Search in sources :

Example 16 with KeyIdentifier

use of org.mozilla.jss.netscape.security.x509.KeyIdentifier in project mockserver by mock-server.

the class X509Generator method updateWithRootCertificateExtensions.

private void updateWithRootCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey) throws IOException, CertificateException {
    CertificateExtensions certificateExtensions = new CertificateExtensions();
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.9
    certificateExtensions.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(// is critical
    true, // is CA
    true, // path length
    -1));
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
    boolean[] keyUsage = new boolean[9];
    // keyCertSign
    keyUsage[5] = true;
    certificateExtensions.set(KeyUsageExtension.NAME, new KeyUsageExtension(keyUsage));
    // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
    certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
    x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
Also used : SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension) BasicConstraintsExtension(sun.security.x509.BasicConstraintsExtension) KeyIdentifier(sun.security.x509.KeyIdentifier) CertificateExtensions(sun.security.x509.CertificateExtensions) KeyUsageExtension(sun.security.x509.KeyUsageExtension)

Example 17 with KeyIdentifier

use of org.mozilla.jss.netscape.security.x509.KeyIdentifier in project jss by dogtagpki.

the class ExtPrettyPrint method getAuthorityKeyIdentifier.

/**
 * String Representation of AuthorityKeyIdentifierExtension
 */
private String getAuthorityKeyIdentifier() {
    StringBuffer sb = new StringBuffer();
    try {
        sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_AKI) + "- " + mExt.getExtensionId().toString() + "\n");
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
        if (mExt.isCritical()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        AuthorityKeyIdentifierExtension id = (AuthorityKeyIdentifierExtension) mExt;
        KeyIdentifier keyId = (KeyIdentifier) id.get(AuthorityKeyIdentifierExtension.KEY_ID);
        if (keyId != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_KEY_ID) + "\n");
            sb.append(pp.toHexString(keyId.getIdentifier(), mIndentSize + 8, 16));
        // sb.append(pp.toHexString(keyId.getIdentifier(),24,16));
        }
        GeneralNames authNames = (GeneralNames) id.get(AuthorityKeyIdentifierExtension.AUTH_NAME);
        if (authNames != null) {
            for (int i = 0; i < authNames.size(); i++) {
                GeneralName authName = (GeneralName) authNames.elementAt(i);
                if (authName != null) {
                    sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_AUTH_NAME) + authName.toString() + "\n");
                }
            }
        }
        SerialNumber serial = (SerialNumber) id.get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (serial != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + serial.getNumber().toBigInteger().toString(16).toUpperCase() + "\n");
        }
        return sb.toString();
    } catch (IOException e) {
        e.printStackTrace();
        return "";
    }
}
Also used : KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier) GeneralNames(org.mozilla.jss.netscape.security.x509.GeneralNames) SerialNumber(org.mozilla.jss.netscape.security.x509.SerialNumber) AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension) GeneralName(org.mozilla.jss.netscape.security.x509.GeneralName) IOException(java.io.IOException) CRLDistributionPoint(org.mozilla.jss.netscape.security.x509.CRLDistributionPoint) IssuingDistributionPoint(org.mozilla.jss.netscape.security.x509.IssuingDistributionPoint)

Example 18 with KeyIdentifier

use of org.mozilla.jss.netscape.security.x509.KeyIdentifier in project jss by dogtagpki.

the class ExtPrettyPrint method getSubjectKeyIdentifier.

/**
 * String Representation of SubjectKeyIdentifierExtension
 */
private String getSubjectKeyIdentifier() {
    StringBuffer sb = new StringBuffer();
    try {
        sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_SKI) + "- " + mExt.getExtensionId().toString() + "\n");
        sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
        if (mExt.isCritical()) {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
        } else {
            sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
        }
        SubjectKeyIdentifierExtension id = (SubjectKeyIdentifierExtension) mExt;
        KeyIdentifier keyId = (KeyIdentifier) id.get(SubjectKeyIdentifierExtension.KEY_ID);
        if (keyId != null) {
            sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_KEY_ID) + "\n");
            sb.append(pp.toHexString(keyId.getIdentifier(), 24, 16));
        }
        return sb.toString();
    } catch (IOException e) {
        e.printStackTrace();
        return "";
    }
}
Also used : SubjectKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension) KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier) IOException(java.io.IOException)

Example 19 with KeyIdentifier

use of org.mozilla.jss.netscape.security.x509.KeyIdentifier in project jss by dogtagpki.

the class EnumerationZeroTest method buildAuthorityKeyIdentifier.

/**
 * Calculate the KeyIdentifier for an RSAPublicKey and place it in an AuthorityKeyIdentifier extension.
 *
 * Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
 * <pre>
 * SubjectPublicKeyInfo  ::=  SEQUENCE  {
 *   algorithm            AlgorithmIdentifier,
 *   subjectPublicKey     BIT STRING  }
 *
 * AlgorithmIdentifier  ::=  SEQUENCE  {
 *   algorithm               OBJECT IDENTIFIER,
 *   parameters              ANY DEFINED BY algorithm OPTIONAL  }
 * </pre>
 *
 * A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
 *
 * @param key the RSAPublicKey to use
 * @return an AuthorityKeyIdentifierExtension based on the key
 * @throws IOException if we can't construct a MessageDigest object.
 */
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(RSAPublicKey key) throws IOException {
    try {
        MessageDigest d = MessageDigest.getInstance("SHA-1");
        byte[] encodedKey = key.getEncoded();
        DerInputStream s = new DerValue(encodedKey).toDerInputStream();
        // Skip the first item in the sequence, AlgorithmIdentifier.
        // The parameter, startLen, is required for skipSequence although it's unused.
        s.skipSequence(0);
        // Get the subjectPublicKey bit string
        BitArray b = s.getUnalignedBitString();
        byte[] digest = d.digest(b.toByteArray());
        KeyIdentifier ki = new KeyIdentifier(digest);
        return new AuthorityKeyIdentifierExtension(ki, null, null);
    } catch (NoSuchAlgorithmException e) {
        throw new IOException("Could not find SHA1 implementation", e);
    }
}
Also used : KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier) DerValue(org.mozilla.jss.netscape.security.util.DerValue) AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) BitArray(org.mozilla.jss.netscape.security.util.BitArray) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) MessageDigest(java.security.MessageDigest)

Aggregations

IOException (java.io.IOException)11 KeyIdentifier (sun.security.x509.KeyIdentifier)9 KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)8 AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)7 AuthorityKeyIdentifierExtension (sun.security.x509.AuthorityKeyIdentifierExtension)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 CertificateException (java.security.cert.CertificateException)5 SubjectKeyIdentifierExtension (sun.security.x509.SubjectKeyIdentifierExtension)5 X509CertImpl (sun.security.x509.X509CertImpl)5 MessageDigest (java.security.MessageDigest)4 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)3 BitArray (org.mozilla.jss.netscape.security.util.BitArray)3 DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)3 DerValue (org.mozilla.jss.netscape.security.util.DerValue)3 BigInteger (java.math.BigInteger)2 SecureRandom (java.security.SecureRandom)2 Date (java.util.Date)2 BasicConstraintsExtension (sun.security.x509.BasicConstraintsExtension)2 CertificateExtensions (sun.security.x509.CertificateExtensions)2 KeyUsageExtension (sun.security.x509.KeyUsageExtension)2