Examples of com.maverick.crypto.asn1.x509.X509Certificate

• org.bouncycastle.asn1.x509.SubjectPublicKeyInfo

            {
                buf.append("                       " + new String(Hex.encode(sig, i, sig.length - i)) + nl);
            }
        }

        X509Extensions  extensions = c.getTBSCertificate().getExtensions();

        if (extensions != null)
        {
            Enumeration     e = extensions.oids();

            if (e.hasMoreElements())
            {
                buf.append("       Extensions: \n");
            }

            while (e.hasMoreElements())
            {
                DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
                X509Extension           ext = extensions.getExtension(oid);

                if (ext.getValue() != null)
                {
                    byte[]                  octs = ext.getValue().getOctets();
                    ByteArrayInputStream    bIn = new ByteArrayInputStream(octs);

  issuer.addRDN(ObjectID.commonName,
    getEntry("server name","foo.bar.com"));

  /* create the cert */

  X509Certificate cert =  new X509Certificate();
  try {
      cert.setSerialNumber(new BigInteger(20, new Random()));
      cert.setSubjectDN(issuer);
      cert.setIssuerDN(issuer);
      cert.setPublicKey(kp.getPublic());

      GregorianCalendar date = new GregorianCalendar();
      date.add(Calendar.DATE, -1);
      cert.setValidNotBefore(date.getTime());
      date.add(Calendar.MONTH,
    Integer.parseInt(getEntry("time of validity (months)","6")));
      cert.setValidNotAfter(date.getTime());

      /*
       * Specify what functions this certificate is good for.  If this
       * (Or the basicConstraint CA field) is not set, then netscape
       * will not recognize this as a CA cert. See:
       * http://home.netscape.com/eng/security/comm4-cert-exts.html
       * for details
       */

      cert.addExtension(new NetscapeCertType(
        NetscapeCertType.SSL_CA |
        NetscapeCertType.SSL_SERVER |
        NetscapeCertType.S_MIME_CA |
        NetscapeCertType.OBJECT_SIGNING_CA)
      );

      /*
       * If this certificate is to be used by an ssl server,
       * then add the following:
       */

      cert.addExtension(new NetscapeSSLServerName(
        getEntry("host name of server", "*.eng.sun.com")));

      String comment = getEntry("A comment for the certificate user", "");
      if (!comment.equals("")) {
    cert.addExtension(new NetscapeComment(comment));
      }
      cert.sign(AlgorithmID.md5WithRSAEncryption,kp.getPrivate());

      X509Certificate[] chain = new X509Certificate[1];
      chain[0] = cert;

      /* encrypt the key and save the cert */

  subject.addRDN(ObjectID.commonName ,(String) h.get("commonname"));
  subject.addRDN(ObjectID.emailAddress ,(String) h.get("email"));
  subject.addRDN(ObjectID.stateOrProvince,(String) h.get("state"));
  subject.addRDN(ObjectID.locality,(String) h.get("locality"));

  X509Certificate cert = new X509Certificate();
  if (h.containsKey("serial")) {
      cert.setSerialNumber(new BigInteger((String) h.get("serial")));
  } else {
      cert.setSerialNumber(new BigInteger("" + serialNo++));
  }
  cert.setSubjectDN(subject);
  cert.setIssuerDN(serverChain[0].getIssuerDN());

  System.out.println("User cert request generated");
  // System.out.println("Dummy cert request " + cert.toString());

  /*
   * Get the signed public key from the user.
   * This is the base64 decoded string that came back from
   * netscape's KEYGEN param, the SignedPublicKeyAndChallenge.
   */

  String key = (String) h.get("key");
  byte bytes[] = Util.Base64Decode(key.getBytes());
  NetscapeCertRequest nc = null;
  try {
      nc = new  NetscapeCertRequest(bytes);
  } catch (CodingException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  try {
      nc.verify();
  } catch (java.security.SignatureException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }
  System.out.println("Got cert req: " + nc);
  try {
      cert.setPublicKey(nc.getPublicKey());
  } catch (java.security.InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

  /*
   * set up the validity dates
   */

  GregorianCalendar date = new GregorianCalendar();
  date.add(Calendar.DATE, -1);
  cert.setValidNotBefore(date.getTime());
  date.add(Calendar.MONTH,
    Integer.parseInt((String) h.get("expires")));
  cert.setValidNotAfter(date.getTime());

  /*
   * Add in any cert options.  If none are specified, then the default,
   * which is everything but object signing is used.
   */

  int options = 0;
  if (h.get("can_sign") != null) {
      options |= NetscapeCertType.OBJECT_SIGNING;
  }
  if (h.get("can_email") != null) {
      options |= NetscapeCertType.S_MIME;
  }
  if (h.get("can_ssl") != null) {
      options |= NetscapeCertType.SSL_CLIENT;
  }
  if (options != 0) {
      cert.addExtension(new NetscapeCertType(options));
  }

  /*
   * This is the private key out of the server's certificate,
   */

  System.out.println("About to sign cert");
  try {
      cert.sign(AlgorithmID.md5WithRSAEncryption, serverKey);
  } catch (InvalidKeyException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  } catch (NoSuchAlgorithmException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  } catch (CertificateException e) {
      System.out.println("OOPS " + e);
      e.printStackTrace();
  }

  System.out.println("Generated CERT:" + cert.toString(true));

  /*
   * Construct a chain by adding on the server chain
   */

            // For this sample we use a hard coded certificate contained below.
            // This encoding would be extracted from the card using a series of
            // APDU commands.
            Certificate certificate = null;
            try {
                certificate = new X509Certificate(CERTIFICATE_ENCODING);
            } catch (final CertificateParsingException e) {
                // Should not happen.
            }

            stepProgressDialog(1);

            params = new X962Parameters(ecP);
        }

        ASN1OctetString    p = (ASN1OctetString)(new X9ECPoint(this.getQ()).getDERObject());

        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());

        try
        {
            dOut.writeObject(info);
            dOut.close();

        if (sigOID == null)
        {
            throw new IllegalArgumentException("Unknown signature type requested");
        }

        sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull());

        tbsGen.setSignature(sigAlgId);
    }

            // "signerInfo" structure. I may be wrong.
            //
            ASN1EncodableVector v = new ASN1EncodableVector();
            for (Iterator i = digestalgos.iterator(); i.hasNext();)
            {
                AlgorithmIdentifier a = new AlgorithmIdentifier(
                            new DERObjectIdentifier((String)i.next()),
                            null);

                v.add(a);
            }

            DERSet algos = new DERSet(v);

            // Create the contentInfo. Empty, I didn't implement this bit
            //
            DERSequence contentinfo = new DERSequence(
                                        new DERObjectIdentifier(ID_PKCS7_DATA));

            // Get all the certificates
            //
            v = new ASN1EncodableVector();
            for (Iterator i = certs.iterator();i.hasNext();)
            {
                DERInputStream tempstream = new DERInputStream(new ByteArrayInputStream(((X509Certificate)i.next()).getEncoded()));
                v.add(tempstream.readObject());
            }

            DERSet dercertificates = new DERSet(v);

            // Create signerinfo structure.
            //
            ASN1EncodableVector signerinfo = new ASN1EncodableVector();

            // Add the signerInfo version
            //
            signerinfo.add(new DERInteger(signerversion));

            IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber(
                        new X509Name((ASN1Sequence)getIssuer(signCert.getTBSCertificate())),
                        new DERInteger(signCert.getSerialNumber()));
            signerinfo.add(isAnds);

            // Add the digestAlgorithm
            //
            signerinfo.add(new AlgorithmIdentifier(
                                new DERObjectIdentifier(digestAlgorithm),
                                new DERNull()));

            //
            // Add the digestEncryptionAlgorithm
            //
            signerinfo.add(new AlgorithmIdentifier(
                                new DERObjectIdentifier(digestEncryptionAlgorithm),
                                new DERNull()));

            //
            // Add the digest

    {
        super(name);

        this.digest = digest;
        this.cipher = cipher;
        this.algId = new AlgorithmIdentifier(objId, null);
    }

            params = new X962Parameters(ecP);
        }

        ASN1OctetString    p = (ASN1OctetString)(new X9ECPoint(this.getQ()).getDERObject());

        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());

        try
        {
            dOut.writeObject(info);
            dOut.close();

    public void setPublicKey(
        PublicKey       key)
    {
        try
        {
            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
                                new ByteArrayInputStream(key.getEncoded())).readObject()));
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("unable to process key - " + e.toString());