public static OCSPReq GenOcspReq(X509Certificate nextCert, X509Certificate nextIssuer) throws OCSPException { OCSPReqGenerator ocspRequestGenerator = new OCSPReqGenerator(); CertificateID certId = new CertificateID(CertificateID.HASH_SHA1, nextIssuer, nextCert.getSerialNumber()); ocspRequestGenerator.addRequest(certId); BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>(); Vector<X509Extension> values = new Vector<X509Extension>(); oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); values.add(new X509Extension(false, new DEROctetString(nonce .toByteArray()))); ocspRequestGenerator.setRequestExtensions(new X509Extensions(oids, values)); return ocspRequestGenerator.generate(); }
private Set getExtensionOIDs(boolean critical) { Set set = new HashSet(); X509Extensions extensions = this.getResponseExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); X509Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } } return set; }
public byte[] getExtensionValue(String oid) { X509Extensions exts = this.getResponseExtensions(); if (exts != null) { X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); if (ext != null) { try { return ext.getValue().getEncoded(ASN1Encoding.DER); } catch (Exception e) { throw new RuntimeException("error encoding " + e.toString()); } } } return null; }
private Set getExtensionOIDs(boolean critical) { Set set = new HashSet(); X509Extensions extensions = this.getRequestExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); while (e.hasMoreElements()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); X509Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } } return set; }
public byte[] getExtensionValue(String oid) { X509Extensions exts = this.getRequestExtensions(); if (exts != null) { X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { try { return ext.getValue().getEncoded(ASN1Encoding.DER); } catch (Exception e) { throw new RuntimeException("error encoding " + e.toString()); } } } return null; }
private Set getExtensionOIDs(boolean critical) { Set set = new HashSet(); X509Extensions extensions = this.getSingleRequestExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); X509Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } } return set; }
public byte[] getExtensionValue(String oid) { X509Extensions exts = this.getSingleRequestExtensions(); if (exts != null) { X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); if (ext != null) { try { return ext.getValue().getEncoded(ASN1Encoding.DER); } catch (Exception e) { throw new RuntimeException("error encoding " + e.toString()); } } } return null; }
private Set getExtensionOIDs(boolean critical) { Set set = new HashSet(); X509Extensions extensions = this.getSingleExtensions(); if (extensions != null) { Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); X509Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } } return set; }
public byte[] getExtensionValue(String oid) { X509Extensions exts = this.getSingleExtensions(); if (exts != null) { X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); if (ext != null) { try { return ext.getValue().getEncoded(ASN1Encoding.DER); } catch (Exception e) { throw new RuntimeException("error encoding " + e.toString()); } } } return null; }
private Set getExtensionOIDs( boolean critical) { X509Extensions extensions = cert.getAcinfo().getExtensions(); if (extensions != null) { Set set = new HashSet(); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); X509Extension ext = extensions.getExtension(oid); if (ext.isCritical() == critical) { set.add(oid.getId()); } } return set; } return null; }
private Set getExtensionOIDs(boolean critical) { if (this.getVersion() == 2) { HashSet set = new HashSet(); X509Extensions extensions = c.getTBSCertList().getExtensions(); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); X509Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } return set; } return null; }
private Set getExtensionOIDs(boolean critical) { X509Extensions extensions = c.getExtensions(); if ( extensions != null ) { HashSet set = new HashSet(); Enumeration e = extensions.oids(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); X509Extension ext = extensions.getExtension(oid); if (critical == ext.isCritical()) { set.add(oid.getId()); } } return set; } return null; }
public byte[] getExtensionValue(String oid) { X509Extensions exts = c.getExtensions(); if (exts != null) { X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); if (ext != null) { return ext.getValue().getOctets(); } } return null; }
private BigInteger getCrlNumber(X509CRL crl) { byte[] crlNumberExtensionValue = crl.getExtensionValue(X509Extensions.CRLNumber.getId()); if (null == crlNumberExtensionValue) { return null; } try { ASN1InputStream asn1InputStream = new ASN1InputStream(crlNumberExtensionValue); ASN1OctetString octetString = (ASN1OctetString) asn1InputStream.readObject(); byte[] octets = octetString.getOctets(); DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject(); BigInteger crlNumber = integer.getPositiveValue(); return crlNumber; } catch (IOException e) { throw new RuntimeException("I/O error: " + e.getMessage(), e); } }
/** * intermediate cert */ private X509Certificate createIntmedCert( PublicKey pubKey, PrivateKey caPrivKey, PublicKey caPubKey, CertificatePolicies policies, Hashtable policyMap) throws Exception { String issuer = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor"; String subject = "C=JP, O=policyMappingAdditionalTest, OU=intmedCA"; v3CertGen.reset(); v3CertGen.setSerialNumber(BigInteger.valueOf(20)); v3CertGen.setIssuerDN(new X509Principal(issuer)); v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30))); v3CertGen.setSubjectDN(new X509Principal(subject)); v3CertGen.setPublicKey(pubKey); v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); v3CertGen.addExtension(X509Extensions.CertificatePolicies, true, policies); v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); v3CertGen.addExtension(X509Extensions.PolicyMappings, true, new PolicyMappings(policyMap)); X509Certificate cert = v3CertGen.generate(caPrivKey); return cert; }
/** * endEntity cert */ private X509Certificate createEndEntityCert( PublicKey pubKey, PrivateKey caPrivKey, PublicKey caPubKey, ASN1EncodableVector policies) throws Exception { String issuer = "C=JP, O=policyMappingAdditionalTest, OU=intMedCA"; String subject = "C=JP, O=policyMappingAdditionalTest, OU=endEntity"; v3CertGen.reset(); v3CertGen.setSerialNumber(BigInteger.valueOf(20)); v3CertGen.setIssuerDN(new X509Principal(issuer)); v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30))); v3CertGen.setSubjectDN(new X509Principal(subject)); v3CertGen.setPublicKey(pubKey); v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); v3CertGen.addExtension(X509Extensions.CertificatePolicies,true,new DERSequence(policies)); X509Certificate cert = v3CertGen.generate(caPrivKey); return cert; }
public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X509Principal("CN=Test Intermediate Certificate")); certGen.setPublicKey(intKey); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); return certGen.generate(caKey, "BC"); }
public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); certGen.setSubjectDN(new X509Principal("CN=Test End Certificate")); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); return certGen.generate(caKey, "BC"); }
public static X509CRL createCRL( X509Certificate caCert, PrivateKey caKey, BigInteger serialNumber) throws Exception { X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); Date now = new Date(); BigInteger revokedSerialNumber = BigInteger.valueOf(2); crlGen.setIssuerDN(PrincipalUtil.getSubjectX509Principal(caCert)); crlGen.setThisUpdate(now); crlGen.setNextUpdate(new Date(now.getTime() + 100000)); crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); crlGen.addCRLEntry(serialNumber, now, CRLReason.privilegeWithdrawn); crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); crlGen.addExtension(X509Extensions.CRLNumber, false, new CRLNumber(BigInteger.valueOf(1))); return crlGen.generate(caKey, "BC"); }
private void generateDummySSLClientCertificate(KeyStore ks) throws Exception { LOG.info("Generating a Dummy SSL client certificate ..."); KeyPair pair = CertificateUtilities.generateRSAKeyPair(getCryptoStrength()); String DN = "CN=SSL dummy client cert, O=Dummy org., C=FR"; X509V3CertificateGenerator v3CertGen = CertificateUtilities.initCertificateGenerator(pair, DN, DN, true, CertificateUtilities.DEFAULT_VALIDITY_PERIOD); v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); v3CertGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslClient)); v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); X509Certificate cert = v3CertGen.generate(pair.getPrivate()); ks.setKeyEntry(DUMMY_SSL_CLIENT_ALIAS, pair.getPrivate(), KEYSTORE_PASSWORD, new Certificate[] {cert}); }
