Examples with X509CertInfo org.mozilla.jss.netscape.security.x509.X509CertInfo used on opensource projects

Search in sources :

Example 21 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project jdk8u_jdk by JetBrains.

the class SimpleSigner method getSelfCert.

private X509Certificate getSelfCert() throws Exception {
    long validity = 1000;
    X509CertImpl certLocal;
    Date firstDate, lastDate;
    firstDate = new Date();
    lastDate = new Date();
    lastDate.setTime(lastDate.getTime() + validity + 1000);
    CertificateValidity interval = new CertificateValidity(firstDate, lastDate);
    X509CertInfo info = new X509CertInfo();
    // Add all mandatory attributes
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber((int) (firstDate.getTime() / 1000)));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algId));
    info.set(X509CertInfo.SUBJECT, agent);
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.ISSUER, agent);
    certLocal = new X509CertImpl(info);
    certLocal.sign(privateKey, algId.getName());
    return certLocal;
}
Also used : CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertInfo(sun.security.x509.X509CertInfo) X509CertImpl(sun.security.x509.X509CertImpl) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date)

Example 22 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project baseio by generallycloud.

the class SelfSignedCertificate method generate.

private File[] generate(String fileRoot, String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509
    // certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fileRoot, fqdn, key, cert);
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 23 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project wiremock by wiremock.

the class X509CertificateSpecification method certificateFor.

@Override
public X509Certificate certificateFor(KeyPair keyPair) throws CertificateException, InvalidKeyException, SignatureException {
    try {
        SecureRandom random = new SecureRandom();
        X509CertInfo info = new X509CertInfo();
        info.set(X509CertInfo.VERSION, version.getVersion());
        // On Java >= 1.8 it has to be an `X500Name`
        try {
            info.set(X509CertInfo.SUBJECT, subject);
        } catch (CertificateException ignore) {
            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(subject));
        }
        // On Java >= 1.8 it has to be an `X500Name`
        try {
            info.set(X509CertInfo.ISSUER, issuer);
        } catch (CertificateException ignore) {
            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
        }
        info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
        info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.SHA256_oid)));
        // Sign the cert to identify the algorithm that's used.
        X509CertImpl cert = new X509CertImpl(info);
        cert.sign(keyPair.getPrivate(), "SHA256withRSA");
        // Update the algorithm and sign again.
        info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
        cert = new X509CertImpl(info);
        cert.sign(keyPair.getPrivate(), "SHA256withRSA");
        cert.verify(keyPair.getPublic());
        return cert;
    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException e) {
        return throwUnchecked(e, null);
    }
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) NoSuchProviderException(java.security.NoSuchProviderException) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 24 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project candlepin by candlepin.

the class JSSPKIUtility method createX509Certificate.

@Override
public X509Certificate createX509Certificate(String dn, Set<X509ExtensionWrapper> extensions, Set<X509ByteExtensionWrapper> byteExtensions, Date startDate, Date endDate, KeyPair clientKeyPair, BigInteger serialNumber, String alternateName) throws IOException {
    // Ensure JSS is properly initialized before attempting any operations with it
    JSSProviderLoader.initialize();
    X509CertInfo certInfo = new X509CertInfo();
    try {
        X509Certificate caCert = reader.getCACert();
        byte[] publicKeyEncoded = clientKeyPair.getPublic().getEncoded();
        certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(new X500Name(caCert.getSubjectX500Principal().getEncoded())));
        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
        certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(startDate, endDate));
        certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(dn)));
        certInfo.set(X509CertInfo.KEY, new CertificateX509Key(X509Key.parse(new DerValue(publicKeyEncoded))));
        certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(SIGNING_ALG_ID)));
        certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
        CertificateExtensions certExtensions = buildStandardExtensions(new CertificateExtensions(), dn, clientKeyPair, extensions, caCert, alternateName);
        certInfo.set(X509CertInfo.EXTENSIONS, certExtensions);
        if (extensions != null) {
            for (X509ExtensionWrapper wrapper : extensions) {
                // Avoid null values. Set them to blank if they are null
                String value = wrapper.getValue() == null ? "" : wrapper.getValue();
                UTF8String der = new UTF8String(value);
                certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
            }
        }
        if (byteExtensions != null) {
            for (X509ByteExtensionWrapper wrapper : byteExtensions) {
                // Avoid null values. Set them to blank if they are null
                byte[] value = wrapper.getValue() == null ? new byte[0] : wrapper.getValue();
                OCTET_STRING der = new OCTET_STRING(value);
                certExtensions.add(buildCustomExtension(wrapper.getOid(), wrapper.isCritical(), der));
            }
        }
        X509CertImpl certImpl = new X509CertImpl(certInfo);
        certImpl.sign(reader.getCaKey(), SIGNING_ALG_ID);
        // valid, it just won't have any extensions present in the object.
        return new X509CertImpl(certImpl.getEncoded());
    } catch (GeneralSecurityException e) {
        throw new RuntimeException("Could not create X.509 certificate", e);
    }
}
Also used : CertificateSubjectName(org.mozilla.jss.netscape.security.x509.CertificateSubjectName) UTF8String(org.mozilla.jss.asn1.UTF8String) X509CertInfo(org.mozilla.jss.netscape.security.x509.X509CertInfo) CertificateIssuerName(org.mozilla.jss.netscape.security.x509.CertificateIssuerName) GeneralSecurityException(java.security.GeneralSecurityException) CertificateVersion(org.mozilla.jss.netscape.security.x509.CertificateVersion) CertificateValidity(org.mozilla.jss.netscape.security.x509.CertificateValidity) CertificateExtensions(org.mozilla.jss.netscape.security.x509.CertificateExtensions) X500Name(org.mozilla.jss.netscape.security.x509.X500Name) UTF8String(org.mozilla.jss.asn1.UTF8String) CertificateX509Key(org.mozilla.jss.netscape.security.x509.CertificateX509Key) X509Certificate(java.security.cert.X509Certificate) CertificateSerialNumber(org.mozilla.jss.netscape.security.x509.CertificateSerialNumber) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException) DerValue(org.mozilla.jss.netscape.security.util.DerValue) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) X509ByteExtensionWrapper(org.candlepin.pki.X509ByteExtensionWrapper) X509ExtensionWrapper(org.candlepin.pki.X509ExtensionWrapper) CertificateAlgorithmId(org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId)

Example 25 with X509CertInfo

use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project netty by netty.

the class OpenJdkSelfSignedCertGenerator method generate.

@SuppressJava6Requirement(reason = "Usage guarded by dependency check")
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter, String algorithm) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, // sha256WithRSAEncryption
    new CertificateAlgorithmId(AlgorithmId.get("1.2.840.113549.1.1.11")));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, algorithm.equalsIgnoreCase("EC") ? "SHA256withECDSA" : "SHA256withRSA");
    cert.verify(keypair.getPublic());
    return newSelfSignedCertificate(fqdn, key, cert);
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) SuppressJava6Requirement(io.netty.util.internal.SuppressJava6Requirement)

Aggregations

X509CertInfo (sun.security.x509.X509CertInfo)24 X500Name (sun.security.x509.X500Name)19 X509CertImpl (sun.security.x509.X509CertImpl)15 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)13 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)13 CertificateValidity (sun.security.x509.CertificateValidity)13 CertificateX509Key (sun.security.x509.CertificateX509Key)13 BigInteger (java.math.BigInteger)12 CertificateVersion (sun.security.x509.CertificateVersion)12 AlgorithmId (sun.security.x509.AlgorithmId)11 CertificateException (java.security.cert.CertificateException)9 CertificateIssuerName (sun.security.x509.CertificateIssuerName)8 CertificateSubjectName (sun.security.x509.CertificateSubjectName)8 PrivateKey (java.security.PrivateKey)7 SecureRandom (java.security.SecureRandom)6 X509Certificate (java.security.cert.X509Certificate)6 CertificateExtensions (sun.security.x509.CertificateExtensions)6 PublicKey (java.security.PublicKey)5 Date (java.util.Date)5 KeyPair (java.security.KeyPair)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial