Search in sources :

Example 1 with CertificateInfo

use of org.mozilla.jss.pkix.cert.CertificateInfo in project jss by dogtagpki.

the class SSLClientAuth method makeCert.

/**
 * Method that generates a certificate for given credential
 *
 * @param issuerName
 * @param subjectName
 * @param serialNumber
 * @param privKey
 * @param pubKey
 * @param rand
 * @param extensions
 * @throws java.lang.Exception
 * @return Certificate
 */
public static Certificate makeCert(String issuerName, String subjectName, int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand, SEQUENCE extensions) throws Exception {
    AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
    Name issuer = new Name();
    issuer.addCountryName("US");
    issuer.addOrganizationName("Mozilla");
    issuer.addOrganizationalUnitName("JSS Testing" + rand);
    issuer.addCommonName(issuerName);
    Name subject = new Name();
    subject.addCountryName("US");
    subject.addOrganizationName("Mozilla");
    subject.addOrganizationalUnitName("JSS Testing" + rand);
    subject.addCommonName(subjectName);
    Calendar cal = Calendar.getInstance();
    Date notBefore = cal.getTime();
    cal.add(Calendar.YEAR, 1);
    Date notAfter = cal.getTime();
    SubjectPublicKeyInfo.Template spkiTemp = new SubjectPublicKeyInfo.Template();
    SubjectPublicKeyInfo spki = (SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp, pubKey.getEncoded());
    CertificateInfo info = new CertificateInfo(CertificateInfo.v3, new INTEGER(serialNumber), sigAlgID, issuer, notBefore, notAfter, subject, spki);
    if (extensions != null) {
        info.setExtensions(extensions);
    }
    return new Certificate(info, privKey, sigAlg);
}
Also used : Calendar(java.util.Calendar) CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo) SubjectPublicKeyInfo(org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo) Date(java.util.Date) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier) Name(org.mozilla.jss.pkix.primitive.Name) INTEGER(org.mozilla.jss.asn1.INTEGER) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) Certificate(org.mozilla.jss.pkix.cert.Certificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 2 with CertificateInfo

use of org.mozilla.jss.pkix.cert.CertificateInfo in project jss by dogtagpki.

the class GenerateTestCert method makeCert.

/**
 * Method that generates a certificate for given credential
 *
 * @param issuerName
 * @param subjectName
 * @param serialNumber
 * @param privKey
 * @param pubKey
 * @param rand
 * @param extensions
 * @throws java.lang.Exception
 * @return
 */
private Certificate makeCert(String issuerName, String subjectName, int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand, SEQUENCE extensions) throws Exception {
    AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
    Name issuer = new Name();
    issuer.addCountryName("US");
    issuer.addOrganizationName("Mozilla");
    issuer.addOrganizationalUnitName("JSS Testing" + rand);
    issuer.addCommonName(issuerName);
    Name subject = new Name();
    subject.addCountryName("US");
    subject.addOrganizationName("Mozilla");
    subject.addOrganizationalUnitName("JSS Testing" + rand);
    subject.addCommonName(subjectName);
    Calendar cal = Calendar.getInstance();
    Date notBefore = cal.getTime();
    cal.add(Calendar.YEAR, 1);
    Date notAfter = cal.getTime();
    SubjectPublicKeyInfo.Template spkiTemp = new SubjectPublicKeyInfo.Template();
    SubjectPublicKeyInfo spki = (SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp, pubKey.getEncoded());
    CertificateInfo info = new CertificateInfo(CertificateInfo.v3, new INTEGER(serialNumber), sigAlgID, issuer, notBefore, notAfter, subject, spki);
    if (extensions != null) {
        info.setExtensions(extensions);
    }
    return new Certificate(info, privKey, sigAlg);
}
Also used : Calendar(java.util.Calendar) CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo) SubjectPublicKeyInfo(org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo) Date(java.util.Date) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier) Name(org.mozilla.jss.pkix.primitive.Name) INTEGER(org.mozilla.jss.asn1.INTEGER) Certificate(org.mozilla.jss.pkix.cert.Certificate) InternalCertificate(org.mozilla.jss.crypto.InternalCertificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Example 3 with CertificateInfo

use of org.mozilla.jss.pkix.cert.CertificateInfo in project jss by dogtagpki.

the class VerifyCert method showCert.

public void showCert(String certFile) {
    // Read the cert
    try (FileInputStream fis = new FileInputStream(certFile);
        BufferedInputStream bis = new BufferedInputStream(fis)) {
        Certificate cert = (Certificate) Certificate.getTemplate().decode(bis);
        // output the cert
        CertificateInfo info = cert.getInfo();
        info.print(System.out);
    // verify the signature of the cert only
    // cert.verify();
    } catch (Exception ex) {
        ex.printStackTrace();
        System.exit(1);
    }
}
Also used : BufferedInputStream(java.io.BufferedInputStream) CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo) FileInputStream(java.io.FileInputStream) Certificate(org.mozilla.jss.pkix.cert.Certificate)

Example 4 with CertificateInfo

use of org.mozilla.jss.pkix.cert.CertificateInfo in project jss by dogtagpki.

the class ListCerts method main.

public static void main(String[] args) {
    try {
        if (args.length != 2) {
            System.out.println("Usage: ListCerts <dbdir> <nickname>");
            return;
        }
        String nickname = args[1];
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate[] certs = cm.findCertsByNickname(nickname);
        System.out.println(certs.length + " certs found with this nickname.");
        for (int i = 0; i < certs.length; i++) {
            System.out.println("\nSubject: " + certs[i].getSubjectDN());
            Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
            CertificateInfo info = cert.getInfo();
            OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
            System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
            SEQUENCE extensions = info.getExtensions();
            for (int j = 0; j < extensions.size(); j++) {
                Extension ext = (Extension) extensions.elementAt(i);
                OBJECT_IDENTIFIER oid = ext.getExtnId();
                OCTET_STRING value = ext.getExtnValue();
                System.out.println("Extension " + oid.toString());
                if (ext.getCritical()) {
                    System.out.println("Critical extension: " + oid.toString());
                } else {
                    System.out.println("NON Critical extension: " + oid.toString());
                }
            }
            System.out.println("Convert to JDK cert");
            // Convert to JDK certificate
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
            java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
            bais.close();
            System.out.println("Subject " + jdkCert.getSubjectX500Principal());
            System.out.println("Signature oid " + jdkCert.getSigAlgName());
            /* non critical extensions */
            Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
            if (nonCritSet != null && !nonCritSet.isEmpty()) {
                for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no NON Critical Extensions");
            }
            /* critical extensions */
            Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
            if (critSet != null && !critSet.isEmpty()) {
                System.out.println("Set of critical extensions:");
                for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no Critical Extensions");
            }
        }
        System.out.println("END");
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
    System.exit(0);
}
Also used : OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) CryptoManager(org.mozilla.jss.CryptoManager) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(org.mozilla.jss.crypto.X509Certificate) Extension(org.mozilla.jss.pkix.cert.Extension) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) ByteArrayInputStream(java.io.ByteArrayInputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo) Certificate(org.mozilla.jss.pkix.cert.Certificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Aggregations

Certificate (org.mozilla.jss.pkix.cert.Certificate)4 CertificateInfo (org.mozilla.jss.pkix.cert.CertificateInfo)4 X509Certificate (org.mozilla.jss.crypto.X509Certificate)3 Calendar (java.util.Calendar)2 Date (java.util.Date)2 INTEGER (org.mozilla.jss.asn1.INTEGER)2 InternalCertificate (org.mozilla.jss.crypto.InternalCertificate)2 AlgorithmIdentifier (org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)2 Name (org.mozilla.jss.pkix.primitive.Name)2 SubjectPublicKeyInfo (org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo)2 BufferedInputStream (java.io.BufferedInputStream)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 FileInputStream (java.io.FileInputStream)1 CertificateFactory (java.security.cert.CertificateFactory)1 CryptoManager (org.mozilla.jss.CryptoManager)1 OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)1 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)1 SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)1 Extension (org.mozilla.jss.pkix.cert.Extension)1