Example 1 with AlgorithmId
use of sun.security.x509.AlgorithmId in project OpenAttestation by OpenAttestation.
the class X509Builder method build.
public X509Certificate build() {
if (certificateVersion == null) {
v3();
}
if (certificateValidity == null) {
// 1 year default
expires(365, TimeUnit.DAYS);
}
if (certificateSerialNumber == null) {
randomSerial();
}
if (certificateSubjectName == null) {
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
subjectName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (certificateIssuerName == null) {
//}
if (commonName != null || organizationUnit != null || organizationName != null || country != null) {
try {
issuerName(new X500Name(commonName, organizationUnit, organizationName, country));
} catch (Exception e) {
fault(e, "commonName(%s) organizationUnit(%s) organizationName(%s) country(%s)", commonName, organizationUnit, organizationName, country);
}
}
}
if (subjectPublicKey == null) {
fault("missing subject public key");
}
// Note: alternativeName is optional so we don't have any defaults or errors for it here
if (algorithm == null) {
// algorithm.getName() == SHA256withRSA
algorithm(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid));
}
//}
try {
if (getFaults().isEmpty()) {
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
// NoSuchAlgorithMException, InvalidKeyException, NoSuchProviderException, , SignatureException
cert.sign(issuerPrivateKey, algorithm.getName());
/*
* for some unknown reason, if we return the "cert" now then all
* the optioanl fields such as getBasicConstraints() and
* getKeyUsage() are missing even though they are included if you
* call getEncoded() ... but if you re-create the certificate
* then those fields are present in the re-created certificate.
*/
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert2 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));
return cert2;
}
return null;
} catch (Exception e) {
fault(e, "cannot sign certificate");
return null;
} finally {
done();
}
}
Also used :
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509CertImpl(sun.security.x509.X509CertImpl)
X500Name(sun.security.x509.X500Name)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with AlgorithmId
use of sun.security.x509.AlgorithmId in project OpenAttestation by OpenAttestation.
the class X509Builder method algorithm.
public X509Builder algorithm(AlgorithmId algorithmId) {
try {
// new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid); // md5WithRSAEncryption_oid
this.algorithm = algorithmId;
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithm));
// info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algorithm); // was present in older monolith version of the certificate factory, but it seems we don't really need it
} catch (Exception e) {
fault(e, "algorithm(%s)", algorithmId.getName());
}
return this;
}
Also used :
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 3 with AlgorithmId
use of sun.security.x509.AlgorithmId in project j2objc by google.
the class PKCS7 method parseOldSignedData.
/*
* Parses an old-style SignedData encoding (for backwards
* compatibility with JDK1.1.x).
*/
private void parseOldSignedData(DerValue val) throws ParsingException, IOException {
DerInputStream dis = val.toDerInputStream();
// Version
version = dis.getBigInteger();
// digestAlgorithmIds
DerValue[] digestAlgorithmIdVals = dis.getSet(1);
int len = digestAlgorithmIdVals.length;
digestAlgorithmIds = new AlgorithmId[len];
try {
for (int i = 0; i < len; i++) {
DerValue oid = digestAlgorithmIdVals[i];
digestAlgorithmIds[i] = AlgorithmId.parse(oid);
}
} catch (IOException e) {
throw new ParsingException("Error parsing digest AlgorithmId IDs");
}
// contentInfo
contentInfo = new ContentInfo(dis, true);
// certificates
CertificateFactory certfac = null;
try {
certfac = CertificateFactory.getInstance("X.509");
} catch (CertificateException ce) {
// do nothing
}
DerValue[] certVals = dis.getSet(2, false, true);
len = certVals.length;
certificates = new X509Certificate[len];
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
byte[] original = certVals[i].getOriginalEncodedForm();
if (certfac == null)
certificates[i] = new X509CertImpl(certVals[i], original);
else {
bais = new ByteArrayInputStream(original);
certificates[i] = new VerbatimX509Certificate((X509Certificate) certfac.generateCertificate(bais), original);
bais.close();
bais = null;
}
} catch (CertificateException ce) {
ParsingException pe = new ParsingException(ce.getMessage());
pe.initCause(ce);
throw pe;
} catch (IOException ioe) {
ParsingException pe = new ParsingException(ioe.getMessage());
pe.initCause(ioe);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
// crls are ignored.
dis.getSet(0);
// signerInfos
DerValue[] signerInfoVals = dis.getSet(1);
len = signerInfoVals.length;
signerInfos = new SignerInfo[len];
for (int i = 0; i < len; i++) {
DerInputStream in = signerInfoVals[i].toDerInputStream();
signerInfos[i] = new SignerInfo(in, true);
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
CertificateParsingException(java.security.cert.CertificateParsingException)
X509CertImpl(sun.security.x509.X509CertImpl)
Example 4 with AlgorithmId
use of sun.security.x509.AlgorithmId in project j2objc by google.
the class PKCS7 method parseSignedData.
private void parseSignedData(DerValue val) throws ParsingException, IOException {
DerInputStream dis = val.toDerInputStream();
// Version
version = dis.getBigInteger();
// digestAlgorithmIds
DerValue[] digestAlgorithmIdVals = dis.getSet(1);
int len = digestAlgorithmIdVals.length;
digestAlgorithmIds = new AlgorithmId[len];
try {
for (int i = 0; i < len; i++) {
DerValue oid = digestAlgorithmIdVals[i];
digestAlgorithmIds[i] = AlgorithmId.parse(oid);
}
} catch (IOException e) {
ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
pe.initCause(e);
throw pe;
}
// contentInfo
contentInfo = new ContentInfo(dis);
CertificateFactory certfac = null;
try {
certfac = CertificateFactory.getInstance("X.509");
} catch (CertificateException ce) {
// do nothing
}
/*
* check if certificates (implicit tag) are provided
* (certificates are OPTIONAL)
*/
if ((byte) (dis.peekByte()) == (byte) 0xA0) {
DerValue[] certVals = dis.getSet(2, true, true);
len = certVals.length;
certificates = new X509Certificate[len];
int count = 0;
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
byte tag = certVals[i].getTag();
// CertificateChoices ignored.
if (tag == DerValue.tag_Sequence) {
byte[] original = certVals[i].getOriginalEncodedForm();
if (certfac == null) {
certificates[count] = new X509CertImpl(certVals[i], original);
} else {
bais = new ByteArrayInputStream(original);
certificates[count] = new VerbatimX509Certificate((X509Certificate) certfac.generateCertificate(bais), original);
bais.close();
bais = null;
}
count++;
}
} catch (CertificateException ce) {
ParsingException pe = new ParsingException(ce.getMessage());
pe.initCause(ce);
throw pe;
} catch (IOException ioe) {
ParsingException pe = new ParsingException(ioe.getMessage());
pe.initCause(ioe);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
if (count != len) {
certificates = Arrays.copyOf(certificates, count);
}
}
// check if crls (implicit tag) are provided (crls are OPTIONAL)
if ((byte) (dis.peekByte()) == (byte) 0xA1) {
DerValue[] crlVals = dis.getSet(1, true);
len = crlVals.length;
crls = new X509CRL[len];
for (int i = 0; i < len; i++) {
ByteArrayInputStream bais = null;
try {
if (certfac == null)
crls[i] = new X509CRLImpl(crlVals[i]);
else {
byte[] encoded = crlVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
crls[i] = (X509CRL) certfac.generateCRL(bais);
bais.close();
bais = null;
}
} catch (CRLException e) {
ParsingException pe = new ParsingException(e.getMessage());
pe.initCause(e);
throw pe;
} finally {
if (bais != null)
bais.close();
}
}
}
// signerInfos
DerValue[] signerInfoVals = dis.getSet(1);
len = signerInfoVals.length;
signerInfos = new SignerInfo[len];
for (int i = 0; i < len; i++) {
DerInputStream in = signerInfoVals[i].toDerInputStream();
signerInfos[i] = new SignerInfo(in);
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
CertificateParsingException(java.security.cert.CertificateParsingException)
X509CertImpl(sun.security.x509.X509CertImpl)
X509CRLImpl(sun.security.x509.X509CRLImpl)
CRLException(java.security.cert.CRLException)
Example 5 with AlgorithmId
use of sun.security.x509.AlgorithmId in project jdk8u_jdk by JetBrains.
the class PKCS8Test method main.
public static void main(String[] args) throws IOException, InvalidKeyException {
BigInteger x = BigInteger.valueOf(1);
BigInteger p = BigInteger.valueOf(2);
BigInteger q = BigInteger.valueOf(3);
BigInteger g = BigInteger.valueOf(4);
DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g);
byte[] encodedKey = priv.getEncoded();
byte[] expectedBytes = new byte[EXPECTED.length];
for (int i = 0; i < EXPECTED.length; i++) {
expectedBytes[i] = (byte) EXPECTED[i];
}
dumpByteArray("encodedKey :", encodedKey);
if (!Arrays.equals(encodedKey, expectedBytes)) {
raiseException(new String(expectedBytes), new String(encodedKey));
}
PKCS8Key decodedKey = PKCS8Key.parse(new DerValue(encodedKey));
String alg = decodedKey.getAlgorithm();
AlgorithmId algId = decodedKey.getAlgorithmId();
out.println("Algorithm :" + alg);
out.println("AlgorithmId: " + algId);
if (!ALGORITHM.equals(alg)) {
raiseException(ALGORITHM, alg);
}
if (!EXPECTED_ALG_ID_CHRS.equalsIgnoreCase(algId.toString())) {
raiseException(EXPECTED_ALG_ID_CHRS, algId.toString());
}
decodedKey.encode(derOutput);
dumpByteArray("Stream encode: ", derOutput.toByteArray());
if (!Arrays.equals(derOutput.toByteArray(), expectedBytes)) {
raiseException(new String(expectedBytes), derOutput.toString());
}
dumpByteArray("byte[] encoding: ", decodedKey.getEncoded());
if (!Arrays.equals(decodedKey.getEncoded(), expectedBytes)) {
raiseException(new String(expectedBytes), new String(decodedKey.getEncoded()));
}
if (!FORMAT.equals(decodedKey.getFormat())) {
raiseException(FORMAT, decodedKey.getFormat());
}
try {
byte[] newEncodedKey = new byte[NEW_ENCODED_KEY_INTS.length];
for (int i = 0; i < newEncodedKey.length; i++) {
newEncodedKey[i] = (byte) NEW_ENCODED_KEY_INTS[i];
}
PKCS8Key newDecodedKey = PKCS8Key.parse(new DerValue(newEncodedKey));
throw new RuntimeException("key1: Expected an IOException during " + "parsing");
} catch (IOException e) {
System.out.println("newEncodedKey: should have excess data due to " + "attributes, which are not supported");
}
try {
byte[] newEncodedKey2 = new byte[NEW_ENCODED_KEY_INTS_2.length];
for (int i = 0; i < newEncodedKey2.length; i++) {
newEncodedKey2[i] = (byte) NEW_ENCODED_KEY_INTS_2[i];
}
PKCS8Key newDecodedKey2 = PKCS8Key.parse(new DerValue(newEncodedKey2));
throw new RuntimeException("key2: Expected an IOException during " + "parsing");
} catch (IOException e) {
out.println("Key 2: should be illegal version");
out.println(e.getMessage());
if (!EXCEPTION_MESSAGE.equals(e.getMessage())) {
throw new RuntimeException("Key2: expected: " + EXCEPTION_MESSAGE + " get: " + e.getMessage());
}
}
}
Also used :
PKCS8Key(sun.security.pkcs.PKCS8Key)
AlgorithmId(sun.security.x509.AlgorithmId)
DerValue(sun.security.util.DerValue)
BigInteger(java.math.BigInteger)
DSAPrivateKey(sun.security.provider.DSAPrivateKey)
IOException(java.io.IOException)
Aggregations
AlgorithmId (sun.security.x509.AlgorithmId)24
CertificateException (java.security.cert.CertificateException)10
X500Name (sun.security.x509.X500Name)10
X509CertImpl (sun.security.x509.X509CertImpl)9
AlgorithmParameters (java.security.AlgorithmParameters)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
X509Certificate (java.security.cert.X509Certificate)7
SecretKey (javax.crypto.SecretKey)7
IOException (java.io.IOException)6
BigInteger (java.math.BigInteger)6
UnrecoverableKeyException (java.security.UnrecoverableKeyException)6
ObjectIdentifier (sun.security.util.ObjectIdentifier)6
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)6
KeyStoreException (java.security.KeyStoreException)5
CertificateFactory (java.security.cert.CertificateFactory)5
ContentInfo (sun.security.pkcs.ContentInfo)5
PKCS7 (sun.security.pkcs.PKCS7)5
SignerInfo (sun.security.pkcs.SignerInfo)5
PrivateKey (java.security.PrivateKey)4
UnrecoverableEntryException (java.security.UnrecoverableEntryException)4
