Search in sources :

Example 96 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project netty by netty.

the class OpenJdkSelfSignedCertGenerator method generate.

@SuppressJava6Requirement(reason = "Usage guarded by dependency check")
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter, String algorithm) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, // sha256WithRSAEncryption
    new CertificateAlgorithmId(AlgorithmId.get("1.2.840.113549.1.1.11")));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fqdn, key, cert);
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) SuppressJava6Requirement(io.netty.util.internal.SuppressJava6Requirement)

Example 97 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jans by JanssenProject.

the class WebKeysTest method webKeyTest.

@Test(dataProvider = "webKeysDataProvider")
public void webKeyTest(final String n, final String e, final String x5c) throws CertificateException {
    showTitle("webKeyTest");
    byte[] nBytes = Base64Util.base64urldecode(n);
    BigInteger modulus = new BigInteger(1, nBytes);
    byte[] eBytes = Base64Util.base64urldecode(e);
    BigInteger exponent = new BigInteger(1, eBytes);
    System.out.println("n: " + n);
    System.out.println("n: " + modulus);
    System.out.println("e: " + e);
    System.out.println("e: " + exponent);
    byte[] certBytes = Base64Util.base64urldecode(x5c);
    X509Certificate cert = new X509CertImpl(certBytes);
    PublicKey publicKey = cert.getPublicKey();
    RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
    assertEquals(rsaPublicKey.getModulus(), modulus);
    assertEquals(rsaPublicKey.getPublicExponent(), exponent);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) X509Certificate(java.security.cert.X509Certificate) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 98 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project mockserver by mock-server.

the class X509GeneratorTest method shouldCreateRootCertificateWithCorrectCertExtensions.

@Test
public void shouldCreateRootCertificateWithCorrectCertExtensions() throws Exception {
    // given
    X509Generator x509Generator = new X509Generator(new MockServerLogger());
    // and - a certificate signing request
    CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
    // and - a root keypair
    X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
    // when - a x509 certificate has been successfully generated
    X509Certificate x509Certificate = x509FromPEM(pemRootKeyPair.getCert());
    boolean[] keyUsage = x509Certificate.getKeyUsage();
    // then - the extensions are correctly set
    assertArrayEquals(new boolean[] { false, false, false, false, false, true, false, false, false }, keyUsage);
    if (x509Certificate instanceof X509CertImpl) {
        ((X509CertImpl) x509Certificate).getBasicConstraintsExtension().get(IS_CA);
    }
}
Also used : MockServerLogger(org.mockserver.logging.MockServerLogger) CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) X509CertImpl(sun.security.x509.X509CertImpl) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 99 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jss by dogtagpki.

the class PKCS12Util method getCertInfo.

public PKCS12CertInfo getCertInfo(SafeBag bag) throws Exception {
    PKCS12CertInfo certInfo = new PKCS12CertInfo();
    CertBag certBag = (CertBag) bag.getInterpretedBagContent();
    OCTET_STRING certStr = (OCTET_STRING) certBag.getInterpretedCert();
    byte[] x509cert = certStr.toByteArray();
    // generate cert ID from SHA-1 hash of cert data
    byte[] id = SafeBag.getLocalKeyIDFromCert(x509cert);
    certInfo.setID(id);
    logger.debug("   Certificate ID: " + Utils.HexEncode(id));
    X509CertImpl cert = new X509CertImpl(x509cert);
    certInfo.setCert(cert);
    X500Principal subjectDN = cert.getSubjectX500Principal();
    logger.debug("   Subject DN: " + subjectDN);
    SET bagAttrs = bag.getBagAttributes();
    for (int i = 0; bagAttrs != null && i < bagAttrs.size(); i++) {
        Attribute attr = (Attribute) bagAttrs.elementAt(i);
        OBJECT_IDENTIFIER oid = attr.getType();
        if (oid.equals(SafeBag.FRIENDLY_NAME)) {
            SET values = attr.getValues();
            ANY value = (ANY) values.elementAt(0);
            ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
            BMPString friendlyName = (BMPString) (new BMPString.Template()).decode(bis);
            certInfo.setFriendlyName(friendlyName.toString());
            logger.debug("   Friendly name: " + certInfo.getFriendlyName());
        } else if (oid.equals(SafeBag.LOCAL_KEY_ID)) {
            SET values = attr.getValues();
            ANY value = (ANY) values.elementAt(0);
            ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
            OCTET_STRING keyIdAsn1 = (OCTET_STRING) new OCTET_STRING.Template().decode(bis);
            byte[] keyID = keyIdAsn1.toByteArray();
            certInfo.setKeyID(keyID);
            logger.debug("   Key ID: " + Utils.HexEncode(keyID));
        } else if (oid.equals(PKCS12.CERT_TRUST_FLAGS_OID) && trustFlagsEnabled) {
            SET values = attr.getValues();
            ANY value = (ANY) values.elementAt(0);
            ByteArrayInputStream is = new ByteArrayInputStream(value.getEncoded());
            BMPString trustFlagsAsn1 = (BMPString) (new BMPString.Template()).decode(is);
            String trustFlags = trustFlagsAsn1.toString();
            certInfo.setTrustFlags(trustFlags);
            logger.debug("   Trust flags: " + trustFlags);
        } else {
            logger.warn("   " + oid + ": " + attr.getValues());
        }
    }
    if (certInfo.getFriendlyName() == null) {
        logger.debug("   Generating new friendly name");
        LdapName dn = new LdapName(subjectDN.getName());
        ArrayList<String> values = new ArrayList<>();
        // The getRdns method returns the list in reverse order
        // therefore, we must traverse in reverse order.
        List<Rdn> rdns = dn.getRdns();
        for (int i = rdns.size() - 1; i >= 0; i--) {
            Rdn rdn = rdns.get(i);
            values.add(rdn.getValue().toString());
        }
        String friendlyName = StringUtils.join(values, " - ");
        certInfo.setFriendlyName(friendlyName);
        logger.debug("   Friendly name: " + friendlyName);
    }
    return certInfo;
}
Also used : SET(org.mozilla.jss.asn1.SET) Attribute(org.mozilla.jss.pkix.primitive.Attribute) ArrayList(java.util.ArrayList) OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) BMPString(org.mozilla.jss.asn1.BMPString) ANY(org.mozilla.jss.asn1.ANY) LdapName(javax.naming.ldap.LdapName) CertBag(org.mozilla.jss.pkcs12.CertBag) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) ByteArrayInputStream(java.io.ByteArrayInputStream) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) X500Principal(javax.security.auth.x500.X500Principal) BMPString(org.mozilla.jss.asn1.BMPString) Rdn(javax.naming.ldap.Rdn)

Example 100 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jss by dogtagpki.

the class CertPrettyPrint method pkcs7toString.

public String pkcs7toString(Locale clientLocale) {
    StringBuffer content = new StringBuffer();
    try {
        mX509Cert = new X509CertImpl(mCert_b);
        return toString(clientLocale);
    } catch (Exception e) {
    }
    ContentInfo ci = null;
    try {
        ci = (ContentInfo) ASN1Util.decode(ContentInfo.getTemplate(), mCert_b);
    } catch (Exception e) {
        return "";
    }
    if (ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
        SignedData sd = null;
        try {
            sd = (SignedData) ci.getInterpretedContent();
        } catch (Exception e) {
            return "";
        }
        if (sd.hasCertificates()) {
            SET certs = sd.getCertificates();
            for (int i = 0; i < certs.size(); i++) {
                org.mozilla.jss.pkix.cert.Certificate cert = (org.mozilla.jss.pkix.cert.Certificate) certs.elementAt(i);
                X509CertImpl certImpl = null;
                try {
                    certImpl = new X509CertImpl(ASN1Util.encode(cert));
                } catch (Exception e) {
                }
                CertPrettyPrint print = new CertPrettyPrint(certImpl);
                content.append(print.toString(Locale.getDefault()));
                content.append("\n");
            }
            return content.toString();
        }
    }
    return content.toString();
}
Also used : SET(org.mozilla.jss.asn1.SET) SignedData(org.mozilla.jss.pkcs7.SignedData) ContentInfo(org.mozilla.jss.pkcs7.ContentInfo) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) Certificate(java.security.cert.Certificate)

Aggregations

X509CertImpl (sun.security.x509.X509CertImpl)92 CertificateException (java.security.cert.CertificateException)41 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)23 CertPathValidatorException (java.security.cert.CertPathValidatorException)17 BigInteger (java.math.BigInteger)16 PublicKey (java.security.PublicKey)15 X500Name (sun.security.x509.X500Name)14 X509CertInfo (sun.security.x509.X509CertInfo)14 AlgorithmId (sun.security.x509.AlgorithmId)13 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13 X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11 CertificateValidity (sun.security.x509.CertificateValidity)11 CertificateX509Key (sun.security.x509.CertificateX509Key)11 CertificateFactory (java.security.cert.CertificateFactory)10 CertificateVersion (sun.security.x509.CertificateVersion)10 SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8