Search in sources :

Example 1 with PrivateKeyUsageExtension

use of org.mozilla.jss.netscape.security.x509.PrivateKeyUsageExtension in project AppManager by MuntashirAkon.

the class KeyStoreUtils method generateCert.

@NonNull
private static X509Certificate generateCert(PrivateKey privateKey, PublicKey publicKey, @NonNull String formattedSubject, long expiryDate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException, IOException {
    String algorithmName = "SHA512withRSA";
    CertificateExtensions certificateExtensions = new CertificateExtensions();
    certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
    X500Name x500Name = new X500Name(formattedSubject);
    Date notBefore = new Date();
    Date notAfter = new Date(expiryDate);
    certificateExtensions.set("PrivateKeyUsage", new PrivateKeyUsageExtension(notBefore, notAfter));
    CertificateValidity certificateValidity = new CertificateValidity(notBefore, notAfter);
    X509CertInfo x509CertInfo = new X509CertInfo();
    x509CertInfo.set("version", new CertificateVersion(2));
    x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
    x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(algorithmName)));
    x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
    x509CertInfo.set("key", new CertificateX509Key(publicKey));
    x509CertInfo.set("validity", certificateValidity);
    x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
    x509CertInfo.set("extensions", certificateExtensions);
    X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
    x509CertImpl.sign(privateKey, algorithmName);
    return x509CertImpl;
}
Also used : CertificateSubjectName(android.sun.security.x509.CertificateSubjectName) KeyIdentifier(android.sun.security.x509.KeyIdentifier) X509CertInfo(android.sun.security.x509.X509CertInfo) CertificateIssuerName(android.sun.security.x509.CertificateIssuerName) CertificateVersion(android.sun.security.x509.CertificateVersion) CertificateExtensions(android.sun.security.x509.CertificateExtensions) CertificateValidity(android.sun.security.x509.CertificateValidity) X500Name(android.sun.security.x509.X500Name) CertificateX509Key(android.sun.security.x509.CertificateX509Key) Date(java.util.Date) SubjectKeyIdentifierExtension(android.sun.security.x509.SubjectKeyIdentifierExtension) CertificateSerialNumber(android.sun.security.x509.CertificateSerialNumber) Random(java.util.Random) SecureRandom(java.security.SecureRandom) X509CertImpl(android.sun.security.x509.X509CertImpl) CertificateAlgorithmId(android.sun.security.x509.CertificateAlgorithmId) PrivateKeyUsageExtension(android.sun.security.x509.PrivateKeyUsageExtension) NonNull(androidx.annotation.NonNull)

Example 2 with PrivateKeyUsageExtension

use of org.mozilla.jss.netscape.security.x509.PrivateKeyUsageExtension in project jss by dogtagpki.

the class ExtPrettyPrint method getPrivateKeyUsageExtension.

private String getPrivateKeyUsageExtension() {
    StringBuffer sb = new StringBuffer();
    sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
    sb.append(mResource.getString(PrettyPrintResources.TOKEN_PRIVATE_KEY_USAGE) + "- " + mExt.getExtensionId().toString() + "\n");
    sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
    if (mExt.isCritical()) {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
    } else {
        sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
    }
    PrivateKeyUsageExtension usage = (PrivateKeyUsageExtension) mExt;
    sb.append(pp.indent(mIndentSize + 4) + "Validity:\n");
    if (dateFormater == null) {
        dateFormater = DateFormat.getDateInstance(DateFormat.FULL);
    }
    String notBefore = dateFormater.format(usage.getNotBefore());
    String notAfter = dateFormater.format(usage.getNotAfter());
    sb.append(pp.indent(mIndentSize + 8) + "Not Before: " + notBefore + "\n");
    sb.append(pp.indent(mIndentSize + 8) + "Not  After: " + notAfter + "\n");
    return sb.toString();
}
Also used : PrivateKeyUsageExtension(org.mozilla.jss.netscape.security.x509.PrivateKeyUsageExtension)

Example 3 with PrivateKeyUsageExtension

use of org.mozilla.jss.netscape.security.x509.PrivateKeyUsageExtension in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPrivateKeyValid.

/*
     * Tests matching on the private key validity component contained in the
     * certificate.
     */
private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);
}
Also used : Calendar(java.util.Calendar) X509CertSelector(java.security.cert.X509CertSelector) DerInputStream(sun.security.util.DerInputStream) PrivateKeyUsageExtension(sun.security.x509.PrivateKeyUsageExtension) Date(java.util.Date)

Aggregations

Date (java.util.Date)2 CertificateAlgorithmId (android.sun.security.x509.CertificateAlgorithmId)1 CertificateExtensions (android.sun.security.x509.CertificateExtensions)1 CertificateIssuerName (android.sun.security.x509.CertificateIssuerName)1 CertificateSerialNumber (android.sun.security.x509.CertificateSerialNumber)1 CertificateSubjectName (android.sun.security.x509.CertificateSubjectName)1 CertificateValidity (android.sun.security.x509.CertificateValidity)1 CertificateVersion (android.sun.security.x509.CertificateVersion)1 CertificateX509Key (android.sun.security.x509.CertificateX509Key)1 KeyIdentifier (android.sun.security.x509.KeyIdentifier)1 PrivateKeyUsageExtension (android.sun.security.x509.PrivateKeyUsageExtension)1 SubjectKeyIdentifierExtension (android.sun.security.x509.SubjectKeyIdentifierExtension)1 X500Name (android.sun.security.x509.X500Name)1 X509CertImpl (android.sun.security.x509.X509CertImpl)1 X509CertInfo (android.sun.security.x509.X509CertInfo)1 NonNull (androidx.annotation.NonNull)1 SecureRandom (java.security.SecureRandom)1 X509CertSelector (java.security.cert.X509CertSelector)1 Calendar (java.util.Calendar)1 Random (java.util.Random)1