Example 16 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project ariADDna by StnetixDevTeam.
the class CertFactory method getNewCertificate.
public File getNewCertificate(String alias) throws KeyStoreException {
KeyPairGenerator keyPairGenerator = null;
try {
keyPairGenerator = KeyPairGenerator.getInstance(CRYPTO_ALGORITHM_RSA);
keyPairGenerator.initialize(CERTIFICATE_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
X509CertInfo certInfo = new X509CertInfo();
CertificateValidity interval = new CertificateValidity(FROM, TO);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(SUBJECT_CN + alias + ", " + SUBJECT_L_C);
certInfo.set(X509CertInfo.VALIDITY, interval);
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
certInfo.set(X509CertInfo.SUBJECT, owner);
certInfo.set(X509CertInfo.ISSUER, owner);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algorithm = new AlgorithmId(AlgorithmId.md2WithRSAEncryption_oid);
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithm));
X509CertImpl cert = new X509CertImpl(certInfo);
cert.sign(privateKey, CRYPTO_ALGORITHM_SHA1RSA);
algorithm = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algorithm);
cert = new X509CertImpl(certInfo);
cert.sign(privateKey, CRYPTO_ALGORITHM_SHA1RSA);
File certFile = new File(alias + ".cer");
if (certFile.createNewFile()) {
FileOutputStream fos = new FileOutputStream(certFile);
fos.write(cert.getEncoded());
fos.close();
}
LOGGER.info("Certificate generated with filename {}", certFile.getAbsolutePath());
CertificateDTO storedCert = persistHelper.storeCertificete(new CertificateDTO(alias, true));
LOGGER.info("Certificate stored id DB with id {}", storedCert.getId());
return certFile;
} catch (Exception e) {
LOGGER.error("Exception: ", e);
throw new KeyStoreException("Caused by: ", e);
}
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(sun.security.x509.X500Name)
KeyStoreException(com.stnetix.ariaddna.keystore.exceptions.KeyStoreException)
CertificateX509Key(sun.security.x509.CertificateX509Key)
KeyStoreException(com.stnetix.ariaddna.keystore.exceptions.KeyStoreException)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
CertificateDTO(com.stnetix.ariaddna.commonutils.dto.CertificateDTO)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
FileOutputStream(java.io.FileOutputStream)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
File(java.io.File)
Example 17 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project spring-cloud-digital-sign by SpringForAll.
the class DistinguishNameBuilder method build.
public CertificateBuilder build() throws IOException, CertificateException {
String dn = stringBuilder.toString();
X500Name owner = new X500Name(dn.substring(0, dn.length() - 1));
X509CertInfo info = certificateBuilder.getInfo();
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
return certificateBuilder;
}
Also used :
X509CertInfo(sun.security.x509.X509CertInfo)
X500Name(sun.security.x509.X500Name)
Example 18 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project spring-cloud-digital-sign by SpringForAll.
the class DistinguishNameBuilder method build.
public CertificateBuilder build() throws IOException, CertificateException {
String dn = stringBuilder.toString();
X500Name owner = new X500Name(dn.substring(0, dn.length() - 1));
X509CertInfo info = certificateBuilder.getInfo();
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
return certificateBuilder;
}
Also used :
X509CertInfo(sun.security.x509.X509CertInfo)
X500Name(sun.security.x509.X500Name)
Example 19 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project meecrowave by apache.
the class Keystores method createSignedCertificate.
private static X509Certificate createSignedCertificate(final X509Certificate cetrificate, final X509Certificate issuerCertificate, final PrivateKey issuerPrivateKey) {
try {
Principal issuer = issuerCertificate.getSubjectDN();
String issuerSigAlg = issuerCertificate.getSigAlgName();
byte[] inCertBytes = cetrificate.getTBSCertificate();
X509CertInfo info = new X509CertInfo(inCertBytes);
info.set(X509CertInfo.ISSUER, (X500Name) issuer);
// No need to add the BasicContraint for leaf cert
if (!cetrificate.getSubjectDN().getName().equals("CN=TOP")) {
CertificateExtensions exts = new CertificateExtensions();
BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1);
exts.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(false, bce.getExtensionValue()));
info.set(X509CertInfo.EXTENSIONS, exts);
}
final X509CertImpl outCert = new X509CertImpl(info);
outCert.sign(issuerPrivateKey, issuerSigAlg);
return outCert;
} catch (final Exception ex) {
throw new IllegalStateException(ex);
}
}
Also used :
BasicConstraintsExtension(sun.security.x509.BasicConstraintsExtension)
X509CertInfo(sun.security.x509.X509CertInfo)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateExtensions(sun.security.x509.CertificateExtensions)
Principal(java.security.Principal)
Example 20 with X509CertInfo
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project OpenAM by OpenRock.
the class ApprovalCallback method approve.
/*
* Invoked by JSS protocol handler whenever ssl handshaking hits issue.
* It validates reported issue if it can be ignored.
*
* @return <code>true</code> if the reported issue can be ignored.
*/
public boolean approve(X509Certificate cert, SSLCertificateApprovalCallback.ValidityStatus status) {
ValidityItem item;
Enumeration errors = status.getReasons();
int reason;
if (trustAllServerCerts) {
return true;
}
if ((reqHost == null) && !errors.hasMoreElements()) {
return true;
}
boolean approve = true;
while (approve && errors.hasMoreElements()) {
item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
reason = item.getReason();
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: reason " + reason);
}
// bad domain -12276
if (reason != ValidityStatus.BAD_CERT_DOMAIN) {
approve = false;
} else {
String cn = null;
try {
String subjectDN = cert.getSubjectDN().getName();
cn = new X500Name(subjectDN).getCommonName();
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
if (cn == null) {
return false;
}
if (!sslTrustHosts.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback: server cert CN : " + cn);
}
if (sslTrustHosts.contains(cn.toLowerCase())) {
return true;
}
}
if (resolveIPAddress) {
try {
approve = InetAddress.getByName(cn).getHostAddress().equals(InetAddress.getByName(reqHost).getHostAddress());
} catch (UnknownHostException ex) {
if (debug.messageEnabled()) {
debug.message("ApprovalCallback:", ex);
}
approve = false;
}
} else
approve = false;
if (!approve && checkSubjectAltName) {
try {
X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
if (altNameExt != null) {
GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
Method meth = getMethod();
GeneralName generalname = null;
if (meth.getName().equals(OLD_METHOD_NAME)) {
// pre 1.4.2 implementation
Enumeration e = (Enumeration) meth.invoke(names, params);
for (; !approve && e.hasMoreElements(); ) {
approve = compareHosts((GeneralName) e.nextElement());
}
} else {
// post 1.4.2 implementation
Iterator i = (Iterator) meth.invoke(names, params);
for (; !approve && i.hasNext(); ) {
approve = compareHosts((GeneralName) i.next());
}
}
}
} catch (Exception ex) {
return false;
}
}
}
}
return approve;
}
Also used :
Enumeration(java.util.Enumeration)
UnknownHostException(java.net.UnknownHostException)
X509CertInfo(sun.security.x509.X509CertInfo)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
CertificateExtensions(sun.security.x509.CertificateExtensions)
X500Name(sun.security.x509.X500Name)
Method(java.lang.reflect.Method)
UnknownHostException(java.net.UnknownHostException)
SSLCertificateApprovalCallback(org.mozilla.jss.ssl.SSLCertificateApprovalCallback)
GeneralNames(sun.security.x509.GeneralNames)
X509CertImpl(sun.security.x509.X509CertImpl)
Iterator(java.util.Iterator)
GeneralName(sun.security.x509.GeneralName)
Aggregations
X509CertInfo (sun.security.x509.X509CertInfo)24
X500Name (sun.security.x509.X500Name)19
X509CertImpl (sun.security.x509.X509CertImpl)15
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13
CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)13
CertificateValidity (sun.security.x509.CertificateValidity)13
CertificateX509Key (sun.security.x509.CertificateX509Key)13
BigInteger (java.math.BigInteger)12
CertificateVersion (sun.security.x509.CertificateVersion)12
AlgorithmId (sun.security.x509.AlgorithmId)11
CertificateException (java.security.cert.CertificateException)9
CertificateIssuerName (sun.security.x509.CertificateIssuerName)8
CertificateSubjectName (sun.security.x509.CertificateSubjectName)8
PrivateKey (java.security.PrivateKey)7
SecureRandom (java.security.SecureRandom)6
X509Certificate (java.security.cert.X509Certificate)6
CertificateExtensions (sun.security.x509.CertificateExtensions)6
PublicKey (java.security.PublicKey)5
Date (java.util.Date)5
KeyPair (java.security.KeyPair)4
