Package iaik.x509

Examples of iaik.x509.X509Certificate


        try {

            boolean trusted = false;

            X509Certificate chainCert;
            while (in.available() > 0 && !trusted) {
                // The length of the next certificate (we dont need this as rthe
                // DERInputStream does the work
                int certlen = (in.read() & 0xFF) << 16 | (in.read() & 0xFF) << 8 | (in.read() & 0xFF);

                // Now read the certificate
                DERInputStream der = new DERInputStream(in);

                ASN1Sequence certificate = (ASN1Sequence) der.readObject();

                // Get the x509 certificate structure
                chainCert = new X509Certificate(X509CertificateStructure.getInstance(certificate));

                if (x509 == null)
                    x509 = chainCert;

                // Verify if this part of the chain is trusted
View Full Code Here


            DERInputStream der = new DERInputStream(new FileInputStream("c:/exported.cer")); //$NON-NLS-1$

            ASN1Sequence certificate = (ASN1Sequence) der.readObject();

            // Get the x509 certificate structure
            X509Certificate x509 = new X509Certificate(X509CertificateStructure.getInstance(certificate));

            System.out.println(x509.getIssuerDN());
            System.out.println(x509.getSubjectDN());
            ssl.getTrustedCACerts().isTrustedCertificate(x509, true, true);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
View Full Code Here

                    throws SSLException {
        try {
            if (CertificateStore.getInstance().contains(x509.getIssuerDN().toString())) {


                X509Certificate trusted = (X509Certificate) CertificateStore.getInstance().get(x509.getIssuerDN().toString());

                // Verify the signature of the certificate with the trusted
                // certificate
                PublicKey publickey = trusted.getPublicKey();

                if (publickey instanceof RsaPublicKey) {
                    // Verify the signature
                    if (x509.getSigAlgName().equals("MD5WithRSAEncryption")) { //$NON-NLS-1$

                        try {
                            byte[] blob = x509.getSignature();

                            // Check for signed bit
                            if ((blob[0] & 0x80) == 0x80) {
                                blob = new byte[x509.getSignature().length + 1];
                                blob[0] = 0;
                                System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
                            }

                            BigInteger input = new BigInteger(blob);
                            RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();
                            BigInteger decoded = Rsa.doPublic(input, r.getModulus(), r.getPublicExponent());
                            BigInteger result = Rsa.removePKCS1(decoded, 0x01);
                            byte[] sig = result.toByteArray();

                            MD5Digest digest = new MD5Digest();
                            digest.update(x509.getTBSCertificate(), 0, x509.getTBSCertificate().length);
                            byte[] hash = new byte[digest.getDigestSize()];
                            digest.doFinal(hash, 0);

                            DERInputStream der = new DERInputStream(new ByteArrayInputStream(sig));

                            ASN1Sequence o = (ASN1Sequence) der.readObject();

                            ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);

                            DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
                            ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);

                            byte[] actual = o3.getOctets();

                            for (int i = 0; i < actual.length; i++) {
                                if (actual[i] != hash[i]) {
                                    return false;
                                }
                            }

                        } catch (IOException ex1) {
                            throw new SSLException(SSLException.INTERNAL_ERROR, ex1.getMessage());
                        }

                    } else if (x509.getSigAlgName().equals("SHA1WithRSAEncryption")) { //$NON-NLS-1$

                        try {
                            byte[] blob = x509.getSignature();

                            // Check for signed bit
                            if ((blob[0] & 0x80) == 0x80) {
                                blob = new byte[x509.getSignature().length + 1];
                                blob[0] = 0;
                                System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
                            }

                            BigInteger input = new BigInteger(blob);
                            RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();

                            BigInteger decoded = Rsa.doPublic(input, r.getModulus(), r.getPublicExponent());

                            BigInteger result = Rsa.removePKCS1(decoded, 0x01);
                            byte[] sig = result.toByteArray();

                            SHA1Digest digest = new SHA1Digest();
                            digest.update(x509.getTBSCertificate(), 0, x509.getTBSCertificate().length);
                            byte[] hash = new byte[digest.getDigestSize()];
                            digest.doFinal(hash, 0);

                            DERInputStream der = new DERInputStream(new ByteArrayInputStream(sig));

                            ASN1Sequence o = (ASN1Sequence) der.readObject();

                            ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);

                            DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
                            ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);

                            byte[] actual = o3.getOctets();

                            for (int i = 0; i < actual.length; i++) {
                                if (actual[i] != hash[i]) {
                                    return false;
                                }
                            }

                        } catch (IOException ex1) {
                            throw new SSLException(SSLException.INTERNAL_ERROR, ex1.getMessage());
                        }

                    } else
                        throw new SSLException(SSLException.UNSUPPORTED_CERTIFICATE,
                            MessageFormat.format(Messages.getString("TrustedCACertStore.signatureAlgorithmNotSupported"), new Object[] { x509.getSigAlgName() })); //$NON-NLS-1$

                    // Verify the validity
                    try {
                        trusted.checkValidity();
                        x509.checkValidity();
                    } catch (CertificateException ex2) {
                        if (allowInvalidCertificates) {
                            return true;
                        } else {
View Full Code Here

            der = new DERInputStream(in);

            ASN1Sequence certificate = (ASN1Sequence) der.readObject();

            X509Certificate x509 = new X509Certificate(X509CertificateStructure.getInstance(certificate));

            if (certificates.containsKey(x509.getSubjectDN().toString())) {
                // #ifdef DEBUG
                if (log.isDebugEnabled())
                    log.debug(Messages.getString("CertificateStore.alreadyExists") + x509.getSubjectDN().toString()); //$NON-NLS-1$
                // #endif
            } else {
                // #ifdef DEBUG
                if (log.isDebugEnabled())
                    log.debug(MessageFormat.format(Messages.getString("CertificateStore.addingTrustedCA"), new Object[] { x509.getSubjectDN().toString() })); //$NON-NLS-1$
                // #endif
                certificates.put(x509.getSubjectDN().toString(), x509);
            }
        } catch (Exception ex) {
            ex.printStackTrace();
        } finally {
            try {
View Full Code Here

   * netscape's KEYGEN param, the SignedPublicKeyAndChallenge.
   */

  String key = (String) h.get("key");
  byte bytes[] = Util.Base64Decode(key.getBytes());
  NetscapeCertRequest nc = null;
  try {
      nc = new  NetscapeCertRequest(bytes);
  } catch (CodingException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  try {
      nc.verify();
  } catch (java.security.SignatureException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  System.out.println("Got cert req: " + nc);
  try {
      cert.setPublicKey(nc.getPublicKey());
  } catch (java.security.InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

View Full Code Here

  issuer.addRDN(ObjectID.commonName,
    getEntry("server name","foo.bar.com"));
   
  /* create the cert */

  X509Certificate cert =  new X509Certificate();
  try {
      cert.setSerialNumber(new BigInteger(20, new Random()));
      cert.setSubjectDN(issuer);
      cert.setIssuerDN(issuer);
      cert.setPublicKey(kp.getPublic());

      GregorianCalendar date = new GregorianCalendar();
      date.add(Calendar.DATE, -1);
      cert.setValidNotBefore(date.getTime());
      date.add(Calendar.MONTH,
    Integer.parseInt(getEntry("time of validity (months)","6")));
      cert.setValidNotAfter(date.getTime());

      /*
       * Specify what functions this certificate is good for.  If this
       * (Or the basicConstraint CA field) is not set, then netscape
       * will not recognize this as a CA cert. See:
       * http://home.netscape.com/eng/security/comm4-cert-exts.html
       * for details
       */

      cert.addExtension(new NetscapeCertType(
        NetscapeCertType.SSL_CA |
        NetscapeCertType.SSL_SERVER |
        NetscapeCertType.S_MIME_CA |
        NetscapeCertType.OBJECT_SIGNING_CA)
      );

      /*
       * If this certificate is to be used by an ssl server,
       * then add the following:
       */

      cert.addExtension(new NetscapeSSLServerName(
        getEntry("host name of server", "*.eng.sun.com")));

      String comment = getEntry("A comment for the certificate user", "");
      if (!comment.equals("")) {
    cert.addExtension(new NetscapeComment(comment));
      }
      cert.sign(AlgorithmID.md5WithRSAEncryption,kp.getPrivate());

      X509Certificate[] chain = new X509Certificate[1];
      chain[0] = cert;

      /* encrypt the key and save the cert */
 
View Full Code Here

  subject.addRDN(ObjectID.commonName ,(String) h.get("commonname"));
  subject.addRDN(ObjectID.emailAddress ,(String) h.get("email"));
  subject.addRDN(ObjectID.stateOrProvince,(String) h.get("state"));
  subject.addRDN(ObjectID.locality,(String) h.get("locality"));

  X509Certificate cert = new X509Certificate();
  if (h.containsKey("serial")) {
      cert.setSerialNumber(new BigInteger((String) h.get("serial")));
  } else {
      cert.setSerialNumber(new BigInteger("" + serialNo++));
  }
  cert.setSubjectDN(subject);
  cert.setIssuerDN(serverChain[0].getIssuerDN());

  System.out.println("User cert request generated");
  // System.out.println("Dummy cert request " + cert.toString());

  /*
   * Get the signed public key from the user.
   * This is the base64 decoded string that came back from
   * netscape's KEYGEN param, the SignedPublicKeyAndChallenge.
   */

  String key = (String) h.get("key");
  byte bytes[] = Util.Base64Decode(key.getBytes());
  NetscapeCertRequest nc = null;
  try {
      nc = new  NetscapeCertRequest(bytes);
  } catch (CodingException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  try {
      nc.verify();
  } catch (java.security.SignatureException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  System.out.println("Got cert req: " + nc);
  try {
      cert.setPublicKey(nc.getPublicKey());
  } catch (java.security.InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

  /*
   * set up the validity dates
   */

  GregorianCalendar date = new GregorianCalendar();
  date.add(Calendar.DATE, -1);
  cert.setValidNotBefore(date.getTime())
  date.add(Calendar.MONTH,
    Integer.parseInt((String) h.get("expires")));
  cert.setValidNotAfter(date.getTime());

  /*
   * Add in any cert options.  If none are specified, then the default,
   * which is everything but object signing is used.
   */
 
  int options = 0;
  if (h.get("can_sign") != null) {
      options |= NetscapeCertType.OBJECT_SIGNING;
  }
  if (h.get("can_email") != null) {
      options |= NetscapeCertType.S_MIME;
  }
  if (h.get("can_ssl") != null) {
      options |= NetscapeCertType.SSL_CLIENT;
  }
  if (options != 0) {
      cert.addExtension(new NetscapeCertType(options));
  }

  /*
   * This is the private key out of the server's certificate,
   */

  System.out.println("About to sign cert");
  try {
      cert.sign(AlgorithmID.md5WithRSAEncryption, serverKey);
  } catch (InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  } catch (NoSuchAlgorithmException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  } catch (CertificateException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

  System.out.println("Generated CERT:" + cert.toString(true));

  /*
   * Construct a chain by adding on the server chain
   */

 
View Full Code Here

  }
  if (h.get("can_ssl") != null) {
      options |= NetscapeCertType.SSL_CLIENT;
  }
  if (options != 0) {
      cert.addExtension(new NetscapeCertType(options));
  }

  /*
   * This is the private key out of the server's certificate,
   */
 
View Full Code Here

       * will not recognize this as a CA cert. See:
       * http://home.netscape.com/eng/security/comm4-cert-exts.html
       * for details
       */

      cert.addExtension(new NetscapeCertType(
        NetscapeCertType.SSL_CA |
        NetscapeCertType.SSL_SERVER |
        NetscapeCertType.S_MIME_CA |
        NetscapeCertType.OBJECT_SIGNING_CA)
      );
View Full Code Here

      cert.addExtension(new NetscapeSSLServerName(
        getEntry("host name of server", "*.eng.sun.com")));

      String comment = getEntry("A comment for the certificate user", "");
      if (!comment.equals("")) {
    cert.addExtension(new NetscapeComment(comment));
      }
      cert.sign(AlgorithmID.md5WithRSAEncryption,kp.getPrivate());

      X509Certificate[] chain = new X509Certificate[1];
      chain[0] = cert;
View Full Code Here

TOP

Related Classes of iaik.x509.X509Certificate

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.