Search in sources :

Example 21 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project j2objc by google.

the class OCSP method check.

/**
 * Obtains the revocation status of a certificate using OCSP using the most
 * common defaults. The OCSP responder URI is retrieved from the
 * certificate's AIA extension. The OCSP responder certificate is assumed
 * to be the issuer's certificate (or issued by the issuer CA).
 *
 * @param cert the certificate to be checked
 * @param issuerCert the issuer certificate
 * @return the RevocationStatus
 * @throws IOException if there is an exception connecting to or
 *    communicating with the OCSP responder
 * @throws CertPathValidatorException if an exception occurs while
 *    encoding the OCSP Request or validating the OCSP Response
 */
public static RevocationStatus check(X509Certificate cert, X509Certificate issuerCert) throws IOException, CertPathValidatorException {
    CertId certId = null;
    URI responderURI = null;
    try {
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        responderURI = getResponderURI(certImpl);
        if (responderURI == null) {
            throw new CertPathValidatorException("No OCSP Responder URI in certificate");
        }
        certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
    } catch (CertificateException | IOException e) {
        throw new CertPathValidatorException("Exception while encoding OCSPRequest", e);
    }
    OCSPResponse ocspResponse = check(Collections.singletonList(certId), responderURI, issuerCert, null, null, Collections.<Extension>emptyList());
    return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) OCSPResponse(sun.security.provider.certpath.OCSPResponse) X509CertImpl(sun.security.x509.X509CertImpl) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) URI(java.net.URI)

Example 22 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project mockserver by mock-server.

the class X509Generator method signX509KeyPair.

private X509AndPrivateKey signX509KeyPair(final PrivateKey privateKey, final KeyPair keyPair, X509CertInfo x509CertInfo, final String signatureAlgorithm) throws CertificateException, NoSuchAlgorithmException, IOException, InvalidKeyException, NoSuchProviderException, SignatureException {
    x509CertInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(signatureAlgorithm)));
    X509CertImpl cert = new X509CertImpl(x509CertInfo);
    cert.sign(privateKey, signatureAlgorithm);
    return new X509AndPrivateKey().setPrivateKey(privateKeyToPEM(keyPair.getPrivate().getEncoded())).setCert(certToPEM(cert.getEncoded()));
}
Also used : X509CertImpl(sun.security.x509.X509CertImpl) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 23 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project OpenAttestation by OpenAttestation.

the class X509Builder method build.

public X509Certificate build() {
    if (certificateVersion == null) {
        v3();
    }
    if (certificateValidity == null) {
        // 1 year default
        expires(365, TimeUnit.DAYS);
    }
    if (certificateSerialNumber == null) {
        randomSerial();
    }
    if (certificateSubjectName == null) {
        if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
            try {
                subjectName(new X500Name(commonName, organizationUnit, organizationName, country));
            } catch (Exception e) {
                fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
            }
        }
    }
    if (certificateIssuerName == null) {
        //}
        if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
            try {
                issuerName(new X500Name(commonName, organizationUnit, organizationName, country));
            } catch (Exception e) {
                fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
            }
        }
    }
    if (subjectPublicKey == null) {
        fault("missing subject public key");
    }
    // Note: alternativeName is optional so we don't have any defaults or errors for it here
    if (algorithm == null) {
        // algorithm.getName() == SHA256withRSA
        algorithm(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid));
    }
    //}
    try {
        if (getFaults().isEmpty()) {
            // Sign the cert to identify the algorithm that's used.
            X509CertImpl cert = new X509CertImpl(info);
            // NoSuchAlgorithMException, InvalidKeyException, NoSuchProviderException, , SignatureException
            cert.sign(issuerPrivateKey, algorithm.getName());
            /*
                 * for some unknown reason, if we return the "cert" now then all 
                 * the optioanl fields such as getBasicConstraints() and 
                 * getKeyUsage() are missing even though they are included if you 
                 * call getEncoded() ... but if you re-create the certificate
                 * then those fields are present in the re-created certificate.
                 */
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate cert2 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
            return cert2;
        }
        return null;
    } catch (Exception e) {
        fault(e, "cannot sign certificate");
        return null;
    } finally {
        done();
    }
}
Also used : CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) ByteArrayInputStream(java.io.ByteArrayInputStream) X509CertImpl(sun.security.x509.X509CertImpl) X500Name(sun.security.x509.X500Name) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate)

Example 24 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project OpenAM by OpenRock.

the class JwtGenerator method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
        System.exit(1);
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(512);
    KeyPair keyPair = keyGen.genKeyPair();
    PublicKey publicKey = keyPair.getPublic();
    long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
    String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
    System.out.println("JWT: " + jwt);
    Calendar expiry = Calendar.getInstance();
    expiry.add(Calendar.DAY_OF_YEAR, 7);
    X509CertInfo info = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(keyPair.getPrivate(), "SHA256withRSA");
    System.out.println("Certificate:");
    BASE64Encoder encoder = new BASE64Encoder();
    System.out.println(X509Factory.BEGIN_CERT);
    encoder.encodeBuffer(cert.getEncoded(), System.out);
    System.out.println(X509Factory.END_CERT);
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) CertificateSubjectName(sun.security.x509.CertificateSubjectName) KeyPair(java.security.KeyPair) X509CertInfo(sun.security.x509.X509CertInfo) PublicKey(java.security.PublicKey) Calendar(java.util.Calendar) CertificateIssuerName(sun.security.x509.CertificateIssuerName) BASE64Encoder(sun.misc.BASE64Encoder) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) SigningManager(org.forgerock.json.jose.jws.SigningManager) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 25 with X509CertImpl

use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project OpenAM by OpenRock.

the class AMCRLStore method getCRLDPExt.

/**
     * It checks whether the certificate has CRLDistributionPointsExtension
     * or not. If there is, it returns the extension.
     *
     * @param certificate
     */
private CRLDistributionPointsExtension getCRLDPExt(X509Certificate certificate) {
    CRLDistributionPointsExtension dpExt = null;
    try {
        X509CertImpl certImpl = new X509CertImpl(certificate.getEncoded());
        dpExt = certImpl.getCRLDistributionPointsExtension();
    } catch (Exception e) {
        debug.error("Error finding CRL distribution Point configured: ", e);
    }
    return dpExt;
}
Also used : CRLDistributionPointsExtension(sun.security.x509.CRLDistributionPointsExtension) X509CertImpl(sun.security.x509.X509CertImpl) LdapException(org.forgerock.opendj.ldap.LdapException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)

Aggregations

X509CertImpl (sun.security.x509.X509CertImpl)92 CertificateException (java.security.cert.CertificateException)41 IOException (java.io.IOException)31 X509Certificate (java.security.cert.X509Certificate)23 CertPathValidatorException (java.security.cert.CertPathValidatorException)17 BigInteger (java.math.BigInteger)16 PublicKey (java.security.PublicKey)15 X500Name (sun.security.x509.X500Name)14 X509CertInfo (sun.security.x509.X509CertInfo)14 AlgorithmId (sun.security.x509.AlgorithmId)13 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13 X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11 CertificateValidity (sun.security.x509.CertificateValidity)11 CertificateX509Key (sun.security.x509.CertificateX509Key)11 CertificateFactory (java.security.cert.CertificateFactory)10 CertificateVersion (sun.security.x509.CertificateVersion)10 SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8