sun.security.pkcs10.PKCS10Attribute Java Examples
The following examples show how to use
sun.security.pkcs10.PKCS10Attribute.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PKCS10AttrEncoding.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
static void checkAttributes(Enumeration attrs) { int numOfAttrs = 0; while (attrs.hasMoreElements()) { numOfAttrs ++; PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement(); if (constructedMap.containsKey(attr.getAttributeId())) { if (constructedMap.get(attr.getAttributeId()). equals(attr.getAttributeValue())) { System.out.print("AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } else { failedCount++; System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + constructedMap. get(attr.getAttributeId())); System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } } else { failedCount++; System.out.println("No " + attr.getAttributeId() + " in DER encoded PKCS10 Request"); } } if(numOfAttrs != constructedMap.size()){ failedCount++; System.out.println("Incorrect number of attributes."); } System.out.println(); }
Example #2
Source File: PKCS10AttrEncoding.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
static void checkAttributes(Enumeration attrs) { int numOfAttrs = 0; while (attrs.hasMoreElements()) { numOfAttrs ++; PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement(); if (constructedMap.containsKey(attr.getAttributeId())) { if (constructedMap.get(attr.getAttributeId()). equals(attr.getAttributeValue())) { System.out.print("AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } else { failedCount++; System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + constructedMap. get(attr.getAttributeId())); System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } } else { failedCount++; System.out.println("No " + attr.getAttributeId() + " in DER encoded PKCS10 Request"); } } if(numOfAttrs != constructedMap.size()){ failedCount++; System.out.println("Incorrect number of attributes."); } System.out.println(); }
Example #3
Source File: PKCS10AttrEncoding.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
static void checkAttributes(Enumeration attrs) { int numOfAttrs = 0; while (attrs.hasMoreElements()) { numOfAttrs ++; PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement(); if (constructedMap.containsKey(attr.getAttributeId())) { if (constructedMap.get(attr.getAttributeId()). equals(attr.getAttributeValue())) { System.out.print("AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } else { failedCount++; System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + constructedMap. get(attr.getAttributeId())); System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } } else { failedCount++; System.out.println("No " + attr.getAttributeId() + " in DER encoded PKCS10 Request"); } } if(numOfAttrs != constructedMap.size()){ failedCount++; System.out.println("Incorrect number of attributes."); } System.out.println(); }
Example #4
Source File: PKCS10AttrEncoding.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
static void checkAttributes(Enumeration attrs) { int numOfAttrs = 0; while (attrs.hasMoreElements()) { numOfAttrs ++; PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement(); if (constructedMap.containsKey(attr.getAttributeId())) { if (constructedMap.get(attr.getAttributeId()). equals(attr.getAttributeValue())) { System.out.print("AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } else { failedCount++; System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + constructedMap. get(attr.getAttributeId())); System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } } else { failedCount++; System.out.println("No " + attr.getAttributeId() + " in DER encoded PKCS10 Request"); } } if(numOfAttrs != constructedMap.size()){ failedCount++; System.out.println("Incorrect number of attributes."); } System.out.println(); }
Example #5
Source File: PKCS10AttrEncoding.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
static void checkAttributes(Enumeration attrs) { int numOfAttrs = 0; while (attrs.hasMoreElements()) { numOfAttrs ++; PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement(); if (constructedMap.containsKey(attr.getAttributeId())) { if (constructedMap.get(attr.getAttributeId()). equals(attr.getAttributeValue())) { System.out.print("AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } else { failedCount++; System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + constructedMap. get(attr.getAttributeId())); System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } } else { failedCount++; System.out.println("No " + attr.getAttributeId() + " in DER encoded PKCS10 Request"); } } if(numOfAttrs != constructedMap.size()){ failedCount++; System.out.println("Incorrect number of attributes."); } System.out.println(); }
Example #6
Source File: PKCS10AttrEncoding.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
static void checkAttributes(Enumeration attrs) { int numOfAttrs = 0; while (attrs.hasMoreElements()) { numOfAttrs ++; PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement(); if (constructedMap.containsKey(attr.getAttributeId())) { if (constructedMap.get(attr.getAttributeId()). equals(attr.getAttributeValue())) { System.out.print("AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } else { failedCount++; System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + constructedMap. get(attr.getAttributeId())); System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } } else { failedCount++; System.out.println("No " + attr.getAttributeId() + " in DER encoded PKCS10 Request"); } } if(numOfAttrs != constructedMap.size()){ failedCount++; System.out.println("Incorrect number of attributes."); } System.out.println(); }
Example #7
Source File: PKCS10AttrEncoding.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
static void checkAttributes(Enumeration attrs) { int numOfAttrs = 0; while (attrs.hasMoreElements()) { numOfAttrs ++; PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement(); if (constructedMap.containsKey(attr.getAttributeId())) { if (constructedMap.get(attr.getAttributeId()). equals(attr.getAttributeValue())) { System.out.print("AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } else { failedCount++; System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + constructedMap. get(attr.getAttributeId())); System.out.print("< AttributeId: " + attr.getAttributeId()); System.out.println(" AttributeValue: " + attr.getAttributeValue()); } } else { failedCount++; System.out.println("No " + attr.getAttributeId() + " in DER encoded PKCS10 Request"); } } if(numOfAttrs != constructedMap.size()){ failedCount++; System.out.println("Incorrect number of attributes."); } System.out.println(); }
Example #8
Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
/** * Generate a certificate: Read PKCS10 request from in, and print * certificate to out. Use alias as CA, sigAlgName as the signature * type. */ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) throws Exception { Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME); Date firstDate = getStartDate(startDate); Date lastDate = new Date(); lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); CertificateValidity interval = new CertificateValidity(firstDate, lastDate); PrivateKey privateKey = (PrivateKey)recoverKey(alias, storePass, keyPass).fst; if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privateKey); X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( new java.util.Random().nextInt() & 0x7fffffff)); info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.get(sigAlgName))); info.set(X509CertInfo.ISSUER, issuer); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); boolean canRead = false; StringBuffer sb = new StringBuffer(); while (true) { String s = reader.readLine(); if (s == null) break; // OpenSSL does not use NEW //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) { if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) { canRead = true; //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) { } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) { break; } else if (canRead) { sb.append(s); } } byte[] rawReq = Pem.decode(new String(sb)); PKCS10 req = new PKCS10(rawReq); info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); info.set(X509CertInfo.SUBJECT, dname==null?req.getSubjectName():new X500Name(dname)); CertificateExtensions reqex = null; Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); while (attrs.hasNext()) { PKCS10Attribute attr = attrs.next(); if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { reqex = (CertificateExtensions)attr.getAttributeValue(); } } CertificateExtensions ext = createV3Extensions( reqex, null, v3ext, req.getSubjectPublicKeyInfo(), signerCert.getPublicKey()); info.set(X509CertInfo.EXTENSIONS, ext); X509CertImpl cert = new X509CertImpl(info); cert.sign(privateKey, sigAlgName); dumpCert(cert, out); for (Certificate ca: keyStore.getCertificateChain(alias)) { if (ca instanceof X509Certificate) { X509Certificate xca = (X509Certificate)ca; if (!isSelfSigned(xca)) { dumpCert(xca, out); } } } }
Example #9
Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception { BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuffer sb = new StringBuffer(); boolean started = false; while (true) { String s = reader.readLine(); if (s == null) break; if (!started) { if (s.startsWith("-----")) { started = true; } } else { if (s.startsWith("-----")) { break; } sb.append(s); } } PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb))); PublicKey pkey = req.getSubjectPublicKeyInfo(); out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); if (exts != null) { printExtensions(rb.getString("Extension.Request."), exts, out); } } else { out.println("Attribute: " + attr.getAttributeId()); PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue()); out.print(pkcs9Attr.getName() + ": "); Object attrVal = attr.getAttributeValue(); out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal); } } if (debug) { out.println(req); // Just to see more, say, public key length... } }
Example #10
Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
/** * Creates a PKCS#10 cert signing request, corresponding to the * keys (and name) associated with a given alias. */ private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception { if (alias == null) { alias = keyAlias; } Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); PrivateKey privKey = (PrivateKey)objs.fst; if (keyPass == null) { keyPass = objs.snd; } Certificate cert = keyStore.getCertificate(alias); if (cert == null) { MessageFormat form = new MessageFormat (rb.getString("alias.has.no.public.key.certificate.")); Object[] source = {alias}; throw new Exception(form.format(source)); } PKCS10 request = new PKCS10(cert.getPublicKey()); CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); // Attribute name is not significant request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); // Construct a Signature object, so that we can sign the request if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privKey); X500Name subject = dname == null? new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(dname); // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); request.print(out); }
Example #11
Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
/** * Generate a certificate: Read PKCS10 request from in, and print * certificate to out. Use alias as CA, sigAlgName as the signature * type. */ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) throws Exception { Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME); Date firstDate = getStartDate(startDate); Date lastDate = new Date(); lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); CertificateValidity interval = new CertificateValidity(firstDate, lastDate); PrivateKey privateKey = (PrivateKey)recoverKey(alias, storePass, keyPass).fst; if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privateKey); X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( new java.util.Random().nextInt() & 0x7fffffff)); info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.get(sigAlgName))); info.set(X509CertInfo.ISSUER, issuer); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); boolean canRead = false; StringBuffer sb = new StringBuffer(); while (true) { String s = reader.readLine(); if (s == null) break; // OpenSSL does not use NEW //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) { if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) { canRead = true; //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) { } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) { break; } else if (canRead) { sb.append(s); } } byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb)); PKCS10 req = new PKCS10(rawReq); info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); info.set(X509CertInfo.SUBJECT, dname==null?req.getSubjectName():new X500Name(dname)); CertificateExtensions reqex = null; Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); while (attrs.hasNext()) { PKCS10Attribute attr = attrs.next(); if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { reqex = (CertificateExtensions)attr.getAttributeValue(); } } CertificateExtensions ext = createV3Extensions( reqex, null, v3ext, req.getSubjectPublicKeyInfo(), signerCert.getPublicKey()); info.set(X509CertInfo.EXTENSIONS, ext); X509CertImpl cert = new X509CertImpl(info); cert.sign(privateKey, sigAlgName); dumpCert(cert, out); for (Certificate ca: keyStore.getCertificateChain(alias)) { if (ca instanceof X509Certificate) { X509Certificate xca = (X509Certificate)ca; if (!isSelfSigned(xca)) { dumpCert(xca, out); } } } }
Example #12
Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception { BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuffer sb = new StringBuffer(); boolean started = false; while (true) { String s = reader.readLine(); if (s == null) break; if (!started) { if (s.startsWith("-----")) { started = true; } } else { if (s.startsWith("-----")) { break; } sb.append(s); } } PKCS10 req = new PKCS10(Pem.decode(new String(sb))); PublicKey pkey = req.getSubjectPublicKeyInfo(); out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); if (exts != null) { printExtensions(rb.getString("Extension.Request."), exts, out); } } else { out.println("Attribute: " + attr.getAttributeId()); PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue()); out.print(pkcs9Attr.getName() + ": "); Object attrVal = attr.getAttributeValue(); out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal); } } if (debug) { out.println(req); // Just to see more, say, public key length... } }
Example #13
Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
/** * Creates a PKCS#10 cert signing request, corresponding to the * keys (and name) associated with a given alias. */ private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception { if (alias == null) { alias = keyAlias; } Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); PrivateKey privKey = (PrivateKey)objs.fst; if (keyPass == null) { keyPass = objs.snd; } Certificate cert = keyStore.getCertificate(alias); if (cert == null) { MessageFormat form = new MessageFormat (rb.getString("alias.has.no.public.key.certificate.")); Object[] source = {alias}; throw new Exception(form.format(source)); } PKCS10 request = new PKCS10(cert.getPublicKey()); CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); // Attribute name is not significant request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); // Construct a Signature object, so that we can sign the request if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privKey); X500Name subject = dname == null? new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(dname); // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); request.print(out); }
Example #14
Source File: Main.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
/** * Creates a PKCS#10 cert signing request, corresponding to the * keys (and name) associated with a given alias. */ private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception { if (alias == null) { alias = keyAlias; } Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); PrivateKey privKey = (PrivateKey)objs.fst; if (keyPass == null) { keyPass = objs.snd; } Certificate cert = keyStore.getCertificate(alias); if (cert == null) { MessageFormat form = new MessageFormat (rb.getString("alias.has.no.public.key.certificate.")); Object[] source = {alias}; throw new Exception(form.format(source)); } PKCS10 request = new PKCS10(cert.getPublicKey()); CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); // Attribute name is not significant request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); // Construct a Signature object, so that we can sign the request if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privKey); X500Name subject = dname == null? new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(dname); // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); request.print(out); }
Example #15
Source File: PKCS10AttributeReader.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { // Decode base64 encoded DER file byte[] pkcs10Bytes = Base64.getMimeDecoder().decode(ATTRIBS.getBytes()); HashMap<ObjectIdentifier, Object> RequestStander = new HashMap() { { put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI"); put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L)); put(PKCS9Attribute.CONTENT_TYPE_OID, new ObjectIdentifier("1.9.50.51.52")); } }; int invalidNum = 0; PKCS10Attributes resp = new PKCS10Attributes( new DerInputStream(pkcs10Bytes)); Enumeration eReq = resp.getElements(); int numOfAttrs = 0; while (eReq.hasMoreElements()) { numOfAttrs++; PKCS10Attribute attr = (PKCS10Attribute) eReq.nextElement(); if (RequestStander.containsKey(attr.getAttributeId())) { if (RequestStander.get(attr.getAttributeId()) .equals(attr.getAttributeValue())) { System.out.println(attr.getAttributeId() + " " + attr.getAttributeValue()); } else { invalidNum++; System.out.println("< " + attr.getAttributeId() + " " + attr.getAttributeValue()); System.out.println("< " + attr.getAttributeId() + " " + RequestStander.get(attr.getAttributeId())); } } else { invalidNum++; System.out.println("No" + attr.getAttributeId() + "in Certificate Request list"); } } if (numOfAttrs != RequestStander.size()) { invalidNum++; System.out.println("Incorrect number of attributes."); } System.out.println(); if (invalidNum > 0) { throw new RuntimeException( "Attributes Compared with Stander :" + " Failed"); } System.out.println("Attributes Compared with Stander: Pass"); }
Example #16
Source File: PKCS10AttrEncoding.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { // initializations int len = ids.length; Object[] values = { new ObjectIdentifier("1.2.3.4"), new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(), "challenging" }; for (int j = 0; j < len; j++) { constructedMap.put(ids[j], values[j]); } X500Name subject = new X500Name("cn=Test"); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); String sigAlg = "DSA"; keyGen.initialize(512); KeyPair pair = keyGen.generateKeyPair(); X509Key publicKey = (X509Key) pair.getPublic(); PrivateKey privateKey = pair.getPrivate(); Signature signature = Signature.getInstance(sigAlg); signature.initSign(privateKey); // Create the PKCS10 request PKCS10Attribute[] attrs = new PKCS10Attribute[len]; for (int j = 0; j < len; j++) { attrs[j] = new PKCS10Attribute(ids[j], values[j]); } PKCS10 req = new PKCS10(publicKey, new PKCS10Attributes(attrs)); System.out.println("List of attributes in constructed PKCS10 " + "request: "); checkAttributes(req.getAttributes().getElements()); // Encode the PKCS10 request and generate another PKCS10 request from // the encoded byte array req.encodeAndSign(subject, signature); PKCS10 resp = new PKCS10(req.getEncoded()); System.out.println("List of attributes in DER encoded PKCS10 Request:"); checkAttributes(resp.getAttributes().getElements()); if (failedCount > 0) { throw new RuntimeException("Attributes Compared : Failed"); } System.out.println("Attributes Compared : Pass"); }
Example #17
Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception { BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuffer sb = new StringBuffer(); boolean started = false; while (true) { String s = reader.readLine(); if (s == null) break; if (!started) { if (s.startsWith("-----")) { started = true; } } else { if (s.startsWith("-----")) { break; } sb.append(s); } } PKCS10 req = new PKCS10(Pem.decode(new String(sb))); PublicKey pkey = req.getSubjectPublicKeyInfo(); out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); if (exts != null) { printExtensions(rb.getString("Extension.Request."), exts, out); } } else { out.println("Attribute: " + attr.getAttributeId()); PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue()); out.print(pkcs9Attr.getName() + ": "); Object attrVal = attr.getAttributeValue(); out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal); } } if (debug) { out.println(req); // Just to see more, say, public key length... } }
Example #18
Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Creates a PKCS#10 cert signing request, corresponding to the * keys (and name) associated with a given alias. */ private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception { if (alias == null) { alias = keyAlias; } Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); PrivateKey privKey = (PrivateKey)objs.fst; if (keyPass == null) { keyPass = objs.snd; } Certificate cert = keyStore.getCertificate(alias); if (cert == null) { MessageFormat form = new MessageFormat (rb.getString("alias.has.no.public.key.certificate.")); Object[] source = {alias}; throw new Exception(form.format(source)); } PKCS10 request = new PKCS10(cert.getPublicKey()); CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); // Attribute name is not significant request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); // Construct a Signature object, so that we can sign the request if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privKey); X500Name subject = dname == null? new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(dname); // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); request.print(out); }
Example #19
Source File: Main.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
/** * Generate a certificate: Read PKCS10 request from in, and print * certificate to out. Use alias as CA, sigAlgName as the signature * type. */ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) throws Exception { Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME); Date firstDate = getStartDate(startDate); Date lastDate = new Date(); lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); CertificateValidity interval = new CertificateValidity(firstDate, lastDate); PrivateKey privateKey = (PrivateKey)recoverKey(alias, storePass, keyPass).fst; if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privateKey); X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( new java.util.Random().nextInt() & 0x7fffffff)); info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.get(sigAlgName))); info.set(X509CertInfo.ISSUER, issuer); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); boolean canRead = false; StringBuffer sb = new StringBuffer(); while (true) { String s = reader.readLine(); if (s == null) break; // OpenSSL does not use NEW //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) { if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) { canRead = true; //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) { } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) { break; } else if (canRead) { sb.append(s); } } byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb)); PKCS10 req = new PKCS10(rawReq); info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); info.set(X509CertInfo.SUBJECT, dname==null?req.getSubjectName():new X500Name(dname)); CertificateExtensions reqex = null; Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); while (attrs.hasNext()) { PKCS10Attribute attr = attrs.next(); if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { reqex = (CertificateExtensions)attr.getAttributeValue(); } } CertificateExtensions ext = createV3Extensions( reqex, null, v3ext, req.getSubjectPublicKeyInfo(), signerCert.getPublicKey()); info.set(X509CertInfo.EXTENSIONS, ext); X509CertImpl cert = new X509CertImpl(info); cert.sign(privateKey, sigAlgName); dumpCert(cert, out); for (Certificate ca: keyStore.getCertificateChain(alias)) { if (ca instanceof X509Certificate) { X509Certificate xca = (X509Certificate)ca; if (!isSelfSigned(xca)) { dumpCert(xca, out); } } } }
Example #20
Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception { BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuffer sb = new StringBuffer(); boolean started = false; while (true) { String s = reader.readLine(); if (s == null) break; if (!started) { if (s.startsWith("-----")) { started = true; } } else { if (s.startsWith("-----")) { break; } sb.append(s); } } PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb))); PublicKey pkey = req.getSubjectPublicKeyInfo(); out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); if (exts != null) { printExtensions(rb.getString("Extension.Request."), exts, out); } } else { out.println("Attribute: " + attr.getAttributeId()); PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue()); out.print(pkcs9Attr.getName() + ": "); Object attrVal = attr.getAttributeValue(); out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal); } } if (debug) { out.println(req); // Just to see more, say, public key length... } }
Example #21
Source File: Main.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception { BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuffer sb = new StringBuffer(); boolean started = false; while (true) { String s = reader.readLine(); if (s == null) break; if (!started) { if (s.startsWith("-----")) { started = true; } } else { if (s.startsWith("-----")) { break; } sb.append(s); } } PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb))); PublicKey pkey = req.getSubjectPublicKeyInfo(); out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); if (exts != null) { printExtensions(rb.getString("Extension.Request."), exts, out); } } else { out.println("Attribute: " + attr.getAttributeId()); PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue()); out.print(pkcs9Attr.getName() + ": "); Object attrVal = attr.getAttributeValue(); out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal); } } if (debug) { out.println(req); // Just to see more, say, public key length... } }
Example #22
Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
/** * Creates a PKCS#10 cert signing request, corresponding to the * keys (and name) associated with a given alias. */ private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception { if (alias == null) { alias = keyAlias; } Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); PrivateKey privKey = (PrivateKey)objs.fst; if (keyPass == null) { keyPass = objs.snd; } Certificate cert = keyStore.getCertificate(alias); if (cert == null) { MessageFormat form = new MessageFormat (rb.getString("alias.has.no.public.key.certificate.")); Object[] source = {alias}; throw new Exception(form.format(source)); } PKCS10 request = new PKCS10(cert.getPublicKey()); CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); // Attribute name is not significant request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); // Construct a Signature object, so that we can sign the request if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); AlgorithmParameterSpec params = AlgorithmId .getDefaultAlgorithmParameterSpec(sigAlgName, privKey); SignatureUtil.initSignWithParam(signature, privKey, params, null); X500Name subject = dname == null? new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(dname); // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); request.print(out); checkWeak(rb.getString("the.generated.certificate.request"), request); }
Example #23
Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception { BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuffer sb = new StringBuffer(); boolean started = false; while (true) { String s = reader.readLine(); if (s == null) break; if (!started) { if (s.startsWith("-----")) { started = true; } } else { if (s.startsWith("-----")) { break; } sb.append(s); } } PKCS10 req = new PKCS10(Pem.decode(new String(sb))); PublicKey pkey = req.getSubjectPublicKeyInfo(); out.printf(rb.getString("PKCS.10.with.weak"), req.getSubjectName(), pkey.getFormat(), withWeak(pkey), withWeak(req.getSigAlg())); for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); if (exts != null) { printExtensions(rb.getString("Extension.Request."), exts, out); } } else { out.println("Attribute: " + attr.getAttributeId()); PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue()); out.print(pkcs9Attr.getName() + ": "); Object attrVal = attr.getAttributeValue(); out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal); } } if (debug) { out.println(req); // Just to see more, say, public key length... } checkWeak(rb.getString("the.certificate.request"), req); }
Example #24
Source File: PKCS10AttrEncoding.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { // initializations int len = ids.length; Object[] values = { new ObjectIdentifier("1.2.3.4"), new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(), "challenging" }; for (int j = 0; j < len; j++) { constructedMap.put(ids[j], values[j]); } X500Name subject = new X500Name("cn=Test"); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); String sigAlg = "DSA"; keyGen.initialize(512); KeyPair pair = keyGen.generateKeyPair(); X509Key publicKey = (X509Key) pair.getPublic(); PrivateKey privateKey = pair.getPrivate(); Signature signature = Signature.getInstance(sigAlg); signature.initSign(privateKey); // Create the PKCS10 request PKCS10Attribute[] attrs = new PKCS10Attribute[len]; for (int j = 0; j < len; j++) { attrs[j] = new PKCS10Attribute(ids[j], values[j]); } PKCS10 req = new PKCS10(publicKey, new PKCS10Attributes(attrs)); System.out.println("List of attributes in constructed PKCS10 " + "request: "); checkAttributes(req.getAttributes().getElements()); // Encode the PKCS10 request and generate another PKCS10 request from // the encoded byte array req.encodeAndSign(subject, signature); PKCS10 resp = new PKCS10(req.getEncoded()); System.out.println("List of attributes in DER encoded PKCS10 Request:"); checkAttributes(resp.getAttributes().getElements()); if (failedCount > 0) { throw new RuntimeException("Attributes Compared : Failed"); } System.out.println("Attributes Compared : Pass"); }
Example #25
Source File: PKCS10AttributeReader.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { // Decode base64 encoded DER file byte[] pkcs10Bytes = Base64.getMimeDecoder().decode(ATTRIBS.getBytes()); HashMap<ObjectIdentifier, Object> RequestStander = new HashMap() { { put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI"); put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L)); put(PKCS9Attribute.CONTENT_TYPE_OID, new ObjectIdentifier("1.9.50.51.52")); } }; int invalidNum = 0; PKCS10Attributes resp = new PKCS10Attributes( new DerInputStream(pkcs10Bytes)); Enumeration eReq = resp.getElements(); int numOfAttrs = 0; while (eReq.hasMoreElements()) { numOfAttrs++; PKCS10Attribute attr = (PKCS10Attribute) eReq.nextElement(); if (RequestStander.containsKey(attr.getAttributeId())) { if (RequestStander.get(attr.getAttributeId()) .equals(attr.getAttributeValue())) { System.out.println(attr.getAttributeId() + " " + attr.getAttributeValue()); } else { invalidNum++; System.out.println("< " + attr.getAttributeId() + " " + attr.getAttributeValue()); System.out.println("< " + attr.getAttributeId() + " " + RequestStander.get(attr.getAttributeId())); } } else { invalidNum++; System.out.println("No" + attr.getAttributeId() + "in Certificate Request list"); } } if (numOfAttrs != RequestStander.size()) { invalidNum++; System.out.println("Incorrect number of attributes."); } System.out.println(); if (invalidNum > 0) { throw new RuntimeException( "Attributes Compared with Stander :" + " Failed"); } System.out.println("Attributes Compared with Stander: Pass"); }
Example #26
Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Generate a certificate: Read PKCS10 request from in, and print * certificate to out. Use alias as CA, sigAlgName as the signature * type. */ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) throws Exception { Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME); Date firstDate = getStartDate(startDate); Date lastDate = new Date(); lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); CertificateValidity interval = new CertificateValidity(firstDate, lastDate); PrivateKey privateKey = (PrivateKey)recoverKey(alias, storePass, keyPass).fst; if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privateKey); X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( new java.util.Random().nextInt() & 0x7fffffff)); info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.get(sigAlgName))); info.set(X509CertInfo.ISSUER, issuer); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); boolean canRead = false; StringBuffer sb = new StringBuffer(); while (true) { String s = reader.readLine(); if (s == null) break; // OpenSSL does not use NEW //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) { if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) { canRead = true; //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) { } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) { break; } else if (canRead) { sb.append(s); } } byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb)); PKCS10 req = new PKCS10(rawReq); info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); info.set(X509CertInfo.SUBJECT, dname==null?req.getSubjectName():new X500Name(dname)); CertificateExtensions reqex = null; Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); while (attrs.hasNext()) { PKCS10Attribute attr = attrs.next(); if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { reqex = (CertificateExtensions)attr.getAttributeValue(); } } CertificateExtensions ext = createV3Extensions( reqex, null, v3ext, req.getSubjectPublicKeyInfo(), signerCert.getPublicKey()); info.set(X509CertInfo.EXTENSIONS, ext); X509CertImpl cert = new X509CertImpl(info); cert.sign(privateKey, sigAlgName); dumpCert(cert, out); for (Certificate ca: keyStore.getCertificateChain(alias)) { if (ca instanceof X509Certificate) { X509Certificate xca = (X509Certificate)ca; if (!isSelfSigned(xca)) { dumpCert(xca, out); } } } }
Example #27
Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
/** * Creates a PKCS#10 cert signing request, corresponding to the * keys (and name) associated with a given alias. */ private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception { if (alias == null) { alias = keyAlias; } Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); PrivateKey privKey = (PrivateKey)objs.fst; if (keyPass == null) { keyPass = objs.snd; } Certificate cert = keyStore.getCertificate(alias); if (cert == null) { MessageFormat form = new MessageFormat (rb.getString("alias.has.no.public.key.certificate.")); Object[] source = {alias}; throw new Exception(form.format(source)); } PKCS10 request = new PKCS10(cert.getPublicKey()); CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); // Attribute name is not significant request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); // Construct a Signature object, so that we can sign the request if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privKey); X500Name subject = dname == null? new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(dname); // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); request.print(out); }
Example #28
Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private void doPrintCertReq(InputStream in, PrintStream out) throws Exception { BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuffer sb = new StringBuffer(); boolean started = false; while (true) { String s = reader.readLine(); if (s == null) break; if (!started) { if (s.startsWith("-----")) { started = true; } } else { if (s.startsWith("-----")) { break; } sb.append(s); } } PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb))); PublicKey pkey = req.getSubjectPublicKeyInfo(); out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."), req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm()); for (PKCS10Attribute attr: req.getAttributes().getAttributes()) { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); if (exts != null) { printExtensions(rb.getString("Extension.Request."), exts, out); } } else { out.println("Attribute: " + attr.getAttributeId()); PKCS9Attribute pkcs9Attr = new PKCS9Attribute(attr.getAttributeId(), attr.getAttributeValue()); out.print(pkcs9Attr.getName() + ": "); Object attrVal = attr.getAttributeValue(); out.println(attrVal instanceof String[] ? Arrays.toString((String[]) attrVal) : attrVal); } } if (debug) { out.println(req); // Just to see more, say, public key length... } }
Example #29
Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
/** * Generate a certificate: Read PKCS10 request from in, and print * certificate to out. Use alias as CA, sigAlgName as the signature * type. */ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out) throws Exception { Certificate signerCert = keyStore.getCertificate(alias); byte[] encoded = signerCert.getEncoded(); X509CertImpl signerCertImpl = new X509CertImpl(encoded); X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( X509CertImpl.NAME + "." + X509CertImpl.INFO); X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME); Date firstDate = getStartDate(startDate); Date lastDate = new Date(); lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L); CertificateValidity interval = new CertificateValidity(firstDate, lastDate); PrivateKey privateKey = (PrivateKey)recoverKey(alias, storePass, keyPass).fst; if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privateKey); X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( new java.util.Random().nextInt() & 0x7fffffff)); info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( AlgorithmId.get(sigAlgName))); info.set(X509CertInfo.ISSUER, issuer); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); boolean canRead = false; StringBuffer sb = new StringBuffer(); while (true) { String s = reader.readLine(); if (s == null) break; // OpenSSL does not use NEW //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) { if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) { canRead = true; //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) { } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) { break; } else if (canRead) { sb.append(s); } } byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb)); PKCS10 req = new PKCS10(rawReq); info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo())); info.set(X509CertInfo.SUBJECT, dname==null?req.getSubjectName():new X500Name(dname)); CertificateExtensions reqex = null; Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator(); while (attrs.hasNext()) { PKCS10Attribute attr = attrs.next(); if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) { reqex = (CertificateExtensions)attr.getAttributeValue(); } } CertificateExtensions ext = createV3Extensions( reqex, null, v3ext, req.getSubjectPublicKeyInfo(), signerCert.getPublicKey()); info.set(X509CertInfo.EXTENSIONS, ext); X509CertImpl cert = new X509CertImpl(info); cert.sign(privateKey, sigAlgName); dumpCert(cert, out); for (Certificate ca: keyStore.getCertificateChain(alias)) { if (ca instanceof X509Certificate) { X509Certificate xca = (X509Certificate)ca; if (!isSelfSigned(xca)) { dumpCert(xca, out); } } } }
Example #30
Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
/** * Creates a PKCS#10 cert signing request, corresponding to the * keys (and name) associated with a given alias. */ private void doCertReq(String alias, String sigAlgName, PrintStream out) throws Exception { if (alias == null) { alias = keyAlias; } Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass); PrivateKey privKey = (PrivateKey)objs.fst; if (keyPass == null) { keyPass = objs.snd; } Certificate cert = keyStore.getCertificate(alias); if (cert == null) { MessageFormat form = new MessageFormat (rb.getString("alias.has.no.public.key.certificate.")); Object[] source = {alias}; throw new Exception(form.format(source)); } PKCS10 request = new PKCS10(cert.getPublicKey()); CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null); // Attribute name is not significant request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); // Construct a Signature object, so that we can sign the request if (sigAlgName == null) { sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); } Signature signature = Signature.getInstance(sigAlgName); signature.initSign(privKey); X500Name subject = dname == null? new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(dname); // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); request.print(out); }