CertificateCreator (selenium-server 2.13.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

cybervillains.ca
Class CertificateCreator

java.lang.Object
  cybervillains.ca.CertificateCreator

public class CertificateCreator
extends java.lang.Object
extends java.lang.Object

Methods for creating certificates. *************************************************************************************** Copyright (c) 2007, Information Security Partners, LLC All rights reserved. In a special exception, Selenium/OpenQA is allowed to use this code under the Apache License 2.0.

Author:: Brad Hill

Field Summary
`static java.lang.String`	`KEYGEN_ALGO` The default key generation algorithm for this package is RSA.
`static java.lang.String`	`OID_AUTHORITY_INFO_ACCESS` X.509 OID for Authority Information Access - Omitted when duplicating a cert by default.
`static java.lang.String`	`OID_AUTHORITY_KEY_IDENTIFIER` X.509 OID for Subject Authority Key Identifier - Replaced when duplicating a cert.
`static java.lang.String`	`OID_CRL_DISTRIBUTION_POINT` X.509 OID for Certificate Revocation List Distribution Point - Omitted when duplicating a cert by default.
`static java.lang.String`	`OID_ID_AD_CAISSUERS` X.509 OID for Additional CA Issuers for AIA - Omitted when duplicating a cert by default.
`static java.lang.String`	`OID_ISSUER_ALTERNATIVE_NAME` X.509 OID for Issuer Alternative Name - Omitted when duplicating a cert by default.
`static java.lang.String`	`OID_ISSUER_ALTERNATIVE_NAME_2` X.509 OID for Issuer Alternative Name 2 - Omitted when duplicating a cert by default.
`static java.lang.String`	`OID_SUBJECT_KEY_IDENTIFIER` X.509 OID for Subject Key Identifier Extension - Replaced when duplicating a cert.
`static java.lang.String`	`SIGN_ALGO` The default sign algorithm for this package is SHA1 with RSA.

Constructor Summary
`CertificateCreator()`

Method Summary
`static java.security.cert.X509Certificate`	`createTypicalMasterCert(java.security.KeyPair keyPair)` Creates a typical Certification Authority (CA) certificate.
`static java.security.cert.X509Certificate`	`generateStdSSLServerCertificate(java.security.PublicKey newPubKey, java.security.cert.X509Certificate caCert, java.security.PrivateKey caPrivateKey, java.lang.String subject, java.lang.String certificateRevocationListPath)` Utility method for generating a "standard" server certificate.
`static java.security.cert.X509Certificate`	`mitmDuplicateCertificate(java.security.cert.X509Certificate originalCert, java.security.PublicKey newPubKey, java.security.cert.X509Certificate caCert, java.security.PrivateKey caPrivateKey)` Convenience method for the most common case of certificate duplication.
`static java.security.cert.X509Certificate`	`mitmDuplicateCertificate(java.security.cert.X509Certificate originalCert, java.security.PublicKey newPubKey, java.security.cert.X509Certificate caCert, java.security.PrivateKey caPrivateKey, java.util.Set<java.lang.String> extensionOidsNotToCopy, java.util.Map<java.lang.String,org.bouncycastle.asn1.DEREncodable> criticalCustomExtensions, java.util.Map<java.lang.String,org.bouncycastle.asn1.DEREncodable> noncriticalCustomExtensions)` This method creates an X509v3 certificate based on an an existing certificate.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

KEYGEN_ALGO

public static final java.lang.String KEYGEN_ALGO

The default key generation algorithm for this package is RSA.

See Also:: Constant Field Values

SIGN_ALGO

public static final java.lang.String SIGN_ALGO

The default sign algorithm for this package is SHA1 with RSA.

See Also:: Constant Field Values

OID_SUBJECT_KEY_IDENTIFIER

public static final java.lang.String OID_SUBJECT_KEY_IDENTIFIER

X.509 OID for Subject Key Identifier Extension - Replaced when duplicating a cert.

See Also:: Constant Field Values

OID_AUTHORITY_KEY_IDENTIFIER

public static final java.lang.String OID_AUTHORITY_KEY_IDENTIFIER

X.509 OID for Subject Authority Key Identifier - Replaced when duplicating a cert.

See Also:: Constant Field Values

OID_ISSUER_ALTERNATIVE_NAME

public static final java.lang.String OID_ISSUER_ALTERNATIVE_NAME

X.509 OID for Issuer Alternative Name - Omitted when duplicating a cert by default.

See Also:: Constant Field Values

OID_ISSUER_ALTERNATIVE_NAME_2

public static final java.lang.String OID_ISSUER_ALTERNATIVE_NAME_2

X.509 OID for Issuer Alternative Name 2 - Omitted when duplicating a cert by default.

See Also:: Constant Field Values

OID_CRL_DISTRIBUTION_POINT

public static final java.lang.String OID_CRL_DISTRIBUTION_POINT

X.509 OID for Certificate Revocation List Distribution Point - Omitted when duplicating a cert by default.

See Also:: Constant Field Values

OID_AUTHORITY_INFO_ACCESS

public static final java.lang.String OID_AUTHORITY_INFO_ACCESS

X.509 OID for Authority Information Access - Omitted when duplicating a cert by default.

See Also:: Constant Field Values

OID_ID_AD_CAISSUERS

public static final java.lang.String OID_ID_AD_CAISSUERS

X.509 OID for Additional CA Issuers for AIA - Omitted when duplicating a cert by default.

See Also:: Constant Field Values

Constructor Detail

CertificateCreator

public CertificateCreator()

Method Detail

generateStdSSLServerCertificate

public static java.security.cert.X509Certificate generateStdSSLServerCertificate(java.security.PublicKey newPubKey,
                                                                                 java.security.cert.X509Certificate caCert,
                                                                                 java.security.PrivateKey caPrivateKey,
                                                                                 java.lang.String subject,
                                                                                 java.lang.String certificateRevocationListPath)
                                                                          throws java.security.cert.CertificateParsingException,
                                                                                 java.security.SignatureException,
                                                                                 java.security.InvalidKeyException,
                                                                                 java.security.cert.CertificateExpiredException,
                                                                                 java.security.cert.CertificateNotYetValidException,
                                                                                 java.security.cert.CertificateException,
                                                                                 java.security.NoSuchAlgorithmException,
                                                                                 java.security.NoSuchProviderException

Utility method for generating a "standard" server certificate. Recognized by most browsers as valid for SSL/TLS. These certificates are generated de novo, not from a template, so they will not retain the structure of the original certificate and may not be suitable for applications that require Extended Validation/High Assurance SSL or other distinct extensions or EKU.

Parameters:: newPubKey -; caCert -; caPrivateKey -; hostname -
Returns:
Throws:: java.security.cert.CertificateParsingException; java.security.SignatureException; java.security.InvalidKeyException; java.security.cert.CertificateExpiredException; java.security.cert.CertificateNotYetValidException; java.security.cert.CertificateException; java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException

mitmDuplicateCertificate

public static java.security.cert.X509Certificate mitmDuplicateCertificate(java.security.cert.X509Certificate originalCert,
                                                                          java.security.PublicKey newPubKey,
                                                                          java.security.cert.X509Certificate caCert,
                                                                          java.security.PrivateKey caPrivateKey,
                                                                          java.util.Set<java.lang.String> extensionOidsNotToCopy,
                                                                          java.util.Map<java.lang.String,org.bouncycastle.asn1.DEREncodable> criticalCustomExtensions,
                                                                          java.util.Map<java.lang.String,org.bouncycastle.asn1.DEREncodable> noncriticalCustomExtensions)
                                                                   throws java.security.cert.CertificateParsingException,
                                                                          java.security.SignatureException,
                                                                          java.security.InvalidKeyException,
                                                                          java.security.cert.CertificateException,
                                                                          java.security.NoSuchAlgorithmException,
                                                                          java.security.NoSuchProviderException

This method creates an X509v3 certificate based on an an existing certificate. It attempts to create as faithful a copy of the existing certificate as possible by duplicating all certificate extensions. If you are testing an application that makes use of additional certificate extensions (e.g. logotype, S/MIME capabilities) this method will preserve those fields. You may optionally include a set of OIDs not to copy from the original certificate. The most common reason to do this would be to remove fields that would cause inconsistency, such as Authority Info Access or Issuer Alternative Name where these are not defined for the MITM authority certificate. OIDs 2.5.29.14 : Subject Key Identifier and 2.5.29.35 : Authority Key Identifier, are never copied, but generated directly based on the input keys and certificates. You may also optionally include maps of custom extensions which will be added to or replace extensions with the same OID on the original certificate for the the MITM certificate. FUTURE WORK: JDK 1.5 is very strict in parsing extensions. In particular, known extensions that include URIs must parse to valid URIs (including URL encoding all non-valid URI characters) or the extension will be rejected and not available to copy to the MITM certificate. Will need to directly extract these as ASN.1 fields and re-insert (hopefully BouncyCastle will handle them)

Parameters:: originalCert - The original certificate to duplicate.; newPubKey - The new public key for the MITM certificate.; caCert - The certificate of the signing authority fot the MITM certificate.; caPrivateKey - The private key of the signing authority.; extensionOidsNotToCopy - An optional list of certificate extension OIDs not to copy to the MITM certificate.; criticalCustomExtensions - An optional map of critical extension OIDs to add/replace on the MITM certificate.; noncriticalCustomExtensions - An optional map of non-critical extension OIDs to add/replace on the MITM certificate.
Returns:: The new MITM certificate.
Throws:: java.security.cert.CertificateParsingException; java.security.SignatureException; java.security.InvalidKeyException; java.security.cert.CertificateExpiredException; java.security.cert.CertificateNotYetValidException; java.security.cert.CertificateException; java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException

mitmDuplicateCertificate

public static java.security.cert.X509Certificate mitmDuplicateCertificate(java.security.cert.X509Certificate originalCert,
                                                                          java.security.PublicKey newPubKey,
                                                                          java.security.cert.X509Certificate caCert,
                                                                          java.security.PrivateKey caPrivateKey)
                                                                   throws java.security.cert.CertificateParsingException,
                                                                          java.security.SignatureException,
                                                                          java.security.InvalidKeyException,
                                                                          java.security.cert.CertificateExpiredException,
                                                                          java.security.cert.CertificateNotYetValidException,
                                                                          java.security.cert.CertificateException,
                                                                          java.security.NoSuchAlgorithmException,
                                                                          java.security.NoSuchProviderException

Convenience method for the most common case of certificate duplication. This method will not add any custom extensions and won't copy the extensions 2.5.29.8 : Issuer Alternative Name, 2.5.29.18 : Issuer Alternative Name 2, 2.5.29.31 : CRL Distribution Point or 1.3.6.1.5.5.7.1.1 : Authority Info Access, if they are present.

Parameters:: originalCert -; newPubKey -; caCert -; caPrivateKey -
Returns:
Throws:: java.security.cert.CertificateParsingException; java.security.SignatureException; java.security.InvalidKeyException; java.security.cert.CertificateExpiredException; java.security.cert.CertificateNotYetValidException; java.security.cert.CertificateException; java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException

createTypicalMasterCert

public static java.security.cert.X509Certificate createTypicalMasterCert(java.security.KeyPair keyPair)
                                                                  throws java.security.SignatureException,
                                                                         java.security.InvalidKeyException,
                                                                         java.lang.SecurityException,
                                                                         java.security.cert.CertificateException,
                                                                         java.security.NoSuchAlgorithmException,
                                                                         java.security.NoSuchProviderException

Creates a typical Certification Authority (CA) certificate.

Parameters:: keyPair -
Throws:: java.lang.SecurityException; java.security.InvalidKeyException; java.security.NoSuchProviderException; java.security.NoSuchAlgorithmException; java.security.cert.CertificateException; java.security.SignatureException

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

cybervillains.ca Class CertificateCreator

KEYGEN_ALGO

SIGN_ALGO

OID_SUBJECT_KEY_IDENTIFIER

OID_AUTHORITY_KEY_IDENTIFIER

OID_ISSUER_ALTERNATIVE_NAME

OID_ISSUER_ALTERNATIVE_NAME_2

OID_CRL_DISTRIBUTION_POINT

OID_AUTHORITY_INFO_ACCESS

OID_ID_AD_CAISSUERS

CertificateCreator

generateStdSSLServerCertificate

mitmDuplicateCertificate

mitmDuplicateCertificate

createTypicalMasterCert

cybervillains.ca
Class CertificateCreator