Example 66 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project baseio by generallycloud.
the class SelfSignedCertificate method generate.
private File[] generate(String fileRoot, String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509
// certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fileRoot, fqdn, key, cert);
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateException(java.security.cert.CertificateException)
CertificateValidity(sun.security.x509.CertificateValidity)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 67 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project TLS-Scanner by RUB-NDS.
the class CertificateJudger method isSelfSigned.
public Boolean isSelfSigned() {
try {
// Try to verify certificate signature with its own public key
X509Certificate cert = new X509CertImpl(certificate.getEncoded());
PublicKey publicKey = cert.getPublicKey();
cert.verify(publicKey);
return true;
} catch (SignatureException | InvalidKeyException ex) {
return false;
} catch (Exception E) {
return null;
}
}
Also used :
PublicKey(java.security.PublicKey)
X509CertImpl(sun.security.x509.X509CertImpl)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
X509Certificate(java.security.cert.X509Certificate)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
Example 68 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project Bytecoder by mirkosertic.
the class PKCS7 method parseSignedData.
private void parseSignedData(DerValue val) throws ParsingException, IOException {
DerInputStream dis = val.toDerInputStream();
// Version
version = dis.getBigInteger();
// digestAlgorithmIds
DerValue[] digestAlgorithmIdVals = dis.getSet(1);
int len = digestAlgorithmIdVals.length;
digestAlgorithmIds = new AlgorithmId[len];
try {
for (int i = 0; i < len; i++) {
DerValue oid = digestAlgorithmIdVals[i];
digestAlgorithmIds[i] = AlgorithmId.parse(oid);
}
} catch (IOException e) {
ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
pe.initCause(e);
throw pe;
}
// contentInfo
contentInfo = new ContentInfo(dis);
CertificateFactory certfac = null;
try {
certfac = CertificateFactory.getInstance("X.509");
} catch (CertificateException ce) {
// do nothing
}
/*
* check if certificates (implicit tag) are provided
* (certificates are OPTIONAL)
*/
if ((byte) (dis.peekByte()) == (byte) 0xA0) {
DerValue[] certVals = dis.getSet(2, true);
len = certVals.length;
certificates = new X509Certificate[len];
int count = 0;
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
byte tag = certVals[i].getTag();
// CertificateChoices ignored.
if (tag == DerValue.tag_Sequence) {
if (certfac == null) {
certificates[count] = new X509CertImpl(certVals[i]);
} else {
byte[] encoded = certVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
certificates[count] = (X509Certificate) certfac.generateCertificate(bais);
bais.close();
bais = null;
}
count++;
}
} catch (CertificateException ce) {
ParsingException pe = new ParsingException(ce.getMessage());
pe.initCause(ce);
throw pe;
} catch (IOException ioe) {
ParsingException pe = new ParsingException(ioe.getMessage());
pe.initCause(ioe);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
if (count != len) {
certificates = Arrays.copyOf(certificates, count);
}
}
// check if crls (implicit tag) are provided (crls are OPTIONAL)
if ((byte) (dis.peekByte()) == (byte) 0xA1) {
DerValue[] crlVals = dis.getSet(1, true);
len = crlVals.length;
crls = new X509CRL[len];
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
if (certfac == null)
crls[i] = new X509CRLImpl(crlVals[i]);
else {
byte[] encoded = crlVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
crls[i] = (X509CRL) certfac.generateCRL(bais);
bais.close();
bais = null;
}
} catch (CRLException e) {
ParsingException pe = new ParsingException(e.getMessage());
pe.initCause(e);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
}
// signerInfos
DerValue[] signerInfoVals = dis.getSet(1);
len = signerInfoVals.length;
signerInfos = new SignerInfo[len];
for (int i = 0; i < len; i++) {
DerInputStream in = signerInfoVals[i].toDerInputStream();
signerInfos[i] = new SignerInfo(in);
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509CertImpl(sun.security.x509.X509CertImpl)
X509CRLImpl(sun.security.x509.X509CRLImpl)
CRLException(java.security.cert.CRLException)
Example 69 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project Bytecoder by mirkosertic.
the class PKCS7 method parseNetscapeCertChain.
private void parseNetscapeCertChain(DerValue val) throws ParsingException, IOException {
DerInputStream dis = new DerInputStream(val.toByteArray());
DerValue[] contents = dis.getSequence(2);
certificates = new X509Certificate[contents.length];
CertificateFactory certfac = null;
try {
certfac = CertificateFactory.getInstance("X.509");
} catch (CertificateException ce) {
// do nothing
}
for (int i = 0; i < contents.length; i++) {
ByteArrayInputStream bais = null;
try {
if (certfac == null)
certificates[i] = new X509CertImpl(contents[i]);
else {
byte[] encoded = contents[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
certificates[i] = (X509Certificate) certfac.generateCertificate(bais);
bais.close();
bais = null;
}
} catch (CertificateException ce) {
ParsingException pe = new ParsingException(ce.getMessage());
pe.initCause(ce);
throw pe;
} catch (IOException ioe) {
ParsingException pe = new ParsingException(ioe.getMessage());
pe.initCause(ioe);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
}
Also used :
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
Example 70 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project Bytecoder by mirkosertic.
the class SimpleValidator method buildTrustedChain.
/**
* Build a trusted certificate chain. This method always returns a chain
* with a trust anchor as the final cert in the chain. If no trust anchor
* could be found, a CertificateException is thrown.
*/
private X509Certificate[] buildTrustedChain(X509Certificate[] chain) throws CertificateException {
List<X509Certificate> c = new ArrayList<X509Certificate>(chain.length);
// if a trusted certificate is found, append it and return
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
X509Certificate trustedCert = getTrustedCertificate(cert);
if (trustedCert != null) {
c.add(trustedCert);
return c.toArray(CHAIN0);
}
c.add(cert);
}
// check if we can append a trusted cert
X509Certificate cert = chain[chain.length - 1];
X500Principal subject = cert.getSubjectX500Principal();
X500Principal issuer = cert.getIssuerX500Principal();
List<X509Certificate> list = trustedX500Principals.get(issuer);
if (list != null) {
X509Certificate matchedCert = list.get(0);
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
KeyIdentifier akid = certImpl.getAuthKeyId();
if (akid != null) {
for (X509Certificate sup : list) {
// Look for a best match issuer.
X509CertImpl supCert = X509CertImpl.toImpl(sup);
if (akid.equals(supCert.getSubjectKeyId())) {
matchedCert = sup;
break;
}
}
}
c.add(matchedCert);
return c.toArray(CHAIN0);
}
// no trusted cert found, error
throw new ValidatorException(ValidatorException.T_NO_TRUST_ANCHOR);
}
Also used :
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertImpl(sun.security.x509.X509CertImpl)
X500Principal(javax.security.auth.x500.X500Principal)
Aggregations
X509CertImpl (sun.security.x509.X509CertImpl)92
CertificateException (java.security.cert.CertificateException)41
IOException (java.io.IOException)31
X509Certificate (java.security.cert.X509Certificate)23
CertPathValidatorException (java.security.cert.CertPathValidatorException)17
BigInteger (java.math.BigInteger)16
PublicKey (java.security.PublicKey)15
X500Name (sun.security.x509.X500Name)14
X509CertInfo (sun.security.x509.X509CertInfo)14
AlgorithmId (sun.security.x509.AlgorithmId)13
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13
X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12
CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11
CertificateValidity (sun.security.x509.CertificateValidity)11
CertificateX509Key (sun.security.x509.CertificateX509Key)11
CertificateFactory (java.security.cert.CertificateFactory)10
CertificateVersion (sun.security.x509.CertificateVersion)10
SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9
CertificateIssuerName (sun.security.x509.CertificateIssuerName)8
CertificateSubjectName (sun.security.x509.CertificateSubjectName)8
