Example 1 with KeyIdentifier
use of android.sun.security.x509.KeyIdentifier in project AppManager by MuntashirAkon.
the class KeyStoreUtils method generateCert.
@NonNull
private static X509Certificate generateCert(PrivateKey privateKey, PublicKey publicKey, @NonNull String formattedSubject, long expiryDate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException, IOException {
String algorithmName = "SHA512withRSA";
CertificateExtensions certificateExtensions = new CertificateExtensions();
certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
X500Name x500Name = new X500Name(formattedSubject);
Date notBefore = new Date();
Date notAfter = new Date(expiryDate);
certificateExtensions.set("PrivateKeyUsage", new PrivateKeyUsageExtension(notBefore, notAfter));
CertificateValidity certificateValidity = new CertificateValidity(notBefore, notAfter);
X509CertInfo x509CertInfo = new X509CertInfo();
x509CertInfo.set("version", new CertificateVersion(2));
x509CertInfo.set("serialNumber", new CertificateSerialNumber(new Random().nextInt() & Integer.MAX_VALUE));
x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(algorithmName)));
x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
x509CertInfo.set("key", new CertificateX509Key(publicKey));
x509CertInfo.set("validity", certificateValidity);
x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
x509CertInfo.set("extensions", certificateExtensions);
X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
x509CertImpl.sign(privateKey, algorithmName);
return x509CertImpl;
}
Also used :
CertificateSubjectName(android.sun.security.x509.CertificateSubjectName)
KeyIdentifier(android.sun.security.x509.KeyIdentifier)
X509CertInfo(android.sun.security.x509.X509CertInfo)
CertificateIssuerName(android.sun.security.x509.CertificateIssuerName)
CertificateVersion(android.sun.security.x509.CertificateVersion)
CertificateExtensions(android.sun.security.x509.CertificateExtensions)
CertificateValidity(android.sun.security.x509.CertificateValidity)
X500Name(android.sun.security.x509.X500Name)
CertificateX509Key(android.sun.security.x509.CertificateX509Key)
Date(java.util.Date)
SubjectKeyIdentifierExtension(android.sun.security.x509.SubjectKeyIdentifierExtension)
CertificateSerialNumber(android.sun.security.x509.CertificateSerialNumber)
Random(java.util.Random)
SecureRandom(java.security.SecureRandom)
X509CertImpl(android.sun.security.x509.X509CertImpl)
CertificateAlgorithmId(android.sun.security.x509.CertificateAlgorithmId)
PrivateKeyUsageExtension(android.sun.security.x509.PrivateKeyUsageExtension)
NonNull(androidx.annotation.NonNull)
Example 2 with KeyIdentifier
use of android.sun.security.x509.KeyIdentifier in project jdk8u_jdk by JetBrains.
the class X509CertSelectorTest method testAuthorityKeyIdentifier.
/*
* Tests matching on the authority key identifier contained in the
* certificate.
*/
private void testAuthorityKeyIdentifier() throws IOException {
System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
// bad match
X509CertSelector selector = new X509CertSelector();
byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
selector.setAuthorityKeyIdentifier(a.getExtensionValue());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
byte[] encoded = in.getOctetString();
selector.setAuthorityKeyIdentifier(encoded);
checkMatch(selector, cert, true);
}
Also used :
KeyIdentifier(sun.security.x509.KeyIdentifier)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
X509CertSelector(java.security.cert.X509CertSelector)
DerInputStream(sun.security.util.DerInputStream)
Example 3 with KeyIdentifier
use of android.sun.security.x509.KeyIdentifier in project coprhd-controller by CoprHD.
the class KeyCertificatePairGenerator method generateCertificate.
/**
* Create a self-signed X.509 Certificate
*
* @param pair the KeyPair
*/
private X509Certificate generateCertificate(KeyPair pair) throws GeneralSecurityException, IOException {
PublicKey pubKey = loadPublicKeyFromBytes(pair.getPublic().getEncoded());
PrivateKey privkey = pair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = getNotBefore();
Date to = new Date(from.getTime() + valuesHolder.getCertificateValidityInDays() * 86400000L);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(String.format(CERTIFICATE_COMMON_NAME_FORMAT, valuesHolder.getCertificateCommonName()));
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId keyAlgo = AlgorithmId.get(KeyCertificateAlgorithmValuesHolder.DEFAULT_KEY_ALGORITHM);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(keyAlgo));
AlgorithmId signingAlgo = AlgorithmId.get(valuesHolder.getSigningAlgorithm());
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, signingAlgo);
// add extensions
CertificateExtensions ext = new CertificateExtensions();
ext.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey).getIdentifier()));
// CA public key is the same as our public key (self signed)
ext.set(AuthorityKeyIdentifierExtension.NAME, new AuthorityKeyIdentifierExtension(new KeyIdentifier(pubKey), null, null));
ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(subjectAltNames()));
info.set(X509CertInfo.EXTENSIONS, ext);
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, valuesHolder.getSigningAlgorithm());
return cert;
}
Also used :
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
KeyIdentifier(sun.security.x509.KeyIdentifier)
X509CertInfo(sun.security.x509.X509CertInfo)
PublicKey(java.security.PublicKey)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
CertificateExtensions(sun.security.x509.CertificateExtensions)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
Date(java.util.Date)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
SubjectKeyIdentifierExtension(sun.security.x509.SubjectKeyIdentifierExtension)
AlgorithmId(sun.security.x509.AlgorithmId)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
AuthorityKeyIdentifierExtension(sun.security.x509.AuthorityKeyIdentifierExtension)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 4 with KeyIdentifier
use of android.sun.security.x509.KeyIdentifier in project candlepin by candlepin.
the class JSSPKIUtility method buildAuthorityKeyIdentifier.
/**
* Calculate the KeyIdentifier for a public key and place it in an AuthorityKeyIdentifier extension.
*
* Java encodes RSA public keys using the SubjectPublicKeyInfo type described in RFC 5280.
* <pre>
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
* </pre>
*
* A KeyIdentifier is a SHA-1 digest of the subjectPublicKey bit string from the ASN.1 above.
*
* @param key the public key to use
* @return an AuthorityKeyIdentifierExtension based on the key
* @throws IOException if we can't construct a MessageDigest object.
*/
public static AuthorityKeyIdentifierExtension buildAuthorityKeyIdentifier(PublicKey key) throws IOException {
try {
Provider provider = JSSProviderLoader.getProvider(true);
MessageDigest d = MessageDigest.getInstance("SHA-1", provider);
byte[] encodedKey = key.getEncoded();
DerInputStream s = new DerValue(encodedKey).toDerInputStream();
// Skip the first item in the sequence, AlgorithmIdentifier.
// The parameter, startLen, is required for skipSequence although it's unused.
s.skipSequence(0);
// Get the key's bit string
BitArray b = s.getUnalignedBitString();
byte[] digest = d.digest(b.toByteArray());
KeyIdentifier ki = new KeyIdentifier(digest);
return new AuthorityKeyIdentifierExtension(ki, null, null);
} catch (NoSuchAlgorithmException e) {
throw new IOException("Could not find SHA1 implementation", e);
}
}
Also used :
KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier)
DerValue(org.mozilla.jss.netscape.security.util.DerValue)
AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)
DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream)
BitArray(org.mozilla.jss.netscape.security.util.BitArray)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
Provider(java.security.Provider)
Example 5 with KeyIdentifier
use of android.sun.security.x509.KeyIdentifier in project candlepin by candlepin.
the class JSSPKIUtilityTest method testCalculateAuthorityKeyIdentifier.
@Test
public void testCalculateAuthorityKeyIdentifier() throws Exception {
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
RSAPublicKey key = (RSAPublicKey) gen.generateKeyPair().getPublic();
AuthorityKeyIdentifier expectedAki = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(key);
AuthorityKeyIdentifierExtension actualAki = JSSPKIUtility.buildAuthorityKeyIdentifier(key);
byte[] expectedKeyIdentifier = expectedAki.getKeyIdentifier();
byte[] actualKeyIdentifier = ((KeyIdentifier) actualAki.get(AuthorityKeyIdentifierExtension.KEY_ID)).getIdentifier();
assertArrayEquals(expectedKeyIdentifier, actualKeyIdentifier);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
KeyIdentifier(org.mozilla.jss.netscape.security.x509.KeyIdentifier)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
AuthorityKeyIdentifierExtension(org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
KeyPairGenerator(java.security.KeyPairGenerator)
Test(org.junit.jupiter.api.Test)
Aggregations
IOException (java.io.IOException)10
KeyIdentifier (sun.security.x509.KeyIdentifier)9
KeyIdentifier (org.mozilla.jss.netscape.security.x509.KeyIdentifier)8
AuthorityKeyIdentifierExtension (org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension)6
AuthorityKeyIdentifierExtension (sun.security.x509.AuthorityKeyIdentifierExtension)6
SubjectKeyIdentifierExtension (sun.security.x509.SubjectKeyIdentifierExtension)5
X509CertImpl (sun.security.x509.X509CertImpl)5
MessageDigest (java.security.MessageDigest)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
CertificateException (java.security.cert.CertificateException)4
BitArray (org.mozilla.jss.netscape.security.util.BitArray)4
DerInputStream (org.mozilla.jss.netscape.security.util.DerInputStream)4
DerValue (org.mozilla.jss.netscape.security.util.DerValue)4
BigInteger (java.math.BigInteger)2
SecureRandom (java.security.SecureRandom)2
Date (java.util.Date)2
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)2
BasicConstraintsExtension (sun.security.x509.BasicConstraintsExtension)2
CertificateExtensions (sun.security.x509.CertificateExtensions)2
KeyUsageExtension (sun.security.x509.KeyUsageExtension)2
