use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.
the class SSLClientAuth method makeBasicConstraintsExtension.
static Extension makeBasicConstraintsExtension() throws Exception {
SEQUENCE bc = new SEQUENCE();
// cA
bc.addElement(new BOOLEAN(true));
OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
new long[] { 2, 5, 29, 19 });
OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
return new Extension(bcOID, true, enc);
}
use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.
the class GenerateTestCert method makeBasicConstraintsExtension.
/**
* Make basic extension.
*/
private Extension makeBasicConstraintsExtension() throws Exception {
SEQUENCE bc = new SEQUENCE();
// cA
bc.addElement(new BOOLEAN(true));
OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
new long[] { 2, 5, 29, 19 });
OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
return new Extension(bcOID, true, enc);
}
use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.
the class ListCerts method main.
public static void main(String[] args) {
try {
if (args.length != 2) {
System.out.println("Usage: ListCerts <dbdir> <nickname>");
return;
}
String nickname = args[1];
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] certs = cm.findCertsByNickname(nickname);
System.out.println(certs.length + " certs found with this nickname.");
for (int i = 0; i < certs.length; i++) {
System.out.println("\nSubject: " + certs[i].getSubjectDN());
Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
CertificateInfo info = cert.getInfo();
OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
SEQUENCE extensions = info.getExtensions();
for (int j = 0; j < extensions.size(); j++) {
Extension ext = (Extension) extensions.elementAt(i);
OBJECT_IDENTIFIER oid = ext.getExtnId();
OCTET_STRING value = ext.getExtnValue();
System.out.println("Extension " + oid.toString());
if (ext.getCritical()) {
System.out.println("Critical extension: " + oid.toString());
} else {
System.out.println("NON Critical extension: " + oid.toString());
}
}
System.out.println("Convert to JDK cert");
// Convert to JDK certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
bais.close();
System.out.println("Subject " + jdkCert.getSubjectX500Principal());
System.out.println("Signature oid " + jdkCert.getSigAlgName());
/* non critical extensions */
Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
if (nonCritSet != null && !nonCritSet.isEmpty()) {
for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no NON Critical Extensions");
}
/* critical extensions */
Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
if (critSet != null && !critSet.isEmpty()) {
System.out.println("Set of critical extensions:");
for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no Critical Extensions");
}
}
System.out.println("END");
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
Aggregations