Examples with Extension org.mozilla.jss.netscape.security.x509.Extension used on opensource projects

Example 6 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project daikon by Talend.

the class CertificateGenerater method createRootCA.

private void createRootCA(String alias, String fileName) throws Exception {
    List<Extension> exts = new ArrayList<>();
    KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyCertSign);
    Extension extension = new Extension(Extension.keyUsage, true, new DEROctetString(keyUsage));
    exts.add(extension);
    // Missing ekeyOid = new ObjectIdentifier("2.5.29.19"); from the old code here
    ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_codeSigning);
    extension = new Extension(Extension.extendedKeyUsage, false, new DEROctetString(extendedKeyUsage));
    exts.add(extension);
    KeyPair keyPair = genKey();
    BigInteger serialNumber = new BigInteger(64, secureRandom);
    Date from = new Date();
    Date to = new Date(from.getTime() + 365L * 24 * 3600 * 1000);
    X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(new X500Principal(dName), serialNumber, from, to, new X500Principal(dName), keyPair.getPublic());
    for (Extension e : exts) {
        certificateBuilder.addExtension(e);
    }
    certificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    ContentSigner signer = new JcaContentSignerBuilder(sigAlgName).build(keyPair.getPrivate());
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificateBuilder.build(signer));
    X509Certificate[] certs = { cert };
    String[] aliasNames = { alias };
    saveJks(aliasNames, keyPair.getPrivate(), rootJKSKeyPass, certs, fileName);
}

Example 7 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project daikon by Talend.

the class CertificateGenerater method createSignJks.

private void createSignJks(Date from, Date to, String storePath, boolean useRootJks) throws Exception {
    List<Extension> exts = new ArrayList<>();
    KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment);
    Extension extension = new Extension(Extension.keyUsage, true, new DEROctetString(keyUsage));
    exts.add(extension);
    ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(KeyPurposeId.id_kp_codeSigning);
    extension = new Extension(Extension.extendedKeyUsage, false, new DEROctetString(extendedKeyUsage));
    exts.add(extension);
    signCert(useRootJks, subJKSKeyPass, from, to, exts, storePath, true);
}

Example 8 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project carapaceproxy by diennea.

the class OcspRequestBuilder method build.

/**
 * ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It contains a one-time nonce and CA's will (should) reject subsequent requests that have the same nonce value.
 */
public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException {
    SecureRandom generator = checkNotNull(this.generator, "generator");
    DigestCalculator calculator = checkNotNull(this.calculator, "calculator");
    X509Certificate certificate = checkNotNull(this.certificate, "certificate");
    X509Certificate issuer = checkNotNull(this.issuer, "issuer");
    BigInteger serial = certificate.getSerialNumber();
    CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial);
    OCSPReqBuilder builder = new OCSPReqBuilder();
    builder.addRequest(certId);
    byte[] nonce = new byte[8];
    generator.nextBytes(nonce);
    Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) };
    builder.setRequestExtensions(new Extensions(extensions));
    return builder.build();
}

Example 9 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project itext2 by albfernandez.

the class OcspClientBouncyCastle method generateOCSPRequest.

/**
 * Generates an OCSP request using BouncyCastle.
 * @param issuerCert	certificate of the issues
 * @param serialNumber	serial number
 * @return	an OCSP request
 * @throws OCSPException
 * @throws IOException
 */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException {
    // Add provider BC
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
    DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
    DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
    // Generate the id for the certificate we are looking for
    CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber);
    // basic request generation with nonce
    OCSPReqBuilder gen = new OCSPReqBuilder();
    gen.addRequest(id);
    // create details for nonce extension
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
    gen.setRequestExtensions(new Extensions(new Extension[] { ext }));
    return gen.build();
}

Example 10 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project attestation by TokenScript.

the class Parser method getExtensions.

public Map<String, Extensions> getExtensions() {
    Map<String, Extensions> res = new HashMap<>();
    for (String currentDatasourceName : matching.keySet()) {
        List<Extension> extensionList = new ArrayList<>();
        Map<String, String> currentMap = matching.get(currentDatasourceName);
        currentMap.putAll(global);
        for (String oid : currentMap.keySet()) {
            if (!X500_OIDS.contains(oid)) {
                Extension extension = new Extension(new ASN1ObjectIdentifier(oid), true, new DEROctetString(currentMap.get(oid).getBytes(StandardCharsets.UTF_8)));
                extensionList.add(extension);
            }
        }
        res.put(currentDatasourceName, new Extensions(extensionList.toArray(new Extension[0])));
    }
    return res;
}