use of org.mozilla.jss.netscape.security.x509.GeneralName in project xwiki-commons by xwiki.
the class BcExtensionUtils method getGeneralNames.
/**
* Convert a collection of X.509 general names to Bouncy Castle general names.
*
* @param genNames a collection of X.509 general names.
* @return a bouncy castle general names.
*/
public static GeneralNames getGeneralNames(X509GeneralName[] genNames) {
GeneralName[] names = new GeneralName[genNames.length];
int i = 0;
for (X509GeneralName name : genNames) {
if (name instanceof BcGeneralName) {
names[i++] = ((BcGeneralName) name).getGeneralName();
} else {
throw new IllegalArgumentException("Unexpected general name: " + name.getClass().toString());
}
}
return new GeneralNames(names);
}
use of org.mozilla.jss.netscape.security.x509.GeneralName in project solarnetwork-node by SolarNetwork.
the class PKITestUtils method generateNewCACert.
public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer, PrivateKey issuerKey, String caDN) throws Exception {
final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
final X500Name subjectDn = new X500Name(subject);
final BigInteger serial = getNextSerialNumber();
final Date notBefore = new Date();
final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter, subjectDn, publicKey);
// add "CA" extension
BasicConstraints basicConstraints;
if (issuer == null) {
basicConstraints = new BasicConstraints(true);
} else {
int issuerPathLength = issuer.getBasicConstraints();
basicConstraints = new BasicConstraints(issuerPathLength - 1);
}
builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);
// add subjectKeyIdentifier
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);
// add authorityKeyIdentifier
GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);
// add keyUsage
X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
builder.addExtension(X509Extension.keyUsage, true, keyUsage);
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
ContentSigner signer = signerBuilder.build(issuerKey);
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
return converter.getCertificate(holder);
}
use of org.mozilla.jss.netscape.security.x509.GeneralName in project jss by dogtagpki.
the class ExtPrettyPrint method getCertificateIssuerExtension.
/**
* String Representation of CertificateIssuerExtension
*/
private String getCertificateIssuerExtension() {
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERTIFICATE_ISSUER) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
CertificateIssuerExtension ext = (CertificateIssuerExtension) mExt;
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
GeneralNames issuerNames = (GeneralNames) ext.get(CertificateIssuerExtension.CERTIFICATE_ISSUER);
if (issuerNames != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n");
for (int i = 0; i < issuerNames.size(); i++) {
GeneralName issuerName = (GeneralName) issuerNames.elementAt(i);
if (issuerName != null) {
String nameType = "";
if (issuerName.getType() == GeneralNameInterface.NAME_DIRECTORY)
nameType = "DirectoryName: ";
sb.append(pp.indent(mIndentSize + 8) + nameType + issuerName.toString() + "\n");
}
}
}
return sb.toString();
} catch (IOException e) {
e.printStackTrace();
return "";
}
}
use of org.mozilla.jss.netscape.security.x509.GeneralName in project jss by dogtagpki.
the class ExtPrettyPrint method getIssuingDistributionPointExtension.
/**
* String Representation of IssuerAlternativeName Extension
*/
private String getIssuingDistributionPointExtension() {
StringBuffer sb = new StringBuffer();
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUING_DIST_POINT) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
IssuingDistributionPointExtension ext = (IssuingDistributionPointExtension) mExt;
IssuingDistributionPoint issuingDistributionPoint = ext.getIssuingDistributionPoint();
if (issuingDistributionPoint != null) {
GeneralNames fullNames = issuingDistributionPoint.getFullName();
RDN relativeName = issuingDistributionPoint.getRelativeName();
if (fullNames != null || relativeName != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_DIST_POINT_NAME) + "\n");
if (fullNames != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_FULL_NAME) + "\n");
for (int i = 0; i < fullNames.size(); i++) {
GeneralName fullName = (GeneralName) fullNames.elementAt(i);
if (fullName != null) {
sb.append(pp.indent(mIndentSize + 12) + fullName.toString() + "\n");
}
}
}
if (relativeName != null) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + relativeName.toString() + "\n");
}
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_USER_CERTS));
if (issuingDistributionPoint.getOnlyContainsUserCerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_CA_CERTS));
if (issuingDistributionPoint.getOnlyContainsCACerts()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
BitArray onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
if (onlySomeReasons != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_ONLY_SOME_REASONS));
sb.append("0x" + pp.toHexString(onlySomeReasons.toByteArray()));
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_INDIRECT_CRL));
if (issuingDistributionPoint.getIndirectCRL()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
}
return sb.toString();
}
use of org.mozilla.jss.netscape.security.x509.GeneralName in project jss by dogtagpki.
the class SubjectInfoAccessExtension method main.
public static void main(String[] argv) {
AuthInfoAccessExtension aia = new AuthInfoAccessExtension(false);
GeneralName ocspName = new GeneralName(new URIName("http://ocsp.netscape.com"));
aia.addAccessDescription(METHOD_OCSP, ocspName);
GeneralName caIssuersName = new GeneralName(new URIName("http://ocsp.netscape.com"));
aia.addAccessDescription(METHOD_CA_ISSUERS, caIssuersName);
ByteArrayOutputStream os = new ByteArrayOutputStream();
try {
aia.encode(os);
System.out.println(Utils.base64encode(os.toByteArray(), true));
} catch (IOException e) {
System.out.println(e.toString());
}
try {
// test serialization
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bos);
oos.writeObject(aia);
ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray());
ObjectInputStream ois = new ObjectInputStream(bis);
AuthInfoAccessExtension clone = (AuthInfoAccessExtension) ois.readObject();
System.out.println(clone);
} catch (Exception e) {
System.out.println(e.toString());
}
}
Aggregations