use of org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension in project j2objc by google.
the class Vertex method certToString.
/**
* Return string representation of this vertex's
* certificate information.
*
* @returns String representation of certificate info
*/
public String certToString() {
StringBuilder sb = new StringBuilder();
X509CertImpl x509Cert = null;
try {
x509Cert = X509CertImpl.toImpl(cert);
} catch (CertificateException ce) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
ce.printStackTrace();
}
return sb.toString();
}
sb.append("Issuer: ").append(x509Cert.getIssuerX500Principal()).append("\n");
sb.append("Subject: ").append(x509Cert.getSubjectX500Principal()).append("\n");
sb.append("SerialNum: ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
sb.append("Expires: ").append(x509Cert.getNotAfter().toString()).append("\n");
boolean[] iUID = x509Cert.getIssuerUniqueID();
if (iUID != null) {
sb.append("IssuerUID: ");
for (boolean b : iUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
boolean[] sUID = x509Cert.getSubjectUniqueID();
if (sUID != null) {
sb.append("SubjectUID: ");
for (boolean b : sUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
try {
SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
if (sKeyID != null) {
KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
sb.append("SubjKeyID: ").append(keyID.toString());
}
AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
if (aKeyID != null) {
KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
sb.append("AuthKeyID: ").append(keyID.toString());
}
} catch (IOException e) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
e.printStackTrace();
}
}
return sb.toString();
}
use of org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension in project mockserver by mock-server.
the class X509Generator method updateWithCertificateExtensions.
private void updateWithCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey, final PublicKey caPublicKey, final Set<String> subjectAlternativeNames) throws IOException, CertificateException {
CertificateExtensions certificateExtensions = new CertificateExtensions();
GeneralNames generalNames = subjectAlternativeNames.stream().filter(StringUtils::isNotBlank).map(this::buildGeneralName).filter(Objects::nonNull).collect(Collector.of(GeneralNames::new, GeneralNames::add, // do nothing
(generalNames1, generalNames2) -> null));
if (!generalNames.isEmpty()) {
certificateExtensions.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(Boolean.FALSE, generalNames));
}
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(caPublicKey), null, null));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.1
x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
use of org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension in project mockserver by mock-server.
the class X509Generator method updateWithRootCertificateExtensions.
private void updateWithRootCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey) throws IOException, CertificateException {
CertificateExtensions certificateExtensions = new CertificateExtensions();
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.9
certificateExtensions.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(// is critical
true, // is CA
true, // path length
-1));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
boolean[] keyUsage = new boolean[9];
// keyCertSign
keyUsage[5] = true;
certificateExtensions.set(KeyUsageExtension.NAME, new KeyUsageExtension(keyUsage));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
use of org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension in project jss by dogtagpki.
the class ExtPrettyPrint method getSubjectKeyIdentifier.
/**
* String Representation of SubjectKeyIdentifierExtension
*/
private String getSubjectKeyIdentifier() {
StringBuffer sb = new StringBuffer();
try {
sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER));
sb.append(mResource.getString(PrettyPrintResources.TOKEN_SKI) + "- " + mExt.getExtensionId().toString() + "\n");
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL));
if (mExt.isCritical()) {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n");
} else {
sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n");
}
SubjectKeyIdentifierExtension id = (SubjectKeyIdentifierExtension) mExt;
KeyIdentifier keyId = (KeyIdentifier) id.get(SubjectKeyIdentifierExtension.KEY_ID);
if (keyId != null) {
sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_KEY_ID) + "\n");
sb.append(pp.toHexString(keyId.getIdentifier(), 24, 16));
}
return sb.toString();
} catch (IOException e) {
e.printStackTrace();
return "";
}
}
Aggregations