Example 96 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project netty by netty.
the class OpenJdkSelfSignedCertGenerator method generate.
@SuppressJava6Requirement(reason = "Usage guarded by dependency check")
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter, String algorithm) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, // sha256WithRSAEncryption
new CertificateAlgorithmId(AlgorithmId.get("1.2.840.113549.1.1.11")));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fqdn, key, cert);
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateException(java.security.cert.CertificateException)
CertificateValidity(sun.security.x509.CertificateValidity)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
SuppressJava6Requirement(io.netty.util.internal.SuppressJava6Requirement)
Example 97 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jans by JanssenProject.
the class WebKeysTest method webKeyTest.
@Test(dataProvider = "webKeysDataProvider")
public void webKeyTest(final String n, final String e, final String x5c) throws CertificateException {
showTitle("webKeyTest");
byte[] nBytes = Base64Util.base64urldecode(n);
BigInteger modulus = new BigInteger(1, nBytes);
byte[] eBytes = Base64Util.base64urldecode(e);
BigInteger exponent = new BigInteger(1, eBytes);
System.out.println("n: " + n);
System.out.println("n: " + modulus);
System.out.println("e: " + e);
System.out.println("e: " + exponent);
byte[] certBytes = Base64Util.base64urldecode(x5c);
X509Certificate cert = new X509CertImpl(certBytes);
PublicKey publicKey = cert.getPublicKey();
RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
assertEquals(rsaPublicKey.getModulus(), modulus);
assertEquals(rsaPublicKey.getPublicExponent(), exponent);
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
X509Certificate(java.security.cert.X509Certificate)
BaseTest(io.jans.as.client.BaseTest)
Test(org.testng.annotations.Test)
Example 98 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project mockserver by mock-server.
the class X509GeneratorTest method shouldCreateRootCertificateWithCorrectCertExtensions.
@Test
public void shouldCreateRootCertificateWithCorrectCertExtensions() throws Exception {
// given
X509Generator x509Generator = new X509Generator(new MockServerLogger());
// and - a certificate signing request
CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
// and - a root keypair
X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
// when - a x509 certificate has been successfully generated
X509Certificate x509Certificate = x509FromPEM(pemRootKeyPair.getCert());
boolean[] keyUsage = x509Certificate.getKeyUsage();
// then - the extensions are correctly set
assertArrayEquals(new boolean[] { false, false, false, false, false, true, false, false, false }, keyUsage);
if (x509Certificate instanceof X509CertImpl) {
((X509CertImpl) x509Certificate).getBasicConstraintsExtension().get(IS_CA);
}
}
Also used :
MockServerLogger(org.mockserver.logging.MockServerLogger)
CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest)
X509CertImpl(sun.security.x509.X509CertImpl)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 99 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jss by dogtagpki.
the class PKCS12Util method getCertInfo.
public PKCS12CertInfo getCertInfo(SafeBag bag) throws Exception {
PKCS12CertInfo certInfo = new PKCS12CertInfo();
CertBag certBag = (CertBag) bag.getInterpretedBagContent();
OCTET_STRING certStr = (OCTET_STRING) certBag.getInterpretedCert();
byte[] x509cert = certStr.toByteArray();
// generate cert ID from SHA-1 hash of cert data
byte[] id = SafeBag.getLocalKeyIDFromCert(x509cert);
certInfo.setID(id);
logger.debug(" Certificate ID: " + Utils.HexEncode(id));
X509CertImpl cert = new X509CertImpl(x509cert);
certInfo.setCert(cert);
X500Principal subjectDN = cert.getSubjectX500Principal();
logger.debug(" Subject DN: " + subjectDN);
SET bagAttrs = bag.getBagAttributes();
for (int i = 0; bagAttrs != null && i < bagAttrs.size(); i++) {
Attribute attr = (Attribute) bagAttrs.elementAt(i);
OBJECT_IDENTIFIER oid = attr.getType();
if (oid.equals(SafeBag.FRIENDLY_NAME)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
BMPString friendlyName = (BMPString) (new BMPString.Template()).decode(bis);
certInfo.setFriendlyName(friendlyName.toString());
logger.debug(" Friendly name: " + certInfo.getFriendlyName());
} else if (oid.equals(SafeBag.LOCAL_KEY_ID)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
OCTET_STRING keyIdAsn1 = (OCTET_STRING) new OCTET_STRING.Template().decode(bis);
byte[] keyID = keyIdAsn1.toByteArray();
certInfo.setKeyID(keyID);
logger.debug(" Key ID: " + Utils.HexEncode(keyID));
} else if (oid.equals(PKCS12.CERT_TRUST_FLAGS_OID) && trustFlagsEnabled) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream is = new ByteArrayInputStream(value.getEncoded());
BMPString trustFlagsAsn1 = (BMPString) (new BMPString.Template()).decode(is);
String trustFlags = trustFlagsAsn1.toString();
certInfo.setTrustFlags(trustFlags);
logger.debug(" Trust flags: " + trustFlags);
} else {
logger.warn(" " + oid + ": " + attr.getValues());
}
}
if (certInfo.getFriendlyName() == null) {
logger.debug(" Generating new friendly name");
LdapName dn = new LdapName(subjectDN.getName());
ArrayList<String> values = new ArrayList<>();
// The getRdns method returns the list in reverse order
// therefore, we must traverse in reverse order.
List<Rdn> rdns = dn.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
Rdn rdn = rdns.get(i);
values.add(rdn.getValue().toString());
}
String friendlyName = StringUtils.join(values, " - ");
certInfo.setFriendlyName(friendlyName);
logger.debug(" Friendly name: " + friendlyName);
}
return certInfo;
}
Also used :
SET(org.mozilla.jss.asn1.SET)
Attribute(org.mozilla.jss.pkix.primitive.Attribute)
ArrayList(java.util.ArrayList)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
BMPString(org.mozilla.jss.asn1.BMPString)
ANY(org.mozilla.jss.asn1.ANY)
LdapName(javax.naming.ldap.LdapName)
CertBag(org.mozilla.jss.pkcs12.CertBag)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
X500Principal(javax.security.auth.x500.X500Principal)
BMPString(org.mozilla.jss.asn1.BMPString)
Rdn(javax.naming.ldap.Rdn)
Example 100 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jss by dogtagpki.
the class CertPrettyPrint method pkcs7toString.
public String pkcs7toString(Locale clientLocale) {
StringBuffer content = new StringBuffer();
try {
mX509Cert = new X509CertImpl(mCert_b);
return toString(clientLocale);
} catch (Exception e) {
}
ContentInfo ci = null;
try {
ci = (ContentInfo) ASN1Util.decode(ContentInfo.getTemplate(), mCert_b);
} catch (Exception e) {
return "";
}
if (ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
SignedData sd = null;
try {
sd = (SignedData) ci.getInterpretedContent();
} catch (Exception e) {
return "";
}
if (sd.hasCertificates()) {
SET certs = sd.getCertificates();
for (int i = 0; i < certs.size(); i++) {
org.mozilla.jss.pkix.cert.Certificate cert = (org.mozilla.jss.pkix.cert.Certificate) certs.elementAt(i);
X509CertImpl certImpl = null;
try {
certImpl = new X509CertImpl(ASN1Util.encode(cert));
} catch (Exception e) {
}
CertPrettyPrint print = new CertPrettyPrint(certImpl);
content.append(print.toString(Locale.getDefault()));
content.append("\n");
}
return content.toString();
}
}
return content.toString();
}
Also used :
SET(org.mozilla.jss.asn1.SET)
SignedData(org.mozilla.jss.pkcs7.SignedData)
ContentInfo(org.mozilla.jss.pkcs7.ContentInfo)
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
Certificate(java.security.cert.Certificate)
Aggregations
X509CertImpl (sun.security.x509.X509CertImpl)92
CertificateException (java.security.cert.CertificateException)41
IOException (java.io.IOException)31
X509Certificate (java.security.cert.X509Certificate)23
CertPathValidatorException (java.security.cert.CertPathValidatorException)17
BigInteger (java.math.BigInteger)16
PublicKey (java.security.PublicKey)15
X500Name (sun.security.x509.X500Name)14
X509CertInfo (sun.security.x509.X509CertInfo)14
AlgorithmId (sun.security.x509.AlgorithmId)13
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13
X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12
CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11
CertificateValidity (sun.security.x509.CertificateValidity)11
CertificateX509Key (sun.security.x509.CertificateX509Key)11
CertificateFactory (java.security.cert.CertificateFactory)10
CertificateVersion (sun.security.x509.CertificateVersion)10
SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9
CertificateIssuerName (sun.security.x509.CertificateIssuerName)8
CertificateSubjectName (sun.security.x509.CertificateSubjectName)8
