Examples with Extension org.mozilla.jss.netscape.security.x509.Extension used on opensource projects

Search in sources :

Example 11 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project indy by Commonjava.

the class CertUtilsTest method testSubjectCertificateSignedByIssuerCertificateWithoutExtensionIsValid.

@Test
public void testSubjectCertificateSignedByIssuerCertificateWithoutExtensionIsValid() throws Exception, CertificateException, OperatorCreationException, CertificateEncodingException, CertException {
    PrivateKey caKey = CertUtils.getPrivateKey("src/test/resources/ca.der");
    X509Certificate caCert = CertUtils.loadX509Certificate(new File("src/test/resources", "ca.crt"));
    String subjectCN = "CN=testcase.org, O=Test Org";
    CertificateAndKeys certificateAndKeys = CertUtils.createSignedCertificateAndKey(subjectCN, caCert, caKey, false);
    PublicKey publicKey = certificateAndKeys.getPublicKey();
    X509CertificateHolder certHolder = new X509CertificateHolder(certificateAndKeys.getCertificate().getEncoded());
    JcaContentVerifierProviderBuilder verifierBuilder = new JcaContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME);
    logger.debug(">>>>>>> caCert >>>>>" + caCert + "<<<<<<<<<<");
    logger.debug(">>>>>>> generated and signed cert >>>>>" + certificateAndKeys.getCertificate() + "<<<<<<<<<<<<<");
    assertTrue(certHolder.isSignatureValid(verifierBuilder.build(caCert)));
    Extension ext = certHolder.getExtension(Extension.basicConstraints);
    assertNull(ext);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) File(java.io.File) CertificateAndKeys(org.commonjava.indy.httprox.util.CertificateAndKeys) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 12 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project indy by Commonjava.

the class CertUtilsTest method testIntermediateSignedCertificateWithExtension.

@Test
public void testIntermediateSignedCertificateWithExtension() throws Exception, CertificateException, OperatorCreationException, CertificateEncodingException, CertException {
    PrivateKey caKey = CertUtils.getPrivateKey("src/test/resources/ca.der");
    X509Certificate caCert = CertUtils.loadX509Certificate(new File("src/test/resources", "ca.crt"));
    String subjectCN = "CN=testcase.org, O=Test Org";
    CertificateAndKeys certificateAndKeys = CertUtils.createSignedCertificateAndKey(subjectCN, caCert, caKey, true);
    PublicKey publicKey = certificateAndKeys.getPublicKey();
    X509CertificateHolder certHolder = new X509CertificateHolder(certificateAndKeys.getCertificate().getEncoded());
    Extension ext = certHolder.getExtension(Extension.basicConstraints);
    assertNotNull(ext);
    assertEquals(ext.getExtnId(), Extension.basicConstraints);
    assertEquals(ext.getParsedValue(), new BasicConstraints(-1));
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) File(java.io.File) CertificateAndKeys(org.commonjava.indy.httprox.util.CertificateAndKeys) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 13 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project ozone by apache.

the class TestRootCertificate method testCACert.

@Test
public void testCACert() throws SCMSecurityException, NoSuchProviderException, NoSuchAlgorithmException, IOException, CertificateException {
    LocalDate notBefore = LocalDate.now();
    LocalDate notAfter = notBefore.plus(365, ChronoUnit.DAYS);
    String clusterID = UUID.randomUUID().toString();
    String scmID = UUID.randomUUID().toString();
    String subject = "testRootCert";
    HDDSKeyGenerator keyGen = new HDDSKeyGenerator(securityConfig.getConfiguration());
    KeyPair keyPair = keyGen.generateKey();
    SelfSignedCertificate.Builder builder = SelfSignedCertificate.newBuilder().setBeginDate(notBefore).setEndDate(notAfter).setClusterID(clusterID).setScmID(scmID).setSubject(subject).setKey(keyPair).setConfiguration(conf).makeCA();
    try {
        DomainValidator validator = DomainValidator.getInstance();
        // Add all valid ips.
        OzoneSecurityUtil.getValidInetsForCurrentHost().forEach(ip -> {
            builder.addIpAddress(ip.getHostAddress());
            if (validator.isValid(ip.getCanonicalHostName())) {
                builder.addDnsName(ip.getCanonicalHostName());
            }
        });
    } catch (IOException e) {
        throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while adding ip to CA self signed certificate", e, CSR_ERROR);
    }
    X509CertificateHolder certificateHolder = builder.build();
    // This time we asked for a CertificateServer Certificate, make sure that
    // extension is
    // present and valid.
    Extension basicExt = certificateHolder.getExtension(Extension.basicConstraints);
    Assert.assertNotNull(basicExt);
    Assert.assertTrue(basicExt.isCritical());
    // Since this code assigns ONE for the root certificate, we check if the
    // serial number is the expected number.
    Assert.assertEquals(certificateHolder.getSerialNumber(), BigInteger.ONE);
    CertificateCodec codec = new CertificateCodec(securityConfig, "scm");
    String pemString = codec.getPEMEncodedString(certificateHolder);
    File basePath = temporaryFolder.newFolder();
    if (!basePath.exists()) {
        Assert.assertTrue(basePath.mkdirs());
    }
    codec.writeCertificate(basePath.toPath(), "pemcertificate.crt", pemString, false);
    X509CertificateHolder loadedCert = codec.readCertificate(basePath.toPath(), "pemcertificate.crt");
    assertNotNull(loadedCert);
    assertEquals(certificateHolder.getSerialNumber(), loadedCert.getSerialNumber());
}
Also used : KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SelfSignedCertificate(org.apache.hadoop.hdds.security.x509.certificates.utils.SelfSignedCertificate) CertificateCodec(org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec) IOException(java.io.IOException) LocalDate(java.time.LocalDate) Extension(org.bouncycastle.asn1.x509.Extension) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) DomainValidator(org.apache.commons.validator.routines.DomainValidator) File(java.io.File) Test(org.junit.Test)

Example 14 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project poi by apache.

the class PkiTestUtils method createOcspResp.

public static OCSPResp createOcspResp(X509Certificate certificate, boolean revoked, X509Certificate issuerCertificate, X509Certificate ocspResponderCertificate, PrivateKey ocspResponderPrivateKey, String signatureAlgorithm, long nonceTimeinMillis) throws Exception {
    DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1);
    X509CertificateHolder issuerHolder = new X509CertificateHolder(issuerCertificate.getEncoded());
    CertificateID certId = new CertificateID(digestCalc, issuerHolder, certificate.getSerialNumber());
    // request
    //create a nonce to avoid replay attack
    BigInteger nonce = BigInteger.valueOf(nonceTimeinMillis);
    DEROctetString nonceDer = new DEROctetString(nonce.toByteArray());
    Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, nonceDer);
    Extensions exts = new Extensions(ext);
    OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
    ocspReqBuilder.addRequest(certId);
    ocspReqBuilder.setRequestExtensions(exts);
    OCSPReq ocspReq = ocspReqBuilder.build();
    SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo(CertificateID.HASH_SHA1, ocspResponderCertificate.getPublicKey().getEncoded());
    BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(keyInfo, digestCalc);
    basicOCSPRespBuilder.setResponseExtensions(exts);
    // request processing
    Req[] requestList = ocspReq.getRequestList();
    for (Req ocspRequest : requestList) {
        CertificateID certificateID = ocspRequest.getCertID();
        CertificateStatus certificateStatus = CertificateStatus.GOOD;
        if (revoked) {
            certificateStatus = new RevokedStatus(new Date(), CRLReason.privilegeWithdrawn);
        }
        basicOCSPRespBuilder.addResponse(certificateID, certificateStatus);
    }
    // basic response generation
    X509CertificateHolder[] chain = null;
    if (!ocspResponderCertificate.equals(issuerCertificate)) {
        // TODO: HorribleProxy can't convert array input params yet
        chain = new X509CertificateHolder[] { new X509CertificateHolder(ocspResponderCertificate.getEncoded()), issuerHolder };
    }
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(ocspResponderPrivateKey);
    BasicOCSPResp basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date(nonceTimeinMillis));
    OCSPRespBuilder ocspRespBuilder = new OCSPRespBuilder();
    OCSPResp ocspResp = ocspRespBuilder.build(OCSPRespBuilder.SUCCESSFUL, basicOCSPResp);
    return ocspResp;
}
Also used : BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) OCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPRespBuilder) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) CertificateStatus(org.bouncycastle.cert.ocsp.CertificateStatus) DigestCalculator(org.bouncycastle.operator.DigestCalculator) ContentSigner(org.bouncycastle.operator.ContentSigner) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DEROctetString(org.bouncycastle.asn1.DEROctetString) Date(java.util.Date) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) Extension(org.bouncycastle.asn1.x509.Extension) BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) BigInteger(java.math.BigInteger) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder) Req(org.bouncycastle.cert.ocsp.Req) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq)

Example 15 with Extension

use of org.mozilla.jss.netscape.security.x509.Extension in project robovm by robovm.

the class X509CRLEntryObject method toString.

public String toString() {
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");
    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
    buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);
    Extensions extensions = c.getExtensions();
    if (extensions != null) {
        Enumeration e = extensions.oids();
        if (e.hasMoreElements()) {
            buf.append("   crlEntryExtensions:").append(nl);
            while (e.hasMoreElements()) {
                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
                Extension ext = extensions.getExtension(oid);
                if (ext.getExtnValue() != null) {
                    byte[] octs = ext.getExtnValue().getOctets();
                    ASN1InputStream dIn = new ASN1InputStream(octs);
                    buf.append("                       critical(").append(ext.isCritical()).append(") ");
                    try {
                        if (oid.equals(X509Extension.reasonCode)) {
                            buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl);
                        } else if (oid.equals(X509Extension.certificateIssuer)) {
                            buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl);
                        } else {
                            buf.append(oid.getId());
                            buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
                        }
                    } catch (Exception ex) {
                        buf.append(oid.getId());
                        buf.append(" value = ").append("*****").append(nl);
                    }
                } else {
                    buf.append(nl);
                }
            }
        }
    }
    return buf.toString();
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) X509Extension(org.bouncycastle.asn1.x509.X509Extension) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) Enumeration(java.util.Enumeration) Extensions(org.bouncycastle.asn1.x509.Extensions) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) IOException(java.io.IOException) CRLException(java.security.cert.CRLException)

Aggregations

Extension (org.bouncycastle.asn1.x509.Extension)131 Extensions (org.bouncycastle.asn1.x509.Extensions)66 IOException (java.io.IOException)61 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)46 Enumeration (java.util.Enumeration)45 DEROctetString (org.bouncycastle.asn1.DEROctetString)44 BigInteger (java.math.BigInteger)37 HashSet (java.util.HashSet)35 Extension (com.github.zhenwei.core.asn1.x509.Extension)27 Date (java.util.Date)27 Set (java.util.Set)27 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)26 X500Name (org.bouncycastle.asn1.x500.X500Name)25 ArrayList (java.util.ArrayList)23 CertificateEncodingException (java.security.cert.CertificateEncodingException)22 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)22 X509Certificate (java.security.cert.X509Certificate)21 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)18 CertificateException (java.security.cert.CertificateException)18 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)17
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial