Examples of X509Certificate

  • java.security.cert.X509Certificate
    etf.org/rfc/rfc2459.txt"> http://www.ietf.org/rfc/rfc2459.txt .

    The ASN.1 definition of tbsCertificate is:

     TBSCertificate  ::=  SEQUENCE  { version         [0]  EXPLICIT Version DEFAULT v1, serialNumber         CertificateSerialNumber, signature            AlgorithmIdentifier, issuer               Name, validity             Validity, subject              Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 extensions      [3]  EXPLICIT Extensions OPTIONAL -- If present, version must be v3 } 

    Certificates are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 certificate:

      InputStream inStream = new FileInputStream("fileName-of-cert"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); inStream.close(); 
    @author Hemma Prafullchandra @version 1.40 @see Certificate @see CertificateFactory @see X509Extension
  • javax.security.cert.X509Certificate
    Abstract class for X.509 v1 certificates. This provides a standard way to access all the version 1 attributes of an X.509 certificate. Attributes that are specific to X.509 v2 or v3 are not available through this interface. Future API evolution will provide full access to complete X.509 v3 attributes.

    The basic X.509 format was defined by ISO/IEC and ANSI X9 and is described below in ASN.1:

     Certificate  ::=  SEQUENCE  { tbsCertificate       TBSCertificate, signatureAlgorithm   AlgorithmIdentifier, signature            BIT STRING  } 

    These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET).

    These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. CAs act as trusted third parties, making introductions between principals who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.

    The ASN.1 definition of {@code tbsCertificate} is:

     TBSCertificate  ::=  SEQUENCE  { version         [0]  EXPLICIT Version DEFAULT v1, serialNumber         CertificateSerialNumber, signature            AlgorithmIdentifier, issuer               Name, validity             Validity, subject              Name, subjectPublicKeyInfo SubjectPublicKeyInfo, } 

    Here is sample code to instantiate an X.509 certificate:

     InputStream inStream = new FileInputStream("fileName-of-cert"); X509Certificate cert = X509Certificate.getInstance(inStream); inStream.close(); 
    OR
     byte[] certData = <certificate read from a file, say> X509Certificate cert = X509Certificate.getInstance(certData); 

    In either case, the code that instantiates an X.509 certificate consults the value of the {@code cert.provider.x509v1} security propertyto locate the actual implementation or instantiates a default implementation.

    The {@code cert.provider.x509v1} property is set to a defaultimplementation for X.509 such as:

     cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl 

    The value of this {@code cert.provider.x509v1} property has to bechanged to instantiate another implementation. If this security property is not set, a default implementation will be used. Currently, due to possible security restrictions on access to Security properties, this value is looked up and cached at class initialization time and will fallback on a default implementation if the Security property is not accessible.

    Note: The classes in the package {@code javax.security.cert}exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE). New applications should instead use the standard Java SE certificate classes located in {@code java.security.cert}.

    @author Hemma Prafullchandra @since 1.4 @see Certificate @see java.security.cert.X509Extension @see java.security.Security security properties
  • net.rim.device.api.crypto.certificate.x509.X509Certificate
    Implements a X.509v3 certificate according to the following ASN.1 data structure:

     Certificate  ::=  SEQUENCE  { tbsCertificate			TBSCertificate, signatureAlgorithm		AlgorithmIdentifier, signatureValue      	BIT STRING } 
    If you want to create a certificate, follow these steps:
  • create a {@link X509TBSCertificate X509TBSCertificate} object and fillit with sensible data
  • call the {@link #X509Certificate(X509TBSCertificate)} constructor andpass the tbsCertificate as an argument
  • call {@link #setSignature(byte[]) setSignature} with a pre-computedsignature of the tbsCertificate
  • {@link #getEncoded() getEncoded()} will return the DER-encodedcertificate as a Byte array.

    Example:

     PrivateKey CASigningKey = ...; X509Certificate CASignatureCert = ...; PublicKey subjectPublicKey = ...; Name issuerDN = new Name("cn=My CA, c=DE"); Name subjectDN = new Name("cn=Myself, c=DE"); Calendar validFrom = ...; Calendar validUntil = ...; X509TBSCertificate tbs = new X509TBSCertificate(); tbs.setSerialNumber(new BigInteger("1")); tbs.setSubjectPublicKey(subjectPublicKey); tbs.setSubjectDN(subjectDN); tbs.setIssuerDN(issuerDN); tbs.setNotBefore(validFrom); tbs.setNotAfter(validUntil); X509Certificate theCert = new X509Certificate(tbs); Signature mySig = Signature.getInstance(...); mySig.initSign(CASigningKey); theCert.sign(mySig, CASignatureCert); 
    @author Markus Tak
  • org.opensaml.xml.signature.X509Certificate
    XMLObject representing XML Digital Signature, version 20020212, X509Certificate element.

  • Examples of com.maverick.crypto.asn1.x509.X509Certificate

            try {

                boolean trusted = false;

                X509Certificate chainCert;
                while (in.available() > 0 && !trusted) {
                    // The length of the next certificate (we dont need this as rthe
                    // DERInputStream does the work
                    int certlen = (in.read() & 0xFF) << 16 | (in.read() & 0xFF) << 8 | (in.read() & 0xFF);

                    // Now read the certificate
                    DERInputStream der = new DERInputStream(in);

                    ASN1Sequence certificate = (ASN1Sequence) der.readObject();

                    // Get the x509 certificate structure
                    chainCert = new X509Certificate(X509CertificateStructure.getInstance(certificate));

                    if (x509 == null)
                        x509 = chainCert;

                    // Verify if this part of the chain is trusted
    View Full Code Here

    Examples of com.maverick.crypto.asn1.x509.X509Certificate

                DERInputStream der = new DERInputStream(new FileInputStream("c:/exported.cer")); //$NON-NLS-1$

                ASN1Sequence certificate = (ASN1Sequence) der.readObject();

                // Get the x509 certificate structure
                X509Certificate x509 = new X509Certificate(X509CertificateStructure.getInstance(certificate));

                System.out.println(x509.getIssuerDN());
                System.out.println(x509.getSubjectDN());
                ssl.getTrustedCACerts().isTrustedCertificate(x509, true, true);
            } catch (Exception ex) {
                ex.printStackTrace();
            }
    View Full Code Here

    Examples of com.maverick.crypto.asn1.x509.X509Certificate

                        throws SSLException {
            try {
                if (CertificateStore.getInstance().contains(x509.getIssuerDN().toString())) {


                    X509Certificate trusted = (X509Certificate) CertificateStore.getInstance().get(x509.getIssuerDN().toString());

                    // Verify the signature of the certificate with the trusted
                    // certificate
                    PublicKey publickey = trusted.getPublicKey();

                    if (publickey instanceof RsaPublicKey) {
                        // Verify the signature
                        if (x509.getSigAlgName().equals("MD5WithRSAEncryption")) { //$NON-NLS-1$

                            try {
                                byte[] blob = x509.getSignature();

                                // Check for signed bit
                                if ((blob[0] & 0x80) == 0x80) {
                                    blob = new byte[x509.getSignature().length + 1];
                                    blob[0] = 0;
                                    System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
                                }

                                BigInteger input = new BigInteger(blob);
                                RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();
                                BigInteger decoded = Rsa.doPublic(input, r.getModulus(), r.getPublicExponent());
                                BigInteger result = Rsa.removePKCS1(decoded, 0x01);
                                byte[] sig = result.toByteArray();

                                MD5Digest digest = new MD5Digest();
                                digest.update(x509.getTBSCertificate(), 0, x509.getTBSCertificate().length);
                                byte[] hash = new byte[digest.getDigestSize()];
                                digest.doFinal(hash, 0);

                                DERInputStream der = new DERInputStream(new ByteArrayInputStream(sig));

                                ASN1Sequence o = (ASN1Sequence) der.readObject();

                                ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);

                                DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
                                ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);

                                byte[] actual = o3.getOctets();

                                for (int i = 0; i < actual.length; i++) {
                                    if (actual[i] != hash[i]) {
                                        return false;
                                    }
                                }

                            } catch (IOException ex1) {
                                throw new SSLException(SSLException.INTERNAL_ERROR, ex1.getMessage());
                            }

                        } else if (x509.getSigAlgName().equals("SHA1WithRSAEncryption")) { //$NON-NLS-1$

                            try {
                                byte[] blob = x509.getSignature();

                                // Check for signed bit
                                if ((blob[0] & 0x80) == 0x80) {
                                    blob = new byte[x509.getSignature().length + 1];
                                    blob[0] = 0;
                                    System.arraycopy(x509.getSignature(), 0, blob, 1, x509.getSignature().length);
                                }

                                BigInteger input = new BigInteger(blob);
                                RsaPublicKey r = (RsaPublicKey) trusted.getPublicKey();

                                BigInteger decoded = Rsa.doPublic(input, r.getModulus(), r.getPublicExponent());

                                BigInteger result = Rsa.removePKCS1(decoded, 0x01);
                                byte[] sig = result.toByteArray();

                                SHA1Digest digest = new SHA1Digest();
                                digest.update(x509.getTBSCertificate(), 0, x509.getTBSCertificate().length);
                                byte[] hash = new byte[digest.getDigestSize()];
                                digest.doFinal(hash, 0);

                                DERInputStream der = new DERInputStream(new ByteArrayInputStream(sig));

                                ASN1Sequence o = (ASN1Sequence) der.readObject();

                                ASN1Sequence o1 = (ASN1Sequence) o.getObjectAt(0);

                                DERObjectIdentifier o2 = (DERObjectIdentifier) o1.getObjectAt(0);
                                ASN1OctetString o3 = (ASN1OctetString) o.getObjectAt(1);

                                byte[] actual = o3.getOctets();

                                for (int i = 0; i < actual.length; i++) {
                                    if (actual[i] != hash[i]) {
                                        return false;
                                    }
                                }

                            } catch (IOException ex1) {
                                throw new SSLException(SSLException.INTERNAL_ERROR, ex1.getMessage());
                            }

                        } else
                            throw new SSLException(SSLException.UNSUPPORTED_CERTIFICATE,
                                MessageFormat.format(Messages.getString("TrustedCACertStore.signatureAlgorithmNotSupported"), new Object[] { x509.getSigAlgName() })); //$NON-NLS-1$

                        // Verify the validity
                        try {
                            trusted.checkValidity();
                            x509.checkValidity();
                        } catch (CertificateException ex2) {
                            if (allowInvalidCertificates) {
                                return true;
                            } else {
    View Full Code Here

    Examples of com.maverick.crypto.asn1.x509.X509Certificate

                der = new DERInputStream(in);

                ASN1Sequence certificate = (ASN1Sequence) der.readObject();

                X509Certificate x509 = new X509Certificate(X509CertificateStructure.getInstance(certificate));

                if (certificates.containsKey(x509.getSubjectDN().toString())) {
                    // #ifdef DEBUG
                    if (log.isDebugEnabled())
                        log.debug(Messages.getString("CertificateStore.alreadyExists") + x509.getSubjectDN().toString()); //$NON-NLS-1$
                    // #endif
                } else {
                    // #ifdef DEBUG
                    if (log.isDebugEnabled())
                        log.debug(MessageFormat.format(Messages.getString("CertificateStore.addingTrustedCA"), new Object[] { x509.getSubjectDN().toString() })); //$NON-NLS-1$
                    // #endif
                    certificates.put(x509.getSubjectDN().toString(), x509);
                }
            } catch (Exception ex) {
                ex.printStackTrace();
            } finally {
                try {
    View Full Code Here

    Examples of com.sequenceiq.cloudbreak.service.stack.connector.azure.X509Certificate

        public String getVmName(String azureTemplate, int i) {
            return String.format("%s-%s", azureTemplate, i);
        }

        protected X509Certificate createX509Certificate(AzureCredential azureCredential, String emailAsFolder) throws FileNotFoundException, CertificateException {
            return new X509Certificate(AzureCertificateService.getCerFile(emailAsFolder, azureCredential.getId()));
        }
    View Full Code Here

    Examples of iaik.x509.X509Certificate

      issuer.addRDN(ObjectID.commonName,
        getEntry("server name","foo.bar.com"));
       
      /* create the cert */

      X509Certificate cert =  new X509Certificate();
      try {
          cert.setSerialNumber(new BigInteger(20, new Random()));
          cert.setSubjectDN(issuer);
          cert.setIssuerDN(issuer);
          cert.setPublicKey(kp.getPublic());

          GregorianCalendar date = new GregorianCalendar();
          date.add(Calendar.DATE, -1);
          cert.setValidNotBefore(date.getTime());
          date.add(Calendar.MONTH,
        Integer.parseInt(getEntry("time of validity (months)","6")));
          cert.setValidNotAfter(date.getTime());

          /*
           * Specify what functions this certificate is good for.  If this
           * (Or the basicConstraint CA field) is not set, then netscape
           * will not recognize this as a CA cert. See:
           * http://home.netscape.com/eng/security/comm4-cert-exts.html
           * for details
           */

          cert.addExtension(new NetscapeCertType(
            NetscapeCertType.SSL_CA |
            NetscapeCertType.SSL_SERVER |
            NetscapeCertType.S_MIME_CA |
            NetscapeCertType.OBJECT_SIGNING_CA)
          );

          /*
           * If this certificate is to be used by an ssl server,
           * then add the following:
           */

          cert.addExtension(new NetscapeSSLServerName(
            getEntry("host name of server", "*.eng.sun.com")));

          String comment = getEntry("A comment for the certificate user", "");
          if (!comment.equals("")) {
        cert.addExtension(new NetscapeComment(comment));
          }
          cert.sign(AlgorithmID.md5WithRSAEncryption,kp.getPrivate());

          X509Certificate[] chain = new X509Certificate[1];
          chain[0] = cert;

          /* encrypt the key and save the cert */
     
    View Full Code Here

    Examples of java.security.cert.X509Certificate

       
        certificateGenerator.setNotBefore(Calendar.getInstance().getTime());
       
        certificateGenerator.setPublicKey( pair.getPublic());
       
        X509Certificate certificate = certificateGenerator.generateX509Certificate(pair.getPrivate());
       
        java.security.cert.Certificate[] certChain = {(java.security.cert.Certificate) certificate };

        manager.addCertToKeyStore( alias, pair.getPrivate(), certChain );
       
    View Full Code Here

    Examples of java.security.cert.X509Certificate

                signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue();
                // Get the signing certificate
                ASN1Sequence issuerAndSerialNumber = (ASN1Sequence)signerInfo.getObjectAt(1);
                BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue();
                for (Iterator i = certs.iterator(); i.hasNext();) {
                    X509Certificate cert = (X509Certificate)i.next();
                    if (serialNumber.equals(cert.getSerialNumber())) {
                        signCert = cert;
                        break;
                    }
                }
                if (signCert == null) {
    View Full Code Here

    Examples of java.security.cert.X509Certificate

         */   
        public static Object[] verifyCertificates(Certificate certs[], KeyStore keystore, Collection crls, Calendar calendar) {
            if (calendar == null)
                calendar = new GregorianCalendar();
            for (int k = 0; k < certs.length; ++k) {
                X509Certificate cert = (X509Certificate)certs[k];
                String err = verifyCertificate(cert, crls, calendar);
                if (err != null)
                    return new Object[]{cert, err};
                try {
                    for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
                        try {
                            String alias = (String)aliases.nextElement();
                            if (!keystore.isCertificateEntry(alias))
                                continue;
                            X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
                            if (verifyCertificate(certStoreX509, crls, calendar) != null)
                                continue;
                            try {
                                cert.verify(certStoreX509.getPublicKey());
                                return null;
                            }
                            catch (Exception e) {
                                continue;
                            }
                        }
                        catch (Exception ex) {
                        }
                    }
                }
                catch (Exception e) {
                }
                int j;
                for (j = 0; j < certs.length; ++j) {
                    if (j == k)
                        continue;
                    X509Certificate certNext = (X509Certificate)certs[j];
                    try {
                        cert.verify(certNext.getPublicKey());
                        break;
                    }
                    catch (Exception e) {
                    }
                }
    View Full Code Here

    Examples of java.security.cert.X509Certificate

            BigInteger      serialNumber = isAnds.getCertificateSerialNumber().getValue();
            X509Principal   issuer = new X509Principal(isAnds.getName());

            for (Iterator i = certs.iterator();i.hasNext();)
            {
                X509Certificate cert = (X509Certificate)i.next();
                if (serialNumber.equals(cert.getSerialNumber())
                        && issuer.equals(cert.getIssuerDN()))
                {
                    signCert = cert;
                    break;
                }
            }
    View Full Code Here
    TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.