Example 1 with KeyUsageExtension
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project jss by dogtagpki.
the class ExtPrettyPrint method getKeyUsage.
/**
* String Representation of KeyUsageExtension
*/
private String getKeyUsage() {
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_KEY_USAGE) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_KEY_USAGE) + "\n");
KeyUsageExtension usage = (KeyUsageExtension) mExt;
if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.DIGITAL_SIGNATURE) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.NON_REPUDIATION)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.NON_REPUDIATION) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.KEY_ENCIPHERMENT)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.KEY_ENCIPHERMENT) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.DATA_ENCIPHERMENT) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.KEY_AGREEMENT)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.KEY_AGREEMENT) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.KEY_CERTSIGN)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.KEY_CERTSIGN) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.CRL_SIGN)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.CRL_SIGN) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.ENCIPHER_ONLY)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.ENCIPHER_ONLY) + "\n");
}
if (((Boolean) usage.get(KeyUsageExtension.DECIPHER_ONLY)).booleanValue()) {
sb.append(pp.indent(mIndentSize + 8) + mResource.getString(KeyUsageExtension.DECIPHER_ONLY) + "\n");
}
return sb.toString();
} catch (IOException e) {
e.printStackTrace();
return sb.toString();
}
}
Also used :
IOException(java.io.IOException)
KeyUsageExtension(org.mozilla.jss.netscape.security.x509.KeyUsageExtension)
ExtendedKeyUsageExtension(org.mozilla.jss.netscape.security.extensions.ExtendedKeyUsageExtension)
PrivateKeyUsageExtension(org.mozilla.jss.netscape.security.x509.PrivateKeyUsageExtension)
Example 2 with KeyUsageExtension
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project CipherTrust_Application_Protection by thalescpl-io.
the class SelfSignedCertificateUtility method generateCertificate.
private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
String dn = makeDN(certificateProeprties);
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
X500Name owner = new X500Name(dn);
boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
KeyUsageExtension kue = new KeyUsageExtension(kueOk);
CertificateExtensions ext = new CertificateExtensions();
ext.set(KeyUsageExtension.NAME, kue);
info.set(X509CertInfo.VALIDITY, interval);
BigInteger sn = new BigInteger(64, new SecureRandom());
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
boolean justName = isJavaAtLeast(1.8);
if (justName) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = null;
String provider = null;
switch(certificateProeprties.get("Algorithm")) {
case "SHA1WithRSA":
break;
case "SHA256WithRSA":
break;
case "SHA384WithRSA":
break;
case "SHA512WithRSA":
provider = "BC";
break;
case "SHA1WithECDSA":
provider = "BC";
break;
case "SHA224WithECDSA":
provider = "BC";
break;
case "SHA256WithECDSA":
provider = "BC";
break;
case "SHA384WithECDSA":
provider = "BC";
break;
case "SHA512WithECDSA":
provider = "BC";
break;
default:
throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
}
algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
info.set(X509CertInfo.EXTENSIONS, ext);
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
if (provider != null)
cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
else
cert.sign(privateKey, certificateProeprties.get("Algorithm"));
return cert;
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
NAEException(com.ingrian.security.nae.NAEException)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
CertificateExtensions(sun.security.x509.CertificateExtensions)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
Date(java.util.Date)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
KeyUsageExtension(sun.security.x509.KeyUsageExtension)
Example 3 with KeyUsageExtension
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project OpenAttestation by OpenAttestation.
the class X509Builder method keyUsageCRLSign.
public X509Builder keyUsageCRLSign() {
try {
v3();
if (keyUsageExtension == null) {
keyUsageExtension = new KeyUsageExtension();
}
keyUsageExtension.set(KeyUsageExtension.CRL_SIGN, true);
if (certificateExtensions == null) {
certificateExtensions = new CertificateExtensions();
}
certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
} catch (Exception e) {
fault(e, "keyUsageCRLSign");
}
return this;
}
Also used :
CertificateExtensions(sun.security.x509.CertificateExtensions)
KeyUsageExtension(sun.security.x509.KeyUsageExtension)
ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension)
Example 4 with KeyUsageExtension
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project OpenAttestation by OpenAttestation.
the class X509Builder method keyUsageDataEncipherment.
public X509Builder keyUsageDataEncipherment() {
// for encrypting data
try {
v3();
if (keyUsageExtension == null) {
keyUsageExtension = new KeyUsageExtension();
}
keyUsageExtension.set(KeyUsageExtension.DATA_ENCIPHERMENT, true);
if (certificateExtensions == null) {
certificateExtensions = new CertificateExtensions();
}
certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
} catch (Exception e) {
fault(e, "keyUsageDataEncipherment");
}
return this;
}
Also used :
CertificateExtensions(sun.security.x509.CertificateExtensions)
KeyUsageExtension(sun.security.x509.KeyUsageExtension)
ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension)
Example 5 with KeyUsageExtension
use of org.mozilla.jss.netscape.security.x509.KeyUsageExtension in project OpenAttestation by OpenAttestation.
the class X509Builder method keyUsageDigitalSignature.
public X509Builder keyUsageDigitalSignature() {
// other than CA or CRL; so this applies to API clients
try {
v3();
if (keyUsageExtension == null) {
keyUsageExtension = new KeyUsageExtension();
}
keyUsageExtension.set(KeyUsageExtension.DIGITAL_SIGNATURE, true);
if (certificateExtensions == null) {
certificateExtensions = new CertificateExtensions();
}
certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension);
info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
} catch (Exception e) {
fault(e, "keyUsageDigitalSignature");
}
return this;
}
Also used :
CertificateExtensions(sun.security.x509.CertificateExtensions)
KeyUsageExtension(sun.security.x509.KeyUsageExtension)
ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension)
Aggregations
KeyUsageExtension (sun.security.x509.KeyUsageExtension)12
CertificateExtensions (sun.security.x509.CertificateExtensions)8
ExtendedKeyUsageExtension (sun.security.x509.ExtendedKeyUsageExtension)6
IOException (java.io.IOException)5
X509Certificate (java.security.cert.X509Certificate)3
InvalidKeyException (java.security.InvalidKeyException)2
MessageDigest (java.security.MessageDigest)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
PublicKey (java.security.PublicKey)2
Signature (java.security.Signature)2
SignatureException (java.security.SignatureException)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
CertificateException (java.security.cert.CertificateException)2
ExtendedKeyUsageExtension (org.mozilla.jss.netscape.security.extensions.ExtendedKeyUsageExtension)2
KeyUsageExtension (org.mozilla.jss.netscape.security.x509.KeyUsageExtension)2
ConstraintsParameters (sun.security.util.ConstraintsParameters)2
ObjectIdentifier (sun.security.util.ObjectIdentifier)2
BasicConstraintsExtension (sun.security.x509.BasicConstraintsExtension)2
NAEException (com.ingrian.security.nae.NAEException)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
