Search in sources :

Example 1 with Extension

use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.

the class SSLClientAuth method makeBasicConstraintsExtension.

static Extension makeBasicConstraintsExtension() throws Exception {
    SEQUENCE bc = new SEQUENCE();
    // cA
    bc.addElement(new BOOLEAN(true));
    OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
    new long[] { 2, 5, 29, 19 });
    OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
    return new Extension(bcOID, true, enc);
}
Also used : Extension(org.mozilla.jss.pkix.cert.Extension) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) BOOLEAN(org.mozilla.jss.asn1.BOOLEAN)

Example 2 with Extension

use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.

the class GenerateTestCert method makeBasicConstraintsExtension.

/**
 * Make basic extension.
 */
private Extension makeBasicConstraintsExtension() throws Exception {
    SEQUENCE bc = new SEQUENCE();
    // cA
    bc.addElement(new BOOLEAN(true));
    OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
    new long[] { 2, 5, 29, 19 });
    OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
    return new Extension(bcOID, true, enc);
}
Also used : Extension(org.mozilla.jss.pkix.cert.Extension) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) BOOLEAN(org.mozilla.jss.asn1.BOOLEAN)

Example 3 with Extension

use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.

the class ListCerts method main.

public static void main(String[] args) {
    try {
        if (args.length != 2) {
            System.out.println("Usage: ListCerts <dbdir> <nickname>");
            return;
        }
        String nickname = args[1];
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate[] certs = cm.findCertsByNickname(nickname);
        System.out.println(certs.length + " certs found with this nickname.");
        for (int i = 0; i < certs.length; i++) {
            System.out.println("\nSubject: " + certs[i].getSubjectDN());
            Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
            CertificateInfo info = cert.getInfo();
            OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
            System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
            SEQUENCE extensions = info.getExtensions();
            for (int j = 0; j < extensions.size(); j++) {
                Extension ext = (Extension) extensions.elementAt(i);
                OBJECT_IDENTIFIER oid = ext.getExtnId();
                OCTET_STRING value = ext.getExtnValue();
                System.out.println("Extension " + oid.toString());
                if (ext.getCritical()) {
                    System.out.println("Critical extension: " + oid.toString());
                } else {
                    System.out.println("NON Critical extension: " + oid.toString());
                }
            }
            System.out.println("Convert to JDK cert");
            // Convert to JDK certificate
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
            java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
            bais.close();
            System.out.println("Subject " + jdkCert.getSubjectX500Principal());
            System.out.println("Signature oid " + jdkCert.getSigAlgName());
            /* non critical extensions */
            Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
            if (nonCritSet != null && !nonCritSet.isEmpty()) {
                for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no NON Critical Extensions");
            }
            /* critical extensions */
            Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
            if (critSet != null && !critSet.isEmpty()) {
                System.out.println("Set of critical extensions:");
                for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
                    String oid = j.next();
                    System.out.println(oid);
                }
            } else {
                System.out.println("no Critical Extensions");
            }
        }
        System.out.println("END");
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(1);
    }
    System.exit(0);
}
Also used : OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) CryptoManager(org.mozilla.jss.CryptoManager) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(org.mozilla.jss.crypto.X509Certificate) Extension(org.mozilla.jss.pkix.cert.Extension) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) ByteArrayInputStream(java.io.ByteArrayInputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo) Certificate(org.mozilla.jss.pkix.cert.Certificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate)

Aggregations

OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)3 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)3 SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)3 Extension (org.mozilla.jss.pkix.cert.Extension)3 BOOLEAN (org.mozilla.jss.asn1.BOOLEAN)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 CertificateFactory (java.security.cert.CertificateFactory)1 CryptoManager (org.mozilla.jss.CryptoManager)1 X509Certificate (org.mozilla.jss.crypto.X509Certificate)1 Certificate (org.mozilla.jss.pkix.cert.Certificate)1 CertificateInfo (org.mozilla.jss.pkix.cert.CertificateInfo)1