Search in sources :

Example 1 with ExtendedKeyUsageExtension

use of sun.security.x509.ExtendedKeyUsageExtension in project OpenAttestation by OpenAttestation.

the class X509Builder method extKeyUsage.

public X509Builder extKeyUsage(ObjectIdentifier oid) {
    try {
        v3();
        if (extendedKeyUsageExtensionList == null) {
            extendedKeyUsageExtensionList = new Vector<ObjectIdentifier>();
        }
        extendedKeyUsageExtensionList.add(oid);
        extendedKeyUsageExtension = new ExtendedKeyUsageExtension(extendedKeyUsageExtensionIsCritical, extendedKeyUsageExtensionList);
        if (certificateExtensions == null) {
            certificateExtensions = new CertificateExtensions();
        }
        certificateExtensions.set(extendedKeyUsageExtension.getExtensionId().toString(), extendedKeyUsageExtension);
        info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    } catch (Exception e) {
        fault(e, "extKeyUsage(%s)", oid.toString());
    }
    return this;
}
Also used : ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension) CertificateExtensions(sun.security.x509.CertificateExtensions) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 2 with ExtendedKeyUsageExtension

use of sun.security.x509.ExtendedKeyUsageExtension in project Bytecoder by mirkosertic.

the class Pair method createV3Extensions.

/**
 * Create X509v3 extensions from a string representation. Note that the
 * SubjectKeyIdentifierExtension will always be created non-critical besides
 * the extension requested in the <code>extstr</code> argument.
 *
 * @param requestedEx the requested extensions, can be null, used for -gencert
 * @param existingEx the original extensions, can be null, used for -selfcert
 * @param extstrs -ext values, Read keytool doc
 * @param pkey the public key for the certificate
 * @param akey the public key for the authority (issuer)
 * @return the created CertificateExtensions
 */
private CertificateExtensions createV3Extensions(CertificateExtensions requestedEx, CertificateExtensions existingEx, List<String> extstrs, PublicKey pkey, PublicKey akey) throws Exception {
    if (existingEx != null && requestedEx != null) {
        // This should not happen
        throw new Exception("One of request and original should be null.");
    }
    // A new extensions always using OID as key
    CertificateExtensions result = new CertificateExtensions();
    if (existingEx != null) {
        for (Extension ex : existingEx.getAllExtensions()) {
            setExt(result, ex);
        }
    }
    try {
        // Honoring requested extensions
        if (requestedEx != null) {
            // The existing requestedEx might use names as keys,
            // translate to all-OID first.
            CertificateExtensions request2 = new CertificateExtensions();
            for (sun.security.x509.Extension ex : requestedEx.getAllExtensions()) {
                request2.set(ex.getId(), ex);
            }
            for (String extstr : extstrs) {
                if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
                    List<String> list = Arrays.asList(extstr.toLowerCase(Locale.ENGLISH).substring(8).split(","));
                    // First check existence of "all"
                    if (list.contains("all")) {
                        for (Extension ex : request2.getAllExtensions()) {
                            setExt(result, ex);
                        }
                    }
                    // one by one for others
                    for (String item : list) {
                        if (item.equals("all"))
                            continue;
                        // add or remove
                        boolean add;
                        // -1, unchanged, 0 critical, 1 non-critical
                        int action = -1;
                        String type = null;
                        if (item.startsWith("-")) {
                            add = false;
                            type = item.substring(1);
                        } else {
                            add = true;
                            int colonpos = item.indexOf(':');
                            if (colonpos >= 0) {
                                type = item.substring(0, colonpos);
                                action = oneOf(item.substring(colonpos + 1), "critical", "non-critical");
                                if (action == -1) {
                                    throw new Exception(rb.getString("Illegal.value.") + item);
                                }
                            } else {
                                type = item;
                            }
                        }
                        String n = findOidForExtName(type).toString();
                        if (add) {
                            Extension e = request2.get(n);
                            if (!e.isCritical() && action == 0 || e.isCritical() && action == 1) {
                                e = Extension.newExtension(e.getExtensionId(), !e.isCritical(), e.getExtensionValue());
                            }
                            setExt(result, e);
                        } else {
                            result.delete(n);
                        }
                    }
                    break;
                }
            }
        }
        for (String extstr : extstrs) {
            String name, value;
            boolean isCritical = false;
            int eqpos = extstr.indexOf('=');
            if (eqpos >= 0) {
                name = extstr.substring(0, eqpos);
                value = extstr.substring(eqpos + 1);
            } else {
                name = extstr;
                value = null;
            }
            int colonpos = name.indexOf(':');
            if (colonpos >= 0) {
                if (oneOf(name.substring(colonpos + 1), "critical") == 0) {
                    isCritical = true;
                }
                name = name.substring(0, colonpos);
            }
            if (name.equalsIgnoreCase("honored")) {
                continue;
            }
            int exttype = oneOf(name, extSupported);
            switch(exttype) {
                case // BC
                0:
                    int pathLen = -1;
                    boolean isCA = false;
                    if (value == null) {
                        isCA = true;
                    } else {
                        try {
                            // the abbr format
                            pathLen = Integer.parseInt(value);
                            isCA = true;
                        } catch (NumberFormatException ufe) {
                            // ca:true,pathlen:1
                            for (String part : value.split(",")) {
                                String[] nv = part.split(":");
                                if (nv.length != 2) {
                                    throw new Exception(rb.getString("Illegal.value.") + extstr);
                                } else {
                                    if (nv[0].equalsIgnoreCase("ca")) {
                                        isCA = Boolean.parseBoolean(nv[1]);
                                    } else if (nv[0].equalsIgnoreCase("pathlen")) {
                                        pathLen = Integer.parseInt(nv[1]);
                                    } else {
                                        throw new Exception(rb.getString("Illegal.value.") + extstr);
                                    }
                                }
                            }
                        }
                    }
                    setExt(result, new BasicConstraintsExtension(isCritical, isCA, pathLen));
                    break;
                case // KU
                1:
                    if (value != null) {
                        boolean[] ok = new boolean[9];
                        for (String s : value.split(",")) {
                            int p = oneOf(s, // (0),
                            "digitalSignature", // (1)
                            "nonRepudiation", // (2),
                            "keyEncipherment", // (3),
                            "dataEncipherment", // (4),
                            "keyAgreement", // (5),
                            "keyCertSign", // (6),
                            "cRLSign", // (7),
                            "encipherOnly", // (8)
                            "decipherOnly", // also (1)
                            "contentCommitment");
                            if (p < 0) {
                                throw new Exception(rb.getString("Unknown.keyUsage.type.") + s);
                            }
                            if (p == 9)
                                p = 1;
                            ok[p] = true;
                        }
                        KeyUsageExtension kue = new KeyUsageExtension(ok);
                        // The above KeyUsageExtension constructor does not
                        // allow isCritical value, so...
                        setExt(result, Extension.newExtension(kue.getExtensionId(), isCritical, kue.getExtensionValue()));
                    } else {
                        throw new Exception(rb.getString("Illegal.value.") + extstr);
                    }
                    break;
                case // EKU
                2:
                    if (value != null) {
                        Vector<ObjectIdentifier> v = new Vector<>();
                        for (String s : value.split(",")) {
                            int p = oneOf(s, "anyExtendedKeyUsage", // 1
                            "serverAuth", // 2
                            "clientAuth", // 3
                            "codeSigning", // 4
                            "emailProtection", // 5
                            "", // 6
                            "", // 7
                            "", // 8
                            "timeStamping", // 9
                            "OCSPSigning");
                            if (p < 0) {
                                try {
                                    v.add(new ObjectIdentifier(s));
                                } catch (Exception e) {
                                    throw new Exception(rb.getString("Unknown.extendedkeyUsage.type.") + s);
                                }
                            } else if (p == 0) {
                                v.add(new ObjectIdentifier("2.5.29.37.0"));
                            } else {
                                v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p));
                            }
                        }
                        setExt(result, new ExtendedKeyUsageExtension(isCritical, v));
                    } else {
                        throw new Exception(rb.getString("Illegal.value.") + extstr);
                    }
                    break;
                // SAN
                case 3:
                case // IAN
                4:
                    if (value != null) {
                        String[] ps = value.split(",");
                        GeneralNames gnames = new GeneralNames();
                        for (String item : ps) {
                            colonpos = item.indexOf(':');
                            if (colonpos < 0) {
                                throw new Exception("Illegal item " + item + " in " + extstr);
                            }
                            String t = item.substring(0, colonpos);
                            String v = item.substring(colonpos + 1);
                            gnames.add(createGeneralName(t, v));
                        }
                        if (exttype == 3) {
                            setExt(result, new SubjectAlternativeNameExtension(isCritical, gnames));
                        } else {
                            setExt(result, new IssuerAlternativeNameExtension(isCritical, gnames));
                        }
                    } else {
                        throw new Exception(rb.getString("Illegal.value.") + extstr);
                    }
                    break;
                // SIA, always non-critical
                case 5:
                case // AIA, always non-critical
                6:
                    if (isCritical) {
                        throw new Exception(rb.getString("This.extension.cannot.be.marked.as.critical.") + extstr);
                    }
                    if (value != null) {
                        List<AccessDescription> accessDescriptions = new ArrayList<>();
                        String[] ps = value.split(",");
                        for (String item : ps) {
                            colonpos = item.indexOf(':');
                            int colonpos2 = item.indexOf(':', colonpos + 1);
                            if (colonpos < 0 || colonpos2 < 0) {
                                throw new Exception(rb.getString("Illegal.value.") + extstr);
                            }
                            String m = item.substring(0, colonpos);
                            String t = item.substring(colonpos + 1, colonpos2);
                            String v = item.substring(colonpos2 + 1);
                            int p = oneOf(m, "", // 1
                            "ocsp", // 2
                            "caIssuers", // 3
                            "timeStamping", "", // 5
                            "caRepository");
                            ObjectIdentifier oid;
                            if (p < 0) {
                                try {
                                    oid = new ObjectIdentifier(m);
                                } catch (Exception e) {
                                    throw new Exception(rb.getString("Unknown.AccessDescription.type.") + m);
                                }
                            } else {
                                oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
                            }
                            accessDescriptions.add(new AccessDescription(oid, createGeneralName(t, v)));
                        }
                        if (exttype == 5) {
                            setExt(result, new SubjectInfoAccessExtension(accessDescriptions));
                        } else {
                            setExt(result, new AuthorityInfoAccessExtension(accessDescriptions));
                        }
                    } else {
                        throw new Exception(rb.getString("Illegal.value.") + extstr);
                    }
                    break;
                case // CRL, experimental, only support 1 distributionpoint
                8:
                    if (value != null) {
                        String[] ps = value.split(",");
                        GeneralNames gnames = new GeneralNames();
                        for (String item : ps) {
                            colonpos = item.indexOf(':');
                            if (colonpos < 0) {
                                throw new Exception("Illegal item " + item + " in " + extstr);
                            }
                            String t = item.substring(0, colonpos);
                            String v = item.substring(colonpos + 1);
                            gnames.add(createGeneralName(t, v));
                        }
                        setExt(result, new CRLDistributionPointsExtension(isCritical, Collections.singletonList(new DistributionPoint(gnames, null, null))));
                    } else {
                        throw new Exception(rb.getString("Illegal.value.") + extstr);
                    }
                    break;
                case -1:
                    ObjectIdentifier oid = new ObjectIdentifier(name);
                    byte[] data = null;
                    if (value != null) {
                        data = new byte[value.length() / 2 + 1];
                        int pos = 0;
                        for (char c : value.toCharArray()) {
                            int hex;
                            if (c >= '0' && c <= '9') {
                                hex = c - '0';
                            } else if (c >= 'A' && c <= 'F') {
                                hex = c - 'A' + 10;
                            } else if (c >= 'a' && c <= 'f') {
                                hex = c - 'a' + 10;
                            } else {
                                continue;
                            }
                            if (pos % 2 == 0) {
                                data[pos / 2] = (byte) (hex << 4);
                            } else {
                                data[pos / 2] += hex;
                            }
                            pos++;
                        }
                        if (pos % 2 != 0) {
                            throw new Exception(rb.getString("Odd.number.of.hex.digits.found.") + extstr);
                        }
                        data = Arrays.copyOf(data, pos / 2);
                    } else {
                        data = new byte[0];
                    }
                    setExt(result, new Extension(oid, isCritical, new DerValue(DerValue.tag_OctetString, data).toByteArray()));
                    break;
                default:
                    throw new Exception(rb.getString("Unknown.extension.type.") + extstr);
            }
        }
        // always non-critical
        setExt(result, new SubjectKeyIdentifierExtension(new KeyIdentifier(pkey).getIdentifier()));
        if (akey != null && !pkey.equals(akey)) {
            setExt(result, new AuthorityKeyIdentifierExtension(new KeyIdentifier(akey), null, null));
        }
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return result;
}
Also used : DerValue(sun.security.util.DerValue) ObjectIdentifier(sun.security.util.ObjectIdentifier) KeyStoreException(java.security.KeyStoreException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) CertStoreException(java.security.cert.CertStoreException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) sun.security.x509(sun.security.x509)

Example 3 with ExtendedKeyUsageExtension

use of sun.security.x509.ExtendedKeyUsageExtension in project OpenAttestation by OpenAttestation.

the class X509Builder method extKeyUsageIsCritical.

public X509Builder extKeyUsageIsCritical() {
    extendedKeyUsageExtensionIsCritical = true;
    try {
        v3();
        if (extendedKeyUsageExtensionList != null) {
            extendedKeyUsageExtension = new ExtendedKeyUsageExtension(extendedKeyUsageExtensionIsCritical, extendedKeyUsageExtensionList);
            if (certificateExtensions == null) {
                certificateExtensions = new CertificateExtensions();
            }
            certificateExtensions.set(extendedKeyUsageExtension.getExtensionId().toString(), extendedKeyUsageExtension);
            info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
        }
    } catch (Exception e) {
        fault(e, "extKeyUsageIsCritical");
    }
    return this;
}
Also used : ExtendedKeyUsageExtension(sun.security.x509.ExtendedKeyUsageExtension) CertificateExtensions(sun.security.x509.CertificateExtensions)

Aggregations

ObjectIdentifier (sun.security.util.ObjectIdentifier)2 CertificateExtensions (sun.security.x509.CertificateExtensions)2 ExtendedKeyUsageExtension (sun.security.x509.ExtendedKeyUsageExtension)2 KeyStoreException (java.security.KeyStoreException)1 UnrecoverableEntryException (java.security.UnrecoverableEntryException)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 CertStoreException (java.security.cert.CertStoreException)1 CertificateException (java.security.cert.CertificateException)1 DerValue (sun.security.util.DerValue)1 sun.security.x509 (sun.security.x509)1