sun.security.x509.X500Name Java Examples

/**
 * Returns the X.509 certificate listed in this PKCS7 block
 * which has a matching serial number and Issuer name, or
 * null if one is not found.
 *
 * @param serial the serial number of the certificate to retrieve.
 * @param issuerName the Distinguished Name of the Issuer.
 */
public X509Certificate getCertificate(BigInteger serial, X500Name issuerName) {
    if (certificates != null) {
        if (certIssuerNames == null)
            populateCertIssuerNames();
        for (int i = 0; i < certificates.length; i++) {
            X509Certificate cert = certificates[i];
            BigInteger thisSerial = cert.getSerialNumber();
            if (serial.equals(thisSerial)
                && issuerName.equals(certIssuerNames[i]))
            {
                return cert;
            }
        }
    }
    return null;
}
 

public SignerInfo(X500Name  issuerName,
                  BigInteger serial,
                  AlgorithmId digestAlgorithmId,
                  PKCS9Attributes authenticatedAttributes,
                  AlgorithmId digestEncryptionAlgorithmId,
                  byte[] encryptedDigest,
                  PKCS9Attributes unauthenticatedAttributes) {
    this.version = BigInteger.ONE;
    this.issuerName = issuerName;
    this.certificateSerialNumber = serial;
    this.digestAlgorithmId = digestAlgorithmId;
    this.authenticatedAttributes = authenticatedAttributes;
    this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId;
    this.encryptedDigest = encryptedDigest;
    this.unauthenticatedAttributes = unauthenticatedAttributes;
}
 

/**
 * Compares the specified Object with this <code>X500Principal</code>
 * for equality.
 *
 * <p>
 *
 * @param o Object to be compared for equality with this
 *          <code>X500Principal</code>.
 *
 * @return true if the specified Object is equal equal to this
 *          <code>X500Principal</code>.
 */
public boolean equals(Object o) {
    if (o == null)
        return false;

    if (this == o)
        return true;

    if (o instanceof X500Principal) {
        X500Principal that = (X500Principal)o;
        try {
            X500Name thatX500Name = new X500Name(that.getName());
            return thisX500Name.equals(thatX500Name);
        } catch (Exception e) {
            // any parsing exceptions, return false
            return false;
        }
    } else if (o instanceof Principal) {
        // this will return 'true' if 'o' is a sun.security.x509.X500Name
        // and the X500Names are equal
        return o.equals(thisX500Name);
    }

    return false;
}
 

/**
 * Return the subject of a certificate as X500Name, by reparsing if
 * necessary. X500Name should only be used if access to name components
 * is required, in other cases X500Principal is to be preferred.
 *
 * This method is currently used from within JSSE, do not remove.
 */
public static X500Name getSubjectX500Name(X509Certificate cert)
        throws CertificateParsingException {
    try {
        Principal subjectDN = cert.getSubjectDN();
        if (subjectDN instanceof X500Name) {
            return (X500Name)subjectDN;
        } else {
            X500Principal subjectX500 = cert.getSubjectX500Principal();
            return new X500Name(subjectX500.getEncoded());
        }
    } catch (IOException e) {
        throw(CertificateParsingException)
            new CertificateParsingException().initCause(e);
    }
}
 

/** Write the certificate file with a digital signature. */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
        PrivateKey privateKey)
        throws IOException, GeneralSecurityException {
    SignerInfo signerInfo = new SignerInfo(
            new X500Name(publicKey.getIssuerX500Principal().getName()),
            publicKey.getSerialNumber(),
            AlgorithmId.get(DIGEST_ALGORITHM),
            AlgorithmId.get(privateKey.getAlgorithm()),
            signature.sign());

    PKCS7 pkcs7 = new PKCS7(
            new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) },
            new ContentInfo(ContentInfo.DATA_OID, null),
            new X509Certificate[] { publicKey },
            new SignerInfo[] { signerInfo });

    pkcs7.encodeSignedData(mOutputJar);
}
 

/**
 * Return the subject of a certificate as X500Name, by reparsing if
 * necessary. X500Name should only be used if access to name components
 * is required, in other cases X500Principal is to be preferred.
 *
 * This method is currently used from within JSSE, do not remove.
 */
public static X500Name getSubjectX500Name(X509Certificate cert)
        throws CertificateParsingException {
    try {
        Principal subjectDN = cert.getSubjectDN();
        if (subjectDN instanceof X500Name) {
            return (X500Name)subjectDN;
        } else {
            X500Principal subjectX500 = cert.getSubjectX500Principal();
            return new X500Name(subjectX500.getEncoded());
        }
    } catch (IOException e) {
        throw(CertificateParsingException)
            new CertificateParsingException().initCause(e);
    }
}
 

/**
 * Parse an argument of the form passed to setIssuerNames,
 * returning a Collection of issuerX500Principals.
 * Throw an IOException if the argument is malformed.
 *
 * @param names a {@code Collection} of names. Each entry is a
 *              String or a byte array (the name, in string or ASN.1
 *              DER encoded form, respectively). <Code>Null</Code> is
 *              not an acceptable value.
 * @return a HashSet of issuerX500Principals
 * @throws IOException if a parsing error occurs
 */
private static HashSet<X500Principal> parseIssuerNames(Collection<Object> names)
throws IOException {
    HashSet<X500Principal> x500Principals = new HashSet<X500Principal>();
    for (Iterator<Object> t = names.iterator(); t.hasNext(); ) {
        Object nameObject = t.next();
        if (nameObject instanceof String) {
            x500Principals.add(new X500Name((String)nameObject).asX500Principal());
        } else {
            try {
                x500Principals.add(new X500Principal((byte[])nameObject));
            } catch (IllegalArgumentException e) {
                throw (IOException)new IOException("Invalid name").initCause(e);
            }
        }
    }
    return x500Principals;
}
 

/**
 * Write the certificate file with a digital signature.
 */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
                                 PrivateKey privateKey)
        throws IOException, GeneralSecurityException {
    SignerInfo signerInfo = new SignerInfo(
            new X500Name(publicKey.getIssuerX500Principal().getName()),
            publicKey.getSerialNumber(),
            AlgorithmId.get(DIGEST_ALGORITHM),
            AlgorithmId.get(privateKey.getAlgorithm()),
            signature.sign());
    PKCS7 pkcs7 = new PKCS7(
            new AlgorithmId[]{AlgorithmId.get(DIGEST_ALGORITHM)},
            new ContentInfo(ContentInfo.DATA_OID, null),
            new X509Certificate[]{publicKey},
            new SignerInfo[]{signerInfo});
    pkcs7.encodeSignedData(mOutputJar);
}
 

public SignerInfo(X500Name  issuerName,
                  BigInteger serial,
                  AlgorithmId digestAlgorithmId,
                  PKCS9Attributes authenticatedAttributes,
                  AlgorithmId digestEncryptionAlgorithmId,
                  byte[] encryptedDigest,
                  PKCS9Attributes unauthenticatedAttributes) {
    this.version = BigInteger.ONE;
    this.issuerName = issuerName;
    this.certificateSerialNumber = serial;
    this.digestAlgorithmId = digestAlgorithmId;
    this.authenticatedAttributes = authenticatedAttributes;
    this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId;
    this.encryptedDigest = encryptedDigest;
    this.unauthenticatedAttributes = unauthenticatedAttributes;
}
 

private X509Certificate generateCertificate(final KeyPair pair, final String alias) throws GeneralSecurityException, IOException {
    final X509CertInfo info = new X509CertInfo();
    final X500Name name = new X500Name("dc=" + alias);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(256, RND)));
    info.set(X509CertInfo.SUBJECT, name);
    info.set(X509CertInfo.ISSUER, name);
    info.set(X509CertInfo.VALIDITY,
            new CertificateValidity(Date.from(Instant.now().minus(1, ChronoUnit.DAYS)),
                    Date.from(Instant.now().plus(730, ChronoUnit.DAYS))));
    info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID,
            new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid)));

    final X509CertImpl cert = new X509CertImpl(info);
    cert.sign(pair.getPrivate(), AlgorithmId.sha256WithRSAEncryption_oid.toString());

    return cert;
}
 

/**
 * Returns the X.509 certificate listed in this PKCS7 block
 * which has a matching serial number and Issuer name, or
 * null if one is not found.
 *
 * @param serial the serial number of the certificate to retrieve.
 * @param issuerName the Distinguished Name of the Issuer.
 */
public X509Certificate getCertificate(BigInteger serial, X500Name issuerName) {
    if (certificates != null) {
        if (certIssuerNames == null)
            populateCertIssuerNames();
        for (int i = 0; i < certificates.length; i++) {
            X509Certificate cert = certificates[i];
            BigInteger thisSerial = cert.getSerialNumber();
            if (serial.equals(thisSerial)
                && issuerName.equals(certIssuerNames[i]))
            {
                return cert;
            }
        }
    }
    return null;
}
 

/**
 * Parse an argument of the form passed to setIssuerNames,
 * returning a Collection of issuerX500Principals.
 * Throw an IOException if the argument is malformed.
 *
 * @param names a {@code Collection} of names. Each entry is a
 *              String or a byte array (the name, in string or ASN.1
 *              DER encoded form, respectively). <Code>Null</Code> is
 *              not an acceptable value.
 * @return a HashSet of issuerX500Principals
 * @throws IOException if a parsing error occurs
 */
private static HashSet<X500Principal> parseIssuerNames(Collection<Object> names)
throws IOException {
    HashSet<X500Principal> x500Principals = new HashSet<X500Principal>();
    for (Iterator<Object> t = names.iterator(); t.hasNext(); ) {
        Object nameObject = t.next();
        if (nameObject instanceof String) {
            x500Principals.add(new X500Name((String)nameObject).asX500Principal());
        } else {
            try {
                x500Principals.add(new X500Principal((byte[])nameObject));
            } catch (IllegalArgumentException e) {
                throw (IOException)new IOException("Invalid name").initCause(e);
            }
        }
    }
    return x500Principals;
}
 

/**
 * Parse an argument of the form passed to setIssuerNames,
 * returning a Collection of issuerX500Principals.
 * Throw an IOException if the argument is malformed.
 *
 * @param names a {@code Collection} of names. Each entry is a
 *              String or a byte array (the name, in string or ASN.1
 *              DER encoded form, respectively). <Code>Null</Code> is
 *              not an acceptable value.
 * @return a HashSet of issuerX500Principals
 * @throws IOException if a parsing error occurs
 */
private static HashSet<X500Principal> parseIssuerNames(Collection<Object> names)
throws IOException {
    HashSet<X500Principal> x500Principals = new HashSet<X500Principal>();
    for (Iterator<Object> t = names.iterator(); t.hasNext(); ) {
        Object nameObject = t.next();
        if (nameObject instanceof String) {
            x500Principals.add(new X500Name((String)nameObject).asX500Principal());
        } else {
            try {
                x500Principals.add(new X500Principal((byte[])nameObject));
            } catch (IllegalArgumentException e) {
                throw (IOException)new IOException("Invalid name").initCause(e);
            }
        }
    }
    return x500Principals;
}
 

public SignerInfo(X500Name  issuerName,
                  BigInteger serial,
                  AlgorithmId digestAlgorithmId,
                  AlgorithmId digestEncryptionAlgorithmId,
                  byte[] encryptedDigest) {
    this.version = BigInteger.ONE;
    this.issuerName = issuerName;
    this.certificateSerialNumber = serial;
    this.digestAlgorithmId = digestAlgorithmId;
    this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId;
    this.encryptedDigest = encryptedDigest;
}
 

/**
 * Reads this object from a stream (i.e., deserializes it).
 */
private void readObject(java.io.ObjectInputStream s)
    throws java.io.IOException,
           java.io.NotActiveException,
           ClassNotFoundException {

    // re-create thisX500Name
    thisX500Name = new X500Name((byte[])s.readObject());
}
 

public static void main(String args[]) throws Exception {
    try {
        // This used to throw java.lang.OutOfMemoryError, from which no
        // recovery is possible.
        // In the example below, the correct DN would be: "CN=John Doe"
        X500Name name = new X500Name("John Doe");
        System.out.println(name.toString());
    } catch (IOException ioe) {
    }
}
 

public static void main(String[] args) throws Exception {

        byte[] data = "Hello".getBytes();
        X500Name n = new X500Name("cn=Me");

        CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
        cakg.generate(1024);
        X509Certificate cert = cakg.getSelfCertificate(n, 1000);

        MessageDigest md = MessageDigest.getInstance("SHA-256");
        PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
            new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
            new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
        });

        Signature s = Signature.getInstance("SHA256withRSA");
        s.initSign(cakg.getPrivateKey());
        s.update(authed.getDerEncoding());
        byte[] sig = s.sign();

        SignerInfo signerInfo = new SignerInfo(
                n,
                cert.getSerialNumber(),
                AlgorithmId.get("SHA-256"),
                authed,
                AlgorithmId.get("SHA256withRSA"),
                sig,
                null
                );

        PKCS7 pkcs7 = new PKCS7(
                new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
                new ContentInfo(data),
                new X509Certificate[] {cert},
                new SignerInfo[] {signerInfo});

        if (pkcs7.verify(signerInfo, data) == null) {
            throw new Exception("Not verified");
        }
    }
 

public static void main(String args[]) throws Exception {
    try {
        // This used to throw java.lang.OutOfMemoryError, from which no
        // recovery is possible.
        // In the example below, the correct DN would be: "CN=John Doe"
        X500Name name = new X500Name("John Doe");
        System.out.println(name.toString());
    } catch (IOException ioe) {
    }
}
 

/**
 * Internal method to check that cert has a valid DN to be next in a chain
 */
private void verifyNameChaining(X509Certificate cert)
    throws CertPathValidatorException
{
    if (prevSubject != null) {

        String msg = "subject/issuer name chaining";
        if (debug != null)
            debug.println("---checking " + msg + "...");

        X500Principal currIssuer = cert.getIssuerX500Principal();

        // reject null or empty issuer DNs
        if (X500Name.asX500Name(currIssuer).isEmpty()) {
            throw new CertPathValidatorException
                (msg + " check failed: " +
                 "empty/null issuer DN in certificate is invalid", null,
                 null, -1, PKIXReason.NAME_CHAINING);
        }

        if (!(currIssuer.equals(prevSubject))) {
            throw new CertPathValidatorException
                (msg + " check failed", null, null, -1,
                 PKIXReason.NAME_CHAINING);
        }

        if (debug != null)
            debug.println(msg + " verified.");
    }
}
 

public static void main(String[] args) throws Exception {

        byte[] data = "Hello".getBytes();
        X500Name n = new X500Name("cn=Me");

        CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
        cakg.generate(1024);
        X509Certificate cert = cakg.getSelfCertificate(n, 1000);

        MessageDigest md = MessageDigest.getInstance("SHA-256");
        PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
            new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
            new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
        });

        Signature s = Signature.getInstance("SHA256withRSA");
        s.initSign(cakg.getPrivateKey());
        s.update(authed.getDerEncoding());
        byte[] sig = s.sign();

        SignerInfo signerInfo = new SignerInfo(
                n,
                cert.getSerialNumber(),
                AlgorithmId.get("SHA-256"),
                authed,
                AlgorithmId.get("SHA256withRSA"),
                sig,
                null
                );

        PKCS7 pkcs7 = new PKCS7(
                new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
                new ContentInfo(data),
                new X509Certificate[] {cert},
                new SignerInfo[] {signerInfo});

        if (pkcs7.verify(signerInfo, data) == null) {
            throw new Exception("Not verified");
        }
    }
 

public SignerInfo(X500Name  issuerName,
                  BigInteger serial,
                  AlgorithmId digestAlgorithmId,
                  AlgorithmId digestEncryptionAlgorithmId,
                  byte[] encryptedDigest) {
    this.version = BigInteger.ONE;
    this.issuerName = issuerName;
    this.certificateSerialNumber = serial;
    this.digestAlgorithmId = digestAlgorithmId;
    this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId;
    this.encryptedDigest = encryptedDigest;
}
 

public static void main(String[] args) throws Exception {

        byte[] data = "Hello".getBytes();
        X500Name n = new X500Name("cn=Me");

        CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
        cakg.generate(1024);
        X509Certificate cert = cakg.getSelfCertificate(n, 1000);

        MessageDigest md = MessageDigest.getInstance("SHA-256");
        PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
            new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
            new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
        });

        Signature s = Signature.getInstance("SHA256withRSA");
        s.initSign(cakg.getPrivateKey());
        s.update(authed.getDerEncoding());
        byte[] sig = s.sign();

        SignerInfo signerInfo = new SignerInfo(
                n,
                cert.getSerialNumber(),
                AlgorithmId.get("SHA-256"),
                authed,
                AlgorithmId.get("SHA256withRSA"),
                sig,
                null
                );

        PKCS7 pkcs7 = new PKCS7(
                new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
                new ContentInfo(data),
                new X509Certificate[] {cert},
                new SignerInfo[] {signerInfo});

        if (pkcs7.verify(signerInfo, data) == null) {
            throw new Exception("Not verified");
        }
    }
 

/**
 * Reads this object from a stream (i.e., deserializes it)
 */
private void readObject(java.io.ObjectInputStream s) throws
                                    java.io.IOException,
                                    java.io.NotActiveException,
                                    ClassNotFoundException {

    s.defaultReadObject();

    // re-create thisX500Name
    thisX500Name = new X500Name(name);
}
 

/**
 * Reads this object from a stream (i.e., deserializes it)
 */
private void readObject(java.io.ObjectInputStream s) throws
                                    java.io.IOException,
                                    java.io.NotActiveException,
                                    ClassNotFoundException {

    s.defaultReadObject();

    // re-create thisX500Name
    thisX500Name = new X500Name(name);
}
 

public static void main(String argv[]) throws Exception {

        String osName = System.getProperty("os.name");
        if (!osName.startsWith("Windows")) {
            System.out.println("Not windows");
            return;
        }
        KeyStore ks = KeyStore.getInstance("Windows-MY");
        ks.load(null, null);
        CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA1withRSA");
        ckg.setRandom(new SecureRandom());
        boolean see63 = false, see65 = false;
        while (!see63 || !see65) {
            ckg.generate(1024);
            RSAPrivateCrtKey k = (RSAPrivateCrtKey) ckg.getPrivateKey();
            int len = k.getPrimeExponentP().toByteArray().length;
            if (len == 63 || len == 65) {
                if (len == 63) {
                    if (see63) continue;
                    else see63 = true;
                }
                if (len == 65) {
                    if (see65) continue;
                    else see65 = true;
                }
                System.err.print(len);
                ks.setKeyEntry("anything", k, null, new X509Certificate[]{
                        ckg.getSelfCertificate(new X500Name("CN=Me"), 1000)
                });
            }
            System.err.print('.');
        }
        ks.store(null, null);
    }
 

public SignerInfo(X500Name  issuerName,
                  BigInteger serial,
                  AlgorithmId digestAlgorithmId,
                  AlgorithmId digestEncryptionAlgorithmId,
                  byte[] encryptedDigest) {
    this.version = BigInteger.ONE;
    this.issuerName = issuerName;
    this.certificateSerialNumber = serial;
    this.digestAlgorithmId = digestAlgorithmId;
    this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId;
    this.encryptedDigest = encryptedDigest;
}
 

public static void main(String[] args) throws Exception {

        byte[] data = "Hello".getBytes();
        X500Name n = new X500Name("cn=Me");

        CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
        cakg.generate(1024);
        X509Certificate cert = cakg.getSelfCertificate(n, 1000);

        MessageDigest md = MessageDigest.getInstance("SHA-256");
        PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
            new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
            new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
        });

        Signature s = Signature.getInstance("SHA256withRSA");
        s.initSign(cakg.getPrivateKey());
        s.update(authed.getDerEncoding());
        byte[] sig = s.sign();

        SignerInfo signerInfo = new SignerInfo(
                n,
                cert.getSerialNumber(),
                AlgorithmId.get("SHA-256"),
                authed,
                AlgorithmId.get("SHA256withRSA"),
                sig,
                null
                );

        PKCS7 pkcs7 = new PKCS7(
                new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
                new ContentInfo(data),
                new X509Certificate[] {cert},
                new SignerInfo[] {signerInfo});

        if (pkcs7.verify(signerInfo, data) == null) {
            throw new Exception("Not verified");
        }
    }
 

public SignerInfo(X500Name  issuerName,
                  BigInteger serial,
                  AlgorithmId digestAlgorithmId,
                  AlgorithmId digestEncryptionAlgorithmId,
                  byte[] encryptedDigest) {
    this.version = BigInteger.ONE;
    this.issuerName = issuerName;
    this.certificateSerialNumber = serial;
    this.digestAlgorithmId = digestAlgorithmId;
    this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId;
    this.encryptedDigest = encryptedDigest;
}
 

public static void main(String args[]) throws Exception {
    try {
        // This used to throw java.lang.OutOfMemoryError, from which no
        // recovery is possible.
        // In the example below, the correct DN would be: "CN=John Doe"
        X500Name name = new X500Name("John Doe");
        System.out.println(name.toString());
    } catch (IOException ioe) {
    }
}
 

public static void main(String args[]) throws Exception {
    try {
        // This used to throw java.lang.OutOfMemoryError, from which no
        // recovery is possible.
        // In the example below, the correct DN would be: "CN=John Doe"
        X500Name name = new X500Name("John Doe");
        System.out.println(name.toString());
    } catch (IOException ioe) {
    }
}