use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project j2objc by google.
the class OCSP method check.
/**
* Obtains the revocation status of a certificate using OCSP using the most
* common defaults. The OCSP responder URI is retrieved from the
* certificate's AIA extension. The OCSP responder certificate is assumed
* to be the issuer's certificate (or issued by the issuer CA).
*
* @param cert the certificate to be checked
* @param issuerCert the issuer certificate
* @return the RevocationStatus
* @throws IOException if there is an exception connecting to or
* communicating with the OCSP responder
* @throws CertPathValidatorException if an exception occurs while
* encoding the OCSP Request or validating the OCSP Response
*/
public static RevocationStatus check(X509Certificate cert, X509Certificate issuerCert) throws IOException, CertPathValidatorException {
CertId certId = null;
URI responderURI = null;
try {
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
responderURI = getResponderURI(certImpl);
if (responderURI == null) {
throw new CertPathValidatorException("No OCSP Responder URI in certificate");
}
certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId), responderURI, issuerCert, null, null, Collections.<Extension>emptyList());
return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project mockserver by mock-server.
the class X509Generator method signX509KeyPair.
private X509AndPrivateKey signX509KeyPair(final PrivateKey privateKey, final KeyPair keyPair, X509CertInfo x509CertInfo, final String signatureAlgorithm) throws CertificateException, NoSuchAlgorithmException, IOException, InvalidKeyException, NoSuchProviderException, SignatureException {
x509CertInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(signatureAlgorithm)));
X509CertImpl cert = new X509CertImpl(x509CertInfo);
cert.sign(privateKey, signatureAlgorithm);
return new X509AndPrivateKey().setPrivateKey(privateKeyToPEM(keyPair.getPrivate().getEncoded())).setCert(certToPEM(cert.getEncoded()));
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project OpenAttestation by OpenAttestation.
the class X509Builder method build.
public X509Certificate build() {
if (certificateVersion == null) {
v3();
}
if (certificateValidity == null) {
// 1 year default
expires(365, TimeUnit.DAYS);
}
if (certificateSerialNumber == null) {
randomSerial();
}
if (certificateSubjectName == null) {
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
subjectName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (certificateIssuerName == null) {
//}
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
issuerName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (subjectPublicKey == null) {
fault("missing subject public key");
}
// Note: alternativeName is optional so we don't have any defaults or errors for it here
if (algorithm == null) {
// algorithm.getName() == SHA256withRSA
algorithm(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid));
}
//}
try {
if (getFaults().isEmpty()) {
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
// NoSuchAlgorithMException, InvalidKeyException, NoSuchProviderException, , SignatureException
cert.sign(issuerPrivateKey, algorithm.getName());
/*
* for some unknown reason, if we return the "cert" now then all
* the optioanl fields such as getBasicConstraints() and
* getKeyUsage() are missing even though they are included if you
* call getEncoded() ... but if you re-create the certificate
* then those fields are present in the re-created certificate.
*/
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert2 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
return cert2;
}
return null;
} catch (Exception e) {
fault(e, "cannot sign certificate");
return null;
} finally {
done();
}
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project OpenAM by OpenRock.
the class JwtGenerator method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
System.exit(1);
}
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair keyPair = keyGen.genKeyPair();
PublicKey publicKey = keyPair.getPublic();
long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
System.out.println("JWT: " + jwt);
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.DAY_OF_YEAR, 7);
X509CertInfo info = new X509CertInfo();
CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA256withRSA");
System.out.println("Certificate:");
BASE64Encoder encoder = new BASE64Encoder();
System.out.println(X509Factory.BEGIN_CERT);
encoder.encodeBuffer(cert.getEncoded(), System.out);
System.out.println(X509Factory.END_CERT);
}
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project OpenAM by OpenRock.
the class AMCRLStore method getCRLDPExt.
/**
* It checks whether the certificate has CRLDistributionPointsExtension
* or not. If there is, it returns the extension.
*
* @param certificate
*/
private CRLDistributionPointsExtension getCRLDPExt(X509Certificate certificate) {
CRLDistributionPointsExtension dpExt = null;
try {
X509CertImpl certImpl = new X509CertImpl(certificate.getEncoded());
dpExt = certImpl.getCRLDistributionPointsExtension();
} catch (Exception e) {
debug.error("Error finding CRL distribution Point configured: ", e);
}
return dpExt;
}
Aggregations