sun.security.pkcs.PKCS9Attribute Java Examples
The following examples show how to use
sun.security.pkcs.PKCS9Attribute.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TimestampCheck.java From dragonwell8_jdk with GNU General Public License v2.0 | 7 votes |
|
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/SIGNER.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = IOUtils.readAllBytes(is);
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt =
new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
Example #2
| Source File: TimestampCheck.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = is.readAllBytes();
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt =
new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
Example #3
| Source File: NameConstraintsExtension.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Perform the RFC 822 special case check. We have a certificate
* that does not contain any subject alternative names. Check that
* any EMAILADDRESS attributes in its subject name conform to these
* NameConstraints.
*
* @param subject the certificate's subject name
* @returns true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException {
for (AVA ava : subject.allAvas()) {
ObjectIdentifier attrOID = ava.getObjectIdentifier();
if (attrOID.equals((Object)PKCS9Attribute.EMAIL_ADDRESS_OID)) {
String attrValue = ava.getValueString();
if (attrValue != null) {
RFC822Name emailName;
try {
emailName = new RFC822Name(attrValue);
} catch (IOException ioe) {
continue;
}
if (!verify(emailName)) {
return(false);
}
}
}
}
return true;
}
Example #4
| Source File: NameConstraintsExtension.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Perform the RFC 822 special case check. We have a certificate
* that does not contain any subject alternative names. Check that
* any EMAILADDRESS attributes in its subject name conform to these
* NameConstraints.
*
* @param subject the certificate's subject name
* @returns true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException {
for (AVA ava : subject.allAvas()) {
ObjectIdentifier attrOID = ava.getObjectIdentifier();
if (attrOID.equals((Object)PKCS9Attribute.EMAIL_ADDRESS_OID)) {
String attrValue = ava.getValueString();
if (attrValue != null) {
RFC822Name emailName;
try {
emailName = new RFC822Name(attrValue);
} catch (IOException ioe) {
continue;
}
if (!verify(emailName)) {
return(false);
}
}
}
}
return true;
}
Example #5
| Source File: TimestampCheck.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/SIGNER.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = IOUtils.readAllBytes(is);
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt =
new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
Example #6
| Source File: NameConstraintsExtension.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Perform the RFC 822 special case check. We have a certificate
* that does not contain any subject alternative names. Check that
* any EMAILADDRESS attributes in its subject name conform to these
* NameConstraints.
*
* @param subject the certificate's subject name
* @returns true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException {
for (AVA ava : subject.allAvas()) {
ObjectIdentifier attrOID = ava.getObjectIdentifier();
if (attrOID.equals((Object)PKCS9Attribute.EMAIL_ADDRESS_OID)) {
String attrValue = ava.getValueString();
if (attrValue != null) {
RFC822Name emailName;
try {
emailName = new RFC822Name(attrValue);
} catch (IOException ioe) {
continue;
}
if (!verify(emailName)) {
return(false);
}
}
}
}
return true;
}
Example #7
| Source File: NameConstraintsExtension.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Perform the RFC 822 special case check. We have a certificate
* that does not contain any subject alternative names. Check that
* any EMAILADDRESS attributes in its subject name conform to these
* NameConstraints.
*
* @param subject the certificate's subject name
* @return true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException {
for (AVA ava : subject.allAvas()) {
ObjectIdentifier attrOID = ava.getObjectIdentifier();
if (attrOID.equals(PKCS9Attribute.EMAIL_ADDRESS_OID)) {
String attrValue = ava.getValueString();
if (attrValue != null) {
RFC822Name emailName;
try {
emailName = new RFC822Name(attrValue);
} catch (IOException ioe) {
continue;
}
if (!verify(emailName)) {
return(false);
}
}
}
}
return true;
}
Example #8
| Source File: NameConstraintsExtension.java From hottub with GNU General Public License v2.0 | 6 votes |
|
/**
* Perform the RFC 822 special case check. We have a certificate
* that does not contain any subject alternative names. Check that
* any EMAILADDRESS attributes in its subject name conform to these
* NameConstraints.
*
* @param subject the certificate's subject name
* @returns true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException {
for (AVA ava : subject.allAvas()) {
ObjectIdentifier attrOID = ava.getObjectIdentifier();
if (attrOID.equals((Object)PKCS9Attribute.EMAIL_ADDRESS_OID)) {
String attrValue = ava.getValueString();
if (attrValue != null) {
RFC822Name emailName;
try {
emailName = new RFC822Name(attrValue);
} catch (IOException ioe) {
continue;
}
if (!verify(emailName)) {
return(false);
}
}
}
}
return true;
}
Example #9
| Source File: TimestampCheck.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/SIGNER.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = IOUtils.readAllBytes(is);
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt =
new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
Example #10
| Source File: TimestampCheck.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
static void checkTimestamp(String file, String policyId, String digestAlg)
throws Exception {
try (JarFile jf = new JarFile(file)) {
JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
try (InputStream is = jf.getInputStream(je)) {
byte[] content = IOUtils.readFully(is, -1, true);
PKCS7 p7 = new PKCS7(content);
SignerInfo[] si = p7.getSignerInfos();
if (si == null || si.length == 0) {
throw new Exception("Not signed");
}
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
TimestampToken tt =
new TimestampToken(tsToken.getContentInfo().getData());
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
throw new Exception("Digest alg different");
}
if (!tt.getPolicyID().equals(policyId)) {
throw new Exception("policyId different");
}
}
}
}
Example #11
| Source File: NonStandardNames.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
});
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(
n,
cert.getSerialNumber(),
AlgorithmId.get("SHA-256"),
authed,
AlgorithmId.get("SHA256withRSA"),
sig,
null
);
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
new ContentInfo(data),
new X509Certificate[] {cert},
new SignerInfo[] {signerInfo});
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
Example #12
| Source File: NonStandardNames.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
});
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(
n,
cert.getSerialNumber(),
AlgorithmId.get("SHA-256"),
authed,
AlgorithmId.get("SHA256withRSA"),
sig,
null
);
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
new ContentInfo(data),
new X509Certificate[] {cert},
new SignerInfo[] {signerInfo});
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
Example #13
| Source File: NonStandardNames.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
});
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(
n,
cert.getSerialNumber(),
AlgorithmId.get("SHA-256"),
authed,
AlgorithmId.get("SHA256withRSA"),
sig,
null
);
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
new ContentInfo(data),
new X509Certificate[] {cert},
new SignerInfo[] {signerInfo});
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
Example #14
| Source File: NonStandardNames.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
});
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(
n,
cert.getSerialNumber(),
AlgorithmId.get("SHA-256"),
authed,
AlgorithmId.get("SHA256withRSA"),
sig,
null
);
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
new ContentInfo(data),
new X509Certificate[] {cert},
new SignerInfo[] {signerInfo});
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
Example #15
| Source File: NonStandardNames.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
});
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(
n,
cert.getSerialNumber(),
AlgorithmId.get("SHA-256"),
authed,
AlgorithmId.get("SHA256withRSA"),
sig,
null
);
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
new ContentInfo(data),
new X509Certificate[] {cert},
new SignerInfo[] {signerInfo});
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
Example #16
| Source File: PKCS10AttributeReader.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Decode base64 encoded DER file
byte[] pkcs10Bytes = Base64.getMimeDecoder().decode(ATTRIBS.getBytes());
HashMap<ObjectIdentifier, Object> RequestStander = new HashMap() {
{
put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
put(PKCS9Attribute.CONTENT_TYPE_OID,
new ObjectIdentifier("1.9.50.51.52"));
}
};
int invalidNum = 0;
PKCS10Attributes resp = new PKCS10Attributes(
new DerInputStream(pkcs10Bytes));
Enumeration eReq = resp.getElements();
int numOfAttrs = 0;
while (eReq.hasMoreElements()) {
numOfAttrs++;
PKCS10Attribute attr = (PKCS10Attribute) eReq.nextElement();
if (RequestStander.containsKey(attr.getAttributeId())) {
if (RequestStander.get(attr.getAttributeId())
.equals(attr.getAttributeValue())) {
System.out.println(attr.getAttributeId() + " "
+ attr.getAttributeValue());
} else {
invalidNum++;
System.out.println("< " + attr.getAttributeId() + " "
+ attr.getAttributeValue());
System.out.println("< " + attr.getAttributeId() + " "
+ RequestStander.get(attr.getAttributeId()));
}
} else {
invalidNum++;
System.out.println("No" + attr.getAttributeId()
+ "in Certificate Request list");
}
}
if (numOfAttrs != RequestStander.size()) {
invalidNum++;
System.out.println("Incorrect number of attributes.");
}
System.out.println();
if (invalidNum > 0) {
throw new RuntimeException(
"Attributes Compared with Stander :" + " Failed");
}
System.out.println("Attributes Compared with Stander: Pass");
}
Example #17
| Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates a PKCS#10 cert signing request, corresponding to the
* keys (and name) associated with a given alias.
*/
private void doCertReq(String alias, String sigAlgName, PrintStream out)
throws Exception
{
if (alias == null) {
alias = keyAlias;
}
Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
PrivateKey privKey = (PrivateKey)objs.fst;
if (keyPass == null) {
keyPass = objs.snd;
}
Certificate cert = keyStore.getCertificate(alias);
if (cert == null) {
MessageFormat form = new MessageFormat
(rb.getString("alias.has.no.public.key.certificate."));
Object[] source = {alias};
throw new Exception(form.format(source));
}
PKCS10 request = new PKCS10(cert.getPublicKey());
CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
// Attribute name is not significant
request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
// Construct a Signature object, so that we can sign the request
if (sigAlgName == null) {
sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
}
Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(privKey);
X500Name subject = dname == null?
new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
new X500Name(dname);
// Sign the request and base-64 encode it
request.encodeAndSign(subject, signature);
request.print(out);
}
Example #18
| Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
private void doPrintCertReq(InputStream in, PrintStream out)
throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null) break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.with.weak"),
req.getSubjectName(),
pkey.getFormat(),
withWeak(pkey),
withWeak(req.getSigAlg()));
for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr =
new PKCS9Attribute(attr.getAttributeId(),
attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ?
Arrays.toString((String[]) attrVal) :
attrVal);
}
}
if (debug) {
out.println(req); // Just to see more, say, public key length...
}
checkWeak(rb.getString("the.certificate.request"), req);
}
Example #19
| Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
|
/**
* Generate a certificate: Read PKCS10 request from in, and print
* certificate to out. Use alias as CA, sigAlgName as the signature
* type.
*/
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out)
throws Exception {
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
PrivateKey privateKey =
(PrivateKey)recoverKey(alias, storePass, keyPass).fst;
if (sigAlgName == null) {
sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
}
Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(privateKey);
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
new java.util.Random().nextInt() & 0x7fffffff));
info.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(
AlgorithmId.get(sigAlgName)));
info.set(X509CertInfo.ISSUER, issuer);
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
boolean canRead = false;
StringBuffer sb = new StringBuffer();
while (true) {
String s = reader.readLine();
if (s == null) break;
// OpenSSL does not use NEW
//if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
canRead = true;
//} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
} else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
break;
} else if (canRead) {
sb.append(s);
}
}
byte[] rawReq = Pem.decode(new String(sb));
PKCS10 req = new PKCS10(rawReq);
info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
info.set(X509CertInfo.SUBJECT,
dname==null?req.getSubjectName():new X500Name(dname));
CertificateExtensions reqex = null;
Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
while (attrs.hasNext()) {
PKCS10Attribute attr = attrs.next();
if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
reqex = (CertificateExtensions)attr.getAttributeValue();
}
}
CertificateExtensions ext = createV3Extensions(
reqex,
null,
v3ext,
req.getSubjectPublicKeyInfo(),
signerCert.getPublicKey());
info.set(X509CertInfo.EXTENSIONS, ext);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privateKey, sigAlgName);
dumpCert(cert, out);
for (Certificate ca: keyStore.getCertificateChain(alias)) {
if (ca instanceof X509Certificate) {
X509Certificate xca = (X509Certificate)ca;
if (!isSelfSigned(xca)) {
dumpCert(xca, out);
}
}
}
}
Example #20
| Source File: PKCS10AttributeReader.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Decode base64 encoded DER file
byte[] pkcs10Bytes = Base64.getMimeDecoder().decode(ATTRIBS.getBytes());
HashMap<ObjectIdentifier, Object> RequestStander = new HashMap() {
{
put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
put(PKCS9Attribute.CONTENT_TYPE_OID,
new ObjectIdentifier("1.9.50.51.52"));
}
};
int invalidNum = 0;
PKCS10Attributes resp = new PKCS10Attributes(
new DerInputStream(pkcs10Bytes));
Enumeration eReq = resp.getElements();
int numOfAttrs = 0;
while (eReq.hasMoreElements()) {
numOfAttrs++;
PKCS10Attribute attr = (PKCS10Attribute) eReq.nextElement();
if (RequestStander.containsKey(attr.getAttributeId())) {
if (RequestStander.get(attr.getAttributeId())
.equals(attr.getAttributeValue())) {
System.out.println(attr.getAttributeId() + " "
+ attr.getAttributeValue());
} else {
invalidNum++;
System.out.println("< " + attr.getAttributeId() + " "
+ attr.getAttributeValue());
System.out.println("< " + attr.getAttributeId() + " "
+ RequestStander.get(attr.getAttributeId()));
}
} else {
invalidNum++;
System.out.println("No" + attr.getAttributeId()
+ "in Certificate Request list");
}
}
if (numOfAttrs != RequestStander.size()) {
invalidNum++;
System.out.println("Incorrect number of attributes.");
}
System.out.println();
if (invalidNum > 0) {
throw new RuntimeException(
"Attributes Compared with Stander :" + " Failed");
}
System.out.println("Attributes Compared with Stander: Pass");
}
Example #21
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
private void doPrintCertReq(InputStream in, PrintStream out)
throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null) break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr =
new PKCS9Attribute(attr.getAttributeId(),
attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ?
Arrays.toString((String[]) attrVal) :
attrVal);
}
}
if (debug) {
out.println(req); // Just to see more, say, public key length...
}
}
Example #22
| Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
|
private void doPrintCertReq(InputStream in, PrintStream out)
throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null) break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr =
new PKCS9Attribute(attr.getAttributeId(),
attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ?
Arrays.toString((String[]) attrVal) :
attrVal);
}
}
if (debug) {
out.println(req); // Just to see more, say, public key length...
}
}
Example #23
| Source File: UnknownAttribute.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Unknown attr
PKCS9Attribute p1 = new PKCS9Attribute(
PKCS9Attribute.CHALLENGE_PASSWORD_STR, "t0p5ecr3t");
if (!p1.isKnown()) {
throw new Exception();
}
// Unknown attr from DER
byte[] data = {
0x30, 0x08, // SEQUENCE OF
0x06, 0x02, 0x2A, 0x03, // OID 1.2.3 and
0x31, 0x02, 0x05, 0x00 // an empty SET
};
PKCS9Attribute p2 = new PKCS9Attribute(new DerValue(data));
if (p2.isKnown()) {
throw new Exception();
}
ByteArrayOutputStream bout = new ByteArrayOutputStream();
p2.derEncode(bout);
new HexDumpEncoder().encodeBuffer(bout.toByteArray(), System.err);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
// Unknown attr from value
try {
new PKCS9Attribute(new ObjectIdentifier("1.2.3"), "hello");
throw new Exception();
} catch (IllegalArgumentException iae) {
// Good. Unknown attr must have byte[] value type
}
PKCS9Attribute p3 = new PKCS9Attribute(
new ObjectIdentifier("1.2.3"), new byte[]{0x31,0x02,0x05,0x00});
if (p3.isKnown()) {
throw new Exception();
}
bout = new ByteArrayOutputStream();
p3.derEncode(bout);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
}
Example #24
| Source File: Main.java From Bytecoder with Apache License 2.0 | 4 votes |
|
private void doPrintCertReq(InputStream in, PrintStream out)
throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null) break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.with.weak"),
req.getSubjectName(),
pkey.getFormat(),
withWeak(pkey),
withWeak(req.getSigAlg()));
for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr =
new PKCS9Attribute(attr.getAttributeId(),
attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ?
Arrays.toString((String[]) attrVal) :
attrVal);
}
}
if (debug) {
out.println(req); // Just to see more, say, public key length...
}
checkWeak(rb.getString("the.certificate.request"), req);
}
Example #25
| Source File: UnknownAttribute.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Unknown attr
PKCS9Attribute p1 = new PKCS9Attribute(
PKCS9Attribute.CHALLENGE_PASSWORD_STR, "t0p5ecr3t");
if (!p1.isKnown()) {
throw new Exception();
}
// Unknown attr from DER
byte[] data = {
0x30, 0x08, // SEQUENCE OF
0x06, 0x02, 0x2A, 0x03, // OID 1.2.3 and
0x31, 0x02, 0x05, 0x00 // an empty SET
};
PKCS9Attribute p2 = new PKCS9Attribute(new DerValue(data));
if (p2.isKnown()) {
throw new Exception();
}
ByteArrayOutputStream bout = new ByteArrayOutputStream();
p2.derEncode(bout);
new HexDumpEncoder().encodeBuffer(bout.toByteArray(), System.err);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
// Unknown attr from value
try {
new PKCS9Attribute(new ObjectIdentifier("1.2.3"), "hello");
throw new Exception();
} catch (IllegalArgumentException iae) {
// Good. Unknown attr must have byte[] value type
}
PKCS9Attribute p3 = new PKCS9Attribute(
new ObjectIdentifier("1.2.3"), new byte[]{0x31,0x02,0x05,0x00});
if (p3.isKnown()) {
throw new Exception();
}
bout = new ByteArrayOutputStream();
p3.derEncode(bout);
if (!Arrays.equals(data, bout.toByteArray())) {
throw new Exception();
}
}
Example #26
| Source File: PKCS10AttributeReader.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Decode base64 encoded DER file
byte[] pkcs10Bytes = Base64.getMimeDecoder().decode(ATTRIBS.getBytes());
HashMap<ObjectIdentifier, Object> RequestStander = new HashMap() {
{
put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
put(PKCS9Attribute.CONTENT_TYPE_OID,
new ObjectIdentifier("1.9.50.51.52"));
}
};
int invalidNum = 0;
PKCS10Attributes resp = new PKCS10Attributes(
new DerInputStream(pkcs10Bytes));
Enumeration eReq = resp.getElements();
int numOfAttrs = 0;
while (eReq.hasMoreElements()) {
numOfAttrs++;
PKCS10Attribute attr = (PKCS10Attribute) eReq.nextElement();
if (RequestStander.containsKey(attr.getAttributeId())) {
if (RequestStander.get(attr.getAttributeId())
.equals(attr.getAttributeValue())) {
System.out.println(attr.getAttributeId() + " "
+ attr.getAttributeValue());
} else {
invalidNum++;
System.out.println("< " + attr.getAttributeId() + " "
+ attr.getAttributeValue());
System.out.println("< " + attr.getAttributeId() + " "
+ RequestStander.get(attr.getAttributeId()));
}
} else {
invalidNum++;
System.out.println("No" + attr.getAttributeId()
+ "in Certificate Request list");
}
}
if (numOfAttrs != RequestStander.size()) {
invalidNum++;
System.out.println("Incorrect number of attributes.");
}
System.out.println();
if (invalidNum > 0) {
throw new RuntimeException(
"Attributes Compared with Stander :" + " Failed");
}
System.out.println("Attributes Compared with Stander: Pass");
}
Example #27
| Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates a PKCS#10 cert signing request, corresponding to the
* keys (and name) associated with a given alias.
*/
private void doCertReq(String alias, String sigAlgName, PrintStream out)
throws Exception
{
if (alias == null) {
alias = keyAlias;
}
Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
PrivateKey privKey = (PrivateKey)objs.fst;
if (keyPass == null) {
keyPass = objs.snd;
}
Certificate cert = keyStore.getCertificate(alias);
if (cert == null) {
MessageFormat form = new MessageFormat
(rb.getString("alias.has.no.public.key.certificate."));
Object[] source = {alias};
throw new Exception(form.format(source));
}
PKCS10 request = new PKCS10(cert.getPublicKey());
CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
// Attribute name is not significant
request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
// Construct a Signature object, so that we can sign the request
if (sigAlgName == null) {
sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
}
Signature signature = Signature.getInstance(sigAlgName);
AlgorithmParameterSpec params = AlgorithmId
.getDefaultAlgorithmParameterSpec(sigAlgName, privKey);
SignatureUtil.initSignWithParam(signature, privKey, params, null);
X500Name subject = dname == null?
new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
new X500Name(dname);
// Sign the request and base-64 encode it
request.encodeAndSign(subject, signature);
request.print(out);
checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example #28
| Source File: Main.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
private void doPrintCertReq(InputStream in, PrintStream out)
throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null) break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr =
new PKCS9Attribute(attr.getAttributeId(),
attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ?
Arrays.toString((String[]) attrVal) :
attrVal);
}
}
if (debug) {
out.println(req); // Just to see more, say, public key length...
}
}
Example #29
| Source File: Main.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
/**
* Creates a PKCS#10 cert signing request, corresponding to the
* keys (and name) associated with a given alias.
*/
private void doCertReq(String alias, String sigAlgName, PrintStream out)
throws Exception
{
if (alias == null) {
alias = keyAlias;
}
Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
PrivateKey privKey = (PrivateKey)objs.fst;
if (keyPass == null) {
keyPass = objs.snd;
}
Certificate cert = keyStore.getCertificate(alias);
if (cert == null) {
MessageFormat form = new MessageFormat
(rb.getString("alias.has.no.public.key.certificate."));
Object[] source = {alias};
throw new Exception(form.format(source));
}
PKCS10 request = new PKCS10(cert.getPublicKey());
CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
// Attribute name is not significant
request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
// Construct a Signature object, so that we can sign the request
if (sigAlgName == null) {
sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
}
Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(privKey);
X500Name subject = dname == null?
new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
new X500Name(dname);
// Sign the request and base-64 encode it
request.encodeAndSign(subject, signature);
request.print(out);
checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example #30
| Source File: Main.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
private void doPrintCertReq(InputStream in, PrintStream out)
throws Exception {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer();
boolean started = false;
while (true) {
String s = reader.readLine();
if (s == null) break;
if (!started) {
if (s.startsWith("-----")) {
started = true;
}
} else {
if (s.startsWith("-----")) {
break;
}
sb.append(s);
}
}
PKCS10 req = new PKCS10(Pem.decode(new String(sb)));
PublicKey pkey = req.getSubjectPublicKeyInfo();
out.printf(rb.getString("PKCS.10.with.weak"),
req.getSubjectName(),
pkey.getFormat(),
withWeak(pkey),
withWeak(req.getSigAlg()));
for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
ObjectIdentifier oid = attr.getAttributeId();
if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
if (exts != null) {
printExtensions(rb.getString("Extension.Request."), exts, out);
}
} else {
out.println("Attribute: " + attr.getAttributeId());
PKCS9Attribute pkcs9Attr =
new PKCS9Attribute(attr.getAttributeId(),
attr.getAttributeValue());
out.print(pkcs9Attr.getName() + ": ");
Object attrVal = attr.getAttributeValue();
out.println(attrVal instanceof String[] ?
Arrays.toString((String[]) attrVal) :
attrVal);
}
}
if (debug) {
out.println(req); // Just to see more, say, public key length...
}
checkWeak(rb.getString("the.certificate.request"), req);
}
