Example 26 with CertificateExtensions
use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project jss by dogtagpki.
the class CertPrettyPrint method X509toString.
public String X509toString(Locale clientLocale) {
// get I18N resources
ResourceBundle resource = ResourceBundle.getBundle(PrettyPrintResources.class.getName());
DateFormat dateFormater = DateFormat.getDateTimeInstance(DateFormat.FULL, DateFormat.FULL, clientLocale);
// get timezone and timezone ID
String tz = " ";
String tzid = " ";
StringBuffer sb = new StringBuffer();
try {
X509CertInfo info = (X509CertInfo) mX509Cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
String serial2 = mX509Cert.getSerialNumber().toString(16).toUpperCase();
// get correct instance of key
PublicKey pKey = mX509Cert.getPublicKey();
X509Key key = null;
if (pKey instanceof CertificateX509Key) {
CertificateX509Key certKey = (CertificateX509Key) pKey;
key = (X509Key) certKey.get(CertificateX509Key.KEY);
}
if (pKey instanceof X509Key) {
key = (X509Key) pKey;
}
// take care of spki
sb.append(pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_CERTIFICATE) + "\n");
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_DATA) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VERSION) + " v");
sb.append((mX509Cert.getVersion() + 1) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + serial2 + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGALG) + mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n");
// XXX I18N IssuerDN ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ISSUER) + mX509Cert.getIssuerX500Principal() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VALIDITY) + "\n");
String notBefore = dateFormater.format(mX509Cert.getNotBefore());
String notAfter = dateFormater.format(mX509Cert.getNotAfter());
// get timezone and timezone ID
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mX509Cert.getNotBefore()), TimeZone.SHORT, clientLocale);
tzid = TimeZone.getDefault().getID();
}
// Specify notBefore
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_BEFORE) + notBefore + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_BEFORE) + notBefore + " " + tzid + "\n");
}
// re-get timezone (just in case it is different . . .)
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mX509Cert.getNotAfter()), TimeZone.SHORT, clientLocale);
}
// Specify notAfter
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_AFTER) + notAfter + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_AFTER) + notAfter + " " + tzid + "\n");
}
// XXX I18N SubjectDN ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SUBJECT) + mX509Cert.getSubjectX500Principal() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SPKI) + "\n");
PubKeyPrettyPrint pkpp = new PubKeyPrettyPrint(key);
sb.append(pkpp.toString(clientLocale, 16, 16));
// take care of extensions
CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
if (extensions != null)
for (int i = 0; i < extensions.size(); i++) {
Extension ext = extensions.elementAt(i);
ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 16);
sb.append(extpp.toString());
}
// take care of signature
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ALGORITHM) + mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
sb.append(pp.toHexString(mX509Cert.getSignature(), 16, 16));
// fingerprints
String[] hashes = new String[] { "MD2", "MD5", "SHA-1", "SHA-256", "SHA-512" };
StringBuffer certFingerprints = new StringBuffer();
sb.append(pp.indent(8) + "FingerPrint\n");
for (int i = 0; i < hashes.length; i++) {
MessageDigest md = MessageDigest.getInstance(hashes[i]);
md.update(mX509Cert.getEncoded());
certFingerprints.append(pp.indent(12) + hashes[i] + ":\n" + pp.toHexString(md.digest(), 16, 16));
}
sb.append(certFingerprints.toString());
} catch (Exception e) {
e.printStackTrace();
}
return sb.toString();
}
Also used :
X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo)
PublicKey(java.security.PublicKey)
CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions)
X509Key(org.mozilla.jss.netscape.security.x509.X509Key)
CertificateX509Key(org.mozilla.jss.netscape.security.x509.CertificateX509Key)
CertificateX509Key(org.mozilla.jss.netscape.security.x509.CertificateX509Key)
Extension(org.mozilla.jss.netscape.security.x509.Extension)
DateFormat(java.text.DateFormat)
ResourceBundle(java.util.ResourceBundle)
MessageDigest(java.security.MessageDigest)
Example 27 with CertificateExtensions
use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project jss by dogtagpki.
the class X509CertTest method createX509CertInfo.
public static X509CertInfo createX509CertInfo(X509Key x509key, BigInteger serialno, CertificateIssuerName issuernameObj, String subjname, Date notBefore, Date notAfter, String alg) throws Exception {
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialno));
if (issuernameObj != null) {
info.set(X509CertInfo.ISSUER, issuernameObj);
}
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(subjname)));
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(alg)));
info.set(X509CertInfo.KEY, new CertificateX509Key(x509key));
info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions());
return info;
}
Also used :
CertificateSerialNumber(org.mozilla.jss.netscape.security.x509.CertificateSerialNumber)
CertificateSubjectName(org.mozilla.jss.netscape.security.x509.CertificateSubjectName)
X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo)
CertificateVersion(org.mozilla.jss.netscape.security.x509.CertificateVersion)
CertificateValidity(org.mozilla.jss.netscape.security.x509.CertificateValidity)
CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions)
X500Name(org.mozilla.jss.netscape.security.x509.X500Name)
CertificateAlgorithmId(org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)
CertificateX509Key(org.mozilla.jss.netscape.security.x509.CertificateX509Key)
Example 28 with CertificateExtensions
use of org.mozilla.jss.netscape.security.x509.CertificateExtensions in project scout.rt by eclipse-scout.
the class SunSecurityProvider method createSelfSignedCertificate.
@Override
public void createSelfSignedCertificate(String certificateAlias, String x500Name, String storePass, String keyPass, int keyBits, int validDays, OutputStream out) {
try {
sun.security.tools.keytool.CertAndKeyGen certGen = new sun.security.tools.keytool.CertAndKeyGen("RSA", "SHA256WithRSA", null);
certGen.generate(keyBits);
sun.security.x509.X500Name name = new sun.security.x509.X500Name(x500Name);
long validSecs = (long) validDays * 24L * 3600L;
GeneralNames generalNames = new GeneralNames().add(new GeneralName(new DNSName("localhost"))).add(new GeneralName(new IPAddressName("127.0.0.1")));
if (!StringUtility.isNullOrEmpty(name.getCommonName())) {
generalNames.add(new GeneralName(new DNSName(name.getCommonName())));
}
CertificateExtensions extensions = new CertificateExtensions();
extensions.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(generalNames));
X509Certificate cert = certGen.getSelfCertificate(name, new Date(), validSecs, extensions);
PrivateKey privateKey = certGen.getPrivateKey();
KeyStore ks = KeyStore.getInstance("jks");
ks.load(null, storePass.toCharArray());
ks.setKeyEntry(certificateAlias, privateKey, keyPass.toCharArray(), new X509Certificate[] { cert });
ks.store(out, storePass.toCharArray());
} catch (GeneralSecurityException e) {
throw new ProcessingException("Security issue", e);
} catch (IOException e) {
throw new ProcessingException("IO issue", e);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
GeneralSecurityException(java.security.GeneralSecurityException)
CertificateExtensions(sun.security.x509.CertificateExtensions)
IOException(java.io.IOException)
DNSName(sun.security.x509.DNSName)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
GeneralNames(sun.security.x509.GeneralNames)
IPAddressName(sun.security.x509.IPAddressName)
GeneralName(sun.security.x509.GeneralName)
ProcessingException(org.eclipse.scout.rt.platform.exception.ProcessingException)
Aggregations
CertificateExtensions (sun.security.x509.CertificateExtensions)21
KeyUsageExtension (sun.security.x509.KeyUsageExtension)9
IOException (java.io.IOException)8
Date (java.util.Date)8
ExtendedKeyUsageExtension (sun.security.x509.ExtendedKeyUsageExtension)8
SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)7
CertificateException (java.security.cert.CertificateException)6
GeneralName (sun.security.x509.GeneralName)6
GeneralNames (sun.security.x509.GeneralNames)6
X509CertImpl (sun.security.x509.X509CertImpl)6
X509CertInfo (sun.security.x509.X509CertInfo)6
CertificateExtensions (org.mozilla.jss.netscape.security.x509.CertificateExtensions)5
ObjectIdentifier (sun.security.util.ObjectIdentifier)4
X500Name (sun.security.x509.X500Name)4
BigInteger (java.math.BigInteger)3
SecureRandom (java.security.SecureRandom)3
X509Certificate (java.security.cert.X509Certificate)3
ObjectIdentifier (org.mozilla.jss.netscape.security.util.ObjectIdentifier)3
CertificateX509Key (org.mozilla.jss.netscape.security.x509.CertificateX509Key)3
X509CertInfo (org.mozilla.jss.netscape.security.x509.X509CertInfo)3
