public X509Builder extKeyUsage(ObjectIdentifier oid) { try { v3(); if( extendedKeyUsageExtensionList == null ) { extendedKeyUsageExtensionList = new Vector<ObjectIdentifier>(); } extendedKeyUsageExtensionList.add(oid); extendedKeyUsageExtension = new ExtendedKeyUsageExtension(extendedKeyUsageExtensionIsCritical, extendedKeyUsageExtensionList); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(extendedKeyUsageExtension.getExtensionId().toString(), extendedKeyUsageExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "extKeyUsage(%s)", oid.toString()); } return this; }
public X509Builder keyUsageCertificateAuthority() { try { v3(); // certificate authority basic constraint BasicConstraintsExtension constraintsExtension = new BasicConstraintsExtension(true,-1); // true indicates this is a CA; -1 means no restriction on path length; 0 or more to set a restriction on max number of certs under this one in the chain // certificate signing extension if( keyUsageExtension == null ) { keyUsageExtension = new KeyUsageExtension(); } keyUsageExtension.set(KeyUsageExtension.KEY_CERTSIGN, true); // add both if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension); certificateExtensions.set(constraintsExtension.getExtensionId().toString(), constraintsExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "keyUsageCertificateAuthority"); } return this; }
ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(Boolean.TRUE, true, 0)); // Critical|isCA|pathLen ext.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(pair.getPublic()).getIdentifier())); ext.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(pair.getPublic()), null, null)); 1, 3, 6, 1, 5, 5, 7, 3, 2 ext.set(ExtendedKeyUsageExtension.NAME, new ExtendedKeyUsageExtension(Boolean.FALSE, ekue)); info.set(X509CertInfo.EXTENSIONS, ext);
public X509Builder dnsAlternativeName(String dns) { try { v3(); String alternativeName = dns; if (dns.startsWith("dns:")) { alternativeName = dns.substring(4); } DNSName dnsName = new DNSName(alternativeName); if( alternativeNames == null ) { alternativeNames = new GeneralNames(); } alternativeNames.add(new GeneralName(dnsName)); SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(alternativeNames); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(san.getExtensionId().toString(), san); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "dnsAlternativeName(%s)", dns); } return this; }
public X509Builder extKeyUsageIsCritical() { extendedKeyUsageExtensionIsCritical = true; try { v3(); if( extendedKeyUsageExtensionList != null ) { extendedKeyUsageExtension = new ExtendedKeyUsageExtension(extendedKeyUsageExtensionIsCritical, extendedKeyUsageExtensionList); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(extendedKeyUsageExtension.getExtensionId().toString(), extendedKeyUsageExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } } catch(Exception e) { fault(e, "extKeyUsageIsCritical"); } return this; }
public X509Builder ipAlternativeName(String ip) { try { v3(); String alternativeName = ip; if (ip.startsWith("ip:")) { alternativeName = ip.substring(3); } // InetAddress ipAddress = new InetAddress.getByName(alternativeName.substring(3)); // IPAddressName ipAddressName = new IPAddressName(ipAddress.getAddress()); IPAddressName ipAddressName = new IPAddressName(alternativeName); if( alternativeNames == null ) { alternativeNames = new GeneralNames(); } alternativeNames.add(new GeneralName(ipAddressName)); SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(alternativeNames); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(san.getExtensionId().toString(), san); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); // ObjectIdentifier("2.5.29.17") , false, "ipaddress".getBytes() } catch(Exception e) { fault(e, "ipAlternativeName(%s)", ip); } return this; }
public X509Builder keyUsageDataEncipherment() { // for encrypting data try { v3(); if( keyUsageExtension == null ) { keyUsageExtension = new KeyUsageExtension(); } keyUsageExtension.set(KeyUsageExtension.DATA_ENCIPHERMENT, true); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "keyUsageDataEncipherment"); } return this; }
public X509Builder keyUsageKeyEncipherment() { // for encrypting and transporting other keys try { v3(); if( keyUsageExtension == null ) { keyUsageExtension = new KeyUsageExtension(); } keyUsageExtension.set(KeyUsageExtension.KEY_ENCIPHERMENT, true); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "keyUsageKeyEncipherment"); } return this; }
public X509Builder keyUsageDigitalSignature() { // other than CA or CRL; so this applies to API clients try { v3(); if( keyUsageExtension == null ) { keyUsageExtension = new KeyUsageExtension(); } keyUsageExtension.set(KeyUsageExtension.DIGITAL_SIGNATURE, true); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "keyUsageDigitalSignature"); } return this; }
public X509Builder keyUsageNonRepudiation() { // other than CA or CRL; this applies to API clients try { v3(); if( keyUsageExtension == null ) { keyUsageExtension = new KeyUsageExtension(); } keyUsageExtension.set(KeyUsageExtension.NON_REPUDIATION, true); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "keyUsageNonRepudiation"); } return this; }
public X509Builder keyUsageCRLSign() { try { v3(); if( keyUsageExtension == null ) { keyUsageExtension = new KeyUsageExtension(); } keyUsageExtension.set(KeyUsageExtension.CRL_SIGN, true); if( certificateExtensions == null ) { certificateExtensions = new CertificateExtensions(); } certificateExtensions.set(keyUsageExtension.getExtensionId().toString(), keyUsageExtension); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } catch(Exception e) { fault(e, "keyUsageCRLSign"); } return this; }
private static X509Certificate createSignedCertificate(X509Certificate certificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean isLeaf) throws CertificateException, IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { Principal issuer = issuerCertificate.getSubjectDN(); String issuerSigAlg = issuerCertificate.getSigAlgName(); byte[] inCertBytes = certificate.getTBSCertificate(); X509CertInfo info = new X509CertInfo(inCertBytes); info.set(X509CertInfo.ISSUER, issuer); if (!isLeaf) { CertificateExtensions exts = new CertificateExtensions(); BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1); exts.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(false, bce.getExtensionValue())); info.set(X509CertInfo.EXTENSIONS, exts); } X509CertImpl outCert = new X509CertImpl(info); outCert.sign(issuerPrivateKey, issuerSigAlg); return outCert; }
SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(generalNames); CertificateExtensions ext = new CertificateExtensions(); ext.set(san.getExtensionId().toString(), san); info.set(X509CertInfo.EXTENSIONS, ext); SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(generalNames); CertificateExtensions ext = new CertificateExtensions(); ext.set(san.getExtensionId().toString(), san); info.set(X509CertInfo.EXTENSIONS, ext);