Example 1 with SubjectKeyIdentifierExtension
use of sun.security.x509.SubjectKeyIdentifierExtension in project Bytecoder by mirkosertic.
the class Pair method createV3Extensions.
/**
* Create X509v3 extensions from a string representation. Note that the
* SubjectKeyIdentifierExtension will always be created non-critical besides
* the extension requested in the <code>extstr</code> argument.
*
* @param requestedEx the requested extensions, can be null, used for -gencert
* @param existingEx the original extensions, can be null, used for -selfcert
* @param extstrs -ext values, Read keytool doc
* @param pkey the public key for the certificate
* @param akey the public key for the authority (issuer)
* @return the created CertificateExtensions
*/
private CertificateExtensions createV3Extensions(CertificateExtensions requestedEx, CertificateExtensions existingEx, List<String> extstrs, PublicKey pkey, PublicKey akey) throws Exception {
if (existingEx != null && requestedEx != null) {
// This should not happen
throw new Exception("One of request and original should be null.");
}
// A new extensions always using OID as key
CertificateExtensions result = new CertificateExtensions();
if (existingEx != null) {
for (Extension ex : existingEx.getAllExtensions()) {
setExt(result, ex);
}
}
try {
// Honoring requested extensions
if (requestedEx != null) {
// The existing requestedEx might use names as keys,
// translate to all-OID first.
CertificateExtensions request2 = new CertificateExtensions();
for (sun.security.x509.Extension ex : requestedEx.getAllExtensions()) {
request2.set(ex.getId(), ex);
}
for (String extstr : extstrs) {
if (extstr.toLowerCase(Locale.ENGLISH).startsWith("honored=")) {
List<String> list = Arrays.asList(extstr.toLowerCase(Locale.ENGLISH).substring(8).split(","));
// First check existence of "all"
if (list.contains("all")) {
for (Extension ex : request2.getAllExtensions()) {
setExt(result, ex);
}
}
// one by one for others
for (String item : list) {
if (item.equals("all"))
continue;
// add or remove
boolean add;
// -1, unchanged, 0 critical, 1 non-critical
int action = -1;
String type = null;
if (item.startsWith("-")) {
add = false;
type = item.substring(1);
} else {
add = true;
int colonpos = item.indexOf(':');
if (colonpos >= 0) {
type = item.substring(0, colonpos);
action = oneOf(item.substring(colonpos + 1), "critical", "non-critical");
if (action == -1) {
throw new Exception(rb.getString("Illegal.value.") + item);
}
} else {
type = item;
}
}
String n = findOidForExtName(type).toString();
if (add) {
Extension e = request2.get(n);
if (!e.isCritical() && action == 0 || e.isCritical() && action == 1) {
e = Extension.newExtension(e.getExtensionId(), !e.isCritical(), e.getExtensionValue());
}
setExt(result, e);
} else {
result.delete(n);
}
}
break;
}
}
}
for (String extstr : extstrs) {
String name, value;
boolean isCritical = false;
int eqpos = extstr.indexOf('=');
if (eqpos >= 0) {
name = extstr.substring(0, eqpos);
value = extstr.substring(eqpos + 1);
} else {
name = extstr;
value = null;
}
int colonpos = name.indexOf(':');
if (colonpos >= 0) {
if (oneOf(name.substring(colonpos + 1), "critical") == 0) {
isCritical = true;
}
name = name.substring(0, colonpos);
}
if (name.equalsIgnoreCase("honored")) {
continue;
}
int exttype = oneOf(name, extSupported);
switch(exttype) {
case // BC
0:
int pathLen = -1;
boolean isCA = false;
if (value == null) {
isCA = true;
} else {
try {
// the abbr format
pathLen = Integer.parseInt(value);
isCA = true;
} catch (NumberFormatException ufe) {
// ca:true,pathlen:1
for (String part : value.split(",")) {
String[] nv = part.split(":");
if (nv.length != 2) {
throw new Exception(rb.getString("Illegal.value.") + extstr);
} else {
if (nv[0].equalsIgnoreCase("ca")) {
isCA = Boolean.parseBoolean(nv[1]);
} else if (nv[0].equalsIgnoreCase("pathlen")) {
pathLen = Integer.parseInt(nv[1]);
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
}
}
}
}
setExt(result, new BasicConstraintsExtension(isCritical, isCA, pathLen));
break;
case // KU
1:
if (value != null) {
boolean[] ok = new boolean[9];
for (String s : value.split(",")) {
int p = oneOf(s, // (0),
"digitalSignature", // (1)
"nonRepudiation", // (2),
"keyEncipherment", // (3),
"dataEncipherment", // (4),
"keyAgreement", // (5),
"keyCertSign", // (6),
"cRLSign", // (7),
"encipherOnly", // (8)
"decipherOnly", // also (1)
"contentCommitment");
if (p < 0) {
throw new Exception(rb.getString("Unknown.keyUsage.type.") + s);
}
if (p == 9)
p = 1;
ok[p] = true;
}
KeyUsageExtension kue = new KeyUsageExtension(ok);
// The above KeyUsageExtension constructor does not
// allow isCritical value, so...
setExt(result, Extension.newExtension(kue.getExtensionId(), isCritical, kue.getExtensionValue()));
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
case // EKU
2:
if (value != null) {
Vector<ObjectIdentifier> v = new Vector<>();
for (String s : value.split(",")) {
int p = oneOf(s, "anyExtendedKeyUsage", // 1
"serverAuth", // 2
"clientAuth", // 3
"codeSigning", // 4
"emailProtection", // 5
"", // 6
"", // 7
"", // 8
"timeStamping", // 9
"OCSPSigning");
if (p < 0) {
try {
v.add(new ObjectIdentifier(s));
} catch (Exception e) {
throw new Exception(rb.getString("Unknown.extendedkeyUsage.type.") + s);
}
} else if (p == 0) {
v.add(new ObjectIdentifier("2.5.29.37.0"));
} else {
v.add(new ObjectIdentifier("1.3.6.1.5.5.7.3." + p));
}
}
setExt(result, new ExtendedKeyUsageExtension(isCritical, v));
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
// SAN
case 3:
case // IAN
4:
if (value != null) {
String[] ps = value.split(",");
GeneralNames gnames = new GeneralNames();
for (String item : ps) {
colonpos = item.indexOf(':');
if (colonpos < 0) {
throw new Exception("Illegal item " + item + " in " + extstr);
}
String t = item.substring(0, colonpos);
String v = item.substring(colonpos + 1);
gnames.add(createGeneralName(t, v));
}
if (exttype == 3) {
setExt(result, new SubjectAlternativeNameExtension(isCritical, gnames));
} else {
setExt(result, new IssuerAlternativeNameExtension(isCritical, gnames));
}
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
// SIA, always non-critical
case 5:
case // AIA, always non-critical
6:
if (isCritical) {
throw new Exception(rb.getString("This.extension.cannot.be.marked.as.critical.") + extstr);
}
if (value != null) {
List<AccessDescription> accessDescriptions = new ArrayList<>();
String[] ps = value.split(",");
for (String item : ps) {
colonpos = item.indexOf(':');
int colonpos2 = item.indexOf(':', colonpos + 1);
if (colonpos < 0 || colonpos2 < 0) {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
String m = item.substring(0, colonpos);
String t = item.substring(colonpos + 1, colonpos2);
String v = item.substring(colonpos2 + 1);
int p = oneOf(m, "", // 1
"ocsp", // 2
"caIssuers", // 3
"timeStamping", "", // 5
"caRepository");
ObjectIdentifier oid;
if (p < 0) {
try {
oid = new ObjectIdentifier(m);
} catch (Exception e) {
throw new Exception(rb.getString("Unknown.AccessDescription.type.") + m);
}
} else {
oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
}
accessDescriptions.add(new AccessDescription(oid, createGeneralName(t, v)));
}
if (exttype == 5) {
setExt(result, new SubjectInfoAccessExtension(accessDescriptions));
} else {
setExt(result, new AuthorityInfoAccessExtension(accessDescriptions));
}
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
case // CRL, experimental, only support 1 distributionpoint
8:
if (value != null) {
String[] ps = value.split(",");
GeneralNames gnames = new GeneralNames();
for (String item : ps) {
colonpos = item.indexOf(':');
if (colonpos < 0) {
throw new Exception("Illegal item " + item + " in " + extstr);
}
String t = item.substring(0, colonpos);
String v = item.substring(colonpos + 1);
gnames.add(createGeneralName(t, v));
}
setExt(result, new CRLDistributionPointsExtension(isCritical, Collections.singletonList(new DistributionPoint(gnames, null, null))));
} else {
throw new Exception(rb.getString("Illegal.value.") + extstr);
}
break;
case -1:
ObjectIdentifier oid = new ObjectIdentifier(name);
byte[] data = null;
if (value != null) {
data = new byte[value.length() / 2 + 1];
int pos = 0;
for (char c : value.toCharArray()) {
int hex;
if (c >= '0' && c <= '9') {
hex = c - '0';
} else if (c >= 'A' && c <= 'F') {
hex = c - 'A' + 10;
} else if (c >= 'a' && c <= 'f') {
hex = c - 'a' + 10;
} else {
continue;
}
if (pos % 2 == 0) {
data[pos / 2] = (byte) (hex << 4);
} else {
data[pos / 2] += hex;
}
pos++;
}
if (pos % 2 != 0) {
throw new Exception(rb.getString("Odd.number.of.hex.digits.found.") + extstr);
}
data = Arrays.copyOf(data, pos / 2);
} else {
data = new byte[0];
}
setExt(result, new Extension(oid, isCritical, new DerValue(DerValue.tag_OctetString, data).toByteArray()));
break;
default:
throw new Exception(rb.getString("Unknown.extension.type.") + extstr);
}
}
// always non-critical
setExt(result, new SubjectKeyIdentifierExtension(new KeyIdentifier(pkey).getIdentifier()));
if (akey != null && !pkey.equals(akey)) {
setExt(result, new AuthorityKeyIdentifierExtension(new KeyIdentifier(akey), null, null));
}
} catch (IOException e) {
throw new RuntimeException(e);
}
return result;
}
Also used :
DerValue(sun.security.util.DerValue)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
CertStoreException(java.security.cert.CertStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
sun.security.x509(sun.security.x509)
Example 2 with SubjectKeyIdentifierExtension
use of sun.security.x509.SubjectKeyIdentifierExtension in project coprhd-controller by CoprHD.
the class KeyCertificatePairGenerator method generateCertificate.
/**
* Create a self-signed X.509 Certificate
*
* @param pair the KeyPair
*/
private X509Certificate generateCertificate(KeyPair pair) throws GeneralSecurityException, IOException {
PublicKey pubKey = loadPublicKeyFromBytes(pair.getPublic().getEncoded());
PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = getNotBefore();
Date to = new Date(from.getTime() + valuesHolder.getCertificateValidityInDays() * 86400000L);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(String.format(CERTIFICATE_COMMON_NAME_FORMAT, valuesHolder.getCertificateCommonName()));
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId keyAlgo = AlgorithmId.get(KeyCertificateAlgorithmValuesHolder.DEFAULT_KEY_ALGORITHM);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(keyAlgo));
AlgorithmId signingAlgo = AlgorithmId.get(valuesHolder.getSigningAlgorithm());
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, signingAlgo);
// add extensions
CertificateExtensions ext = new CertificateExtensions();
ext.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey).getIdentifier()));
// CA public key is the same as our public key (self signed)
ext.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(pubKey), null, null));
ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(subjectAltNames()));
info.set(X509CertInfo.EXTENSIONS, ext);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, valuesHolder.getSigningAlgorithm());
return cert;
}
Also used :
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertInfo(sun.security.x509.X509CertInfo)
PublicKey(java.security.PublicKey)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
CertificateExtensions(sun.security.x509.CertificateExtensions)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
Date(java.util.Date)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
AlgorithmId(sun.security.x509.AlgorithmId)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 3 with SubjectKeyIdentifierExtension
use of sun.security.x509.SubjectKeyIdentifierExtension in project jdk8u_jdk by JetBrains.
the class Vertex method certToString.
/**
* Return string representation of this vertex's
* certificate information.
*
* @returns String representation of certificate info
*/
public String certToString() {
StringBuilder sb = new StringBuilder();
X509CertImpl x509Cert = null;
try {
x509Cert = X509CertImpl.toImpl(cert);
} catch (CertificateException ce) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
ce.printStackTrace();
}
return sb.toString();
}
sb.append("Issuer: ").append(x509Cert.getIssuerX500Principal()).append("\n");
sb.append("Subject: ").append(x509Cert.getSubjectX500Principal()).append("\n");
sb.append("SerialNum: ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
sb.append("Expires: ").append(x509Cert.getNotAfter().toString()).append("\n");
boolean[] iUID = x509Cert.getIssuerUniqueID();
if (iUID != null) {
sb.append("IssuerUID: ");
for (boolean b : iUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
boolean[] sUID = x509Cert.getSubjectUniqueID();
if (sUID != null) {
sb.append("SubjectUID: ");
for (boolean b : sUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
try {
SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
if (sKeyID != null) {
KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
sb.append("SubjKeyID: ").append(keyID.toString());
}
AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
if (aKeyID != null) {
KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
sb.append("AuthKeyID: ").append(keyID.toString());
}
} catch (IOException e) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
e.printStackTrace();
}
}
return sb.toString();
}
Also used :
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertImpl(sun.security.x509.X509CertImpl)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Example 4 with SubjectKeyIdentifierExtension
use of sun.security.x509.SubjectKeyIdentifierExtension in project Bytecoder by mirkosertic.
the class Vertex method certToString.
/**
* Return string representation of this vertex's
* certificate information.
*
* @return String representation of certificate info
*/
public String certToString() {
StringBuilder sb = new StringBuilder();
X509CertImpl x509Cert = null;
try {
x509Cert = X509CertImpl.toImpl(cert);
} catch (CertificateException ce) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
ce.printStackTrace();
}
return sb.toString();
}
sb.append("Issuer: ").append(x509Cert.getIssuerX500Principal()).append("\n");
sb.append("Subject: ").append(x509Cert.getSubjectX500Principal()).append("\n");
sb.append("SerialNum: ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
sb.append("Expires: ").append(x509Cert.getNotAfter().toString()).append("\n");
boolean[] iUID = x509Cert.getIssuerUniqueID();
if (iUID != null) {
sb.append("IssuerUID: ");
for (boolean b : iUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
boolean[] sUID = x509Cert.getSubjectUniqueID();
if (sUID != null) {
sb.append("SubjectUID: ");
for (boolean b : sUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
try {
SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
if (sKeyID != null) {
KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
sb.append("SubjKeyID: ").append(keyID.toString());
}
AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
if (aKeyID != null) {
KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
sb.append("AuthKeyID: ").append(keyID.toString());
}
} catch (IOException e) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
e.printStackTrace();
}
}
return sb.toString();
}
Also used :
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertImpl(sun.security.x509.X509CertImpl)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Example 5 with SubjectKeyIdentifierExtension
use of sun.security.x509.SubjectKeyIdentifierExtension in project j2objc by google.
the class Vertex method certToString.
/**
* Return string representation of this vertex's
* certificate information.
*
* @returns String representation of certificate info
*/
public String certToString() {
StringBuilder sb = new StringBuilder();
X509CertImpl x509Cert = null;
try {
x509Cert = X509CertImpl.toImpl(cert);
} catch (CertificateException ce) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
ce.printStackTrace();
}
return sb.toString();
}
sb.append("Issuer: ").append(x509Cert.getIssuerX500Principal()).append("\n");
sb.append("Subject: ").append(x509Cert.getSubjectX500Principal()).append("\n");
sb.append("SerialNum: ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
sb.append("Expires: ").append(x509Cert.getNotAfter().toString()).append("\n");
boolean[] iUID = x509Cert.getIssuerUniqueID();
if (iUID != null) {
sb.append("IssuerUID: ");
for (boolean b : iUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
boolean[] sUID = x509Cert.getSubjectUniqueID();
if (sUID != null) {
sb.append("SubjectUID: ");
for (boolean b : sUID) {
sb.append(b ? 1 : 0);
}
sb.append("\n");
}
try {
SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
if (sKeyID != null) {
KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
sb.append("SubjKeyID: ").append(keyID.toString());
}
AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
if (aKeyID != null) {
KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
sb.append("AuthKeyID: ").append(keyID.toString());
}
} catch (IOException e) {
if (debug != null) {
debug.println("Vertex.certToString() unexpected exception");
e.printStackTrace();
}
}
return sb.toString();
}
Also used :
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertImpl(sun.security.x509.X509CertImpl)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Aggregations
CertificateException (java.security.cert.CertificateException)4
AuthorityKeyIdentifierExtension (sun.security.x509.AuthorityKeyIdentifierExtension)4
KeyIdentifier (sun.security.x509.KeyIdentifier)4
SubjectKeyIdentifierExtension (sun.security.x509.SubjectKeyIdentifierExtension)4
X509CertImpl (sun.security.x509.X509CertImpl)4
IOException (java.io.IOException)3
BigInteger (java.math.BigInteger)1
KeyStoreException (java.security.KeyStoreException)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
SecureRandom (java.security.SecureRandom)1
UnrecoverableEntryException (java.security.UnrecoverableEntryException)1
UnrecoverableKeyException (java.security.UnrecoverableKeyException)1
CertStoreException (java.security.cert.CertStoreException)1
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
Date (java.util.Date)1
DerValue (sun.security.util.DerValue)1
ObjectIdentifier (sun.security.util.ObjectIdentifier)1
sun.security.x509 (sun.security.x509)1
AlgorithmId (sun.security.x509.AlgorithmId)1
