Example 11 with AuthorityKeyIdentifierExtension
use of org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension in project j2objc by google.
the class Vertex method certToString.
/**
* Return string representation of this vertex's
* certificate information.
*
* @returns String representation of certificate info
*/
public String certToString() {
StringBuilder sb = new StringBuilder();
X509CertImpl x509Cert = null;
try {
x509Cert = X509CertImpl.toImpl(cert);
} catch (CertificateException ce) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
ce.printStackTrace();
}
return sb.toString();
}
sb.append("Issuer: ").append(x509Cert.getIssuerX500Principal()).append("\n");
sb.append("Subject: ").append(x509Cert.getSubjectX500Principal()).append("\n");
sb.append("SerialNum: ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
sb.append("Expires: ").append(x509Cert.getNotAfter().toString()).append("\n");
boolean[] iUID = x509Cert.getIssuerUniqueID();
if (iUID != null) {
sb.append("IssuerUID: ");
for (boolean b : iUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
boolean[] sUID = x509Cert.getSubjectUniqueID();
if (sUID != null) {
sb.append("SubjectUID: ");
for (boolean b : sUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
try {
SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
if (sKeyID != null) {
KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
sb.append("SubjKeyID: ").append(keyID.toString());
}
AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
if (aKeyID != null) {
KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
sb.append("AuthKeyID: ").append(keyID.toString());
}
} catch (IOException e) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
e.printStackTrace();
}
}
return sb.toString();
}
Also used :
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertImpl(sun.security.x509.X509CertImpl)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Example 12 with AuthorityKeyIdentifierExtension
use of org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension in project mockserver by mock-server.
the class X509Generator method updateWithCertificateExtensions.
private void updateWithCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey, final PublicKey caPublicKey, final Set<String> subjectAlternativeNames) throws IOException, CertificateException {
CertificateExtensions certificateExtensions = new CertificateExtensions();
GeneralNames generalNames = subjectAlternativeNames.stream().filter(StringUtils::isNotBlank).map(this::buildGeneralName).filter(Objects::nonNull).collect(Collector.of(GeneralNames::new, GeneralNames::add, // do nothing
(generalNames1, generalNames2) -> null));
if (!generalNames.isEmpty()) {
certificateExtensions.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(Boolean.FALSE, generalNames));
}
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(caPublicKey), null, null));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.1
x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
Also used :
CertificateValidity(sun.security.x509.CertificateValidity)
X509Certificate(java.security.cert.X509Certificate)
java.util(java.util)
InternetDomainName(com.google.common.net.InternetDomainName)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
StringUtils(org.apache.commons.lang3.StringUtils)
GeneralName(sun.security.x509.GeneralName)
IPAddressName(sun.security.x509.IPAddressName)
X500Name(sun.security.x509.X500Name)
Level(org.slf4j.event.Level)
CertificateExtensions(sun.security.x509.CertificateExtensions)
BigInteger(java.math.BigInteger)
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
Collector(java.util.stream.Collector)
BasicConstraintsExtension(sun.security.x509.BasicConstraintsExtension)
DerValue(sun.security.util.DerValue)
KeyUsageExtension(sun.security.x509.KeyUsageExtension)
java.security(java.security)
KeyIdentifier(sun.security.x509.KeyIdentifier)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest)
IOException(java.io.IOException)
DNSName(sun.security.x509.DNSName)
CertificateException(java.security.cert.CertificateException)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
CertificateX509Key(sun.security.x509.CertificateX509Key)
PEMToFile(org.mockserver.socket.tls.PEMToFile)
LogEntry(org.mockserver.log.model.LogEntry)
CertificateVersion(sun.security.x509.CertificateVersion)
MockServerLogger(org.mockserver.logging.MockServerLogger)
InetAddresses(com.google.common.net.InetAddresses)
GeneralNames(sun.security.x509.GeneralNames)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertInfo(sun.security.x509.X509CertInfo)
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
GeneralNames(sun.security.x509.GeneralNames)
KeyIdentifier(sun.security.x509.KeyIdentifier)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateExtensions(sun.security.x509.CertificateExtensions)
Example 13 with AuthorityKeyIdentifierExtension
use of org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension in project jss by dogtagpki.
the class ExtPrettyPrint method getAuthorityKeyIdentifier.
/**
* String Representation of AuthorityKeyIdentifierExtension
*/
private String getAuthorityKeyIdentifier() {
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_AKI) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
AuthorityKeyIdentifierExtension id = (AuthorityKeyIdentifierExtension) mExt;
KeyIdentifier keyId = (KeyIdentifier) id.get(AuthorityKeyIdentifierExtension.KEY_ID);
if (keyId != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_KEY_ID) + "\n");
sb.append(pp.toHexString(keyId.getIdentifier(), mIndentSize + 8, 16));
// sb.append(pp.toHexString(keyId.getIdentifier(),24,16));
}
GeneralNames authNames = (GeneralNames) id.get(AuthorityKeyIdentifierExtension.AUTH_NAME);
if (authNames != null) {
for (int i = 0; i < authNames.size(); i++) {
GeneralName authName = (GeneralName) authNames.elementAt(i);
if (authName != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_AUTH_NAME) + authName.toString() + "\n");
}
}
}
SerialNumber serial = (SerialNumber) id.get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
if (serial != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + serial.getNumber().toBigInteger().toString(16).toUpperCase() + "\n");
}
return sb.toString();
} catch (IOException e) {
e.printStackTrace();
return "";
}
}
Also used :
KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier)
GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames)
SerialNumber(org.mozilla.jss.netscape.security.x509.SerialNumber)
AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)
GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName)
IOException(java.io.IOException)
CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint)
IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)
Example 14 with AuthorityKeyIdentifierExtension
use of org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension in project jss by dogtagpki.
the class EnumerationZeroTest method buildAuthorityKeyIdentifier.
/**
* Calculate the KeyIdentifier for an RSAPublicKey and place it in an AuthorityKeyIdentifier extension.
*
* Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
* <pre>
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
* </pre>
*
* A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
*
* @param key the RSAPublicKey to use
* @return an AuthorityKeyIdentifierExtension based on the key
* @throws IOException if we can't construct a MessageDigest object.
*/
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(RSAPublicKey key) throws IOException {
try {
MessageDigest d = MessageDigest.getInstance("SHA-1");
byte[] encodedKey = key.getEncoded();
DerInputStream s = new DerValue(encodedKey).toDerInputStream();
// Skip the first item in the sequence, AlgorithmIdentifier.
// The parameter, startLen, is required for skipSequence although it's unused.
s.skipSequence(0);
// Get the subjectPublicKey bit string
BitArray b = s.getUnalignedBitString();
byte[] digest = d.digest(b.toByteArray());
KeyIdentifier ki = new KeyIdentifier(digest);
return new AuthorityKeyIdentifierExtension(ki, null, null);
} catch (NoSuchAlgorithmException e) {
throw new IOException("Could not find SHA1 implementation", e);
}
}
Also used :
KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier)
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
BitArray(org.mozilla.jss.netscape.security.util.BitArray)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
Aggregations
IOException (java.io.IOException)9
AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)7
AuthorityKeyIdentifierExtension (sun.security.x509.AuthorityKeyIdentifierExtension)7
KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)6
KeyIdentifier (sun.security.x509.KeyIdentifier)6
CertificateException (java.security.cert.CertificateException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
SubjectKeyIdentifierExtension (sun.security.x509.SubjectKeyIdentifierExtension)4
X509CertImpl (sun.security.x509.X509CertImpl)4
MessageDigest (java.security.MessageDigest)3
BitArray (org.mozilla.jss.netscape.security.util.BitArray)3
DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)3
DerValue (org.mozilla.jss.netscape.security.util.DerValue)3
BigInteger (java.math.BigInteger)2
X509CertSelector (java.security.cert.X509CertSelector)2
X509Certificate (java.security.cert.X509Certificate)2
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)2
GeneralName (org.mozilla.jss.netscape.security.x509.GeneralName)2
GeneralNames (org.mozilla.jss.netscape.security.x509.GeneralNames)2
AlgorithmId (sun.security.x509.AlgorithmId)2
