrayOutputStream) FileOutputStream(java.io.FileOutputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) BitArray(org.mozilla.jss.netscape.security.util.BitArray)

Example 7 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project jss by dogtagpki.

the class FreshestCRLExtension method main.

/**
 * Test driver.
 */
public static void main(String[] args) {
    BufferedOutputStream bos = null;
    try {
        if (args.length != 1) {
            System.out.println("Usage: FreshestCRLExtentions " + "<outfile>");
            System.exit(-1);
        }
        bos = new BufferedOutputStream(new FileOutputStream(args[0]));
        // URI only
        CRLDistributionPoint cdp = new CRLDistributionPoint();
        URIName uri = new URIName("http://www.mycrl.com/go/here");
        GeneralNames generalNames = new GeneralNames();
        generalNames.addElement(uri);
        cdp.setFullName(generalNames);
        FreshestCRLExtension crldpExt = new FreshestCRLExtension(cdp);
        // DN only
        cdp = new CRLDistributionPoint();
        X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + ",OU=Certificate Server,O=Fedora,C=US");
        generalNames = new GeneralNames();
        generalNames.addElement(dn);
        cdp.setFullName(generalNames);
        crldpExt.addPoint(cdp);
        // DN + reason
        BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 });
        cdp = new CRLDistributionPoint();
        cdp.setFullName(generalNames);
        cdp.setReasons(ba);
        crldpExt.addPoint(cdp);
        // relative DN + reason + crlIssuer
        cdp = new CRLDistributionPoint();
        RDN rdn = new RDN("OU=foobar dept");
        cdp.setRelativeName(rdn);
        cdp.setReasons(ba);
        cdp.setCRLIssuer(generalNames);
        crldpExt.addPoint(cdp);
        crldpExt.setCritical(true);
        crldpExt.encode(bos);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bos != null) {
            try {
                bos.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}
Also used : FileOutputStream(java.io.FileOutputStream) BitArray(org.mozilla.jss.netscape.security.util.BitArray) IOException(java.io.IOException) BufferedOutputStream(java.io.BufferedOutputStream) InvalidBERException(org.mozilla.jss.asn1.InvalidBERException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException)

Example 8 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project jss by dogtagpki.

the class EnumerationZeroTest method buildAuthorityKeyIdentifier.

/**
 * Calculate the KeyIdentifier for an RSAPublicKey and place it in an AuthorityKeyIdentifier extension.
 *
 * Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
 * <pre>
 * SubjectPublicKeyInfo  ::=  SEQUENCE  {
 *   algorithm            AlgorithmIdentifier,
 *   subjectPublicKey     BIT STRING  }
 *
 * AlgorithmIdentifier  ::=  SEQUENCE  {
 *   algorithm               OBJECT IDENTIFIER,
 *   parameters              ANY DEFINED BY algorithm OPTIONAL  }
 * </pre>
 *
 * A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
 *
 * @param key the RSAPublicKey to use
 * @return an AuthorityKeyIdentifierExtension based on the key
 * @throws IOException if we can't construct a MessageDigest object.
 */
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(RSAPublicKey key) throws IOException {
    try {
        MessageDigest d = MessageDigest.getInstance("SHA-1");
        byte[] encodedKey = key.getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the subjectPublicKey bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return new AuthorityKeyIdentifierExtension(ki, null, null);
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not find SHA1 implementation", e);
    }
}
Also used : KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier) DerValue(org.mozilla.jss.netscape.security.util.DerValue) AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) BitArray(org.mozilla.jss.netscape.security.util.BitArray) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) MessageDigest(java.security.MessageDigest)

Example 9 with BitArray

use of org.mozilla.jss.netscape.security.util.BitArray in project jss by dogtagpki.

the class IssuingDistributionPoint method main.

public static void main(String[] args) {
    BufferedOutputStream bos = null;
    try {
        if (args.length != 1) {
            System.out.println("Usage: IssuingDistributionPoint <outfile>");
            System.exit(-1);
        }
        bos = new BufferedOutputStream(new FileOutputStream(args[0]));
        SEQUENCE idps = new SEQUENCE();
        IssuingDistributionPoint idp = new IssuingDistributionPoint();
        X500Name dn = new X500Name("CN=Skovw Wjasldk,E=nicolson@netscape.com" + ",OU=Certificate Server,O=Netscape,C=US");
        GeneralNames generalNames = new GeneralNames();
        generalNames.addElement(dn);
        idp.setFullName(generalNames);
        idps.addElement(idp);
        idp = new IssuingDistributionPoint();
        URIName uri = new URIName("http://www.mycrl.com/go/here");
        generalNames = new GeneralNames();
        generalNames.addElement(uri);
        idp.setFullName(generalNames);
        idp.setOnlyContainsUserCerts(true);
        idp.setOnlyContainsCACerts(true);
        idp.setIndirectCRL(true);
        BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 });
        idp.setOnlySomeReasons(ba);
        idps.addElement(idp);
        idps.encode(bos);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (bos != null) {
            try {
                bos.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}
Also used : FileOutputStream(java.io.FileOutputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) BitArray(org.mozilla.jss.netscape.security.util.BitArray) IOException(java.io.IOException) BufferedOutputStream(java.io.BufferedOutputStream) InvalidBERException(org.mozilla.jss.asn1.InvalidBERException) IOException(java.io.IOException)

Aggregations

BitArray (org.mozilla.jss.netscape.security.util.BitArray)9 IOException (java.io.IOException)8 FileOutputStream (java.io.FileOutputStream)5 BufferedOutputStream (java.io.BufferedOutputStream)4 MessageDigest (java.security.MessageDigest)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)4 DerValue (org.mozilla.jss.netscape.security.util.DerValue)4 KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)4 CertificateException (java.security.cert.CertificateException)3 InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)3 AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)3 SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 Provider (java.security.Provider)1 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)1