Examples of sun.security.x509.BasicConstraintsExtension

sun.security.x509.BasicConstraintsExtension
This class represents the Basic Constraints Extension.
The basic constraints extension identifies whether the subject of the certificate is a CA and how deep a certification path may exist through that CA.
```
 The ASN.1 syntax for this extension is: BasicConstraints ::= SEQUENCE { cA                BOOLEAN DEFAULT FALSE, pathLenConstraint INTEGER (0..MAX) OPTIONAL } 
```
@author Amit Kapoor @author Hemma Prafullchandra @see CertAttrSet @see Extension

    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
   
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);

View Full Code Here

        // other solution: We first sign the cert, then retrieve the
        // outer sigalg and use it to set the inner sigalg


        X509CertImpl newCert = new X509CertImpl(certInfo);
        newCert.sign(privKey, sigAlgName);
        AlgorithmId sigAlgid = (AlgorithmId)newCert.get(X509CertImpl.SIG_ALG);
        certInfo.set(CertificateAlgorithmId.NAME + "." +
                     CertificateAlgorithmId.ALGORITHM, sigAlgid);


        // Sign the new certificate
        newCert = new X509CertImpl(certInfo);

View Full Code Here

    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
    info
      .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));


    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);

View Full Code Here

        // (as defined in PKCS#8)
        AlgorithmParameters pbeParams =
            AlgorithmParameters.getInstance("PBE", PROV);
        pbeParams.init(pbeSpec);


        AlgorithmId encrAlg = new AlgorithmId
            (new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
        return new EncryptedPrivateKeyInfo(encrAlg,encrKey).getEncoded();
    }

View Full Code Here

                                           encrInfo.getEncryptedData().length);
            }


            // determine the private-key algorithm, and parse private key
            // using the appropriate key factory
            String oidName = new AlgorithmId
                (new PrivateKeyInfo(plain).getAlgorithm().getOID()).getName();
            KeyFactory kFac = KeyFactory.getInstance(oidName);
            return kFac.generatePrivate(new PKCS8EncodedKeySpec(plain));


        } catch (NoSuchAlgorithmException ex) {

View Full Code Here

    }


    static URI getResponderURI(X509CertImpl certImpl) {


        // Examine the certificate's AuthorityInfoAccess extension
        AuthorityInfoAccessExtension aia =
            certImpl.getAuthorityInfoAccessExtension();
        if (aia == null) {
            return null;
        }


        List<AccessDescription> descriptions = aia.getAccessDescriptions();
        for (AccessDescription description : descriptions) {
            if (description.getAccessMethod().equals(
                AccessDescription.Ad_OCSP_Id)) {


                GeneralName generalName = description.getAccessLocation();

View Full Code Here


  private static CertificateExtensions getCACertificateExtensions() throws IOException {
    CertificateExtensions ext = new CertificateExtensions();


    // Basic Constraints
    ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(
        /* isCritical */true, /* isCA */true, 0));


    return ext;
  }

View Full Code Here

    ext.set(AuthorityKeyIdentifierExtension.NAME,
        new AuthorityKeyIdentifierExtension(
            new KeyIdentifier(caPubKey), null, null));


    // Basic Constraints
    ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(
        /* isCritical */true, /* isCA */false, /* pathLen */5));


    // Netscape Cert Type Extension
    boolean[] ncteOk = new boolean[8];
    ncteOk[0] = true; // SSL_CLIENT

View Full Code Here

        AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));


        CertificateExtensions ext = new CertificateExtensions();
        // Critical: Not CA, max path len 0
        ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(true, false, 0));
        // Critical: only allow TLS ("serverAuth" = 1.3.6.1.5.5.7.3.1)
        ext.set(ExtendedKeyUsageExtension.NAME, new ExtendedKeyUsageExtension(true,
                new Vector<ObjectIdentifier>(Arrays.asList(new ObjectIdentifier("1.3.6.1.5.5.7.3.1")))));


        if (san != null) {

View Full Code Here

  private static CertificateExtensions getCACertificateExtensions()
      throws IOException {
    CertificateExtensions ext = new CertificateExtensions();


    // Basic Constraints
    ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(
    /* isCritical */Boolean.TRUE, /* isCA */true, 0));


    return ext;
  }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of sun.security.x509.BasicConstraintsExtension

CheckCertId

com.android.builder.signing.SignedJarBuilder

com.caucho.vfs.SelfSignedCert

com.intel.mtwilson.crypto.X509Builder

com.subgraph.vega.internal.http.proxy.ssl.CertificateCreator

com.sun.crypto.provider.KeyProtector

com.sun.enterprise.iiop.security.SecClientRequestInterceptor

com.sun.enterprise.iiop.security.SecServerRequestInterceptor

com.sun.enterprise.iiop.security.SecurityMechanismSelector

com.sun.enterprise.security.auth.login.LoginContextDriver

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.