Example 31 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class ConstraintsChecker method mergeNameConstraints.
/**
* Helper to fold sets of name constraints together
*/
static NameConstraintsExtension mergeNameConstraints(X509Certificate currCert, NameConstraintsExtension prevNC) throws CertPathValidatorException {
X509CertImpl currCertImpl;
try {
currCertImpl = X509CertImpl.toImpl(currCert);
} catch (CertificateException ce) {
throw new CertPathValidatorException(ce);
}
NameConstraintsExtension newConstraints = currCertImpl.getNameConstraintsExtension();
if (debug != null) {
debug.println("prevNC = " + prevNC + ", newNC = " + String.valueOf(newConstraints));
}
// new name constraints.
if (prevNC == null) {
if (debug != null) {
debug.println("mergedNC = " + String.valueOf(newConstraints));
}
if (newConstraints == null) {
return newConstraints;
} else {
// be sharing it with a Certificate object!
return (NameConstraintsExtension) newConstraints.clone();
}
} else {
try {
// after merge, prevNC should contain the merged constraints
prevNC.merge(newConstraints);
} catch (IOException ioe) {
throw new CertPathValidatorException(ioe);
}
if (debug != null) {
debug.println("mergedNC = " + prevNC);
}
return prevNC;
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
NameConstraintsExtension(sun.security.x509.NameConstraintsExtension)
IOException(java.io.IOException)
Example 32 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class ForwardState method updateState.
/**
* Update the state with the next certificate added to the path.
*
* @param cert the certificate which is used to update the state
*/
@Override
public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException {
if (cert == null)
return;
X509CertImpl icert = X509CertImpl.toImpl(cert);
/* see if certificate key has null parameters */
if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) {
keyParamsNeededFlag = true;
}
/* update certificate */
this.cert = icert;
/* update issuer DN */
issuerDN = cert.getIssuerX500Principal();
if (!X509CertImpl.isSelfIssued(cert)) {
/*
* update traversedCACerts only if this is a non-self-issued
* intermediate CA cert
*/
if (!init && cert.getBasicConstraints() != -1) {
traversedCACerts++;
}
}
/* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */
if (init || !X509CertImpl.isSelfIssued(cert)) {
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));
try {
SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected " + "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}
init = false;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
GeneralNames(sun.security.x509.GeneralNames)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
X509CertImpl(sun.security.x509.X509CertImpl)
X500Principal(javax.security.auth.x500.X500Principal)
GeneralName(sun.security.x509.GeneralName)
IOException(java.io.IOException)
Example 33 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class OCSP method check.
public static RevocationStatus check(X509Certificate cert, URI responderURI, TrustAnchor anchor, X509Certificate issuerCert, X509Certificate responderCert, Date date, List<Extension> extensions, String variant) throws IOException, CertPathValidatorException {
CertId certId;
try {
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId), responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert), responderCert, date, extensions, variant);
return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Example 34 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class X509CertificatePair method parse.
/* Parse the encoded bytes */
private void parse(DerValue val) throws IOException, CertificateException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Sequence tag missing for X509CertificatePair");
}
while (val.data != null && val.data.available() != 0) {
DerValue opt = val.data.getDerValue();
short tag = (byte) (opt.tag & 0x01f);
switch(tag) {
case TAG_FORWARD:
if (opt.isContextSpecific() && opt.isConstructed()) {
if (forward != null) {
throw new IOException("Duplicate forward " + "certificate in X509CertificatePair");
}
opt = opt.data.getDerValue();
forward = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
}
break;
case TAG_REVERSE:
if (opt.isContextSpecific() && opt.isConstructed()) {
if (reverse != null) {
throw new IOException("Duplicate reverse " + "certificate in X509CertificatePair");
}
opt = opt.data.getDerValue();
reverse = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
}
break;
default:
throw new IOException("Invalid encoding of " + "X509CertificatePair");
}
}
if (forward == null && reverse == null) {
throw new CertificateException("at least one of certificate pair " + "must be non-null");
}
}
Also used :
DerValue(sun.security.util.DerValue)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Example 35 with X509CertImpl
use of org.mozilla.jss.netscape.security.x509.X509CertImpl in project baseio by generallycloud.
the class SelfSignedCertificate method generate.
private File[] generate(String fileRoot, String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509
// certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fileRoot, fqdn, key, cert);
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateException(java.security.cert.CertificateException)
CertificateValidity(sun.security.x509.CertificateValidity)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Aggregations
X509CertImpl (sun.security.x509.X509CertImpl)92
CertificateException (java.security.cert.CertificateException)41
IOException (java.io.IOException)31
X509Certificate (java.security.cert.X509Certificate)23
CertPathValidatorException (java.security.cert.CertPathValidatorException)17
BigInteger (java.math.BigInteger)16
PublicKey (java.security.PublicKey)15
X500Name (sun.security.x509.X500Name)14
X509CertInfo (sun.security.x509.X509CertInfo)14
AlgorithmId (sun.security.x509.AlgorithmId)13
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13
X509CertImpl (org.mozilla.jss.netscape.security.x509.X509CertImpl)12
CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)11
CertificateValidity (sun.security.x509.CertificateValidity)11
CertificateX509Key (sun.security.x509.CertificateX509Key)11
CertificateFactory (java.security.cert.CertificateFactory)10
CertificateVersion (sun.security.x509.CertificateVersion)10
SubjectAlternativeNameExtension (sun.security.x509.SubjectAlternativeNameExtension)9
CertificateIssuerName (sun.security.x509.CertificateIssuerName)8
CertificateSubjectName (sun.security.x509.CertificateSubjectName)8
