Search in sources :

Example 6 with CertificateExtensions

use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project OpenAttestation by OpenAttestation.

the class X509Builder method extKeyUsage.

public X509Builder extKeyUsage(ObjectIdentifier oid) {
    try {
        v3();
        if (extendedKeyUsageExtensionList == null) {
            extendedKeyUsageExtensionList = new Vector<ObjectIdentifier>();
        }
        extendedKeyUsageExtensionList.add(oid);
        extendedKeyUsageExtension = new ExtendedKeyUsageExtension(extendedKeyUsageExtensionIsCritical, extendedKeyUsageExtensionList);
        if (certificateExtensions == null) {
            certificateExtensions = new CertificateExtensions();
        }
        certificateExtensions.set(extendedKeyUsageExtension.getExtensionId().toString(), extendedKeyUsageExtension);
        info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    } catch (Exception e) {
        fault(e, "extKeyUsage(%s)", oid.toString());
    }
    return this;
}
Also used : ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension) CertificateExtensions(sun.security.x509.CertificateExtensions) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 7 with CertificateExtensions

use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project OpenAttestation by OpenAttestation.

the class X509Builder method keyUsageDataEncipherment.

public X509Builder keyUsageDataEncipherment() {
    // for encrypting data
    try {
        v3();
        if (keyUsageExtension == null) {
            keyUsageExtension = new KeyUsageExtension();
        }
        keyUsageExtension.set(KeyUsageExtension.DATA_ENCIPHERMENT, true);
        if (certificateExtensions == null) {
            certificateExtensions = new CertificateExtensions();
        }
        certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
        info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    } catch (Exception e) {
        fault(e, "keyUsageDataEncipherment");
    }
    return this;
}
Also used : CertificateExtensions(sun.security.x509.CertificateExtensions) KeyUsageExtension(sun.security.x509.KeyUsageExtension) ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension)

Example 8 with CertificateExtensions

use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project OpenAttestation by OpenAttestation.

the class X509Builder method keyUsageDigitalSignature.

public X509Builder keyUsageDigitalSignature() {
    // other than CA or CRL;  so this applies to API clients
    try {
        v3();
        if (keyUsageExtension == null) {
            keyUsageExtension = new KeyUsageExtension();
        }
        keyUsageExtension.set(KeyUsageExtension.DIGITAL_SIGNATURE, true);
        if (certificateExtensions == null) {
            certificateExtensions = new CertificateExtensions();
        }
        certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
        info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    } catch (Exception e) {
        fault(e, "keyUsageDigitalSignature");
    }
    return this;
}
Also used : CertificateExtensions(sun.security.x509.CertificateExtensions) KeyUsageExtension(sun.security.x509.KeyUsageExtension) ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension)

Example 9 with CertificateExtensions

use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project OpenAttestation by OpenAttestation.

the class X509Builder method dnsAlternativeName.

public X509Builder dnsAlternativeName(String dns) {
    try {
        v3();
        String alternativeName = dns;
        if (dns.startsWith("dns:")) {
            alternativeName = dns.substring(4);
        }
        DNSName dnsName = new DNSName(alternativeName);
        if (alternativeNames == null) {
            alternativeNames = new GeneralNames();
        }
        alternativeNames.add(new GeneralName(dnsName));
        SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(alternativeNames);
        if (certificateExtensions == null) {
            certificateExtensions = new CertificateExtensions();
        }
        certificateExtensions.set(san.getExtensionId().toString(), san);
        info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    } catch (Exception e) {
        fault(e, "dnsAlternativeName(%s)", dns);
    }
    return this;
}
Also used : GeneralNames(sun.security.x509.GeneralNames) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) CertificateExtensions(sun.security.x509.CertificateExtensions) GeneralName(sun.security.x509.GeneralName) DNSName(sun.security.x509.DNSName)

Example 10 with CertificateExtensions

use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project OpenAM by OpenRock.

the class Cert method getTokenFromSubjectAltExt.

private void getTokenFromSubjectAltExt(X509Certificate cert) throws AuthLoginException {
    try {
        X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
        X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
        CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
        SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
        if (altNameExt != null) {
            GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
            GeneralName generalname = null;
            ObjectIdentifier upnoid = new ObjectIdentifier(UPNOID);
            Iterator itr = (Iterator) names.iterator();
            while ((userTokenId == null) && itr.hasNext()) {
                generalname = (GeneralName) itr.next();
                if (generalname != null) {
                    if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("UPN") && (generalname.getType() == GeneralNameInterface.NAME_ANY)) {
                        OtherName othername = (OtherName) generalname.getName();
                        if (upnoid.equals((Object) (othername.getOID()))) {
                            byte[] nval = othername.getNameValue();
                            DerValue derValue = new DerValue(nval);
                            userTokenId = derValue.getData().getUTF8String();
                        }
                    } else if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("RFC822Name") && (generalname.getType() == GeneralNameInterface.NAME_RFC822)) {
                        RFC822Name email = (RFC822Name) generalname.getName();
                        userTokenId = email.getName();
                    }
                }
            }
        }
    } catch (Exception e) {
        debug.error("Certificate - " + "Error in getTokenFromSubjectAltExt = ", e);
        throw new AuthLoginException(amAuthCert, "CertNoReg", null);
    }
}
Also used : X509CertInfo(sun.security.x509.X509CertInfo) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) OtherName(sun.security.x509.OtherName) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) CertificateExtensions(sun.security.x509.CertificateExtensions) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) GeneralNames(sun.security.x509.GeneralNames) RFC822Name(sun.security.x509.RFC822Name) X509CertImpl(sun.security.x509.X509CertImpl) DerValue(sun.security.util.DerValue) Iterator(java.util.Iterator) GeneralName(sun.security.x509.GeneralName) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Aggregations

CertificateExtensions (sun.security.x509.CertificateExtensions)21 KeyUsageExtension (sun.security.x509.KeyUsageExtension)9 IOException (java.io.IOException)8 Date (java.util.Date)8 ExtendedKeyUsageExtension (sun.security.x509.ExtendedKeyUsageExtension)8 SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)7 CertificateException (java.security.cert.CertificateException)6 GeneralName (sun.security.x509.GeneralName)6 GeneralNames (sun.security.x509.GeneralNames)6 X509CertImpl (sun.security.x509.X509CertImpl)6 X509CertInfo (sun.security.x509.X509CertInfo)6 CertificateExtensions (org.mozilla.jss.netscape.security.x509.CertificateExtensions)5 ObjectIdentifier (sun.security.util.ObjectIdentifier)4 X500Name (sun.security.x509.X500Name)4 BigInteger (java.math.BigInteger)3 SecureRandom (java.security.SecureRandom)3 X509Certificate (java.security.cert.X509Certificate)3 ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)3 CertificateX509Key (org.mozilla.jss.netscape.security.x509.CertificateX509Key)3 X509CertInfo (org.mozilla.jss.netscape.security.x509.X509CertInfo)3