Examples with X509CertImpl org.mozilla.jss.netscape.security.x509.X509CertImpl used on opensource projects

Example 81 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project ariADDna by StnetixDevTeam.

the class KeyFactory method removeCertFromKeyStore.

public void removeCertFromKeyStore(File certFile, File keyStoreFile) throws KeyStoreException {
    try {
        X509CertImpl cert = (X509CertImpl) certFactory.getCertByFile(certFile);
        String alias = certFactory.getCertSubjectName(cert);
        FileInputStream fis = new FileInputStream(keyStoreFile);
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_FORMAT);
        keyStore.load(fis, pass);
        fis.close();
        keyStore.deleteEntry(alias);
        FileOutputStream fos = new FileOutputStream(keyStoreFile);
        keyStore.store(fos, pass);
        LOGGER.info("Certificate with filename {} deleted from keyStore with filename {}", certFile.getAbsolutePath(), keyStoreFile.getAbsolutePath());
        fos.close();
        persistHelper.deleteCertificate(alias);
    } catch (Exception e) {
        LOGGER.error("Exception: ", e);
        throw new KeyStoreException("Caused by: ", e);
    }
}

Example 82 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project ariADDna by StnetixDevTeam.

the class KeyFactory method getCertByAlias.

public File getCertByAlias(String alias, File keyStoreFile) throws KeyStoreException {
    try {
        FileInputStream fis = new FileInputStream(keyStoreFile);
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_FORMAT);
        keyStore.load(fis, pass);
        LOGGER.info("KeyStore {} loaded successful.", keyStoreFile.getAbsolutePath());
        fis.close();
        X509CertImpl cert = (X509CertImpl) keyStore.getCertificate(alias);
        File certFile = new File(alias + ".cer");
        FileOutputStream fos = new FileOutputStream(certFile);
        fos.write(cert.getEncoded());
        LOGGER.info("Certificate {} loaded successful.", certFile.getAbsolutePath());
        fos.close();
        return certFile;
    } catch (Exception e) {
        LOGGER.error("Exception: ", e);
        throw new KeyStoreException("Caused by: ", e);
    }
}

Example 83 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project wiremock by wiremock.

the class X509CertificateSpecification method certificateFor.

@Override
public X509Certificate certificateFor(KeyPair keyPair) throws CertificateException, InvalidKeyException, SignatureException {
    try {
        SecureRandom random = new SecureRandom();
        X509CertInfo info = new X509CertInfo();
        info.set(X509CertInfo.VERSION, version.getVersion());
        // On Java >= 1.8 it has to be an `X500Name`
        try {
            info.set(X509CertInfo.SUBJECT, subject);
        } catch (CertificateException ignore) {
            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
        }
        // On Java >= 1.8 it has to be an `X500Name`
        try {
            info.set(X509CertInfo.ISSUER, issuer);
        } catch (CertificateException ignore) {
            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
        }
        info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
        info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.SHA256_oid)));
        // Sign the cert to identify the algorithm that's used.
        X509CertImpl cert = new X509CertImpl(info);
        cert.sign(keyPair.getPrivate(), "SHA256withRSA");
        // Update the algorithm and sign again.
        info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
        cert = new X509CertImpl(info);
        cert.sign(keyPair.getPrivate(), "SHA256withRSA");
        cert.verify(keyPair.getPublic());
        return cert;
    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException e) {
        return throwUnchecked(e, null);
    }
}

Example 84 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project candlepin by candlepin.

the class JSSPKIUtility method createX509Certificate.

@Override
public X509Certificate createX509Certificate(String dn, Set<X509ExtensionWrapper> extensions, Set<X509ByteExtensionWrapper> byteExtensions, Date startDate, Date endDate, KeyPair clientKeyPair, BigInteger serialNumber, String alternateName) throws IOException {
    // Ensure JSS is properly initialized before attempting any operations with it
    JSSProviderLoader.initialize();
    X509CertInfo certInfo = new X509CertInfo();
    try {
        X509Certificate caCert = reader.getCACert();
        byte[] publicKeyEncoded = clientKeyPair.getPublic().getEncoded();
        certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name(caCert.getSubjectX500Principal().getEncoded())));
        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
        certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(startDate, endDate));
        certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(dn)));
        certInfo.set(X509CertInfo.KEY, new CertificateX509Key(X509Key.parse(new DerValue(publicKeyEncoded))));
        certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(SIGNING_ALG_ID)));
        certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
        CertificateExtensions certExtensions = buildStandardExtensions(new CertificateExtensions(), dn, clientKeyPair, extensions, caCert, alternateName);
        certInfo.set(X509CertInfo.EXTENSIONS, certExtensions);
        if (extensions != null) {
            for (X509ExtensionWrapper wrapper : extensions) {
                // Avoid null values. Set them to blank if they are null
                String value = wrapper.getValue() == null ? "" : wrapper.getValue();
                UTF8String der = new UTF8String(value);
                certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
            }
        }
        if (byteExtensions != null) {
            for (X509ByteExtensionWrapper wrapper : byteExtensions) {
                // Avoid null values. Set them to blank if they are null
                byte[] value = wrapper.getValue() == null ? new byte[0] : wrapper.getValue();
                OCTET_STRING der = new OCTET_STRING(value);
                certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
            }
        }
        X509CertImpl certImpl = new X509CertImpl(certInfo);
        certImpl.sign(reader.getCaKey(), SIGNING_ALG_ID);
        // valid, it just won't have any extensions present in the object.
        return new X509CertImpl(certImpl.getEncoded());
    } catch (GeneralSecurityException e) {
        throw new RuntimeException("Could not create X.509 certificate", e);
    }
}

Example 85 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project ddf by codice.

the class SignerConditionTest method testIsNotSatisfied.

@Test
public void testIsNotSatisfied() throws CertificateException {
    Bundle bundle = mock(Bundle.class);
    Map<X509Certificate, List<X509Certificate>> trustedCerts = new HashMap<>();
    X509Certificate key = new X509CertImpl(SignerConditionTest.class.getResourceAsStream("/asdf.der"));
    trustedCerts.put(key, new ArrayList<>());
    when(bundle.getSignerCertificates(Bundle.SIGNERS_TRUSTED)).thenReturn(trustedCerts);
    SignerCondition principalCondition = new SignerCondition(bundle, new ConditionInfo(SignerCondition.class.getName(), new String[] { "signer1", "signer2", "signer3" }));
    boolean satisfied = principalCondition.isSatisfied();
    assertThat(satisfied, is(false));
}