Search in sources :

Example 16 with CertificateAlgorithmId

use of org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId in project netty by netty.

the class OpenJdkSelfSignedCertGenerator method generate.

@SuppressJava6Requirement(reason = "Usage guarded by dependency check")
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter, String algorithm) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, // sha256WithRSAEncryption
    new CertificateAlgorithmId(AlgorithmId.get("1.2.840.113549.1.1.11")));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fqdn, key, cert);
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) SuppressJava6Requirement(io.netty.util.internal.SuppressJava6Requirement)

Example 17 with CertificateAlgorithmId

use of org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId in project jss by dogtagpki.

the class X509CertTest method createX509CertInfo.

public static X509CertInfo createX509CertInfo(X509Key x509key, BigInteger serialno, CertificateIssuerName issuernameObj, String subjname, Date notBefore, Date notAfter, String alg) throws Exception {
    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialno));
    if (issuernameObj != null) {
        info.set(X509CertInfo.ISSUER, issuernameObj);
    }
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(subjname)));
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(alg)));
    info.set(X509CertInfo.KEY, new CertificateX509Key(x509key));
    info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions());
    return info;
}
Also used : CertificateSerialNumber(org.mozilla.jss.netscape.security.x509.CertificateSerialNumber) CertificateSubjectName(org.mozilla.jss.netscape.security.x509.CertificateSubjectName) X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo) CertificateVersion(org.mozilla.jss.netscape.security.x509.CertificateVersion) CertificateValidity(org.mozilla.jss.netscape.security.x509.CertificateValidity) CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions) X500Name(org.mozilla.jss.netscape.security.x509.X500Name) CertificateAlgorithmId(org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId) CertificateX509Key(org.mozilla.jss.netscape.security.x509.CertificateX509Key)

Aggregations

CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)14 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)12 CertificateValidity (sun.security.x509.CertificateValidity)12 CertificateX509Key (sun.security.x509.CertificateX509Key)12 X509CertImpl (sun.security.x509.X509CertImpl)12 X509CertInfo (sun.security.x509.X509CertInfo)12 BigInteger (java.math.BigInteger)11 CertificateVersion (sun.security.x509.CertificateVersion)11 AlgorithmId (sun.security.x509.AlgorithmId)10 X500Name (sun.security.x509.X500Name)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8 PrivateKey (java.security.PrivateKey)7 SecureRandom (java.security.SecureRandom)7 Date (java.util.Date)6 CertificateException (java.security.cert.CertificateException)5 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 PublicKey (java.security.PublicKey)2 CertificateAlgorithmId (org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)2