sun.security.pkcs10.PKCS10Attribute Java Examples

The following examples show how to use sun.security.pkcs10.PKCS10Attribute. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PKCS10AttrEncoding.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
static void checkAttributes(Enumeration attrs) {
    int numOfAttrs = 0;
    while (attrs.hasMoreElements()) {
        numOfAttrs ++;
        PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement();

        if (constructedMap.containsKey(attr.getAttributeId())) {
            if (constructedMap.get(attr.getAttributeId()).
                    equals(attr.getAttributeValue())) {
                System.out.print("AttributeId: " + attr.getAttributeId());
                System.out.println(" AttributeValue: "
                        + attr.getAttributeValue());
            } else {
                failedCount++;
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: " + constructedMap.
                        get(attr.getAttributeId()));
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: "
                        + attr.getAttributeValue());
            }
        } else {
            failedCount++;
            System.out.println("No " + attr.getAttributeId()
                    + " in DER encoded PKCS10 Request");
        }
    }
    if(numOfAttrs != constructedMap.size()){
        failedCount++;
        System.out.println("Incorrect number of attributes.");

    }
    System.out.println();
}
 
Example #2
Source File: PKCS10AttrEncoding.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
static void checkAttributes(Enumeration attrs) {
    int numOfAttrs = 0;
    while (attrs.hasMoreElements()) {
        numOfAttrs ++;
        PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement();

        if (constructedMap.containsKey(attr.getAttributeId())) {
            if (constructedMap.get(attr.getAttributeId()).
                    equals(attr.getAttributeValue())) {
                System.out.print("AttributeId: " + attr.getAttributeId());
                System.out.println(" AttributeValue: "
                        + attr.getAttributeValue());
            } else {
                failedCount++;
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: " + constructedMap.
                        get(attr.getAttributeId()));
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: "
                        + attr.getAttributeValue());
            }
        } else {
            failedCount++;
            System.out.println("No " + attr.getAttributeId()
                    + " in DER encoded PKCS10 Request");
        }
    }
    if(numOfAttrs != constructedMap.size()){
        failedCount++;
        System.out.println("Incorrect number of attributes.");

    }
    System.out.println();
}
 
Example #3
Source File: PKCS10AttrEncoding.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
static void checkAttributes(Enumeration attrs) {
    int numOfAttrs = 0;
    while (attrs.hasMoreElements()) {
        numOfAttrs ++;
        PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement();

        if (constructedMap.containsKey(attr.getAttributeId())) {
            if (constructedMap.get(attr.getAttributeId()).
                    equals(attr.getAttributeValue())) {
                System.out.print("AttributeId: " + attr.getAttributeId());
                System.out.println(" AttributeValue: "
                        + attr.getAttributeValue());
            } else {
                failedCount++;
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: " + constructedMap.
                        get(attr.getAttributeId()));
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: "
                        + attr.getAttributeValue());
            }
        } else {
            failedCount++;
            System.out.println("No " + attr.getAttributeId()
                    + " in DER encoded PKCS10 Request");
        }
    }
    if(numOfAttrs != constructedMap.size()){
        failedCount++;
        System.out.println("Incorrect number of attributes.");

    }
    System.out.println();
}
 
Example #4
Source File: PKCS10AttrEncoding.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
static void checkAttributes(Enumeration attrs) {
    int numOfAttrs = 0;
    while (attrs.hasMoreElements()) {
        numOfAttrs ++;
        PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement();

        if (constructedMap.containsKey(attr.getAttributeId())) {
            if (constructedMap.get(attr.getAttributeId()).
                    equals(attr.getAttributeValue())) {
                System.out.print("AttributeId: " + attr.getAttributeId());
                System.out.println(" AttributeValue: "
                        + attr.getAttributeValue());
            } else {
                failedCount++;
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: " + constructedMap.
                        get(attr.getAttributeId()));
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: "
                        + attr.getAttributeValue());
            }
        } else {
            failedCount++;
            System.out.println("No " + attr.getAttributeId()
                    + " in DER encoded PKCS10 Request");
        }
    }
    if(numOfAttrs != constructedMap.size()){
        failedCount++;
        System.out.println("Incorrect number of attributes.");

    }
    System.out.println();
}
 
Example #5
Source File: PKCS10AttrEncoding.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
static void checkAttributes(Enumeration attrs) {
    int numOfAttrs = 0;
    while (attrs.hasMoreElements()) {
        numOfAttrs ++;
        PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement();

        if (constructedMap.containsKey(attr.getAttributeId())) {
            if (constructedMap.get(attr.getAttributeId()).
                    equals(attr.getAttributeValue())) {
                System.out.print("AttributeId: " + attr.getAttributeId());
                System.out.println(" AttributeValue: "
                        + attr.getAttributeValue());
            } else {
                failedCount++;
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: " + constructedMap.
                        get(attr.getAttributeId()));
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: "
                        + attr.getAttributeValue());
            }
        } else {
            failedCount++;
            System.out.println("No " + attr.getAttributeId()
                    + " in DER encoded PKCS10 Request");
        }
    }
    if(numOfAttrs != constructedMap.size()){
        failedCount++;
        System.out.println("Incorrect number of attributes.");

    }
    System.out.println();
}
 
Example #6
Source File: PKCS10AttrEncoding.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
static void checkAttributes(Enumeration attrs) {
    int numOfAttrs = 0;
    while (attrs.hasMoreElements()) {
        numOfAttrs ++;
        PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement();

        if (constructedMap.containsKey(attr.getAttributeId())) {
            if (constructedMap.get(attr.getAttributeId()).
                    equals(attr.getAttributeValue())) {
                System.out.print("AttributeId: " + attr.getAttributeId());
                System.out.println(" AttributeValue: "
                        + attr.getAttributeValue());
            } else {
                failedCount++;
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: " + constructedMap.
                        get(attr.getAttributeId()));
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: "
                        + attr.getAttributeValue());
            }
        } else {
            failedCount++;
            System.out.println("No " + attr.getAttributeId()
                    + " in DER encoded PKCS10 Request");
        }
    }
    if(numOfAttrs != constructedMap.size()){
        failedCount++;
        System.out.println("Incorrect number of attributes.");

    }
    System.out.println();
}
 
Example #7
Source File: PKCS10AttrEncoding.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
static void checkAttributes(Enumeration attrs) {
    int numOfAttrs = 0;
    while (attrs.hasMoreElements()) {
        numOfAttrs ++;
        PKCS10Attribute attr = (PKCS10Attribute) attrs.nextElement();

        if (constructedMap.containsKey(attr.getAttributeId())) {
            if (constructedMap.get(attr.getAttributeId()).
                    equals(attr.getAttributeValue())) {
                System.out.print("AttributeId: " + attr.getAttributeId());
                System.out.println(" AttributeValue: "
                        + attr.getAttributeValue());
            } else {
                failedCount++;
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: " + constructedMap.
                        get(attr.getAttributeId()));
                System.out.print("< AttributeId: " + attr.getAttributeId());
                System.out.println("  AttributeValue: "
                        + attr.getAttributeValue());
            }
        } else {
            failedCount++;
            System.out.println("No " + attr.getAttributeId()
                    + " in DER encoded PKCS10 Request");
        }
    }
    if(numOfAttrs != constructedMap.size()){
        failedCount++;
        System.out.println("Incorrect number of attributes.");

    }
    System.out.println();
}
 
Example #8
Source File: Main.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Generate a certificate: Read PKCS10 request from in, and print
 * certificate to out. Use alias as CA, sigAlgName as the signature
 * type.
 */
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out)
        throws Exception {


    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                       X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = new Date();
    lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);

    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privateKey);

    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
                new java.util.Random().nextInt() & 0x7fffffff));
    info.set(X509CertInfo.VERSION,
                new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.ALGORITHM_ID,
                new CertificateAlgorithmId(
                    AlgorithmId.get(sigAlgName)));
    info.set(X509CertInfo.ISSUER, issuer);

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    boolean canRead = false;
    StringBuffer sb = new StringBuffer();
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        // OpenSSL does not use NEW
        //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
        if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
            canRead = true;
        //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
        } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
            break;
        } else if (canRead) {
            sb.append(s);
        }
    }
    byte[] rawReq = Pem.decode(new String(sb));
    PKCS10 req = new PKCS10(rawReq);

    info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
    info.set(X509CertInfo.SUBJECT,
                dname==null?req.getSubjectName():new X500Name(dname));
    CertificateExtensions reqex = null;
    Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
    while (attrs.hasNext()) {
        PKCS10Attribute attr = attrs.next();
        if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            reqex = (CertificateExtensions)attr.getAttributeValue();
        }
    }
    CertificateExtensions ext = createV3Extensions(
            reqex,
            null,
            v3ext,
            req.getSubjectPublicKeyInfo(),
            signerCert.getPublicKey());
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privateKey, sigAlgName);
    dumpCert(cert, out);
    for (Certificate ca: keyStore.getCertificateChain(alias)) {
        if (ca instanceof X509Certificate) {
            X509Certificate xca = (X509Certificate)ca;
            if (!isSelfSigned(xca)) {
                dumpCert(xca, out);
            }
        }
    }
}
 
Example #9
Source File: Main.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
private void doPrintCertReq(InputStream in, PrintStream out)
        throws Exception {

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb)));

    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
            req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
    for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr =
                    new PKCS9Attribute(attr.getAttributeId(),
                                       attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ?
                        Arrays.toString((String[]) attrVal) :
                        attrVal);
        }
    }
    if (debug) {
        out.println(req);   // Just to see more, say, public key length...
    }
}
 
Example #10
Source File: Main.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
 
Example #11
Source File: Main.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Generate a certificate: Read PKCS10 request from in, and print
 * certificate to out. Use alias as CA, sigAlgName as the signature
 * type.
 */
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out)
        throws Exception {


    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                       X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = new Date();
    lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);

    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privateKey);

    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
                new java.util.Random().nextInt() & 0x7fffffff));
    info.set(X509CertInfo.VERSION,
                new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.ALGORITHM_ID,
                new CertificateAlgorithmId(
                    AlgorithmId.get(sigAlgName)));
    info.set(X509CertInfo.ISSUER, issuer);

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    boolean canRead = false;
    StringBuffer sb = new StringBuffer();
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        // OpenSSL does not use NEW
        //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
        if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
            canRead = true;
        //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
        } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
            break;
        } else if (canRead) {
            sb.append(s);
        }
    }
    byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb));
    PKCS10 req = new PKCS10(rawReq);

    info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
    info.set(X509CertInfo.SUBJECT,
                dname==null?req.getSubjectName():new X500Name(dname));
    CertificateExtensions reqex = null;
    Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
    while (attrs.hasNext()) {
        PKCS10Attribute attr = attrs.next();
        if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            reqex = (CertificateExtensions)attr.getAttributeValue();
        }
    }
    CertificateExtensions ext = createV3Extensions(
            reqex,
            null,
            v3ext,
            req.getSubjectPublicKeyInfo(),
            signerCert.getPublicKey());
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privateKey, sigAlgName);
    dumpCert(cert, out);
    for (Certificate ca: keyStore.getCertificateChain(alias)) {
        if (ca instanceof X509Certificate) {
            X509Certificate xca = (X509Certificate)ca;
            if (!isSelfSigned(xca)) {
                dumpCert(xca, out);
            }
        }
    }
}
 
Example #12
Source File: Main.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
private void doPrintCertReq(InputStream in, PrintStream out)
        throws Exception {

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Pem.decode(new String(sb)));

    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
            req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
    for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr =
                    new PKCS9Attribute(attr.getAttributeId(),
                                       attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ?
                        Arrays.toString((String[]) attrVal) :
                        attrVal);
        }
    }
    if (debug) {
        out.println(req);   // Just to see more, say, public key length...
    }
}
 
Example #13
Source File: Main.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
 
Example #14
Source File: Main.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
 
Example #15
Source File: PKCS10AttributeReader.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Decode base64 encoded DER file
        byte[] pkcs10Bytes = Base64.getMimeDecoder().decode(ATTRIBS.getBytes());

        HashMap<ObjectIdentifier, Object> RequestStander = new HashMap() {
            {
                put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
                put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
                put(PKCS9Attribute.CONTENT_TYPE_OID,
                        new ObjectIdentifier("1.9.50.51.52"));
            }
        };

        int invalidNum = 0;
        PKCS10Attributes resp = new PKCS10Attributes(
                new DerInputStream(pkcs10Bytes));
        Enumeration eReq = resp.getElements();
        int numOfAttrs = 0;
        while (eReq.hasMoreElements()) {
            numOfAttrs++;
            PKCS10Attribute attr = (PKCS10Attribute) eReq.nextElement();
            if (RequestStander.containsKey(attr.getAttributeId())) {
                if (RequestStander.get(attr.getAttributeId())
                        .equals(attr.getAttributeValue())) {
                    System.out.println(attr.getAttributeId() + " "
                            + attr.getAttributeValue());
                } else {
                    invalidNum++;
                    System.out.println("< " + attr.getAttributeId() + " "
                            + attr.getAttributeValue());
                    System.out.println("< " + attr.getAttributeId() + " "
                            + RequestStander.get(attr.getAttributeId()));
                }
            } else {
                invalidNum++;
                System.out.println("No" + attr.getAttributeId()
                        + "in Certificate Request list");
            }
        }
        if (numOfAttrs != RequestStander.size()) {
            invalidNum++;
            System.out.println("Incorrect number of attributes.");
        }
        System.out.println();
        if (invalidNum > 0) {
            throw new RuntimeException(
                    "Attributes Compared with Stander :" + " Failed");
        }
        System.out.println("Attributes Compared with Stander: Pass");
    }
 
Example #16
Source File: PKCS10AttrEncoding.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        // initializations
        int len = ids.length;
        Object[] values = {
            new ObjectIdentifier("1.2.3.4"),
            new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(),
            "challenging"
        };
        for (int j = 0; j < len; j++) {
            constructedMap.put(ids[j], values[j]);
        }

        X500Name subject = new X500Name("cn=Test");
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
        String sigAlg = "DSA";

        keyGen.initialize(512);

        KeyPair pair = keyGen.generateKeyPair();
        X509Key publicKey = (X509Key) pair.getPublic();
        PrivateKey privateKey = pair.getPrivate();

        Signature signature = Signature.getInstance(sigAlg);
        signature.initSign(privateKey);

        // Create the PKCS10 request
        PKCS10Attribute[] attrs = new PKCS10Attribute[len];
        for (int j = 0; j < len; j++) {
            attrs[j] = new PKCS10Attribute(ids[j], values[j]);
        }
        PKCS10 req = new PKCS10(publicKey, new PKCS10Attributes(attrs));
        System.out.println("List of attributes in constructed PKCS10 "
                + "request: ");
        checkAttributes(req.getAttributes().getElements());

        // Encode the PKCS10 request and generate another PKCS10 request from
        // the encoded byte array
        req.encodeAndSign(subject, signature);
        PKCS10 resp = new PKCS10(req.getEncoded());
        System.out.println("List of attributes in DER encoded PKCS10 Request:");
        checkAttributes(resp.getAttributes().getElements());

        if (failedCount > 0) {
            throw new RuntimeException("Attributes Compared : Failed");
        }
        System.out.println("Attributes Compared : Pass");
    }
 
Example #17
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
private void doPrintCertReq(InputStream in, PrintStream out)
        throws Exception {

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Pem.decode(new String(sb)));

    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
            req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
    for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr =
                    new PKCS9Attribute(attr.getAttributeId(),
                                       attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ?
                        Arrays.toString((String[]) attrVal) :
                        attrVal);
        }
    }
    if (debug) {
        out.println(req);   // Just to see more, say, public key length...
    }
}
 
Example #18
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
 
Example #19
Source File: Main.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Generate a certificate: Read PKCS10 request from in, and print
 * certificate to out. Use alias as CA, sigAlgName as the signature
 * type.
 */
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out)
        throws Exception {


    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                       X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = new Date();
    lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);

    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privateKey);

    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
                new java.util.Random().nextInt() & 0x7fffffff));
    info.set(X509CertInfo.VERSION,
                new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.ALGORITHM_ID,
                new CertificateAlgorithmId(
                    AlgorithmId.get(sigAlgName)));
    info.set(X509CertInfo.ISSUER, issuer);

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    boolean canRead = false;
    StringBuffer sb = new StringBuffer();
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        // OpenSSL does not use NEW
        //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
        if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
            canRead = true;
        //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
        } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
            break;
        } else if (canRead) {
            sb.append(s);
        }
    }
    byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb));
    PKCS10 req = new PKCS10(rawReq);

    info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
    info.set(X509CertInfo.SUBJECT,
                dname==null?req.getSubjectName():new X500Name(dname));
    CertificateExtensions reqex = null;
    Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
    while (attrs.hasNext()) {
        PKCS10Attribute attr = attrs.next();
        if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            reqex = (CertificateExtensions)attr.getAttributeValue();
        }
    }
    CertificateExtensions ext = createV3Extensions(
            reqex,
            null,
            v3ext,
            req.getSubjectPublicKeyInfo(),
            signerCert.getPublicKey());
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privateKey, sigAlgName);
    dumpCert(cert, out);
    for (Certificate ca: keyStore.getCertificateChain(alias)) {
        if (ca instanceof X509Certificate) {
            X509Certificate xca = (X509Certificate)ca;
            if (!isSelfSigned(xca)) {
                dumpCert(xca, out);
            }
        }
    }
}
 
Example #20
Source File: Main.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
private void doPrintCertReq(InputStream in, PrintStream out)
        throws Exception {

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb)));

    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
            req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
    for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr =
                    new PKCS9Attribute(attr.getAttributeId(),
                                       attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ?
                        Arrays.toString((String[]) attrVal) :
                        attrVal);
        }
    }
    if (debug) {
        out.println(req);   // Just to see more, say, public key length...
    }
}
 
Example #21
Source File: Main.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
private void doPrintCertReq(InputStream in, PrintStream out)
        throws Exception {

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb)));

    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
            req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
    for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr =
                    new PKCS9Attribute(attr.getAttributeId(),
                                       attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ?
                        Arrays.toString((String[]) attrVal) :
                        attrVal);
        }
    }
    if (debug) {
        out.println(req);   // Just to see more, say, public key length...
    }
}
 
Example #22
Source File: Main.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    AlgorithmParameterSpec params = AlgorithmId
            .getDefaultAlgorithmParameterSpec(sigAlgName, privKey);
    SignatureUtil.initSignWithParam(signature, privKey, params, null);

    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
 
Example #23
Source File: Main.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
private void doPrintCertReq(InputStream in, PrintStream out)
        throws Exception {

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Pem.decode(new String(sb)));

    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.with.weak"),
            req.getSubjectName(),
            pkey.getFormat(),
            withWeak(pkey),
            withWeak(req.getSigAlg()));
    for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr =
                    new PKCS9Attribute(attr.getAttributeId(),
                                       attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ?
                        Arrays.toString((String[]) attrVal) :
                        attrVal);
        }
    }
    if (debug) {
        out.println(req);   // Just to see more, say, public key length...
    }
    checkWeak(rb.getString("the.certificate.request"), req);
}
 
Example #24
Source File: PKCS10AttrEncoding.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        // initializations
        int len = ids.length;
        Object[] values = {
            new ObjectIdentifier("1.2.3.4"),
            new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(),
            "challenging"
        };
        for (int j = 0; j < len; j++) {
            constructedMap.put(ids[j], values[j]);
        }

        X500Name subject = new X500Name("cn=Test");
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
        String sigAlg = "DSA";

        keyGen.initialize(512);

        KeyPair pair = keyGen.generateKeyPair();
        X509Key publicKey = (X509Key) pair.getPublic();
        PrivateKey privateKey = pair.getPrivate();

        Signature signature = Signature.getInstance(sigAlg);
        signature.initSign(privateKey);

        // Create the PKCS10 request
        PKCS10Attribute[] attrs = new PKCS10Attribute[len];
        for (int j = 0; j < len; j++) {
            attrs[j] = new PKCS10Attribute(ids[j], values[j]);
        }
        PKCS10 req = new PKCS10(publicKey, new PKCS10Attributes(attrs));
        System.out.println("List of attributes in constructed PKCS10 "
                + "request: ");
        checkAttributes(req.getAttributes().getElements());

        // Encode the PKCS10 request and generate another PKCS10 request from
        // the encoded byte array
        req.encodeAndSign(subject, signature);
        PKCS10 resp = new PKCS10(req.getEncoded());
        System.out.println("List of attributes in DER encoded PKCS10 Request:");
        checkAttributes(resp.getAttributes().getElements());

        if (failedCount > 0) {
            throw new RuntimeException("Attributes Compared : Failed");
        }
        System.out.println("Attributes Compared : Pass");
    }
 
Example #25
Source File: PKCS10AttributeReader.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Decode base64 encoded DER file
        byte[] pkcs10Bytes = Base64.getMimeDecoder().decode(ATTRIBS.getBytes());

        HashMap<ObjectIdentifier, Object> RequestStander = new HashMap() {
            {
                put(PKCS9Attribute.CHALLENGE_PASSWORD_OID, "GuessWhoAmI");
                put(PKCS9Attribute.SIGNING_TIME_OID, new Date(861720610000L));
                put(PKCS9Attribute.CONTENT_TYPE_OID,
                        new ObjectIdentifier("1.9.50.51.52"));
            }
        };

        int invalidNum = 0;
        PKCS10Attributes resp = new PKCS10Attributes(
                new DerInputStream(pkcs10Bytes));
        Enumeration eReq = resp.getElements();
        int numOfAttrs = 0;
        while (eReq.hasMoreElements()) {
            numOfAttrs++;
            PKCS10Attribute attr = (PKCS10Attribute) eReq.nextElement();
            if (RequestStander.containsKey(attr.getAttributeId())) {
                if (RequestStander.get(attr.getAttributeId())
                        .equals(attr.getAttributeValue())) {
                    System.out.println(attr.getAttributeId() + " "
                            + attr.getAttributeValue());
                } else {
                    invalidNum++;
                    System.out.println("< " + attr.getAttributeId() + " "
                            + attr.getAttributeValue());
                    System.out.println("< " + attr.getAttributeId() + " "
                            + RequestStander.get(attr.getAttributeId()));
                }
            } else {
                invalidNum++;
                System.out.println("No" + attr.getAttributeId()
                        + "in Certificate Request list");
            }
        }
        if (numOfAttrs != RequestStander.size()) {
            invalidNum++;
            System.out.println("Incorrect number of attributes.");
        }
        System.out.println();
        if (invalidNum > 0) {
            throw new RuntimeException(
                    "Attributes Compared with Stander :" + " Failed");
        }
        System.out.println("Attributes Compared with Stander: Pass");
    }
 
Example #26
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Generate a certificate: Read PKCS10 request from in, and print
 * certificate to out. Use alias as CA, sigAlgName as the signature
 * type.
 */
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out)
        throws Exception {


    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                       X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = new Date();
    lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);

    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privateKey);

    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
                new java.util.Random().nextInt() & 0x7fffffff));
    info.set(X509CertInfo.VERSION,
                new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.ALGORITHM_ID,
                new CertificateAlgorithmId(
                    AlgorithmId.get(sigAlgName)));
    info.set(X509CertInfo.ISSUER, issuer);

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    boolean canRead = false;
    StringBuffer sb = new StringBuffer();
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        // OpenSSL does not use NEW
        //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
        if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
            canRead = true;
        //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
        } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
            break;
        } else if (canRead) {
            sb.append(s);
        }
    }
    byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb));
    PKCS10 req = new PKCS10(rawReq);

    info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
    info.set(X509CertInfo.SUBJECT,
                dname==null?req.getSubjectName():new X500Name(dname));
    CertificateExtensions reqex = null;
    Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
    while (attrs.hasNext()) {
        PKCS10Attribute attr = attrs.next();
        if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            reqex = (CertificateExtensions)attr.getAttributeValue();
        }
    }
    CertificateExtensions ext = createV3Extensions(
            reqex,
            null,
            v3ext,
            req.getSubjectPublicKeyInfo(),
            signerCert.getPublicKey());
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privateKey, sigAlgName);
    dumpCert(cert, out);
    for (Certificate ca: keyStore.getCertificateChain(alias)) {
        if (ca instanceof X509Certificate) {
            X509Certificate xca = (X509Certificate)ca;
            if (!isSelfSigned(xca)) {
                dumpCert(xca, out);
            }
        }
    }
}
 
Example #27
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
 
Example #28
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
private void doPrintCertReq(InputStream in, PrintStream out)
        throws Exception {

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuffer sb = new StringBuffer();
    boolean started = false;
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        if (!started) {
            if (s.startsWith("-----")) {
                started = true;
            }
        } else {
            if (s.startsWith("-----")) {
                break;
            }
            sb.append(s);
        }
    }
    PKCS10 req = new PKCS10(Base64.getMimeDecoder().decode(new String(sb)));

    PublicKey pkey = req.getSubjectPublicKeyInfo();
    out.printf(rb.getString("PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key."),
            req.getSubjectName(), pkey.getFormat(), pkey.getAlgorithm());
    for (PKCS10Attribute attr: req.getAttributes().getAttributes()) {
        ObjectIdentifier oid = attr.getAttributeId();
        if (oid.equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue();
            if (exts != null) {
                printExtensions(rb.getString("Extension.Request."), exts, out);
            }
        } else {
            out.println("Attribute: " + attr.getAttributeId());
            PKCS9Attribute pkcs9Attr =
                    new PKCS9Attribute(attr.getAttributeId(),
                                       attr.getAttributeValue());
            out.print(pkcs9Attr.getName() + ": ");
            Object attrVal = attr.getAttributeValue();
            out.println(attrVal instanceof String[] ?
                        Arrays.toString((String[]) attrVal) :
                        attrVal);
        }
    }
    if (debug) {
        out.println(req);   // Just to see more, say, public key length...
    }
}
 
Example #29
Source File: Main.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Generate a certificate: Read PKCS10 request from in, and print
 * certificate to out. Use alias as CA, sigAlgName as the signature
 * type.
 */
private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStream out)
        throws Exception {


    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
            X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                       X509CertInfo.DN_NAME);

    Date firstDate = getStartDate(startDate);
    Date lastDate = new Date();
    lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
    CertificateValidity interval = new CertificateValidity(firstDate,
                                                           lastDate);

    PrivateKey privateKey =
            (PrivateKey)recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey.getAlgorithm());
    }
    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privateKey);

    X509CertInfo info = new X509CertInfo();
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
                new java.util.Random().nextInt() & 0x7fffffff));
    info.set(X509CertInfo.VERSION,
                new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.ALGORITHM_ID,
                new CertificateAlgorithmId(
                    AlgorithmId.get(sigAlgName)));
    info.set(X509CertInfo.ISSUER, issuer);

    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    boolean canRead = false;
    StringBuffer sb = new StringBuffer();
    while (true) {
        String s = reader.readLine();
        if (s == null) break;
        // OpenSSL does not use NEW
        //if (s.startsWith("-----BEGIN NEW CERTIFICATE REQUEST-----")) {
        if (s.startsWith("-----BEGIN") && s.indexOf("REQUEST") >= 0) {
            canRead = true;
        //} else if (s.startsWith("-----END NEW CERTIFICATE REQUEST-----")) {
        } else if (s.startsWith("-----END") && s.indexOf("REQUEST") >= 0) {
            break;
        } else if (canRead) {
            sb.append(s);
        }
    }
    byte[] rawReq = Base64.getMimeDecoder().decode(new String(sb));
    PKCS10 req = new PKCS10(rawReq);

    info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
    info.set(X509CertInfo.SUBJECT,
                dname==null?req.getSubjectName():new X500Name(dname));
    CertificateExtensions reqex = null;
    Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
    while (attrs.hasNext()) {
        PKCS10Attribute attr = attrs.next();
        if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
            reqex = (CertificateExtensions)attr.getAttributeValue();
        }
    }
    CertificateExtensions ext = createV3Extensions(
            reqex,
            null,
            v3ext,
            req.getSubjectPublicKeyInfo(),
            signerCert.getPublicKey());
    info.set(X509CertInfo.EXTENSIONS, ext);
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privateKey, sigAlgName);
    dumpCert(cert, out);
    for (Certificate ca: keyStore.getCertificateChain(alias)) {
        if (ca instanceof X509Certificate) {
            X509Certificate xca = (X509Certificate)ca;
            if (!isSelfSigned(xca)) {
                dumpCert(xca, out);
            }
        }
    }
}
 
Example #30
Source File: Main.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}