use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project jss by dogtagpki.
the class ExtPrettyPrint method getKeyUsage.
/**
* String Representation of KeyUsageExtension
*/
private String getKeyUsage() {
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_KEY_USAGE) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_KEY_USAGE) + "\n");
KeyUsageExtension usage = (KeyUsageExtension) mExt;
if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.DIGITAL_SIGNATURE) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.NON_REPUDIATION)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.NON_REPUDIATION) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.KEY_ENCIPHERMENT)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.KEY_ENCIPHERMENT) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.DATA_ENCIPHERMENT) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.KEY_AGREEMENT)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.KEY_AGREEMENT) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.KEY_CERTSIGN)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.KEY_CERTSIGN) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.CRL_SIGN)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.CRL_SIGN) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.ENCIPHER_ONLY)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.ENCIPHER_ONLY) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.DECIPHER_ONLY)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.DECIPHER_ONLY) + "\n");
}
return sb.toString();
} catch (IOException e) {
e.printStackTrace();
return sb.toString();
}
}
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project CipherTrust_Application_Protection by thalescpl-io.
the class SelfSignedCertificateUtility method generateCertificate.
private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
String dn = makeDN(certificateProeprties);
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
X500Name owner = new X500Name(dn);
boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
KeyUsageExtension kue = new KeyUsageExtension(kueOk);
CertificateExtensions ext = new CertificateExtensions();
ext.set(KeyUsageExtension.NAME, kue);
info.set(X509CertInfo.VALIDITY, interval);
BigInteger sn = new BigInteger(64, new SecureRandom());
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
boolean justName = isJavaAtLeast(1.8);
if (justName) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = null;
String provider = null;
switch(certificateProeprties.get("Algorithm")) {
case "SHA1WithRSA":
break;
case "SHA256WithRSA":
break;
case "SHA384WithRSA":
break;
case "SHA512WithRSA":
provider = "BC";
break;
case "SHA1WithECDSA":
provider = "BC";
break;
case "SHA224WithECDSA":
provider = "BC";
break;
case "SHA256WithECDSA":
provider = "BC";
break;
case "SHA384WithECDSA":
provider = "BC";
break;
case "SHA512WithECDSA":
provider = "BC";
break;
default:
throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
}
algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
info.set(X509CertInfo.EXTENSIONS, ext);
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
if (provider != null)
cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
else
cert.sign(privateKey, certificateProeprties.get("Algorithm"));
return cert;
}
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project OpenAttestation by OpenAttestation.
the class X509Builder method keyUsageCRLSign.
public X509Builder keyUsageCRLSign() {
try {
v3();
if (keyUsageExtension == null) {
keyUsageExtension = new KeyUsageExtension();
}
keyUsageExtension.set(KeyUsageExtension.CRL_SIGN, true);
if (certificateExtensions == null) {
certificateExtensions = new CertificateExtensions();
}
certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
} catch (Exception e) {
fault(e, "keyUsageCRLSign");
}
return this;
}
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project OpenAttestation by OpenAttestation.
the class X509Builder method keyUsageDataEncipherment.
public X509Builder keyUsageDataEncipherment() {
// for encrypting data
try {
v3();
if (keyUsageExtension == null) {
keyUsageExtension = new KeyUsageExtension();
}
keyUsageExtension.set(KeyUsageExtension.DATA_ENCIPHERMENT, true);
if (certificateExtensions == null) {
certificateExtensions = new CertificateExtensions();
}
certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
} catch (Exception e) {
fault(e, "keyUsageDataEncipherment");
}
return this;
}
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project OpenAttestation by OpenAttestation.
the class X509Builder method keyUsageDigitalSignature.
public X509Builder keyUsageDigitalSignature() {
// other than CA or CRL; so this applies to API clients
try {
v3();
if (keyUsageExtension == null) {
keyUsageExtension = new KeyUsageExtension();
}
keyUsageExtension.set(KeyUsageExtension.DIGITAL_SIGNATURE, true);
if (certificateExtensions == null) {
certificateExtensions = new CertificateExtensions();
}
certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
} catch (Exception e) {
fault(e, "keyUsageDigitalSignature");
}
return this;
}
Aggregations