Examples of sun.security.x509.X509CertInfo

• sun.security.x509.X509CertImpl
  The X509CertInfo class represents X.509 certificate information.

  X.509 certificates have several base data elements, including:

  • The Subject Name, an X.500 Distinguished Name for the entity (subject) for which the certificate was issued.
  • The Subject Public Key, the public key of the subject. This is one of the most important parts of the certificate.
  • The Validity Period, a time period (e.g. six months) within which the certificate is valid (unless revoked).
  • The Issuer Name, an X.500 Distinguished Name for the Certificate Authority (CA) which issued the certificate.
  • A Serial Number assigned by the CA, for use in certificate revocation and other applications. @author Amit Kapoor @author Hemma Prafullchandra @see CertAttrSet @see X509CertImpl

         */
        LDAPCertSelector(X509CertSelector selector, X500Principal certSubject,
            String ldapDN) throws IOException {
            this.selector = selector == null ? new X509CertSelector() : selector;
            this.certSubject = certSubject;
            this.subject = new X500Name(ldapDN).asX500Principal();
        }

            this.selector = selector == null ? new X509CRLSelector() : selector;
            this.certIssuers = certIssuers;
            issuerNames = new HashSet<Object>();
            issuerNames.add(ldapDN);
            issuers = new HashSet<X500Principal>();
            issuers.add(new X500Name(ldapDN).asX500Principal());
        }

        .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);

    // Update the algorith, and resign.
    algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
    info
        .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
            algo);
    cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);
    return cert;
  }

             */
            if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Contents of X509 Certificate chain:");
            }
            for (int i = 0; i < certchain.length; i++) {
                certchain[i] = new X509CertImpl(derval[i]);
                if(_logger.isLoggable(Level.FINE)){
                _logger.log(Level.FINE,"    " + certchain[i].getSubjectDN().getName());
                }
            }
            if(_logger.isLoggable(Level.FINE)){

    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);

    // Update the algorith, and resign.
    algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
    info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
    cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);
    return cert;
  }

        }

        // convert to X509CertImpl, so that we can modify selected fields
        // (no public APIs available yet)
        byte[] encoded = oldCert.getEncoded();
        X509CertImpl certImpl = new X509CertImpl(encoded);
        X509CertInfo certInfo = (X509CertInfo)certImpl.get(X509CertImpl.NAME +
                                "." + X509CertImpl.INFO);

        // get an X509Certificate from the signing_alias
        encoded = signingCert.getEncoded();
        X509CertImpl signingCertImpl = new X509CertImpl(encoded);
        X509CertInfo signingCertInfo = (X509CertInfo)
            signingCertImpl.get(X509CertImpl.NAME
                                + "." + X509CertImpl.INFO);

        // Extend its validity
        int validity = 180;  // 180 days default
        Date firstDate = new Date();
        Date lastDate = new Date();
        lastDate.setTime(firstDate.getTime() + validity*1000*24*60*60L);
        CertificateValidity interval = new CertificateValidity(firstDate,
                                                               lastDate);
        certInfo.set(X509CertInfo.VALIDITY, interval);

        // Make new serial number
        certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber
            ((int)(firstDate.getTime()/1000)));

        // Set owner and issuer fields
        X500Name owner;
        // Get the owner name from the certificate
        owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
                                       CertificateSubjectName.DN_NAME);

        // Get the issuer name - the owner of the signing certificate
        X500Name issuer;
        issuer = (X500Name)signingCertInfo.get(X509CertInfo.SUBJECT + "." +
                                           CertificateSubjectName.DN_NAME);

        certInfo.set(X509CertInfo.ISSUER + "." +
                     CertificateIssuerName.DN_NAME, issuer);

        // The inner and outer signature algorithms have to match.
        // The way we achieve that is really ugly, but there seems to be no
        // other solution: We first sign the cert, then retrieve the
        // outer sigalg and use it to set the inner sigalg

        X509CertImpl newCert = new X509CertImpl(certInfo);
        newCert.sign(privKey, sigAlgName);
        AlgorithmId sigAlgid = (AlgorithmId)newCert.get(X509CertImpl.SIG_ALG);
        certInfo.set(CertificateAlgorithmId.NAME + "." +
                     CertificateAlgorithmId.ALGORITHM, sigAlgid);

        // Sign the new certificate
        newCert = new X509CertImpl(certInfo);
        newCert.sign(privKey, sigAlgName);

        // Store the new certificate as a single-element certificate chain
        keyStore.setKeyEntry(signee_alias, privKey,
                             (keyPass != null) ? keyPass : storePass,
                             new Certificate[] { newCert });


        System.err.println("New certificate signed & inserted into KeyStore!");
        System.err.print(newCert.toString());
        System.err.println();
    }

      .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);

    // Update the algorith, and resign.
    algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
    info
      .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
           algo);
    cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);
    return cert;
  }

                throw new RuntimeException("[" + this + "] ERROR: Cannot make SSL handshake with server(" + ret + "): " + SSL.getLastError());

            try {
                byte[] key = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT);
                //*DEBUG*/System.out.println("DEBUG: Server cert:\n"+new ByteBuffer(key).dump());
                sslState.serverCertificateSubjectPublicKeyInfo = new X509CertImpl(key).getPublicKey().getEncoded();
            } catch (Exception e) {
                throw new RuntimeException("[" + this + "] ERROR: Cannot get server public key: ", e);
            }

        } catch (RuntimeException e) {

                        if (fc.showDialog(this, "Selectionner") == JFileChooser.APPROVE_OPTION) {
                                tb_certificatpath.setText(fc.getSelectedFile().getAbsolutePath() + File.separator + "certificat.cert");
                                tb_privatekeypath.setText(fc.getSelectedFile().getAbsolutePath() + File.separator + "private.key");
                                KeyPair kp = RSA.generateKeyPair();
                                RSA.saveKeyToFile(fc.getSelectedFile().getAbsolutePath() + File.separator + "private.key", kp.getPrivate());
                                X509CertImpl c = Certificat.generateX509Certificate(kp.getPublic(),
                                        tb_nom.getText() + " " + tb_prenom.getText(),
                                        kp.getPrivate(),
                                        tb_nom.getText() + " " + tb_prenom.getText());
                                Certificat.saveCertToFile(fc.getSelectedFile().getAbsolutePath() + File.separator + "certificat.cert", c);

     */
    static boolean getNetscapeCertTypeBit(X509Certificate cert, String type) {
        try {
            NetscapeCertTypeExtension ext;
            if (cert instanceof X509CertImpl) {
                X509CertImpl certImpl = (X509CertImpl)cert;
                ObjectIdentifier oid = OBJID_NETSCAPE_CERT_TYPE;
                ext = (NetscapeCertTypeExtension)certImpl.getExtension(oid);
                if (ext == null) {
                    return true;
                }
            } else {
                byte[] extVal = cert.getExtensionValue(OID_NETSCAPE_CERT_TYPE);