Package org.owasp.webscarab.util

Source Code of org.owasp.webscarab.util.SunCertificateUtils

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
package org.owasp.webscarab.util;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;

import javax.security.auth.x500.X500Principal;

import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.ExtendedKeyUsageExtension;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.NetscapeCertTypeExtension;
import sun.security.x509.SubjectKeyIdentifierExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X500Signer;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

public class SunCertificateUtils {

  private static final String SIGALG = "SHA1withRSA";

  public static X509Certificate sign(X500Principal subject, PublicKey pubKey,
      X500Principal issuer, PublicKey caPubKey, PrivateKey caKey,
      Date begin, Date ends, BigInteger serialNo)
      throws GeneralSecurityException {

    try {
      X500Name subjectName = new X500Name(subject.getName());
      X500Name issuerName = new X500Name(issuer.getName());
      Signature signature = Signature.getInstance(SIGALG);

      signature.initSign(caKey);
      X500Signer signer = new X500Signer(signature, issuerName);

      CertificateValidity valid = new CertificateValidity(begin, ends);

      X509CertInfo info = new X509CertInfo();
      // Add all mandatory attributes
      info.set(X509CertInfo.VERSION, new CertificateVersion(
          CertificateVersion.V3));
      info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
          serialNo));
      AlgorithmId algID = signer.getAlgorithmId();
      info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
          algID));
      info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
          subjectName));
      info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));
      info.set(X509CertInfo.VALIDITY, valid);
      info.set(X509CertInfo.ISSUER, new CertificateIssuerName(signer
          .getSigner()));

      // add Extensions
      CertificateExtensions ext = (subject == issuer) ? getCACertificateExtensions()
          : getCertificateExtensions(pubKey, caPubKey);
      info.set(X509CertInfo.EXTENSIONS, ext);

      X509CertImpl cert = new X509CertImpl(info);
      cert.sign(caKey, SIGALG);

      return cert;
    } catch (IOException e) {
      CertificateEncodingException cee = new CertificateEncodingException("generate: "
          + e.getMessage());
      cee.initCause(e);
      throw cee;
    }
  }

  private static CertificateExtensions getCACertificateExtensions()
      throws IOException {
    CertificateExtensions ext = new CertificateExtensions();

    // Basic Constraints
    ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(
    /* isCritical */Boolean.TRUE, /* isCA */true, 0));

    return ext;
  }

  private static CertificateExtensions getCertificateExtensions(
      PublicKey pubKey, PublicKey caPubKey) throws IOException {
    CertificateExtensions ext = new CertificateExtensions();

    ext.set(SubjectKeyIdentifierExtension.NAME,
        new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey)
            .getIdentifier()));

    ext.set(AuthorityKeyIdentifierExtension.NAME,
        new AuthorityKeyIdentifierExtension(
            new KeyIdentifier(caPubKey), null, null));

    // Basic Constraints
    ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(
    /* isCritical */Boolean.TRUE, /* isCA */false, /* pathLen */5));

    // Netscape Cert Type Extension
    boolean[] ncteOk = new boolean[8];
    ncteOk[0] = true; // SSL_CLIENT
    ncteOk[1] = true; // SSL_SERVER
    NetscapeCertTypeExtension ncte = new NetscapeCertTypeExtension(ncteOk);
    ncte = new NetscapeCertTypeExtension(Boolean.FALSE, ncte.getExtensionValue());
    ext.set(NetscapeCertTypeExtension.NAME, ncte);

    // Key Usage Extension
    boolean[] kueOk = new boolean[9];
    kueOk[0] = true;
    kueOk[2] = true;
    // "digitalSignature", // (0),
    // "nonRepudiation", // (1)
    // "keyEncipherment", // (2),
    // "dataEncipherment", // (3),
    // "keyAgreement", // (4),
    // "keyCertSign", // (5),
    // "cRLSign", // (6),
    // "encipherOnly", // (7),
    // "decipherOnly", // (8)
    // "contentCommitment" // also (1)
    KeyUsageExtension kue = new KeyUsageExtension(kueOk);
    ext.set(KeyUsageExtension.NAME, kue);

    // Extended Key Usage Extension
    int[] serverAuthOidData = { 1, 3, 6, 1, 5, 5, 7, 3, 1 };
    ObjectIdentifier serverAuthOid = new ObjectIdentifier(serverAuthOidData);
    int[] clientAuthOidData = { 1, 3, 6, 1, 5, 5, 7, 3, 2 };
    ObjectIdentifier clientAuthOid = new ObjectIdentifier(clientAuthOidData);
    Vector v = new Vector();
    v.add(serverAuthOid);
    v.add(clientAuthOid);
    ExtendedKeyUsageExtension ekue = new ExtendedKeyUsageExtension(Boolean.FALSE, v);
    ext.set(ExtendedKeyUsageExtension.NAME, ekue);

    return ext;

  }

}
TOP

Related Classes of org.owasp.webscarab.util.SunCertificateUtils

  • org.bouncycastle.asn1.misc.NetscapeCertType
  • org.bouncycastle.asn1.x509.AuthorityKeyIdentifier
  • org.bouncycastle.asn1.x509.BasicConstraints
  • org.bouncycastle.asn1.x509.ExtendedKeyUsage
  • org.bouncycastle.asn1.x509.KeyUsage
  • org.bouncycastle.asn1.x509.SubjectKeyIdentifier
  • org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils
  • org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder
  • org.bouncycastle.cert.X509CertificateHolder
  • org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.