List of usage examples for java.security.cert X509Certificate getNonCriticalExtensionOIDs
public Set<String> getNonCriticalExtensionOIDs();
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
public static PKCS10CertificationRequest generateCertificateRequest(X509Certificate cert, PrivateKey signingKey) throws Exception { ASN1EncodableVector attributes = new ASN1EncodableVector(); Set<String> nonCriticalExtensionOIDs = cert.getNonCriticalExtensionOIDs(); for (String nceoid : nonCriticalExtensionOIDs) { byte[] derBytes = cert.getExtensionValue(nceoid); ByteArrayInputStream bis = new ByteArrayInputStream(derBytes); ASN1InputStream dis = new ASN1InputStream(bis); try {//from w w w . j av a 2s .c o m DERObject derObject = dis.readObject(); DERSet value = new DERSet(derObject); Attribute attr = new Attribute(new DERObjectIdentifier(nceoid), value); attributes.add(attr); } finally { IOUtils.closeQuietly(dis); } } PKCS10CertificationRequest certificationRequest = new PKCS10CertificationRequest(getSignatureAlgorithm(), cert.getSubjectX500Principal(), cert.getPublicKey(), new DERSet(attributes), signingKey); return certificationRequest; }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with no 'Names'/*from w w w . j a va 2s .co m*/ */ @Test public void testBuilderNoNames() throws GeneralSecurityException { populate(builder); X509Certificate cert = builder.build(keyPair.getPrivate()); assertFalse(cert.getNonCriticalExtensionOIDs().contains(NAME_CONSTRAINTS_OID), "certificate contains unexpected Name Constraints extension"); assertTrue(certUtil.getPermittedNames(cert).isEmpty()); assertTrue(certUtil.getExcludedNames(cert).isEmpty()); builder.reset(); }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with 'permittedNames'.//from w ww .j av a 2 s .c o m * * FIXME: add min/max. Add URI? * * @throws Exception */ @Test public void testBuilderPermittedNames() throws GeneralSecurityException { populate(builder); builder.setPermittedNames("CN=Alice", "CN=Bob"); X509Certificate cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(NAME_CONSTRAINTS_OID), "certificate does not contain expected Name Constraints extension"); List<GeneralSubtree> names = certUtil.getPermittedNames(cert); assertEquals(names.size(), 2); assertEquals(names.get(0).getName().getName(), "CN=Alice"); assertEquals(names.get(1).getName().getName(), "CN=Bob"); }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with 'excludedNames'//from w w w . j a va2 s .c o m * * FIXME: add min/max. Add URI? * * @throws Exception */ @Test public void testBuilderExcludedNames() throws GeneralSecurityException { populate(builder); builder.setExcludedNames("CN=Alice", "CN=Bob"); X509Certificate cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(NAME_CONSTRAINTS_OID), "certificate does not contain expected Name Constraints extension"); List<GeneralSubtree> names = certUtil.getExcludedNames(cert); assertEquals(names.size(), 2); assertEquals(names.get(0).getName().getName(), "CN=Alice"); assertEquals(names.get(1).getName().getName(), "CN=Bob"); }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with 'OCSP Locations'/*w w w .j a v a 2 s . c o m*/ * * @throws Exception */ @Test public void testOcspLocations() throws GeneralSecurityException, URISyntaxException, InvalidNameException { // make sure there's no extension by default populate(builder); X509Certificate cert = builder.build(keyPair.getPrivate()); assertFalse(cert.getNonCriticalExtensionOIDs().contains(AUTHORITY_INFO_ACCESS_OID), "certificate does not contain expected AIA extension"); assertTrue(certUtil.getOcspLocations(cert).isEmpty()); // test it with some general names. builder.reset(); populate(builder); builder.setOcspLocations(expectedGeneralNameUri1, expectedGeneralNameUri2, expectedGeneralNameDir); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(AUTHORITY_INFO_ACCESS_OID), "certificate does not contain expected AIA extension"); List<com.otterca.common.crypto.GeneralName<?>> actual = certUtil.getOcspLocations(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); assertEquals(actual.get(2), expectedGeneralNameDir); // test it again with the URI convenience method. builder.reset(); populate(builder); builder.setOcspLocations(expectedGeneralNameUri1.get(), expectedGeneralNameUri2.get()); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(AUTHORITY_INFO_ACCESS_OID), "certificate does not contain expected AIA extension"); actual = certUtil.getOcspLocations(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with 'CA Issuer Locations' * /*from w w w .j av a 2 s .co m*/ * @throws Exception */ @Test public void testCaIssuerLocations() throws GeneralSecurityException, URISyntaxException, InvalidNameException { // make sure there are no extensions by default. populate(builder); X509Certificate cert = builder.build(keyPair.getPrivate()); assertFalse(cert.getNonCriticalExtensionOIDs().contains(AUTHORITY_INFO_ACCESS_OID), "certificate contains unexpected AIA extension"); assertTrue(certUtil.getCaIssuersLocations(cert).isEmpty()); // test it with some general names. builder.reset(); populate(builder); builder.setCaIssuersLocations(expectedGeneralNameUri1, expectedGeneralNameUri2, expectedGeneralNameDir); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(AUTHORITY_INFO_ACCESS_OID), "certificate does not contain expected AIA extension"); List<com.otterca.common.crypto.GeneralName<?>> actual = certUtil.getCaIssuersLocations(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); assertEquals(actual.get(2), expectedGeneralNameDir); // test it again with the URI convenience method. builder.reset(); populate(builder); builder.setCaIssuersLocations(expectedGeneralNameUri1.get(), expectedGeneralNameUri2.get()); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(AUTHORITY_INFO_ACCESS_OID), "certificate does not contain expected AIA extension"); actual = certUtil.getCaIssuersLocations(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with 'CA Repositories'/*from w ww . jav a 2 s.c o m*/ * * @throws Exception */ @Test public void testCaRepositories() throws GeneralSecurityException, URISyntaxException, InvalidNameException { // make sure there are no extensions by default. populate(builder); X509Certificate cert = builder.build(keyPair.getPrivate()); assertFalse(cert.getNonCriticalExtensionOIDs().contains(SUBJECT_INFO_ACCESS_OID), "certificate contains unexpected SIA extension"); assertTrue(certUtil.getCaRepositories(cert).isEmpty()); // test it with some general names. builder.reset(); populate(builder); builder.setCaRepositories(expectedGeneralNameUri1, expectedGeneralNameUri2, expectedGeneralNameDir); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(SUBJECT_INFO_ACCESS_OID), "certificate does not contain expected SIA extension"); List<com.otterca.common.crypto.GeneralName<?>> actual = certUtil.getCaRepositories(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); assertEquals(actual.get(2), expectedGeneralNameDir); // test it again with the URI convenience method. builder.reset(); populate(builder); builder.setCaRepositories(expectedGeneralNameUri1.get(), expectedGeneralNameUri2.get()); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(SUBJECT_INFO_ACCESS_OID), "certificate does not contain expected AIA extension"); actual = certUtil.getCaRepositories(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with 'timestamping''/* w w w. java2 s .c om*/ * * @throws Exception */ @Test public void testTimestamping() throws GeneralSecurityException, URISyntaxException, InvalidNameException { // make sure there are no extensions by default. populate(builder); X509Certificate cert = builder.build(keyPair.getPrivate()); assertFalse(cert.getNonCriticalExtensionOIDs().contains(SUBJECT_INFO_ACCESS_OID), "certificate contains unexpected SIA extension"); assertTrue(certUtil.getTimestamping(cert).isEmpty()); // test it with some general names. builder.reset(); populate(builder); builder.setTimestampingLocations(expectedGeneralNameUri1, expectedGeneralNameUri2, expectedGeneralNameEmail, expectedGeneralNameDns, expectedGeneralNameIpAddress); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(SUBJECT_INFO_ACCESS_OID), "certificate does not contain expected SIA extension"); List<com.otterca.common.crypto.GeneralName<?>> actual = certUtil.getTimestamping(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); assertEquals(actual.get(2), expectedGeneralNameEmail); assertEquals(actual.get(3), expectedGeneralNameDns); assertEquals(actual.get(4), expectedGeneralNameIpAddress); // test it again with the URI convenience method. builder.reset(); populate(builder); builder.setTimestampingLocations(expectedGeneralNameUri1.get(), expectedGeneralNameUri2.get()); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(SUBJECT_INFO_ACCESS_OID), "certificate does not contain expected AIA extension"); actual = certUtil.getTimestamping(cert); assertEquals(actual.get(0), expectedGeneralNameUri1); assertEquals(actual.get(1), expectedGeneralNameUri2); }
From source file:com.otterca.common.crypto.acceptance.X509CertificateBuilderAcceptanceTest.java
/** * Test builder with 'private key usage period' * //from ww w .j a v a2 s . c o m * @throws Exception */ @Test public void testPrivateKeyUsagePeriod() throws GeneralSecurityException { // make sure there are no extensions by default. populate(builder); X509Certificate cert = builder.build(keyPair.getPrivate()); assertFalse(cert.getNonCriticalExtensionOIDs().contains(PRIVATE_KEY_USAGE_PERIOD_OID), "certificate contains unexpected Private Key Usage Period extension"); assertEquals(certUtil.getPrivateKeyUsagePeriod(cert).length, 0); // test it with two dates. builder.reset(); populate(builder); builder.setPrivateKeyUsagePeriod(notBefore.getTime(), notAfter.getTime()); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(PRIVATE_KEY_USAGE_PERIOD_OID), "certificate does not contain expected Private Key Usage Period extension"); Date[] dates = certUtil.getPrivateKeyUsagePeriod(cert); assertEquals(dates[0], notBefore.getTime()); assertEquals(dates[1], notAfter.getTime()); // test it with just 'not before' date. builder.reset(); populate(builder); builder.setPrivateKeyUsagePeriod(notBefore.getTime(), null); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(PRIVATE_KEY_USAGE_PERIOD_OID), "certificate does not contain expected Private Key Usage Period extension"); dates = certUtil.getPrivateKeyUsagePeriod(cert); assertEquals(dates[0], notBefore.getTime()); assertEquals(dates[1], null); // test it with just 'not after' date. builder.reset(); populate(builder); builder.setPrivateKeyUsagePeriod(null, notAfter.getTime()); cert = builder.build(keyPair.getPrivate()); assertTrue(cert.getNonCriticalExtensionOIDs().contains(PRIVATE_KEY_USAGE_PERIOD_OID), "certificate does not contain expected Private Key Usage Period extension"); dates = certUtil.getPrivateKeyUsagePeriod(cert); assertEquals(dates[0], null); assertEquals(dates[1], notAfter.getTime()); // test it with no dates. The extension should not be added. builder.reset(); populate(builder); builder.setPrivateKeyUsagePeriod(null, null); cert = builder.build(keyPair.getPrivate()); assertFalse(cert.getNonCriticalExtensionOIDs().contains(PRIVATE_KEY_USAGE_PERIOD_OID), "certificate contains unexpected Private Key Usage Period extension"); }
From source file:org.apache.directory.studio.connection.ui.widgets.CertificateInfoComposite.java
private void populateExtensions(final TreeItem extensionsItem, final X509Certificate certificate, boolean critical) { Set<String> oids = critical ? certificate.getCriticalExtensionOIDs() : certificate.getNonCriticalExtensionOIDs(); if (oids != null) { for (String oid : oids) { // try to parse the extension value byte[] to an ASN1 object byte[] extensionValueBin = certificate.getExtensionValue(oid); String extensionValue = null; try { ASN1Object extension = X509ExtensionUtil.fromExtensionValue(extensionValueBin); extensionValue = extension.toString(); } catch (IOException e) { extensionValue = new String(Hex.encodeHex(extensionValueBin)); }/*from w w w .ja v a2 s. c om*/ String value = Messages.getString("CertificateInfoComposite.ExtensionOIDColon") + oid + '\n'; //$NON-NLS-1$ value += Messages.getString("CertificateInfoComposite.CriticalColon") + Boolean.toString(critical) //$NON-NLS-1$ + '\n'; value += Messages.getString("CertificateInfoComposite.ExtensionValueColon") + extensionValue + '\n'; //$NON-NLS-1$ // TODO: OID descriptions // TODO: formatting of extension value TreeItem item = createTreeItem(extensionsItem, oid, value); createTreeItem(item, Messages.getString("CertificateInfoComposite.ExtensionOID"), oid); //$NON-NLS-1$ createTreeItem(item, Messages.getString("CertificateInfoComposite.Critical"), //$NON-NLS-1$ Boolean.toString(critical)); createTreeItem(item, Messages.getString("CertificateInfoComposite.ExtensionValue"), extensionValue); //$NON-NLS-1$ } } }