/* Cert creation engine */
  private static synchronized X509Certificate createX509V3Certificate(
      PublicKey pubKey,
      PrivateKey privKey,
      int ttlMonths,
      String issuerDN,
      String subjectDN,
      long serial,
      String signAlgoritm)
      throws GeneralSecurityException {
    X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
    certGenerator.reset();

    certGenerator.setSerialNumber(java.math.BigInteger.valueOf(serial));
    certGenerator.setIssuerDN(new org.bouncycastle.asn1.x509.X509Name(issuerDN));
    certGenerator.setNotBefore(new java.util.Date(System.currentTimeMillis()));
    certGenerator.setNotAfter(
        new java.util.Date(System.currentTimeMillis() + ttlMonths * (1000L * 60 * 60 * 24 * 30)));
    certGenerator.setSubjectDN(new org.bouncycastle.asn1.x509.X509Name(subjectDN));
    certGenerator.setPublicKey(pubKey);
    certGenerator.setSignatureAlgorithm(signAlgoritm);

    X509Certificate cert =
        certGenerator.generateX509Certificate(privKey, "BC", new java.security.SecureRandom());
    cert.checkValidity(new java.util.Date());
    cert.verify(pubKey);

    return cert;
  }
Example #2
0
 /** return the subject of the given cert as an X509PrincipalObject. */
 public static X509Principal getSubjectX509Principal(X509Certificate cert)
     throws CertificateEncodingException {
   try {
     TBSCertificateStructure tbsCert =
         TBSCertificateStructure.getInstance(ASN1Object.fromByteArray(cert.getTBSCertificate()));
     return new X509Principal(tbsCert.getSubject());
   } catch (IOException e) {
     throw new CertificateEncodingException(e.toString());
   }
 }
 /**
  * Return an interned X509CertImpl for the given certificate. If the given X509Certificate or
  * X509CertImpl is already present in the cert cache, the cached object is returned. Otherwise, if
  * it is a X509Certificate, it is first converted to a X509CertImpl. Then the X509CertImpl is
  * added to the cache and returned.
  *
  * <p>Note that all certificates created via generateCertificate(InputStream) are already interned
  * and this method does not need to be called. It is useful for certificates that cannot be
  * created via generateCertificate() and for converting other X509Certificate implementations to
  * an X509CertImpl.
  */
 public static synchronized X509CertImpl intern(X509Certificate c) throws CertificateException {
   if (c == null) {
     return null;
   }
   boolean isImpl = c instanceof X509CertImpl;
   byte[] encoding;
   if (isImpl) {
     encoding = ((X509CertImpl) c).getEncodedInternal();
   } else {
     encoding = c.getEncoded();
   }
   X509CertImpl newC = getFromCache(certCache, encoding);
   if (newC != null) {
     return newC;
   }
   if (isImpl) {
     newC = (X509CertImpl) c;
   } else {
     newC = new X509CertImpl(encoding);
     encoding = newC.getEncodedInternal();
   }
   addToCache(certCache, encoding, newC);
   return newC;
 }
Example #4
0
  public static void main(String[] args) throws Exception {
    // Get a CertificateFactory for various tests
    CF = CertificateFactory.getInstance("X509");
    ByteArrayInputStream bais = new ByteArrayInputStream(readFile("int.crt").getBytes());
    X509Certificate intCA = (X509Certificate) CF.generateCertificate(bais);
    System.out.println(
        "Successfully instantiated CA cert \"" + intCA.getSubjectX500Principal() + "\"");

    CertId cid0x1500 = new CertId(intCA, new SerialNumber(0x1500));
    boolean noFailures = true;

    OCSPResponse.SingleResponse sr = getSRByFilename("ocsp-good-nonext.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    if (sr.getRevocationTime() != null) {
      throw new RuntimeException("Oops. revocationTime is non-null " + sr.getRevocationTime());
    } else if (sr.getRevocationReason() != null) {
      throw new RuntimeException("Oops. revocationReason is non-null " + sr.getRevocationReason());
    }

    sr = getSRByFilename("ocsp-good-withnext.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    sr = getSRByFilename("ocsp-good-witharchcut.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    sr = getSRByFilename("ocsp-rev-nocerts.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    sr = getSRByFilename("ocsp-rev-nonext-noinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    sr = getSRByFilename("ocsp-rev-withnext-noinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 0);

    sr = getSRByFilename("ocsp-rev-nonext-withinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    sr = getSRByFilename("ocsp-rev-withnext-withinv.resp", cid0x1500);
    noFailures &= checkSingleExts(sr, 1);

    try {
      sr = getSRByFilename("ocsp-rev-twonext.resp", cid0x1500);
      System.out.println("FAIL: Allowed two nextUpdate fields");
      noFailures = false;
    } catch (IOException ioe) {
      System.out.println("Caught expected exception: " + ioe);
    }

    try {
      sr = getSRByFilename("ocsp-rev-bad-sr-tag.resp", cid0x1500);
      System.out.println("FAIL: Allowed invalid singleResponse item");
      noFailures = false;
    } catch (IOException ioe) {
      System.out.println("Caught expected exception: " + ioe);
    }

    try {
      sr = getSRByFilename("ocsp-rev-sr-cont-reverse.resp", cid0x1500);
      System.out.println("FAIL: Allowed reversed " + "nextUpdate/singleExtensions");
      noFailures = false;
    } catch (IOException ioe) {
      System.out.println("Caught expected exception: " + ioe);
    }

    if (!noFailures) {
      throw new RuntimeException("One or more tests failed");
    }
  }