Example 6 with Certificate
use of org.mozilla.jss.pkix.cert.Certificate in project jss by dogtagpki.
the class VerifyCert method showCert.
public void showCert(String certFile) {
// Read the cert
try (FileInputStream fis = new FileInputStream(certFile);
BufferedInputStream bis = new BufferedInputStream(fis)) {
Certificate cert = (Certificate) Certificate.getTemplate().decode(bis);
// output the cert
CertificateInfo info = cert.getInfo();
info.print(System.out);
// verify the signature of the cert only
// cert.verify();
} catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
}
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo)
FileInputStream(java.io.FileInputStream)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
Example 7 with Certificate
use of org.mozilla.jss.pkix.cert.Certificate in project jss by dogtagpki.
the class SSLClientAuth method generateCerts.
private void generateCerts(CryptoManager cm, int serialNum) {
// RSA Key with default exponent
int keyLength = 4096;
try {
java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
// Generate CA cert
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), "SSLCA-" + serialNum);
InternalCertificate intern = (InternalCertificate) nssCaCert;
intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", "localhost", serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
} catch (CertificateEncodingException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchProviderException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NicknameConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (UserCertConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchItemOnTokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
}
}
Also used :
UserCertConflictException(org.mozilla.jss.UserCertConflictException)
KeyPair(java.security.KeyPair)
NicknameConflictException(org.mozilla.jss.NicknameConflictException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
NicknameConflictException(org.mozilla.jss.NicknameConflictException)
SocketException(java.net.SocketException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
EOFException(java.io.EOFException)
UserCertConflictException(org.mozilla.jss.UserCertConflictException)
TokenException(org.mozilla.jss.crypto.TokenException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
NoSuchProviderException(java.security.NoSuchProviderException)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Example 8 with Certificate
use of org.mozilla.jss.pkix.cert.Certificate in project jss by dogtagpki.
the class ListCerts method main.
public static void main(String[] args) {
try {
if (args.length != 2) {
System.out.println("Usage: ListCerts <dbdir> <nickname>");
return;
}
String nickname = args[1];
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] certs = cm.findCertsByNickname(nickname);
System.out.println(certs.length + " certs found with this nickname.");
for (int i = 0; i < certs.length; i++) {
System.out.println("\nSubject: " + certs[i].getSubjectDN());
Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
CertificateInfo info = cert.getInfo();
OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
SEQUENCE extensions = info.getExtensions();
for (int j = 0; j < extensions.size(); j++) {
Extension ext = (Extension) extensions.elementAt(i);
OBJECT_IDENTIFIER oid = ext.getExtnId();
OCTET_STRING value = ext.getExtnValue();
System.out.println("Extension " + oid.toString());
if (ext.getCritical()) {
System.out.println("Critical extension: " + oid.toString());
} else {
System.out.println("NON Critical extension: " + oid.toString());
}
}
System.out.println("Convert to JDK cert");
// Convert to JDK certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
bais.close();
System.out.println("Subject " + jdkCert.getSubjectX500Principal());
System.out.println("Signature oid " + jdkCert.getSigAlgName());
/* non critical extensions */
Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
if (nonCritSet != null && !nonCritSet.isEmpty()) {
for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no NON Critical Extensions");
}
/* critical extensions */
Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
if (critSet != null && !critSet.isEmpty()) {
System.out.println("Set of critical extensions:");
for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no Critical Extensions");
}
}
System.out.println("END");
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
Also used :
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
CryptoManager(org.mozilla.jss.CryptoManager)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Extension(org.mozilla.jss.pkix.cert.Extension)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Aggregations
Certificate (org.mozilla.jss.pkix.cert.Certificate)8
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)5
X509Certificate (org.mozilla.jss.crypto.X509Certificate)5
InternalCertificate (org.mozilla.jss.crypto.InternalCertificate)4
CertificateInfo (org.mozilla.jss.pkix.cert.CertificateInfo)4
BufferedInputStream (java.io.BufferedInputStream)3
FileInputStream (java.io.FileInputStream)3
CryptoManager (org.mozilla.jss.CryptoManager)3
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)3
FileOutputStream (java.io.FileOutputStream)2
KeyPair (java.security.KeyPair)2
Calendar (java.util.Calendar)2
Date (java.util.Date)2
ANY (org.mozilla.jss.asn1.ANY)2
ASN1Value (org.mozilla.jss.asn1.ASN1Value)2
BMPString (org.mozilla.jss.asn1.BMPString)2
INTEGER (org.mozilla.jss.asn1.INTEGER)2
SET (org.mozilla.jss.asn1.SET)2
CryptoToken (org.mozilla.jss.crypto.CryptoToken)2
JSSSecureRandom (org.mozilla.jss.crypto.JSSSecureRandom)2
