Package iaik.x509.extensions.netscape

Examples of iaik.x509.extensions.netscape.NetscapeCertType


   * netscape's KEYGEN param, the SignedPublicKeyAndChallenge.
   */

  String key = (String) h.get("key");
  byte bytes[] = Util.Base64Decode(key.getBytes());
  NetscapeCertRequest nc = null;
  try {
      nc = new  NetscapeCertRequest(bytes);
  } catch (CodingException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  try {
      nc.verify();
  } catch (java.security.SignatureException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  System.out.println("Got cert req: " + nc);
  try {
      cert.setPublicKey(nc.getPublicKey());
  } catch (java.security.InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

View Full Code Here


  issuer.addRDN(ObjectID.commonName,
    getEntry("server name","foo.bar.com"));
   
  /* create the cert */

  X509Certificate cert =  new X509Certificate();
  try {
      cert.setSerialNumber(new BigInteger(20, new Random()));
      cert.setSubjectDN(issuer);
      cert.setIssuerDN(issuer);
      cert.setPublicKey(kp.getPublic());

      GregorianCalendar date = new GregorianCalendar();
      date.add(Calendar.DATE, -1);
      cert.setValidNotBefore(date.getTime());
      date.add(Calendar.MONTH,
    Integer.parseInt(getEntry("time of validity (months)","6")));
      cert.setValidNotAfter(date.getTime());

      /*
       * Specify what functions this certificate is good for.  If this
       * (Or the basicConstraint CA field) is not set, then netscape
       * will not recognize this as a CA cert. See:
       * http://home.netscape.com/eng/security/comm4-cert-exts.html
       * for details
       */

      cert.addExtension(new NetscapeCertType(
        NetscapeCertType.SSL_CA |
        NetscapeCertType.SSL_SERVER |
        NetscapeCertType.S_MIME_CA |
        NetscapeCertType.OBJECT_SIGNING_CA)
      );

      /*
       * If this certificate is to be used by an ssl server,
       * then add the following:
       */

      cert.addExtension(new NetscapeSSLServerName(
        getEntry("host name of server", "*.eng.sun.com")));

      String comment = getEntry("A comment for the certificate user", "");
      if (!comment.equals("")) {
    cert.addExtension(new NetscapeComment(comment));
      }
      cert.sign(AlgorithmID.md5WithRSAEncryption,kp.getPrivate());

      X509Certificate[] chain = new X509Certificate[1];
      chain[0] = cert;

      /* encrypt the key and save the cert */
 
View Full Code Here

  subject.addRDN(ObjectID.commonName ,(String) h.get("commonname"));
  subject.addRDN(ObjectID.emailAddress ,(String) h.get("email"));
  subject.addRDN(ObjectID.stateOrProvince,(String) h.get("state"));
  subject.addRDN(ObjectID.locality,(String) h.get("locality"));

  X509Certificate cert = new X509Certificate();
  if (h.containsKey("serial")) {
      cert.setSerialNumber(new BigInteger((String) h.get("serial")));
  } else {
      cert.setSerialNumber(new BigInteger("" + serialNo++));
  }
  cert.setSubjectDN(subject);
  cert.setIssuerDN(serverChain[0].getIssuerDN());

  System.out.println("User cert request generated");
  // System.out.println("Dummy cert request " + cert.toString());

  /*
   * Get the signed public key from the user.
   * This is the base64 decoded string that came back from
   * netscape's KEYGEN param, the SignedPublicKeyAndChallenge.
   */

  String key = (String) h.get("key");
  byte bytes[] = Util.Base64Decode(key.getBytes());
  NetscapeCertRequest nc = null;
  try {
      nc = new  NetscapeCertRequest(bytes);
  } catch (CodingException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  try {
      nc.verify();
  } catch (java.security.SignatureException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  System.out.println("Got cert req: " + nc);
  try {
      cert.setPublicKey(nc.getPublicKey());
  } catch (java.security.InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

  /*
   * set up the validity dates
   */

  GregorianCalendar date = new GregorianCalendar();
  date.add(Calendar.DATE, -1);
  cert.setValidNotBefore(date.getTime())
  date.add(Calendar.MONTH,
    Integer.parseInt((String) h.get("expires")));
  cert.setValidNotAfter(date.getTime());

  /*
   * Add in any cert options.  If none are specified, then the default,
   * which is everything but object signing is used.
   */
 
  int options = 0;
  if (h.get("can_sign") != null) {
      options |= NetscapeCertType.OBJECT_SIGNING;
  }
  if (h.get("can_email") != null) {
      options |= NetscapeCertType.S_MIME;
  }
  if (h.get("can_ssl") != null) {
      options |= NetscapeCertType.SSL_CLIENT;
  }
  if (options != 0) {
      cert.addExtension(new NetscapeCertType(options));
  }

  /*
   * This is the private key out of the server's certificate,
   */

  System.out.println("About to sign cert");
  try {
      cert.sign(AlgorithmID.md5WithRSAEncryption, serverKey);
  } catch (InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  } catch (NoSuchAlgorithmException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  } catch (CertificateException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

  System.out.println("Generated CERT:" + cert.toString(true));

  /*
   * Construct a chain by adding on the server chain
   */

 
View Full Code Here

  }
  if (h.get("can_ssl") != null) {
      options |= NetscapeCertType.SSL_CLIENT;
  }
  if (options != 0) {
      cert.addExtension(new NetscapeCertType(options));
  }

  /*
   * This is the private key out of the server's certificate,
   */
 
View Full Code Here

       * will not recognize this as a CA cert. See:
       * http://home.netscape.com/eng/security/comm4-cert-exts.html
       * for details
       */

      cert.addExtension(new NetscapeCertType(
        NetscapeCertType.SSL_CA |
        NetscapeCertType.SSL_SERVER |
        NetscapeCertType.S_MIME_CA |
        NetscapeCertType.OBJECT_SIGNING_CA)
      );
View Full Code Here

      cert.addExtension(new NetscapeSSLServerName(
        getEntry("host name of server", "*.eng.sun.com")));

      String comment = getEntry("A comment for the certificate user", "");
      if (!comment.equals("")) {
    cert.addExtension(new NetscapeComment(comment));
      }
      cert.sign(AlgorithmID.md5WithRSAEncryption,kp.getPrivate());

      X509Certificate[] chain = new X509Certificate[1];
      chain[0] = cert;
View Full Code Here

      /*
       * If this certificate is to be used by an ssl server,
       * then add the following:
       */

      cert.addExtension(new NetscapeSSLServerName(
        getEntry("host name of server", "*.eng.sun.com")));

      String comment = getEntry("A comment for the certificate user", "");
      if (!comment.equals("")) {
    cert.addExtension(new NetscapeComment(comment));
View Full Code Here

TOP

Related Classes of iaik.x509.extensions.netscape.NetscapeCertType

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.