Example 1 with Extension
use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.
the class SSLClientAuth method makeBasicConstraintsExtension.
static Extension makeBasicConstraintsExtension() throws Exception {
SEQUENCE bc = new SEQUENCE();
// cA
bc.addElement(new BOOLEAN(true));
OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
new long[] { 2, 5, 29, 19 });
OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
return new Extension(bcOID, true, enc);
}
Also used :
Extension(org.mozilla.jss.pkix.cert.Extension)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
BOOLEAN(org.mozilla.jss.asn1.BOOLEAN)
Example 2 with Extension
use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.
the class GenerateTestCert method makeBasicConstraintsExtension.
/**
* Make basic extension.
*/
private Extension makeBasicConstraintsExtension() throws Exception {
SEQUENCE bc = new SEQUENCE();
// cA
bc.addElement(new BOOLEAN(true));
OBJECT_IDENTIFIER bcOID = new OBJECT_IDENTIFIER(// from RFC 2459
new long[] { 2, 5, 29, 19 });
OCTET_STRING enc = new OCTET_STRING(ASN1Util.encode(bc));
return new Extension(bcOID, true, enc);
}
Also used :
Extension(org.mozilla.jss.pkix.cert.Extension)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
BOOLEAN(org.mozilla.jss.asn1.BOOLEAN)
Example 3 with Extension
use of org.mozilla.jss.pkix.cert.Extension in project jss by dogtagpki.
the class ListCerts method main.
public static void main(String[] args) {
try {
if (args.length != 2) {
System.out.println("Usage: ListCerts <dbdir> <nickname>");
return;
}
String nickname = args[1];
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] certs = cm.findCertsByNickname(nickname);
System.out.println(certs.length + " certs found with this nickname.");
for (int i = 0; i < certs.length; i++) {
System.out.println("\nSubject: " + certs[i].getSubjectDN());
Certificate cert = (Certificate) ASN1Util.decode(Certificate.getTemplate(), certs[i].getEncoded());
CertificateInfo info = cert.getInfo();
OBJECT_IDENTIFIER sigalg = info.getSignatureAlgId().getOID();
System.out.println("Signature oid " + info.getSignatureAlgId().getOID());
SEQUENCE extensions = info.getExtensions();
for (int j = 0; j < extensions.size(); j++) {
Extension ext = (Extension) extensions.elementAt(i);
OBJECT_IDENTIFIER oid = ext.getExtnId();
OCTET_STRING value = ext.getExtnValue();
System.out.println("Extension " + oid.toString());
if (ext.getCritical()) {
System.out.println("Critical extension: " + oid.toString());
} else {
System.out.println("NON Critical extension: " + oid.toString());
}
}
System.out.println("Convert to JDK cert");
// Convert to JDK certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(certs[i].getEncoded());
java.security.cert.X509Certificate jdkCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
bais.close();
System.out.println("Subject " + jdkCert.getSubjectX500Principal());
System.out.println("Signature oid " + jdkCert.getSigAlgName());
/* non critical extensions */
Set<String> nonCritSet = jdkCert.getNonCriticalExtensionOIDs();
if (nonCritSet != null && !nonCritSet.isEmpty()) {
for (Iterator<String> j = nonCritSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no NON Critical Extensions");
}
/* critical extensions */
Set<String> critSet = jdkCert.getCriticalExtensionOIDs();
if (critSet != null && !critSet.isEmpty()) {
System.out.println("Set of critical extensions:");
for (Iterator<String> j = critSet.iterator(); j.hasNext(); ) {
String oid = j.next();
System.out.println(oid);
}
} else {
System.out.println("no Critical Extensions");
}
}
System.out.println("END");
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
Also used :
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
CryptoManager(org.mozilla.jss.CryptoManager)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Extension(org.mozilla.jss.pkix.cert.Extension)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
CertificateInfo(org.mozilla.jss.pkix.cert.CertificateInfo)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Aggregations
OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)3
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)3
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)3
Extension (org.mozilla.jss.pkix.cert.Extension)3
BOOLEAN (org.mozilla.jss.asn1.BOOLEAN)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
CertificateFactory (java.security.cert.CertificateFactory)1
CryptoManager (org.mozilla.jss.CryptoManager)1
X509Certificate (org.mozilla.jss.crypto.X509Certificate)1
Certificate (org.mozilla.jss.pkix.cert.Certificate)1
CertificateInfo (org.mozilla.jss.pkix.cert.CertificateInfo)1
