/** * Get Netscape Certificate Type (2.16.840.1.113730.1.1) extension value as a string. * * @param bValue The octet string value * @return Extension value as a string * @throws IOException If an I/O problem occurs */ private String getNetscapeCertificateTypeStringValue(byte[] bValue) throws IOException { int val = new NetscapeCertType((DERBitString) ASN1Primitive.fromByteArray(bValue)).intValue(); StringBuilder strBuff = new StringBuilder(); for (int type : NETSCAPE_CERT_TYPES) { if ((val & type) == type) { if (strBuff.length() != 0) { strBuff.append("<br><br>"); } strBuff.append(RB.getString("NetscapeCertificateType." + type)); } } return strBuff.toString(); }
private void generateDummySSLClientCertificate(KeyStore ks) throws Exception { LOG.info("Generating a Dummy SSL client certificate ..."); KeyPair pair = CertificateUtilities.generateRSAKeyPair(getCryptoStrength()); String DN = "CN=SSL dummy client cert, O=Dummy org., C=FR"; X509V3CertificateGenerator v3CertGen = CertificateUtilities.initCertificateGenerator(pair, DN, DN, true, CertificateUtilities.DEFAULT_VALIDITY_PERIOD); v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); v3CertGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslClient)); v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); X509Certificate cert = v3CertGen.generate(pair.getPrivate()); ks.setKeyEntry(DUMMY_SSL_CLIENT_ALIAS, pair.getPrivate(), KEYSTORE_PASSWORD, new Certificate[] {cert}); }
private void prepopulateWithValue(byte[] value) throws IOException { @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); jcbSslClient.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslClient)); jcbSslServer.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslServer)); jcbSmime.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smime)); jcbObjectSigning.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)); jcbReserved.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.reserved)); jcbSslCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.sslCA)); jcbSmimeCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)); jcbObjectSigningCa.setSelected(isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)); }
private void okPressed() { if (!jcbSslClient.isSelected() && !jcbSslServer.isSelected() && !jcbSmime.isSelected() && !jcbObjectSigning.isSelected() && !jcbReserved.isSelected() && !jcbSslCa.isSelected() && !jcbSmimeCa.isSelected() && !jcbObjectSigningCa.isSelected()) { JOptionPane.showMessageDialog(this, res.getString("DNetscapeCertificateType.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE); return; } int netscapeCertTypeIntValue = 0; netscapeCertTypeIntValue |= jcbSslClient.isSelected() ? NetscapeCertType.sslClient : 0; netscapeCertTypeIntValue |= jcbSslServer.isSelected() ? NetscapeCertType.sslServer : 0; netscapeCertTypeIntValue |= jcbSmime.isSelected() ? NetscapeCertType.smime : 0; netscapeCertTypeIntValue |= jcbObjectSigning.isSelected() ? NetscapeCertType.objectSigning : 0; netscapeCertTypeIntValue |= jcbReserved.isSelected() ? NetscapeCertType.reserved : 0; netscapeCertTypeIntValue |= jcbSslCa.isSelected() ? NetscapeCertType.sslCA : 0; netscapeCertTypeIntValue |= jcbSmimeCa.isSelected() ? NetscapeCertType.smimeCA : 0; netscapeCertTypeIntValue |= jcbObjectSigningCa.isSelected() ? NetscapeCertType.objectSigningCA : 0; NetscapeCertType netscapeCertType = new NetscapeCertType(netscapeCertTypeIntValue); try { value = netscapeCertType.getEncoded(ASN1Encoding.DER); } catch (IOException ex) { DError dError = new DError(this, ex); dError.setLocationRelativeTo(this); dError.setVisible(true); return; } closeDialog(); }
/** * Gets the intended certificate uses, i.e. Netscape Certificate Type * extension (2.16.840.1.113730.1.1) value as a string * * @param value * Extension value as a DER-encoded OCTET string * @return Extension value as a string */ private String getIntendedUses(byte[] value) { // Netscape Certificate Types (2.16.840.1.113730.1.1) int[] INTENDED_USES = new int[] { NetscapeCertType.sslClient, NetscapeCertType.sslServer, NetscapeCertType.smime, NetscapeCertType.objectSigning, NetscapeCertType.reserved, NetscapeCertType.sslCA, NetscapeCertType.smimeCA, NetscapeCertType.objectSigningCA, }; // Netscape Certificate Type strings (2.16.840.1.113730.1.1) HashMap<String, String> INTENDED_USES_STRINGS = new HashMap<String, String>(); INTENDED_USES_STRINGS.put("128", "SSL Client"); INTENDED_USES_STRINGS.put("64", "SSL Server"); INTENDED_USES_STRINGS.put("32", "S/MIME"); INTENDED_USES_STRINGS.put("16", "Object Signing"); INTENDED_USES_STRINGS.put("8", "Reserved"); INTENDED_USES_STRINGS.put("4", "SSL CA"); INTENDED_USES_STRINGS.put("2", "S/MIME CA"); INTENDED_USES_STRINGS.put("1", "Object Signing CA"); // Get octet string from extension value ASN1OctetString fromByteArray = new DEROctetString(value); byte[] octets = fromByteArray.getOctets(); DERBitString fromByteArray2 = new DERBitString(octets); int val = new NetscapeCertType(fromByteArray2).intValue(); StringBuffer strBuff = new StringBuffer(); for (int i = 0, len = INTENDED_USES.length; i < len; i++) { int use = INTENDED_USES[i]; if ((val & use) == use) { strBuff.append(INTENDED_USES_STRINGS.get(String.valueOf(use)) + ", \n"); } } // remove the last ", \n" from the end of the buffer String str = strBuff.toString(); str = str.substring(0, str.length() - 3); return str; }
private void generateSSLServerCertificate(KeyStore store, X500PrivateCredential rootCredential) throws Exception { LOG.info("Generating SSL server certificate ..."); KeyPair pair = CertificateUtilities.generateRSAKeyPair(getCryptoStrength()); String DN = "CN=localhost, " + DN_ROOT; X509V3CertificateGenerator v3CertGen = CertificateUtilities.initCertificateGenerator(pair, rootCredential .getCertificate().getSubjectX500Principal().getName(), DN, false, CertificateUtilities.DEFAULT_VALIDITY_PERIOD); v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); v3CertGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.sslServer | NetscapeCertType.sslClient)); // Firefox 2 disallows these extensions in an SSL server cert. IE7 doesn't care. // v3CertGen.addExtension(X509Extensions.KeyUsage, // true, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.keyAgreement | // KeyUsage.keyEncipherment)); Vector<KeyPurposeId> typicalSSLServerExtendedKeyUsages = new Vector<KeyPurposeId>(); typicalSSLServerExtendedKeyUsages.add(KeyPurposeId.id_kp_serverAuth); typicalSSLServerExtendedKeyUsages.add(KeyPurposeId.id_kp_clientAuth); v3CertGen.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(typicalSSLServerExtendedKeyUsages)); X509Certificate publicKeyCertificate = v3CertGen.generate(pair.getPrivate()); store.setKeyEntry(MAILSTER_SSL_ALIAS, pair.getPrivate(), KEYSTORE_PASSWORD, new Certificate[] {publicKeyCertificate, rootCredential.getCertificate()}); CertificateUtilities.exportCertificate(publicKeyCertificate, SSL_CERT_FULL_PATH, false); }
/** * Generate a CA Root certificate. */ private static X509Certificate generateRootCert(String DN, KeyPair pair) throws Exception { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(new X509Name(true, X509Name.DefaultLookUp, DN)); certGen.setSubjectDN(new X509Name(true, X509Name.DefaultLookUp, DN)); setSerialNumberAndValidityPeriod(certGen, true, DEFAULT_VALIDITY_PERIOD); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier( new GeneralNames(new GeneralName(new X509Name(true, X509Name.DefaultLookUp, DN))), BigInteger.ONE)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(pair.getPublic())); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign | KeyUsage.nonRepudiation)); certGen.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(NetscapeCertType.smimeCA | NetscapeCertType.sslCA | NetscapeCertType.objectSigning)); return certGen.generate(pair.getPrivate(), "BC"); }
public void performTest() throws IOException { BitStringConstantTester.testFlagValueCorrect(0, NetscapeCertType.sslClient); BitStringConstantTester.testFlagValueCorrect(1, NetscapeCertType.sslServer); BitStringConstantTester.testFlagValueCorrect(2, NetscapeCertType.smime); BitStringConstantTester.testFlagValueCorrect(3, NetscapeCertType.objectSigning); BitStringConstantTester.testFlagValueCorrect(4, NetscapeCertType.reserved); BitStringConstantTester.testFlagValueCorrect(5, NetscapeCertType.sslCA); BitStringConstantTester.testFlagValueCorrect(6, NetscapeCertType.smimeCA); BitStringConstantTester.testFlagValueCorrect(7, NetscapeCertType.objectSigningCA); }
public void performTest() throws Exception { byte[] testIv = { 1, 2, 3, 4, 5, 6, 7, 8 }; ASN1Encodable[] values = { new CAST5CBCParameters(testIv, 128), new NetscapeCertType(NetscapeCertType.smime), new VerisignCzagExtension(new DERIA5String("hello")), new IDEACBCPar(testIv), new NetscapeRevocationURL(new DERIA5String("http://test")) }; byte[] data = Base64.decode("MA4ECAECAwQFBgcIAgIAgAMCBSAWBWhlbGxvMAoECAECAwQFBgcIFgtodHRwOi8vdGVzdA=="); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); for (int i = 0; i != values.length; i++) { aOut.writeObject(values[i]); } ASN1Primitive[] readValues = new ASN1Primitive[values.length]; if (!isSameAs(bOut.toByteArray(), data)) { fail("Failed data check"); } ByteArrayInputStream bIn = new ByteArrayInputStream(bOut.toByteArray()); ASN1InputStream aIn = new ASN1InputStream(bIn); for (int i = 0; i != values.length; i++) { ASN1Primitive o = aIn.readObject(); if (!values[i].equals(o)) { fail("Failed equality test for " + o); } if (o.hashCode() != values[i].hashCode()) { fail("Failed hashCode test for " + o); } } shouldFailOnExtraData(); }
private String getNetscapeCertificateTypeStringValue(byte[] value) throws IOException { // @formatter:off /* * NetscapeCertType ::= BIT STRING { sslClient (0), sslServer (1), smime * (2), objectSigning (3), reserved (4), sslCA (5), smimeCA (6), * objectSigningCA (7) } */ // @formatter:on StringBuilder sb = new StringBuilder(); @SuppressWarnings("resource") // we have a ByteArrayInputStream here which does not need to be closed DERBitString netscapeCertType = DERBitString.getInstance(new ASN1InputStream(value).readObject()); int netscapeCertTypes = netscapeCertType.intValue(); if (isCertType(netscapeCertTypes, NetscapeCertType.sslClient)) { sb.append(res.getString("SslClientNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslServer)) { sb.append(res.getString("SslServerNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smime)) { sb.append(res.getString("SmimeNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigning)) { sb.append(res.getString("ObjectSigningNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.reserved)) { sb.append(res.getString("ReservedNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.sslCA)) { sb.append(res.getString("SslCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.smimeCA)) { sb.append(res.getString("SmimeCaNetscapeCertificateType")); sb.append(NEWLINE); } if (isCertType(netscapeCertTypes, NetscapeCertType.objectSigningCA)) { sb.append(res.getString("ObjectSigningCaNetscapeCertificateType")); sb.append(NEWLINE); } return sb.toString(); }
public TestResult perform() { byte[] testIv = { 1, 2, 3, 4, 5, 6, 7, 8 }; ASN1Encodable[] values = { new CAST5CBCParameters(testIv, 128), new NetscapeCertType(NetscapeCertType.smime), new VerisignCzagExtension(new DERIA5String("hello")), new IDEACBCPar(testIv), new NetscapeRevocationURL(new DERIA5String("http://test")) }; byte[] data = Base64.decode("MA4ECAECAwQFBgcIAgIAgAMCBSAWBWhlbGxvMAoECAECAwQFBgcIFgtodHRwOi8vdGVzdA=="); try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); for (int i = 0; i != values.length; i++) { aOut.writeObject(values[i]); } ASN1Primitive[] readValues = new ASN1Primitive[values.length]; if (!isSameAs(bOut.toByteArray(), data)) { return new SimpleTestResult(false, getName() + ": Failed data check"); } ByteArrayInputStream bIn = new ByteArrayInputStream(bOut.toByteArray()); ASN1InputStream aIn = new ASN1InputStream(bIn); for (int i = 0; i != values.length; i++) { ASN1Primitive o = aIn.readObject(); if (!values[i].equals(o)) { return new SimpleTestResult(false, getName() + ": Failed equality test for " + o); } if (o.hashCode() != values[i].hashCode()) { return new SimpleTestResult(false, getName() + ": Failed hashCode test for " + o); } } return new SimpleTestResult(true, getName() + ": Okay"); } catch (Exception e) { return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e); } }
