Search in sources :

Example 6 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project mockserver by mock-server.

the class X509Generator method generateLeafX509AndPrivateKey.

public X509AndPrivateKey generateLeafX509AndPrivateKey(final CertificateSigningRequest csr, String issuerDistinguishingName, final String caPrivateKey, final X509Certificate caCertificate) throws IOException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException, InvalidKeySpecException {
    final PrivateKey privateKey = KeyFactory.getInstance(csr.getKeyPairAlgorithm()).generatePrivate(keySpecFromPEM(caPrivateKey));
    final KeyPair keyPair = generateKeyPair(csr.getKeyPairAlgorithm(), csr.getKeyPairSize());
    final X500Name subject = new X500Name(buildDistinguishedName(csr.getCommonName()));
    final X500Name issuer = new X500Name(issuerDistinguishingName);
    X509CertInfo x509CertInfo = buildX509CertInfo(subject, issuer, keyPair.getPublic(), csr);
    updateWithCertificateExtensions(x509CertInfo, keyPair.getPublic(), caCertificate.getPublicKey(), csr.getSubjectAlternativeNames());
    X509AndPrivateKey x509AndPrivateKey = signX509KeyPair(privateKey, keyPair, x509CertInfo, csr.getSigningAlgorithm());
    // validate
    X509Certificate signedX509Certificate = x509FromPEM(x509AndPrivateKey.getCert());
    signedX509Certificate.checkValidity(new Date());
    signedX509Certificate.verify(caCertificate.getPublicKey());
    return x509AndPrivateKey;
}
Also used : X509CertInfo(sun.security.x509.X509CertInfo) X500Name(sun.security.x509.X500Name) X509Certificate(java.security.cert.X509Certificate)

Example 7 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project mockserver by mock-server.

the class X509Generator method buildX509CertInfo.

private X509CertInfo buildX509CertInfo(final X500Name subject, final X500Name issuer, final PublicKey publicKey, final CertificateSigningRequest csr) throws IOException, NoSuchAlgorithmException, CertificateException {
    X509CertInfo x509CertInfo = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(NOT_BEFORE, NOT_AFTER);
    // replaced secure random with random in order to prevent entropy depletion
    BigInteger sn = new BigInteger(64, new Random());
    x509CertInfo.set(X509CertInfo.VALIDITY, interval);
    x509CertInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    x509CertInfo.set(X509CertInfo.SUBJECT, subject);
    x509CertInfo.set(X509CertInfo.ISSUER, issuer);
    x509CertInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    x509CertInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.get(csr.getSigningAlgorithm()).getOID());
    x509CertInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    return x509CertInfo;
}
Also used : CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertInfo(sun.security.x509.X509CertInfo) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) BigInteger(java.math.BigInteger) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 8 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project OpenAM by OpenRock.

the class JwtGenerator method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
        System.exit(1);
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(512);
    KeyPair keyPair = keyGen.genKeyPair();
    PublicKey publicKey = keyPair.getPublic();
    long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
    String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
    System.out.println("JWT: " + jwt);
    Calendar expiry = Calendar.getInstance();
    expiry.add(Calendar.DAY_OF_YEAR, 7);
    X509CertInfo info = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(keyPair.getPrivate(), "SHA256withRSA");
    System.out.println("Certificate:");
    BASE64Encoder encoder = new BASE64Encoder();
    System.out.println(X509Factory.BEGIN_CERT);
    encoder.encodeBuffer(cert.getEncoded(), System.out);
    System.out.println(X509Factory.END_CERT);
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) CertificateSubjectName(sun.security.x509.CertificateSubjectName) KeyPair(java.security.KeyPair) X509CertInfo(sun.security.x509.X509CertInfo) PublicKey(java.security.PublicKey) Calendar(java.util.Calendar) CertificateIssuerName(sun.security.x509.CertificateIssuerName) BASE64Encoder(sun.misc.BASE64Encoder) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) SigningManager(org.forgerock.json.jose.jws.SigningManager) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 9 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project OpenAM by OpenRock.

the class Cert method getTokenFromSubjectAltExt.

private void getTokenFromSubjectAltExt(X509Certificate cert) throws AuthLoginException {
    try {
        X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
        X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
        CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
        SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
        if (altNameExt != null) {
            GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
            GeneralName generalname = null;
            ObjectIdentifier upnoid = new ObjectIdentifier(UPNOID);
            Iterator itr = (Iterator) names.iterator();
            while ((userTokenId == null) && itr.hasNext()) {
                generalname = (GeneralName) itr.next();
                if (generalname != null) {
                    if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("UPN") && (generalname.getType() == GeneralNameInterface.NAME_ANY)) {
                        OtherName othername = (OtherName) generalname.getName();
                        if (upnoid.equals((Object) (othername.getOID()))) {
                            byte[] nval = othername.getNameValue();
                            DerValue derValue = new DerValue(nval);
                            userTokenId = derValue.getData().getUTF8String();
                        }
                    } else if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("RFC822Name") && (generalname.getType() == GeneralNameInterface.NAME_RFC822)) {
                        RFC822Name email = (RFC822Name) generalname.getName();
                        userTokenId = email.getName();
                    }
                }
            }
        }
    } catch (Exception e) {
        debug.error("Certificate - " + "Error in getTokenFromSubjectAltExt = ", e);
        throw new AuthLoginException(amAuthCert, "CertNoReg", null);
    }
}
Also used : X509CertInfo(sun.security.x509.X509CertInfo) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) OtherName(sun.security.x509.OtherName) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) CertificateExtensions(sun.security.x509.CertificateExtensions) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) GeneralNames(sun.security.x509.GeneralNames) RFC822Name(sun.security.x509.RFC822Name) X509CertImpl(sun.security.x509.X509CertImpl) DerValue(sun.security.util.DerValue) Iterator(java.util.Iterator) GeneralName(sun.security.x509.GeneralName) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 10 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project jdk8u_jdk by JetBrains.

the class PKCS7 method populateCertIssuerNames.

/**
     * Populate array of Issuer DNs from certificates and convert
     * each Principal to type X500Name if necessary.
     */
private void populateCertIssuerNames() {
    if (certificates == null)
        return;
    certIssuerNames = new Principal[certificates.length];
    for (int i = 0; i < certificates.length; i++) {
        X509Certificate cert = certificates[i];
        Principal certIssuerName = cert.getIssuerDN();
        if (!(certIssuerName instanceof X500Name)) {
            // types of String attribute values to be changed)
            try {
                X509CertInfo tbsCert = new X509CertInfo(cert.getTBSCertificate());
                certIssuerName = (Principal) tbsCert.get(X509CertInfo.ISSUER + "." + X509CertInfo.DN_NAME);
            } catch (Exception e) {
            // error generating X500Name object from the cert's
            // issuer DN, leave name as is.
            }
        }
        certIssuerNames[i] = certIssuerName;
    }
}
Also used : X509CertInfo(sun.security.x509.X509CertInfo) X500Name(sun.security.x509.X500Name) X509Certificate(java.security.cert.X509Certificate) CertificateException(java.security.cert.CertificateException) CRLException(java.security.cert.CRLException)

Aggregations

X509CertInfo (sun.security.x509.X509CertInfo)24 X500Name (sun.security.x509.X500Name)19 X509CertImpl (sun.security.x509.X509CertImpl)15 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)13 CertificateValidity (sun.security.x509.CertificateValidity)13 CertificateX509Key (sun.security.x509.CertificateX509Key)13 BigInteger (java.math.BigInteger)12 CertificateVersion (sun.security.x509.CertificateVersion)12 AlgorithmId (sun.security.x509.AlgorithmId)11 CertificateException (java.security.cert.CertificateException)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8 PrivateKey (java.security.PrivateKey)7 SecureRandom (java.security.SecureRandom)6 X509Certificate (java.security.cert.X509Certificate)6 CertificateExtensions (sun.security.x509.CertificateExtensions)6 PublicKey (java.security.PublicKey)5 Date (java.util.Date)5 KeyPair (java.security.KeyPair)4