List of usage examples for org.bouncycastle.asn1.misc NetscapeCertType objectSigningCA
int objectSigningCA
To view the source code for org.bouncycastle.asn1.misc NetscapeCertType objectSigningCA.
Click Source Link
From source file:net.sf.keystore_explorer.crypto.x509.X509Ext.java
License:Open Source License
private String getNetscapeCertificateTypeStringValue(byte[] value) throws IOException { // @formatter:off /*/*from w w w . ja v a 2 s. c o m*/ * NetscapeCertType ::= BIT STRING { sslClient (0), sslServer (1), smime * (2), objectSigning (3), reserved (4), sslCA (5), smimeCA (6), * objectSigningCA (7) } */ // @formatter:on StringBuilder sb = new StringBuilder(); @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); if (isCertType(netscapeCertTypes, NetscapeCertType.sslClient)) { sb.append(res.getString("SslClientNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslServer)) { sb.append(res.getString("SslServerNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smime)) { sb.append(res.getString("SmimeNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)) { sb.append(res.getString("ObjectSigningNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.reserved)) { sb.append(res.getString("ReservedNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslCA)) { sb.append(res.getString("SslCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)) { sb.append(res.getString("SmimeCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)) { sb.append(res.getString("ObjectSigningCaNetscapeCertificateType")); sb.append(NEWLINE); } return sb.toString(); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeCertificateType.java
License:Open Source License
private void prepopulateWithValue(byte[] value) throws IOException { @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); jcbSslClient.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslClient)); jcbSslServer.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslServer)); jcbSmime.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smime)); jcbObjectSigning.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)); jcbReserved.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.reserved)); jcbSslCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslCA)); jcbSmimeCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)); jcbObjectSigningCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)); }
From source file:net.sf.keystore_explorer.gui.dialogs.extensions.DNetscapeCertificateType.java
License:Open Source License
private void okPressed() { if (!jcbSslClient.isSelected() && !jcbSslServer.isSelected() && !jcbSmime.isSelected() && !jcbObjectSigning.isSelected() && !jcbReserved.isSelected() && !jcbSslCa.isSelected() && !jcbSmimeCa.isSelected() && !jcbObjectSigningCa.isSelected()) { JOptionPane.showMessageDialog(this, res.getString("DNetscapeCertificateType.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return;/*from w ww . j a v a2 s . c o m*/ } int netscapeCertTypeIntValue = 0; netscapeCertTypeIntValue |= jcbSslClient.isSelected() ? NetscapeCertType.sslClient : 0; netscapeCertTypeIntValue |= jcbSslServer.isSelected() ? NetscapeCertType.sslServer : 0; netscapeCertTypeIntValue |= jcbSmime.isSelected() ? NetscapeCertType.smime : 0; netscapeCertTypeIntValue |= jcbObjectSigning.isSelected() ? NetscapeCertType.objectSigning : 0; netscapeCertTypeIntValue |= jcbReserved.isSelected() ? NetscapeCertType.reserved : 0; netscapeCertTypeIntValue |= jcbSslCa.isSelected() ? NetscapeCertType.sslCA : 0; netscapeCertTypeIntValue |= jcbSmimeCa.isSelected() ? NetscapeCertType.smimeCA : 0; netscapeCertTypeIntValue |= jcbObjectSigningCa.isSelected() ? NetscapeCertType.objectSigningCA : 0; NetscapeCertType netscapeCertType = new NetscapeCertType(netscapeCertTypeIntValue); try { value = netscapeCertType.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }
From source file:net.sf.taverna.t2.activities.wsdl.servicedescriptions.ConfirmTrustedCertificateDialog.java
License:Open Source License
/** * Gets the intended certificate uses, i.e. Netscape Certificate Type * extension (2.16.840.1.113730.1.1) value as a string * //from www . jav a2 s . c o m * @param value * Extension value as a DER-encoded OCTET string * @return Extension value as a string */ private String getIntendedUses(byte[] value) { // Netscape Certificate Types (2.16.840.1.113730.1.1) int[] INTENDED_USES = new int[] { NetscapeCertType.sslClient, NetscapeCertType.sslServer, NetscapeCertType.smime, NetscapeCertType.objectSigning, NetscapeCertType.reserved, NetscapeCertType.sslCA, NetscapeCertType.smimeCA, NetscapeCertType.objectSigningCA, }; // Netscape Certificate Type strings (2.16.840.1.113730.1.1) HashMap<String, String> INTENDED_USES_STRINGS = new HashMap<String, String>(); INTENDED_USES_STRINGS.put("128", "SSL Client"); INTENDED_USES_STRINGS.put("64", "SSL Server"); INTENDED_USES_STRINGS.put("32", "S/MIME"); INTENDED_USES_STRINGS.put("16", "Object Signing"); INTENDED_USES_STRINGS.put("8", "Reserved"); INTENDED_USES_STRINGS.put("4", "SSL CA"); INTENDED_USES_STRINGS.put("2", "S/MIME CA"); INTENDED_USES_STRINGS.put("1", "Object Signing CA"); // Get octet string from extension value ASN1OctetString fromByteArray = new DEROctetString(value); byte[] octets = fromByteArray.getOctets(); DERBitString fromByteArray2 = new DERBitString(octets); int val = new NetscapeCertType(fromByteArray2).intValue(); StringBuffer strBuff = new StringBuffer(); for (int i = 0, len = INTENDED_USES.length; i < len; i++) { int use = INTENDED_USES[i]; if ((val & use) == use) { strBuff.append(INTENDED_USES_STRINGS.get(String.valueOf(use)) + ", \n"); } } // remove the last ", \n" from the end of the buffer String str = strBuff.toString(); str = str.substring(0, str.length() - 3); return str; }
From source file:org.ejbca.core.protocol.cmp.CrmfRAPbeMultipleKeyIdRequestTest.java
License:Open Source License
@Test public void test07ExtensionOverride() throws Exception { byte[] nonce = CmpMessageHelper.createSenderNonce(); byte[] transid = CmpMessageHelper.createSenderNonce(); // Create some crazy extensions to see that we get them when using // extension override. // We should not get our values when not using extension override ExtensionsGenerator extgen = new ExtensionsGenerator(); // SubjectAltName GeneralNames san = CertTools.getGeneralNamesFromAltName("dnsName=foo.bar.com"); extgen.addExtension(Extension.subjectAlternativeName, false, san); // KeyUsage/*from ww w . j a v a 2s .com*/ int bcku = 0; bcku = X509KeyUsage.decipherOnly; X509KeyUsage ku = new X509KeyUsage(bcku); extgen.addExtension(Extension.keyUsage, false, ku); // Extended Key Usage List<KeyPurposeId> usage = new ArrayList<KeyPurposeId>(); usage.add(KeyPurposeId.id_kp_codeSigning); ExtendedKeyUsage eku = ExtendedKeyUsage.getInstance(usage); extgen.addExtension(Extension.extendedKeyUsage, false, eku); // OcspNoCheck extgen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, DERNull.INSTANCE); // Netscape cert type extgen.addExtension(new ASN1ObjectIdentifier("2.16.840.1.113730.1.1"), false, new NetscapeCertType(NetscapeCertType.objectSigningCA)); // My completely own extgen.addExtension(new ASN1ObjectIdentifier("1.1.1.1.1"), false, new DERIA5String("PrimeKey")); // Make the complete extension package Extensions exts = extgen.generate(); // First test without extension override PKIMessage one = genCertReq(this.issuerDN2, userDN2, this.keys, this.cacert2, nonce, transid, true, exts, null, null, null, null, null); PKIMessage req = protectPKIMessage(one, false, PBEPASSWORD, "KeyId2", 567); CertReqMessages ir = (CertReqMessages) req.getBody().getContent(); int reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); assertNotNull(req); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, this.issuerDN2, userDN2, this.cacert2, nonce, transid, false, PBEPASSWORD, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); X509Certificate cert = checkCmpCertRepMessage(userDN2, this.cacert2, resp, reqId); String altNames = CertTools.getSubjectAlternativeName(cert); assertTrue(altNames.indexOf("dNSName=foo.bar.com") != -1); // Check key usage that it is nonRepudiation for KeyId2 boolean[] kubits = cert.getKeyUsage(); assertFalse(kubits[0]); assertTrue(kubits[1]); assertFalse(kubits[2]); assertFalse(kubits[3]); assertFalse(kubits[4]); assertFalse(kubits[5]); assertFalse(kubits[6]); assertFalse(kubits[7]); assertFalse(kubits[8]); // Our own ext should not be here assertNull(cert.getExtensionValue("1.1.1.1.1")); assertNull(cert.getExtensionValue("2.16.840.1.113730.1.1")); assertNull(cert.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId())); // Skip confirmation message, we have tested that several times already // // Do the same with keyId4, that has full extension override one = genCertReq(this.issuerDN2, userDN2, this.keys, this.cacert2, nonce, transid, true, exts, null, null, null, null, null); req = protectPKIMessage(one, false, PBEPASSWORD, "KeyId4", 567); ir = (CertReqMessages) req.getBody().getContent(); reqId = ir.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); assertNotNull(req); bao = new ByteArrayOutputStream(); out = new DEROutputStream(bao); out.writeObject(req); ba = bao.toByteArray(); // Send request and receive response resp = sendCmpTcp(ba, 5); checkCmpResponseGeneral(resp, this.issuerDN2, userDN2, this.cacert2, nonce, transid, false, PBEPASSWORD, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); cert = checkCmpCertRepMessage(userDN2, this.cacert2, resp, reqId); altNames = CertTools.getSubjectAlternativeName(cert); assertTrue(altNames.indexOf("dNSName=foo.bar.com") != -1); // Check key usage that it is decipherOnly for KeyId4 kubits = cert.getKeyUsage(); assertFalse(kubits[0]); assertFalse(kubits[1]); assertFalse(kubits[2]); assertFalse(kubits[3]); assertFalse(kubits[4]); assertFalse(kubits[5]); assertFalse(kubits[6]); assertFalse(kubits[7]); assertTrue(kubits[8]); // Our own ext should not be here assertNotNull(cert.getExtensionValue("1.1.1.1.1")); assertNotNull(cert.getExtensionValue("2.16.840.1.113730.1.1")); assertNotNull(cert.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId())); List<String> l = cert.getExtendedKeyUsage(); assertEquals(1, l.size()); String s = l.get(0); assertEquals(KeyPurposeId.id_kp_codeSigning.getId(), s); // Skip confirmation message, we have tested that several times already }
From source file:org.mailster.gui.dialogs.CertificateDialog.java
License:Open Source License
private void generateExtensionNode(TreeItem parent, X509Certificate cert, X509Extensions extensions, String oid) {//from w w w .j ava 2 s .com DERObjectIdentifier derOID = new DERObjectIdentifier(oid); X509Extension ext = extensions.getExtension(derOID); if (ext.getValue() == null) return; byte[] octs = ext.getValue().getOctets(); ASN1InputStream dIn = new ASN1InputStream(octs); StringBuilder buf = new StringBuilder(); try { if (ext.isCritical()) buf.append(Messages.getString("MailsterSWT.dialog.certificate.criticalExt")); //$NON-NLS-1$ else buf.append(Messages.getString("MailsterSWT.dialog.certificate.nonCriticalExt")); //$NON-NLS-1$ if (derOID.equals(X509Extensions.BasicConstraints)) { BasicConstraints bc = new BasicConstraints((ASN1Sequence) dIn.readObject()); if (bc.isCA()) buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.isCA")); //$NON-NLS-1$ else buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.notCA")); //$NON-NLS-1$ buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.maxIntermediateCA")); //$NON-NLS-1$ if (bc.getPathLenConstraint() == null || bc.getPathLenConstraint().intValue() == Integer.MAX_VALUE) buf.append(Messages.getString("MailsterSWT.dialog.certificate.BasicConstraints.unlimited")); //$NON-NLS-1$ else buf.append(bc.getPathLenConstraint()).append('\n'); generateNode(parent, Messages.getString(oid), buf); } else if (derOID.equals(X509Extensions.KeyUsage)) { KeyUsage us = new KeyUsage((DERBitString) dIn.readObject()); if ((us.intValue() & KeyUsage.digitalSignature) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.digitalSignature")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.nonRepudiation) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.nonRepudiation")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.keyEncipherment) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.keyEncipherment")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.dataEncipherment) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.dataEncipherment")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.keyAgreement) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.keyAgreement")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.keyCertSign) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.keyCertSign")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.cRLSign) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.cRLSign")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.encipherOnly) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.encipherOnly")); //$NON-NLS-1$ if ((us.intValue() & KeyUsage.decipherOnly) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.KeyUsage.decipherOnly")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf); } else if (derOID.equals(X509Extensions.SubjectKeyIdentifier)) { SubjectKeyIdentifier id = new SubjectKeyIdentifier((DEROctetString) dIn.readObject()); generateNode(parent, Messages.getString(oid), buf.toString() + CertificateUtilities.byteArrayToString(id.getKeyIdentifier())); } else if (derOID.equals(X509Extensions.AuthorityKeyIdentifier)) { AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence) dIn.readObject()); generateNode(parent, Messages.getString(oid), buf.toString() + id.getAuthorityCertSerialNumber()); } else if (derOID.equals(MiscObjectIdentifiers.netscapeRevocationURL)) { buf.append(new NetscapeRevocationURL((DERIA5String) dIn.readObject())).append("\n"); generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(MiscObjectIdentifiers.verisignCzagExtension)) { buf.append(new VerisignCzagExtension((DERIA5String) dIn.readObject())).append("\n"); generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(X509Extensions.CRLNumber)) { buf.append((DERInteger) dIn.readObject()).append("\n"); generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(X509Extensions.ReasonCode)) { ReasonFlags rf = new ReasonFlags((DERBitString) dIn.readObject()); if ((rf.intValue() & ReasonFlags.unused) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.unused")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.keyCompromise) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.keyCompromise")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.cACompromise) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.cACompromise")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.affiliationChanged) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.affiliationChanged")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.superseded) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.superseded")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.cessationOfOperation) > 0) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.cessationOfOperation")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.certificateHold) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.certificateHold")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.privilegeWithdrawn) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.privilegeWithdrawn")); //$NON-NLS-1$ if ((rf.intValue() & ReasonFlags.aACompromise) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.ReasonCode.aACompromise")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(MiscObjectIdentifiers.netscapeCertType)) { NetscapeCertType type = new NetscapeCertType((DERBitString) dIn.readObject()); if ((type.intValue() & NetscapeCertType.sslClient) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.sslClient")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.sslServer) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.sslServer")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.smime) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.smime")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.objectSigning) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.objectSigning")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.reserved) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.reserved")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.sslCA) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.sslCA")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.smimeCA) > 0) buf.append(Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.smimeCA")); //$NON-NLS-1$ if ((type.intValue() & NetscapeCertType.objectSigningCA) > 0) buf.append( Messages.getString("MailsterSWT.dialog.certificate.NetscapeCertType.objectSigningCA")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf.toString()); } else if (derOID.equals(X509Extensions.ExtendedKeyUsage)) { ExtendedKeyUsage eku = new ExtendedKeyUsage((ASN1Sequence) dIn.readObject()); if (eku.hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.anyExtendedKeyUsage")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_clientAuth")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_codeSigning)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_codeSigning")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_emailProtection")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_ipsecEndSystem)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_ipsecEndSystem")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_ipsecTunnel)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_ipsecTunnel")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_ipsecUser)) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_ipsecUser")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_OCSPSigning)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_OCSPSigning")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_serverAuth)) buf.append( Messages.getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_serverAuth")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_smartcardlogon)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_smartcardlogon")); //$NON-NLS-1$ if (eku.hasKeyPurposeId(KeyPurposeId.id_kp_timeStamping)) buf.append(Messages .getString("MailsterSWT.dialog.certificate.ExtendedKeyUsage.id_kp_timeStamping")); //$NON-NLS-1$ generateNode(parent, Messages.getString(oid), buf.toString()); } else generateNode(parent, MessageFormat.format(Messages.getString("MailsterSWT.dialog.certificate.objectIdentifier"), //$NON-NLS-1$ new Object[] { oid.replace('.', ' ') }), CertificateUtilities.byteArrayToString((cert.getExtensionValue(oid)))); } catch (Exception ex) { ex.printStackTrace(); } }
From source file:test.integ.be.fedict.commons.eid.client.SSLTest.java
License:Open Source License
private X509Certificate generateCACertificate(final KeyPair keyPair, final String subject, final DateTime notBefore, final DateTime notAfter) throws Exception { LOG.debug("generate CA certificate: " + subject); final X500Name issuer = new X500Name(subject); final X500Name subjectX500Name = new X500Name(subject); final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo .getInstance(keyPair.getPublic().getEncoded()); final SecureRandom secureRandom = new SecureRandom(); final byte[] serialValue = new byte[8]; secureRandom.nextBytes(serialValue); final BigInteger serial = new BigInteger(serialValue); final X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore.toDate(), notAfter.toDate(), subjectX500Name, publicKeyInfo); try {//from ww w . jav a2s . c o m final JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); x509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(keyPair.getPublic())); x509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(keyPair.getPublic())); x509v3CertificateBuilder.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType( NetscapeCertType.sslCA | NetscapeCertType.smimeCA | NetscapeCertType.objectSigningCA)); x509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); x509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(2147483647)); } catch (final Exception e) { throw new RuntimeException(e); } final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"); final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter asymmetricKeyParameter; try { asymmetricKeyParameter = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); } catch (final IOException e) { throw new RuntimeException(e); } ContentSigner contentSigner; try { contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(asymmetricKeyParameter); } catch (final OperatorCreationException e) { throw new RuntimeException(e); } final X509CertificateHolder x509CertificateHolder = x509v3CertificateBuilder.build(contentSigner); byte[] encodedCertificate; try { encodedCertificate = x509CertificateHolder.getEncoded(); } catch (final IOException e) { throw new RuntimeException(e); } CertificateFactory certificateFactory; try { certificateFactory = CertificateFactory.getInstance("X.509"); } catch (final CertificateException e) { throw new RuntimeException(e); } X509Certificate certificate; try { certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); } catch (final CertificateException e) { throw new RuntimeException(e); } return certificate; }