Search in sources :

Example 36 with X509CertImpl

use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.

the class Vertex method certToString.

/**
     * Return string representation of this vertex's
     * certificate information.
     *
     * @returns String representation of certificate info
     */
public String certToString() {
    StringBuilder sb = new StringBuilder();
    X509CertImpl x509Cert = null;
    try {
        x509Cert = X509CertImpl.toImpl(cert);
    } catch (CertificateException ce) {
        if (debug != null) {
            debug.println("Vertex.certToString() unexpected exception");
            ce.printStackTrace();
        }
        return sb.toString();
    }
    sb.append("Issuer:     ").append(x509Cert.getIssuerX500Principal()).append("\n");
    sb.append("Subject:    ").append(x509Cert.getSubjectX500Principal()).append("\n");
    sb.append("SerialNum:  ").append(x509Cert.getSerialNumber().toString(16)).append("\n");
    sb.append("Expires:    ").append(x509Cert.getNotAfter().toString()).append("\n");
    boolean[] iUID = x509Cert.getIssuerUniqueID();
    if (iUID != null) {
        sb.append("IssuerUID:  ");
        for (boolean b : iUID) {
            sb.append(b ? 1 : 0);
        }
        sb.append("\n");
    }
    boolean[] sUID = x509Cert.getSubjectUniqueID();
    if (sUID != null) {
        sb.append("SubjectUID: ");
        for (boolean b : sUID) {
            sb.append(b ? 1 : 0);
        }
        sb.append("\n");
    }
    try {
        SubjectKeyIdentifierExtension sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
        if (sKeyID != null) {
            KeyIdentifier keyID = sKeyID.get(SubjectKeyIdentifierExtension.KEY_ID);
            sb.append("SubjKeyID:  ").append(keyID.toString());
        }
        AuthorityKeyIdentifierExtension aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
        if (aKeyID != null) {
            KeyIdentifier keyID = (KeyIdentifier) aKeyID.get(AuthorityKeyIdentifierExtension.KEY_ID);
            sb.append("AuthKeyID:  ").append(keyID.toString());
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("Vertex.certToString() unexpected exception");
            e.printStackTrace();
        }
    }
    return sb.toString();
}
Also used : SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension) KeyIdentifier(sun.security.x509.KeyIdentifier) X509CertImpl(sun.security.x509.X509CertImpl) AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException)

Example 37 with X509CertImpl

use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.

the class PolicyChecker method mergeInhibitAnyPolicy.

/**
     * Merges the specified inhibitAnyPolicy value with the
     * SkipCerts value of the InhibitAnyPolicy
     * extension obtained from the certificate.
     *
     * @param inhibitAnyPolicy an integer which indicates whether
     * "any-policy" is considered a match
     * @param currCert the Certificate to be processed
     * @return returns the new inhibitAnyPolicy value
     * @exception CertPathValidatorException Exception thrown if an error
     * occurs
     */
static int mergeInhibitAnyPolicy(int inhibitAnyPolicy, X509CertImpl currCert) throws CertPathValidatorException {
    if ((inhibitAnyPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        inhibitAnyPolicy--;
    }
    try {
        InhibitAnyPolicyExtension inhAnyPolExt = (InhibitAnyPolicyExtension) currCert.getExtension(InhibitAnyPolicy_Id);
        if (inhAnyPolExt == null)
            return inhibitAnyPolicy;
        int skipCerts = inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergeInhibitAnyPolicy() " + "skipCerts Index from cert = " + skipCerts);
        if (skipCerts != -1) {
            if (skipCerts < inhibitAnyPolicy) {
                inhibitAnyPolicy = skipCerts;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeInhibitAnyPolicy " + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }
    return inhibitAnyPolicy;
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) IOException(java.io.IOException) InhibitAnyPolicyExtension(sun.security.x509.InhibitAnyPolicyExtension)

Example 38 with X509CertImpl

use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.

the class PolicyChecker method checkPolicy.

/**
     * Internal method to run through all the checks.
     *
     * @param currCert the certificate to be processed
     * @exception CertPathValidatorException Exception thrown if
     * the certificate does not verify
     */
private void checkPolicy(X509Certificate currCert) throws CertPathValidatorException {
    String msg = "certificate policies";
    if (debug != null) {
        debug.println("PolicyChecker.checkPolicy() ---checking " + msg + "...");
        debug.println("PolicyChecker.checkPolicy() certIndex = " + certIndex);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "explicitPolicy = " + explicitPolicy);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "policyMapping = " + policyMapping);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "inhibitAnyPolicy = " + inhibitAnyPolicy);
        debug.println("PolicyChecker.checkPolicy() BEFORE PROCESSING: " + "policyTree = " + rootNode);
    }
    X509CertImpl currCertImpl = null;
    try {
        currCertImpl = X509CertImpl.toImpl(currCert);
    } catch (CertificateException ce) {
        throw new CertPathValidatorException(ce);
    }
    boolean finalCert = (certIndex == certPathLen);
    rootNode = processPolicies(certIndex, initPolicies, explicitPolicy, policyMapping, inhibitAnyPolicy, rejectPolicyQualifiers, rootNode, currCertImpl, finalCert);
    if (!finalCert) {
        explicitPolicy = mergeExplicitPolicy(explicitPolicy, currCertImpl, finalCert);
        policyMapping = mergePolicyMapping(policyMapping, currCertImpl);
        inhibitAnyPolicy = mergeInhibitAnyPolicy(inhibitAnyPolicy, currCertImpl);
    }
    certIndex++;
    if (debug != null) {
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "explicitPolicy = " + explicitPolicy);
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "policyMapping = " + policyMapping);
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "inhibitAnyPolicy = " + inhibitAnyPolicy);
        debug.println("PolicyChecker.checkPolicy() AFTER PROCESSING: " + "policyTree = " + rootNode);
        debug.println("PolicyChecker.checkPolicy() " + msg + " verified");
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) X509CertImpl(sun.security.x509.X509CertImpl) CertificateException(java.security.cert.CertificateException)

Example 39 with X509CertImpl

use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.

the class SimpleSigner method getSelfCert.

private X509Certificate getSelfCert() throws Exception {
    long validity = 1000;
    X509CertImpl certLocal;
    Date firstDate, lastDate;
    firstDate = new Date();
    lastDate = new Date();
    lastDate.setTime(lastDate.getTime() + validity + 1000);
    CertificateValidity interval = new CertificateValidity(firstDate, lastDate);
    X509CertInfo info = new X509CertInfo();
    // Add all mandatory attributes
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber((int) (firstDate.getTime() / 1000)));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algId));
    info.set(X509CertInfo.SUBJECT, agent);
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.ISSUER, agent);
    certLocal = new X509CertImpl(info);
    certLocal.sign(privateKey, algId.getName());
    return certLocal;
}
Also used : CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertInfo(sun.security.x509.X509CertInfo) X509CertImpl(sun.security.x509.X509CertImpl) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date)

Example 40 with X509CertImpl

use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.

the class CheckCertId method main.

public static void main(String[] args) throws Exception {
    X509CertImpl cert = loadCert(CERT_FILENAME);
    /* Compute the hash in the same way as CertId constructor */
    MessageDigest hash = MessageDigest.getInstance("SHA1");
    hash.update(cert.getSubjectX500Principal().getEncoded());
    byte[] expectedHash = hash.digest();
    CertId certId = new CertId(cert, null);
    byte[] receivedHash = certId.getIssuerNameHash();
    if (!Arrays.equals(expectedHash, receivedHash)) {
        throw new Exception("Bad hash value for issuer name in CertId object");
    }
}
Also used : CertId(sun.security.provider.certpath.CertId) X509CertImpl(sun.security.x509.X509CertImpl) MessageDigest(java.security.MessageDigest)

Aggregations

X509CertImpl (sun.security.x509.X509CertImpl)35 IOException (java.io.IOException)15 CertificateException (java.security.cert.CertificateException)15 CertPathValidatorException (java.security.cert.CertPathValidatorException)10 CertificateFactory (java.security.cert.CertificateFactory)7 X509Certificate (java.security.cert.X509Certificate)6 X500Name (sun.security.x509.X500Name)6 X509CertInfo (sun.security.x509.X509CertInfo)6 BigInteger (java.math.BigInteger)5 AlgorithmId (sun.security.x509.AlgorithmId)5 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)5 CRLException (java.security.cert.CRLException)4 CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)4 CertificateValidity (sun.security.x509.CertificateValidity)4 CertificateVersion (sun.security.x509.CertificateVersion)4 CertificateX509Key (sun.security.x509.CertificateX509Key)4 GeneralName (sun.security.x509.GeneralName)4 PublicKey (java.security.PublicKey)3 CertificateParsingException (java.security.cert.CertificateParsingException)3 Date (java.util.Date)3