use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project netty by netty.
the class OpenJdkSelfSignedCertGenerator method generate.
@SuppressJava6Requirement(reason = "Usage guarded by dependency check")
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter, String algorithm) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, // sha256WithRSAEncryption
new CertificateAlgorithmId(AlgorithmId.get("1.2.840.113549.1.1.11")));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fqdn, key, cert);
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jans by JanssenProject.
the class WebKeysTest method webKeyTest.
@Test(dataProvider = "webKeysDataProvider")
public void webKeyTest(final String n, final String e, final String x5c) throws CertificateException {
showTitle("webKeyTest");
byte[] nBytes = Base64Util.base64urldecode(n);
BigInteger modulus = new BigInteger(1, nBytes);
byte[] eBytes = Base64Util.base64urldecode(e);
BigInteger exponent = new BigInteger(1, eBytes);
System.out.println("n: " + n);
System.out.println("n: " + modulus);
System.out.println("e: " + e);
System.out.println("e: " + exponent);
byte[] certBytes = Base64Util.base64urldecode(x5c);
X509Certificate cert = new X509CertImpl(certBytes);
PublicKey publicKey = cert.getPublicKey();
RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
assertEquals(rsaPublicKey.getModulus(), modulus);
assertEquals(rsaPublicKey.getPublicExponent(), exponent);
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project mockserver by mock-server.
the class X509GeneratorTest method shouldCreateRootCertificateWithCorrectCertExtensions.
@Test
public void shouldCreateRootCertificateWithCorrectCertExtensions() throws Exception {
// given
X509Generator x509Generator = new X509Generator(new MockServerLogger());
// and - a certificate signing request
CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
// and - a root keypair
X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
// when - a x509 certificate has been successfully generated
X509Certificate x509Certificate = x509FromPEM(pemRootKeyPair.getCert());
boolean[] keyUsage = x509Certificate.getKeyUsage();
// then - the extensions are correctly set
assertArrayEquals(new boolean[] { false, false, false, false, false, true, false, false, false }, keyUsage);
if (x509Certificate instanceof X509CertImpl) {
((X509CertImpl) x509Certificate).getBasicConstraintsExtension().get(IS_CA);
}
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jss by dogtagpki.
the class PKCS12Util method getCertInfo.
public PKCS12CertInfo getCertInfo(SafeBag bag) throws Exception {
PKCS12CertInfo certInfo = new PKCS12CertInfo();
CertBag certBag = (CertBag) bag.getInterpretedBagContent();
OCTET_STRING certStr = (OCTET_STRING) certBag.getInterpretedCert();
byte[] x509cert = certStr.toByteArray();
// generate cert ID from SHA-1 hash of cert data
byte[] id = SafeBag.getLocalKeyIDFromCert(x509cert);
certInfo.setID(id);
logger.debug(" Certificate ID: " + Utils.HexEncode(id));
X509CertImpl cert = new X509CertImpl(x509cert);
certInfo.setCert(cert);
X500Principal subjectDN = cert.getSubjectX500Principal();
logger.debug(" Subject DN: " + subjectDN);
SET bagAttrs = bag.getBagAttributes();
for (int i = 0; bagAttrs != null && i < bagAttrs.size(); i++) {
Attribute attr = (Attribute) bagAttrs.elementAt(i);
OBJECT_IDENTIFIER oid = attr.getType();
if (oid.equals(SafeBag.FRIENDLY_NAME)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
BMPString friendlyName = (BMPString) (new BMPString.Template()).decode(bis);
certInfo.setFriendlyName(friendlyName.toString());
logger.debug(" Friendly name: " + certInfo.getFriendlyName());
} else if (oid.equals(SafeBag.LOCAL_KEY_ID)) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream bis = new ByteArrayInputStream(value.getEncoded());
OCTET_STRING keyIdAsn1 = (OCTET_STRING) new OCTET_STRING.Template().decode(bis);
byte[] keyID = keyIdAsn1.toByteArray();
certInfo.setKeyID(keyID);
logger.debug(" Key ID: " + Utils.HexEncode(keyID));
} else if (oid.equals(PKCS12.CERT_TRUST_FLAGS_OID) && trustFlagsEnabled) {
SET values = attr.getValues();
ANY value = (ANY) values.elementAt(0);
ByteArrayInputStream is = new ByteArrayInputStream(value.getEncoded());
BMPString trustFlagsAsn1 = (BMPString) (new BMPString.Template()).decode(is);
String trustFlags = trustFlagsAsn1.toString();
certInfo.setTrustFlags(trustFlags);
logger.debug(" Trust flags: " + trustFlags);
} else {
logger.warn(" " + oid + ": " + attr.getValues());
}
}
if (certInfo.getFriendlyName() == null) {
logger.debug(" Generating new friendly name");
LdapName dn = new LdapName(subjectDN.getName());
ArrayList<String> values = new ArrayList<>();
// The getRdns method returns the list in reverse order
// therefore, we must traverse in reverse order.
List<Rdn> rdns = dn.getRdns();
for (int i = rdns.size() - 1; i >= 0; i--) {
Rdn rdn = rdns.get(i);
values.add(rdn.getValue().toString());
}
String friendlyName = StringUtils.join(values, " - ");
certInfo.setFriendlyName(friendlyName);
logger.debug(" Friendly name: " + friendlyName);
}
return certInfo;
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jss by dogtagpki.
the class CertPrettyPrint method pkcs7toString.
public String pkcs7toString(Locale clientLocale) {
StringBuffer content = new StringBuffer();
try {
mX509Cert = new X509CertImpl(mCert_b);
return toString(clientLocale);
} catch (Exception e) {
}
ContentInfo ci = null;
try {
ci = (ContentInfo) ASN1Util.decode(ContentInfo.getTemplate(), mCert_b);
} catch (Exception e) {
return "";
}
if (ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
SignedData sd = null;
try {
sd = (SignedData) ci.getInterpretedContent();
} catch (Exception e) {
return "";
}
if (sd.hasCertificates()) {
SET certs = sd.getCertificates();
for (int i = 0; i < certs.size(); i++) {
org.mozilla.jss.pkix.cert.Certificate cert = (org.mozilla.jss.pkix.cert.Certificate) certs.elementAt(i);
X509CertImpl certImpl = null;
try {
certImpl = new X509CertImpl(ASN1Util.encode(cert));
} catch (Exception e) {
}
CertPrettyPrint print = new CertPrettyPrint(certImpl);
content.append(print.toString(Locale.getDefault()));
content.append("\n");
}
return content.toString();
}
}
return content.toString();
}
Aggregations