Examples with ExtendedKeyUsages org.webpki.crypto.ExtendedKeyUsages used on opensource projects

Search in sources :

Example 1 with ExtendedKeyUsages

use of org.webpki.crypto.ExtendedKeyUsages in project openkeystore by cyberphone.

the class CA method createCert.

public X509Certificate createCert(CertSpec certSpec, DistinguishedName issuerName, BigInteger serialNumber, Date startDate, Date endDate, AsymKeySignerInterface signer, PublicKey issuerPublicKey, PublicKey subjectPublicKey) throws IOException, GeneralSecurityException {
    Extensions extensions = new Extensions();
    BaseASN1Object version = new CompositeContextSpecific(0, new ASN1Integer(2));
    DistinguishedName subjectName = certSpec.getSubjectDistinguishedName();
    BaseASN1Object validity = new ASN1Sequence(new BaseASN1Object[] { getASN1Time(startDate), getASN1Time(endDate) });
    AsymSignatureAlgorithms certSignAlg = signer.getAlgorithm();
    BaseASN1Object signatureAlgorithm = new ASN1Sequence(certSignAlg.getKeyType() == KeyTypes.RSA ? new BaseASN1Object[] { new ASN1ObjectID(certSignAlg.getOid()), // Relic from the RSA hey-days...
    new ASN1Null() } : new BaseASN1Object[] { new ASN1ObjectID(certSignAlg.getOid()) });
    BaseASN1Object subjectPublicKeyInfo = DerDecoder.decode(subjectPublicKey.getEncoded());
    // ////////////////////////////////////////////////////
    if (certSpec.endEntity) {
        extensions.add(CertificateExtensions.BASIC_CONSTRAINTS, false, new ASN1Sequence(new BaseASN1Object[] {}));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.caCert) {
        extensions.add(CertificateExtensions.BASIC_CONSTRAINTS, true, new ASN1Sequence(new ASN1Boolean(true)));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.keyUsageSet.isEmpty()) {
        int i = 0;
        for (KeyUsageBits kubit : certSpec.keyUsageSet) {
            i |= 1 << kubit.ordinal();
        }
        byte[] keyUsage = new byte[i > 255 ? 2 : 1];
        keyUsage[0] = reverseBits(i);
        if (i > 255) {
            keyUsage[1] = reverseBits(i >> 8);
        }
        extensions.add(CertificateExtensions.KEY_USAGE, true, new ASN1BitString(keyUsage));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.extendedKeyUsageSet.isEmpty()) {
        int i = 0;
        BaseASN1Object[] ekus = new BaseASN1Object[certSpec.extendedKeyUsageSet.size()];
        for (ExtendedKeyUsages eku : certSpec.extendedKeyUsageSet.toArray(new ExtendedKeyUsages[0])) {
            ekus[i++] = new ASN1ObjectID(eku.getOID());
        }
        extensions.add(CertificateExtensions.EXTENDED_KEY_USAGE, false, new ASN1Sequence(ekus));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.skiExtension) {
        extensions.add(CertificateExtensions.SUBJECT_KEY_IDENTIFIER, createKeyID(subjectPublicKey));
    }
    // ////////////////////////////////////////////////////
    if (certSpec.akiExtension) {
        extensions.add(CertificateExtensions.AUTHORITY_KEY_IDENTIFIER, new ASN1Sequence(new SimpleContextSpecific(0, createKeyID(issuerPublicKey))));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.subjectAltName.isEmpty()) {
        int i = 0;
        BaseASN1Object[] san = new BaseASN1Object[certSpec.subjectAltName.size()];
        for (CertSpec.NameValue nameValue : certSpec.subjectAltName) {
            int type = nameValue.name;
            // We currently only handle simple IA5String types.
            if (type == SubjectAltNameTypes.RFC822_NAME || type == SubjectAltNameTypes.DNS_NAME || type == SubjectAltNameTypes.UNIFORM_RESOURCE_IDENTIFIER) {
                if (!(nameValue.value instanceof ASN1IA5String)) {
                    throw new IOException("Wrong argument type to SubjectAltNames of type " + type);
                }
            } else // Or IP addresses.
            if (type == SubjectAltNameTypes.IP_ADDRESS) {
                if (!(nameValue.value instanceof ASN1OctetString)) {
                    throw new IOException("Wrong argument type to SubjectAltNames of type IP address");
                }
            } else {
                throw new IOException("SubjectAltNames of type " + type + " are not handled.");
            }
            san[i++] = new SimpleContextSpecific(type, nameValue.value);
        }
        extensions.add(CertificateExtensions.SUBJECT_ALT_NAME, new ASN1Sequence(san));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.certPolicyOids.isEmpty()) {
        int i = 0;
        BaseASN1Object[] policies = new BaseASN1Object[certSpec.certPolicyOids.size()];
        for (String oid : certSpec.certPolicyOids) {
            policies[i++] = new ASN1Sequence(new ASN1ObjectID(oid));
        }
        extensions.add(CertificateExtensions.CERTIFICATE_POLICIES, new ASN1Sequence(policies));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.aiaLocators.isEmpty()) {
        int i = 0;
        BaseASN1Object[] locators = new BaseASN1Object[certSpec.aiaLocators.size()];
        for (String[] loc_info : certSpec.aiaLocators) {
            locators[i++] = new ASN1Sequence(new BaseASN1Object[] { new ASN1ObjectID(loc_info[0]), new SimpleContextSpecific(6, new ASN1IA5String(loc_info[1])) });
        }
        extensions.add(CertificateExtensions.AUTHORITY_INFO_ACCESS, new ASN1Sequence(locators));
    }
    // ////////////////////////////////////////////////////
    if (!certSpec.crlDistPoints.isEmpty()) {
        int i = 0;
        BaseASN1Object[] cdps = new BaseASN1Object[certSpec.crlDistPoints.size()];
        for (String uri : certSpec.crlDistPoints) {
            cdps[i++] = new ASN1Sequence(new CompositeContextSpecific(0, new CompositeContextSpecific(0, new SimpleContextSpecific(6, new ASN1IA5String(uri)))));
        }
        extensions.add(CertificateExtensions.CRL_DISTRIBUTION_POINTS, new ASN1Sequence(cdps));
    }
    // ////////////////////////////////////////////////////
    // Certificate Creation!
    // ////////////////////////////////////////////////////
    BaseASN1Object[] inner = new BaseASN1Object[extensions.isEmpty() ? 7 : 8];
    inner[0] = version;
    inner[1] = new ASN1Integer(serialNumber);
    inner[2] = signatureAlgorithm;
    inner[3] = issuerName.toASN1();
    inner[4] = validity;
    inner[5] = subjectName.toASN1();
    inner[6] = subjectPublicKeyInfo;
    if (!extensions.isEmpty()) {
        inner[7] = new CompositeContextSpecific(3, extensions.getExtensionData());
    }
    BaseASN1Object tbsCertificate = new ASN1Sequence(inner);
    BaseASN1Object signature = new ASN1BitString(signer.signData(tbsCertificate.encode()));
    byte[] certificate = new ASN1Sequence(new BaseASN1Object[] { tbsCertificate, signatureAlgorithm, signature }).encode();
    return CertificateUtil.getCertificateFromBlob(certificate);
}
Also used : ASN1OctetString(org.webpki.asn1.ASN1OctetString) KeyUsageBits(org.webpki.crypto.KeyUsageBits) DistinguishedName(org.webpki.asn1.cert.DistinguishedName) BaseASN1Object(org.webpki.asn1.BaseASN1Object) CompositeContextSpecific(org.webpki.asn1.CompositeContextSpecific) ASN1Integer(org.webpki.asn1.ASN1Integer) IOException(java.io.IOException) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1OctetString(org.webpki.asn1.ASN1OctetString) ASN1BitString(org.webpki.asn1.ASN1BitString) CertificateExtensions(org.webpki.crypto.CertificateExtensions) ExtendedKeyUsages(org.webpki.crypto.ExtendedKeyUsages) ASN1BitString(org.webpki.asn1.ASN1BitString) ASN1Sequence(org.webpki.asn1.ASN1Sequence) ASN1ObjectID(org.webpki.asn1.ASN1ObjectID) ASN1IA5String(org.webpki.asn1.ASN1IA5String) ASN1Boolean(org.webpki.asn1.ASN1Boolean) AsymSignatureAlgorithms(org.webpki.crypto.AsymSignatureAlgorithms) SimpleContextSpecific(org.webpki.asn1.SimpleContextSpecific) ASN1Null(org.webpki.asn1.ASN1Null)

Example 2 with ExtendedKeyUsages

use of org.webpki.crypto.ExtendedKeyUsages in project openkeystore by cyberphone.

the class CommandLineCA method ExtkeyUsages.

String ExtkeyUsages() {
    StringBuilder s = new StringBuilder();
    boolean comma = false;
    for (ExtendedKeyUsages eku : ExtendedKeyUsages.values()) {
        if (comma) {
            s.append(", ");
        }
        comma = true;
        s.append(eku.getX509Name());
    }
    return s.toString();
}
Also used : ExtendedKeyUsages(org.webpki.crypto.ExtendedKeyUsages)

Aggregations

ExtendedKeyUsages (org.webpki.crypto.ExtendedKeyUsages)2 IOException (java.io.IOException)1 ASN1BitString (org.webpki.asn1.ASN1BitString)1 ASN1Boolean (org.webpki.asn1.ASN1Boolean)1 ASN1IA5String (org.webpki.asn1.ASN1IA5String)1 ASN1Integer (org.webpki.asn1.ASN1Integer)1 ASN1Null (org.webpki.asn1.ASN1Null)1 ASN1ObjectID (org.webpki.asn1.ASN1ObjectID)1 ASN1OctetString (org.webpki.asn1.ASN1OctetString)1 ASN1Sequence (org.webpki.asn1.ASN1Sequence)1 BaseASN1Object (org.webpki.asn1.BaseASN1Object)1 CompositeContextSpecific (org.webpki.asn1.CompositeContextSpecific)1 SimpleContextSpecific (org.webpki.asn1.SimpleContextSpecific)1 DistinguishedName (org.webpki.asn1.cert.DistinguishedName)1 AsymSignatureAlgorithms (org.webpki.crypto.AsymSignatureAlgorithms)1 CertificateExtensions (org.webpki.crypto.CertificateExtensions)1 KeyUsageBits (org.webpki.crypto.KeyUsageBits)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial