Java Code Examples for sun.security.x509.AlgorithmId#derEncode()
The following examples show how to use
sun.security.x509.AlgorithmId#derEncode() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CertificateBuilder.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* Encode the contents of the outer-most ASN.1 SEQUENCE:
*
* <PRE>
* Certificate ::= SEQUENCE {
* tbsCertificate TBSCertificate,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
* </PRE>
*
* @param issuerCert The certificate of the issuing authority, or
* {@code null} if the resulting certificate is self-signed.
* @param issuerKey The private key of the issuing authority
* @param signAlg The signature algorithm object
*
* @return The DER-encoded X.509 certificate
*
* @throws CertificateException If an error occurs during the
* signing process.
* @throws IOException if an encoding error occurs.
*/
private byte[] encodeTopLevel(X509Certificate issuerCert,
PrivateKey issuerKey, AlgorithmId signAlg)
throws CertificateException, IOException {
DerOutputStream outerSeq = new DerOutputStream();
DerOutputStream topLevelItems = new DerOutputStream();
tbsCertBytes = encodeTbsCert(issuerCert, signAlg);
topLevelItems.write(tbsCertBytes);
try {
signatureBytes = signCert(issuerKey, signAlg);
} catch (GeneralSecurityException ge) {
throw new CertificateException(ge);
}
signAlg.derEncode(topLevelItems);
topLevelItems.putBitString(signatureBytes);
outerSeq.write(DerValue.tag_Sequence, topLevelItems);
return outerSeq.toByteArray();
}
Example 2
| Source File: CertificateBuilder.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* Encode the bytes for the TBSCertificate structure:
* <PRE>
* TBSCertificate ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* serialNumber CertificateSerialNumber,
* signature AlgorithmIdentifier,
* issuer Name,
* validity Validity,
* subject Name,
* subjectPublicKeyInfo SubjectPublicKeyInfo,
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version MUST be v2 or v3
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version MUST be v2 or v3
* extensions [3] EXPLICIT Extensions OPTIONAL
* -- If present, version MUST be v3
* }
*
* @param issuerCert The certificate of the issuing authority, or
* {@code null} if the resulting certificate is self-signed.
* @param signAlg The signature algorithm object
*
* @return The DER-encoded bytes for the TBSCertificate structure
*
* @throws IOException if an encoding error occurs.
*/
private byte[] encodeTbsCert(X509Certificate issuerCert,
AlgorithmId signAlg) throws IOException {
DerOutputStream tbsCertSeq = new DerOutputStream();
DerOutputStream tbsCertItems = new DerOutputStream();
// Hardcode to V3
byte[] v3int = {0x02, 0x01, 0x02};
tbsCertItems.write(DerValue.createTag(DerValue.TAG_CONTEXT, true,
(byte)0), v3int);
// Serial Number
SerialNumber sn = new SerialNumber(serialNumber);
sn.encode(tbsCertItems);
// Algorithm ID
signAlg.derEncode(tbsCertItems);
// Issuer Name
if (issuerCert != null) {
tbsCertItems.write(
issuerCert.getSubjectX500Principal().getEncoded());
} else {
// Self-signed
tbsCertItems.write(subjectName.getEncoded());
}
// Validity period (set as UTCTime)
DerOutputStream valSeq = new DerOutputStream();
valSeq.putUTCTime(notBefore);
valSeq.putUTCTime(notAfter);
tbsCertItems.write(DerValue.tag_Sequence, valSeq);
// Subject Name
tbsCertItems.write(subjectName.getEncoded());
// SubjectPublicKeyInfo
tbsCertItems.write(publicKey.getEncoded());
// TODO: Extensions!
encodeExtensions(tbsCertItems);
// Wrap it all up in a SEQUENCE and return the bytes
tbsCertSeq.write(DerValue.tag_Sequence, tbsCertItems);
return tbsCertSeq.toByteArray();
}
