Examples of sun.security.x509.X509CertImpl

sun.security.x509.X509CertImpl
The X509CertImpl class represents an X.509 certificate. These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET). There is a commercial infrastructure ready to manage large scale deployments of X.509 identity certificates.
These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.
More recent work includes the IETF PKIX Working Group efforts, especially RFC2459. @author Dave Brownell @author Amit Kapoor @author Hemma Prafullchandra @see X509CertInfo

            }
            if (first)
                is2.mark(is2.available());
            try {
                // treat as X.509 cert
                coll.add(intern(new X509CertImpl(new DerValue(is2))));
            } catch (CertificateException e) {
                Throwable cause = e.getCause();
                // only treat as PKCS#7 if this is the first cert parsed
                // and the root cause of the decoding failure is an IOException
                if (first && cause != null && (cause instanceof IOException)) {

View Full Code Here


        /* update subject DN */
        subjectDN = cert.getSubjectX500Principal();


        /* check for key needing to inherit alg parameters */
        X509CertImpl icert = X509CertImpl.toImpl(cert);
        PublicKey newKey = cert.getPublicKey();
        if (newKey instanceof DSAPublicKey &&
            (((DSAPublicKey)newKey).getParams() == null)) {
            newKey = BasicChecker.makeInheritedParamsKey(newKey, pubKey);
        }


        /* update subject public key */
        pubKey = newKey;


        /*
         * if this is a trusted cert (init == true), then we
         * don't update any of the remaining fields
         */
        if (init) {
            init = false;
            return;
        }


        /* update subject key identifier */
        subjKeyId = icert.getSubjectKeyIdentifierExtension();


        /* update crlSign */
        crlSign = CrlRevocationChecker.certCanSignCrl(cert);


        /* update current name constraints */
        if (nc != null) {
            nc.merge(icert.getNameConstraintsExtension());
        } else {
            nc = icert.getNameConstraintsExtension();
            if (nc != null) {
                // Make sure we do a clone here, because we're probably
                // going to modify this object later and we don't want to
                // be sharing it with a Certificate object!
                nc = (NameConstraintsExtension) nc.clone();

View Full Code Here


    private static final String CERT_FILENAME = "interCA.der";


    public static void main(String[] args) throws Exception {


        X509CertImpl cert = loadCert(CERT_FILENAME);


        /* Compute the hash in the same way as CertId constructor */
        MessageDigest hash = MessageDigest.getInstance("SHA1");
        hash.update(cert.getSubjectX500Principal().getEncoded());
        byte[] expectedHash = hash.digest();


        CertId certId = new CertId(cert, null);
        byte[] receivedHash = certId.getIssuerNameHash();

View Full Code Here

        BufferedInputStream bis =
            new BufferedInputStream(
                new FileInputStream(
                    new File(System.getProperty("test.src", "."), filename)));


        return new X509CertImpl(bis);
    }

View Full Code Here

      .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));


    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);


    // Update the algorith, and resign.
    algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
    info
      .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
           algo);
    cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);
    return cert;
  }

View Full Code Here

        throws CertificateException, IOException, CertPathValidatorException {


        if (cert == null)
            return;


        X509CertImpl icert = X509CertImpl.toImpl(cert);


        /* see if certificate key has null parameters */
        PublicKey newKey = icert.getPublicKey();
        if (newKey instanceof DSAPublicKey &&
            ((DSAPublicKey)newKey).getParams() == null) {
            keyParamsNeededFlag = true;
        }


        /* update certificate */
        this.cert = icert;


        /* update issuer DN */
        issuerDN = cert.getIssuerX500Principal();


        if (!X509CertImpl.isSelfIssued(cert)) {


            /*
             * update traversedCACerts only if this is a non-self-issued
             * intermediate CA cert
             */
            if (!init && cert.getBasicConstraints() != -1) {
                traversedCACerts++;
            }
        }


        /* update subjectNamesTraversed only if this is the EE cert or if
           this cert is not self-issued */
        if (init || !X509CertImpl.isSelfIssued(cert)){
            X500Principal subjName = cert.getSubjectX500Principal();
            subjectNamesTraversed.add(X500Name.asX500Name(subjName));


            try {
                SubjectAlternativeNameExtension subjAltNameExt
                    = icert.getSubjectAlternativeNameExtension();
                if (subjAltNameExt != null) {
                    GeneralNames gNames = (GeneralNames)
                        subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
                    for (Iterator<GeneralName> t = gNames.iterator();
                                t.hasNext(); ) {

View Full Code Here

                reverseCertList.add(0, c);
            }


            boolean policyMappingFound = false;
            for (X509Certificate cpListCert : reverseCertList) {
                X509CertImpl cpListCertImpl = X509CertImpl.toImpl(cpListCert);
                PolicyMappingsExtension policyMappingsExt =
                        cpListCertImpl.getPolicyMappingsExtension();
                if (policyMappingsExt != null) {
                    policyMappingFound = true;
                }
                if (debug != null)
                    debug.println("policyMappingFound = " + policyMappingFound);
                if (cert.equals(cpListCert)){
                    if ((buildParams.isPolicyMappingInhibited()) ||
                        (!policyMappingFound)){
                        if (debug != null)
                            debug.println("loop detected!!");
                        throw new CertPathValidatorException("loop detected");
                    }
                }
            }
        }


        /* check if target cert */
        boolean finalCert = cert.getSubjectX500Principal().equals(targetSubjectDN);


        /* check if CA cert */
        boolean caCert = (cert.getBasicConstraints() != -1 ? true : false);


        /* if there are more certs to follow, verify certain constraints */
        if (!finalCert) {


            /* check if CA cert */
            if (!caCert)
                throw new CertPathValidatorException("cert is NOT a CA cert");


            /* If the certificate was not self-issued, verify that
             * remainingCerts is greater than zero
             */
            if ((currentState.remainingCACerts <= 0) && !X509CertImpl.isSelfIssued(cert)) {
                    throw new CertPathValidatorException
                        ("pathLenConstraint violated, path too long");
            }


            /*
             * Check keyUsage extension (only if CA cert and not final cert)
             */
            KeyChecker.verifyCAKeyUsage(cert);


        } else {


            /*
             * If final cert, check that it satisfies specified target
             * constraints
             */
            if (targetCertConstraints.match(cert) == false) {
                throw new CertPathValidatorException("target certificate " +
                    "constraints check failed");
            }
        }


        /*
         * Check revocation.
         */
        if (buildParams.isRevocationEnabled()) {


            currentState.crlChecker.check(cert,
                                          currentState.pubKey,
                                          currentState.crlSign);
        }


        /* Check name constraints if this is not a self-issued cert */
        if (finalCert || !X509CertImpl.isSelfIssued(cert)){
            if (currentState.nc != null){
                try {
                    if (!currentState.nc.verify(cert)){
                        throw new CertPathValidatorException
                            ("name constraints check failed");
                    }
                } catch (IOException ioe){
                    throw new CertPathValidatorException(ioe);
                }
            }
        }


        /*
         * Check policy
         */
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        currentState.rootNode = PolicyChecker.processPolicies
            (currentState.certIndex, initPolicies,
            currentState.explicitPolicy, currentState.policyMapping,
            currentState.inhibitAnyPolicy,
            buildParams.getPolicyQualifiersRejected(), currentState.rootNode,

View Full Code Here

     */
    static boolean getNetscapeCertTypeBit(X509Certificate cert, String type) {
        try {
            NetscapeCertTypeExtension ext;
            if (cert instanceof X509CertImpl) {
                X509CertImpl certImpl = (X509CertImpl)cert;
                ObjectIdentifier oid = OBJID_NETSCAPE_CERT_TYPE;
                ext = (NetscapeCertTypeExtension)certImpl.getExtension(oid);
                if (ext == null) {
                    return true;
                }
            } else {
                byte[] extVal = cert.getExtensionValue(OID_NETSCAPE_CERT_TYPE);

View Full Code Here


        /* update subject DN */
        subjectDN = cert.getSubjectX500Principal();


        /* check for key needing to inherit alg parameters */
        X509CertImpl icert = X509CertImpl.toImpl(cert);
        PublicKey newKey = cert.getPublicKey();
        if (newKey instanceof DSAPublicKey &&
            (((DSAPublicKey)newKey).getParams() == null)) {
            newKey = BasicChecker.makeInheritedParamsKey(newKey, pubKey);
        }


        /* update subject public key */
        pubKey = newKey;


        /*
         * if this is a trusted cert (init == true), then we
         * don't update any of the remaining fields
         */
        if (init) {
            init = false;
            return;
        }


        /* update subject key identifier */
        subjKeyId = icert.getSubjectKeyIdentifierExtension();


        /* update crlSign */
        crlSign = CrlRevocationChecker.certCanSignCrl(cert);


        /* update current name constraints */
        if (nc != null) {
            nc.merge(icert.getNameConstraintsExtension());
        } else {
            nc = icert.getNameConstraintsExtension();
            if (nc != null) {
                // Make sure we do a clone here, because we're probably
                // going to modify this object later and we don't want to
                // be sharing it with a Certificate object!
                nc = (NameConstraintsExtension) nc.clone();

View Full Code Here

         * certificate)))
         */
        if (certPathList != null) {
            boolean policyMappingFound = false;
            for (X509Certificate cpListCert : certPathList) {
                X509CertImpl cpListCertImpl = X509CertImpl.toImpl(cpListCert);
                PolicyMappingsExtension policyMappingsExt
                    = cpListCertImpl.getPolicyMappingsExtension();
                if (policyMappingsExt != null) {
                    policyMappingFound = true;
                }
                if (debug != null) {
                    debug.println("policyMappingFound = " + policyMappingFound);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of sun.security.x509.X509CertImpl

CheckCertId

com.android.builder.signing.SignedJarBuilder

com.caucho.vfs.SelfSignedCert

com.intel.mtwilson.crypto.X509Builder

com.subgraph.vega.internal.http.proxy.ssl.CertificateCreator

com.sun.crypto.provider.KeyProtector

com.sun.enterprise.iiop.security.SecClientRequestInterceptor

com.sun.enterprise.iiop.security.SecServerRequestInterceptor

com.sun.enterprise.iiop.security.SecurityMechanismSelector

com.sun.enterprise.security.auth.login.LoginContextDriver

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.