use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project mockserver by mock-server.
the class X509Generator method generateRootX509AndPrivateKey.
public X509AndPrivateKey generateRootX509AndPrivateKey(final CertificateSigningRequest csr) throws IOException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException {
final KeyPair keyPair = generateKeyPair(csr.getKeyPairAlgorithm(), csr.getKeyPairSize());
final X500Name subjectAndIssuer = new X500Name(buildDistinguishedName(csr.getCommonName()));
X509CertInfo x509CertInfo = buildX509CertInfo(subjectAndIssuer, subjectAndIssuer, keyPair.getPublic(), csr);
updateWithRootCertificateExtensions(x509CertInfo, keyPair.getPublic());
return signX509KeyPair(keyPair.getPrivate(), keyPair, x509CertInfo, csr.getSigningAlgorithm());
}
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project mockserver by mock-server.
the class X509Generator method updateWithCertificateExtensions.
private void updateWithCertificateExtensions(final X509CertInfo x509CertInfo, final PublicKey publicKey, final PublicKey caPublicKey, final Set<String> subjectAlternativeNames) throws IOException, CertificateException {
CertificateExtensions certificateExtensions = new CertificateExtensions();
GeneralNames generalNames = subjectAlternativeNames.stream().filter(StringUtils::isNotBlank).map(this::buildGeneralName).filter(Objects::nonNull).collect(Collector.of(GeneralNames::new, GeneralNames::add, // do nothing
(generalNames1, generalNames2) -> null));
if (!generalNames.isEmpty()) {
certificateExtensions.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(Boolean.FALSE, generalNames));
}
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
certificateExtensions.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(caPublicKey), null, null));
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.1
x509CertInfo.set(X509CertInfo.EXTENSIONS, certificateExtensions);
}
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project jss by dogtagpki.
the class CertPrettyPrint method X509toString.
public String X509toString(Locale clientLocale) {
// get I18N resources
ResourceBundle resource = ResourceBundle.getBundle(PrettyPrintResources.class.getName());
DateFormat dateFormater = DateFormat.getDateTimeInstance(DateFormat.FULL, DateFormat.FULL, clientLocale);
// get timezone and timezone ID
String tz = " ";
String tzid = " ";
StringBuffer sb = new StringBuffer();
try {
X509CertInfo info = (X509CertInfo) mX509Cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
String serial2 = mX509Cert.getSerialNumber().toString(16).toUpperCase();
// get correct instance of key
PublicKey pKey = mX509Cert.getPublicKey();
X509Key key = null;
if (pKey instanceof CertificateX509Key) {
CertificateX509Key certKey = (CertificateX509Key) pKey;
key = (X509Key) certKey.get(CertificateX509Key.KEY);
}
if (pKey instanceof X509Key) {
key = (X509Key) pKey;
}
// take care of spki
sb.append(pp.indent(4) + resource.getString(PrettyPrintResources.TOKEN_CERTIFICATE) + "\n");
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_DATA) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VERSION) + " v");
sb.append((mX509Cert.getVersion() + 1) + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SERIAL) + "0x" + serial2 + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGALG) + mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n");
// XXX I18N IssuerDN ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ISSUER) + mX509Cert.getIssuerX500Principal() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_VALIDITY) + "\n");
String notBefore = dateFormater.format(mX509Cert.getNotBefore());
String notAfter = dateFormater.format(mX509Cert.getNotAfter());
// get timezone and timezone ID
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mX509Cert.getNotBefore()), TimeZone.SHORT, clientLocale);
tzid = TimeZone.getDefault().getID();
}
// Specify notBefore
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_BEFORE) + notBefore + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_BEFORE) + notBefore + " " + tzid + "\n");
}
// re-get timezone (just in case it is different . . .)
if (TimeZone.getDefault() != null) {
tz = TimeZone.getDefault().getDisplayName(TimeZone.getDefault().inDaylightTime(mX509Cert.getNotAfter()), TimeZone.SHORT, clientLocale);
}
// Specify notAfter
if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
// Do NOT append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_AFTER) + notAfter + "\n");
} else {
// Append timezone ID
sb.append(pp.indent(16) + resource.getString(PrettyPrintResources.TOKEN_NOT_AFTER) + notAfter + " " + tzid + "\n");
}
// XXX I18N SubjectDN ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SUBJECT) + mX509Cert.getSubjectX500Principal() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SPKI) + "\n");
PubKeyPrettyPrint pkpp = new PubKeyPrettyPrint(key);
sb.append(pkpp.toString(clientLocale, 16, 16));
// take care of extensions
CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_EXTENSIONS) + "\n");
if (extensions != null)
for (int i = 0; i < extensions.size(); i++) {
Extension ext = extensions.elementAt(i);
ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 16);
sb.append(extpp.toString());
}
// take care of signature
sb.append(pp.indent(8) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
// XXX I18N Algorithm Name ?
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_ALGORITHM) + mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n");
sb.append(pp.indent(12) + resource.getString(PrettyPrintResources.TOKEN_SIGNATURE) + "\n");
sb.append(pp.toHexString(mX509Cert.getSignature(), 16, 16));
// fingerprints
String[] hashes = new String[] { "MD2", "MD5", "SHA-1", "SHA-256", "SHA-512" };
StringBuffer certFingerprints = new StringBuffer();
sb.append(pp.indent(8) + "FingerPrint\n");
for (int i = 0; i < hashes.length; i++) {
MessageDigest md = MessageDigest.getInstance(hashes[i]);
md.update(mX509Cert.getEncoded());
certFingerprints.append(pp.indent(12) + hashes[i] + ":\n" + pp.toHexString(md.digest(), 16, 16));
}
sb.append(certFingerprints.toString());
} catch (Exception e) {
e.printStackTrace();
}
return sb.toString();
}
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project jss by dogtagpki.
the class X509CertTest method createX509CertInfo.
public static X509CertInfo createX509CertInfo(X509Key x509key, BigInteger serialno, CertificateIssuerName issuernameObj, String subjname, Date notBefore, Date notAfter, String alg) throws Exception {
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialno));
if (issuernameObj != null) {
info.set(X509CertInfo.ISSUER, issuernameObj);
}
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(new X500Name(subjname)));
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(AlgorithmId.get(alg)));
info.set(X509CertInfo.KEY, new CertificateX509Key(x509key));
info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions());
return info;
}
use of org.mozilla.jss.netscape.security.x509.X509CertInfo in project jss by dogtagpki.
the class X509CertTest method testRSA.
public static void testRSA(CryptoToken token, Date notBefore, Date notAfter) throws Exception {
X509CertImpl certImpl = null;
X509CertInfo certInfo = null;
KeyPairGenerator gen = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
gen.initialize(4096);
KeyPair keypairCA = gen.genKeyPair();
testKeys(keypairCA);
PublicKey pubCA = keypairCA.getPublic();
gen.initialize(4096);
KeyPair keypairUser = gen.genKeyPair();
testKeys(keypairUser);
PublicKey pubUser = keypairUser.getPublic();
CertificateIssuerName issuernameObj = new CertificateIssuerName(new X500Name(issuerDN));
certInfo = createX509CertInfo(convertPublicKeyToX509Key(pubUser), BigInteger.valueOf(1), issuernameObj, subjectDN, notBefore, notAfter, "SHA256withRSA");
certImpl = new X509CertImpl(certInfo);
certImpl.sign(keypairCA.getPrivate(), "SHA256withRSA");
String certOutput = certImpl.toString();
System.out.println("Test certificate output: \n" + certOutput);
}
Aggregations