Example 16 with Certificate
use of com.android.apksig.internal.x509.Certificate in project XobotOS by xamarin.
the class X509CertPathImpl method getInstance.
/**
* Generates certification path object on the base of encoding provided via
* input stream. The format of provided encoded form is specified by
* parameter <code>encoding</code>.
* @throws CertificateException if specified encoding form is not supported,
* or some problems occurred during the decoding.
*/
public static X509CertPathImpl getInstance(InputStream in, String encoding) throws CertificateException {
if (!encodings.contains(encoding)) {
throw new CertificateException("Unsupported encoding");
}
try {
if (encodingsArr[0].equals(encoding)) {
// generate the object from PkiPath encoded form
return (X509CertPathImpl) ASN1.decode(in);
} else {
// generate the object from PKCS #7 encoded form
ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
SignedData sd = ci.getSignedData();
if (sd == null) {
throw new CertificateException("Incorrect PKCS7 encoded form: missing signed data");
}
List<Certificate> certs = sd.getCertificates();
if (certs == null) {
// empty chain of certificates
certs = new ArrayList<Certificate>();
}
List<X509CertImpl> result = new ArrayList<X509CertImpl>();
for (Certificate cert : certs) {
result.add(new X509CertImpl(cert));
}
return new X509CertPathImpl(result, PKCS7, ci.getEncoded());
}
} catch (IOException e) {
throw new CertificateException("Incorrect encoded form: " + e.getMessage());
}
}
Also used :
SignedData(org.apache.harmony.security.pkcs7.SignedData)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.apache.harmony.security.x509.Certificate)
Example 17 with Certificate
use of com.android.apksig.internal.x509.Certificate in project XobotOS by xamarin.
the class X509CertPathImpl method getInstance.
/**
* Generates certification path object on the base of encoding provided via
* array of bytes. The format of provided encoded form is specified by
* parameter <code>encoding</code>.
* @throws CertificateException if specified encoding form is not supported,
* or some problems occurred during the decoding.
*/
public static X509CertPathImpl getInstance(byte[] in, String encoding) throws CertificateException {
if (!encodings.contains(encoding)) {
throw new CertificateException("Unsupported encoding");
}
try {
if (encodingsArr[0].equals(encoding)) {
// generate the object from PkiPath encoded form
return (X509CertPathImpl) ASN1.decode(in);
} else {
// generate the object from PKCS #7 encoded form
ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
SignedData sd = ci.getSignedData();
if (sd == null) {
throw new CertificateException("Incorrect PKCS7 encoded form: missing signed data");
}
List<Certificate> certs = sd.getCertificates();
if (certs == null) {
certs = new ArrayList<Certificate>();
}
List<X509CertImpl> result = new ArrayList<X509CertImpl>();
for (Certificate cert : certs) {
result.add(new X509CertImpl(cert));
}
return new X509CertPathImpl(result, PKCS7, ci.getEncoded());
}
} catch (IOException e) {
throw new CertificateException("Incorrect encoded form: " + e.getMessage());
}
}
Also used :
SignedData(org.apache.harmony.security.pkcs7.SignedData)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.apache.harmony.security.x509.Certificate)
Example 18 with Certificate
use of com.android.apksig.internal.x509.Certificate in project platformlayer by platformlayer.
the class SimpleCertificateAuthority method signCsr.
public X509Certificate signCsr(PKCS10CertificationRequest csr) throws OpsException {
SubjectPublicKeyInfo subjectPublicKeyInfo = csr.getSubjectPublicKeyInfo();
X500Name subject = csr.getSubject();
Certificate certificate = signCertificate(BouncyCastleHelpers.toX500Name(caCertificate[0].getSubjectX500Principal()), caPrivateKey, subject, subjectPublicKeyInfo);
return toX509(certificate);
}
Also used :
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 19 with Certificate
use of com.android.apksig.internal.x509.Certificate in project platformlayer by platformlayer.
the class SimpleCertificateAuthority method signCertificate.
private static Certificate signCertificate(X500Name signer, PrivateKey signerPrivateKey, X500Name subject, SubjectPublicKeyInfo subjectPublicKeyInfo) throws OpsException {
try {
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(SIGNATURE_ALGORITHM);
AlgorithmIdentifier digestAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
long days = 3650;
long now = System.currentTimeMillis();
Date notBefore = new Date(now - ONE_DAY);
Date notAfter = new Date(notBefore.getTime() + (days * ONE_DAY));
BigInteger serialNumber;
synchronized (SimpleCertificateAuthority.class) {
long nextSerialNumber = System.currentTimeMillis();
serialNumber = BigInteger.valueOf(nextSerialNumber);
}
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(signer, serialNumber, notBefore, notAfter, subject, subjectPublicKeyInfo);
// {
// boolean isCritical = false;
// certificateBuilder.addExtension(X509Extensions.SubjectKeyIdentifier, isCritical,
// csr.getSubjectPublicKeyInfo());
// }
AsymmetricKeyParameter caPrivateKeyParameters = PrivateKeyFactory.createKey(signerPrivateKey.getEncoded());
ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digestAlgId).build(caPrivateKeyParameters);
X509CertificateHolder certificateHolder = certificateBuilder.build(contentSigner);
Certificate certificate = certificateHolder.toASN1Structure();
return certificate;
} catch (OperatorCreationException e) {
throw new OpsException("Error signing certificate", e);
} catch (IOException e) {
throw new OpsException("Error signing certificate", e);
}
}
Also used :
OpsException(org.platformlayer.ops.OpsException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
IOException(java.io.IOException)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
Date(java.util.Date)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 20 with Certificate
use of com.android.apksig.internal.x509.Certificate in project keystore-explorer by kaikramer.
the class Pkcs10Util method generateCsr.
/**
* Create a PKCS #10 certificate signing request (CSR) using the supplied
* certificate, private key and signature algorithm.
*
* @param cert
* The certificate
* @param privateKey
* The private key
* @param signatureType
* Signature
* @param challenge
* Challenge, optional, pass null if not required
* @param unstructuredName
* An optional company name, pass null if not required
* @param useExtensions
* Use extensions from cert for extensionRequest attribute?
* @throws CryptoException
* If there was a problem generating the CSR
* @return The CSR
*/
public static PKCS10CertificationRequest generateCsr(X509Certificate cert, PrivateKey privateKey, SignatureType signatureType, String challenge, String unstructuredName, boolean useExtensions, Provider provider) throws CryptoException {
try {
JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(cert.getSubjectX500Principal(), cert.getPublicKey());
// add challenge attribute
if (challenge != null) {
// PKCS#9 2.0: SHOULD use UTF8String encoding
csrBuilder.addAttribute(pkcs_9_at_challengePassword, new DERUTF8String(challenge));
}
if (unstructuredName != null) {
csrBuilder.addAttribute(pkcs_9_at_unstructuredName, new DERUTF8String(unstructuredName));
}
if (useExtensions) {
// add extensionRequest attribute with all extensions from the certificate
Certificate certificate = Certificate.getInstance(cert.getEncoded());
Extensions extensions = certificate.getTBSCertificate().getExtensions();
if (extensions != null) {
csrBuilder.addAttribute(pkcs_9_at_extensionRequest, extensions.toASN1Primitive());
}
}
// fall back to bouncy castle provider if given provider does not support the requested algorithm
if (provider != null && provider.getService("Signature", signatureType.jce()) == null) {
provider = new BouncyCastleProvider();
}
ContentSigner contentSigner = null;
if (provider == null) {
contentSigner = new JcaContentSignerBuilder(signatureType.jce()).build(privateKey);
} else {
contentSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider).build(privateKey);
}
PKCS10CertificationRequest csr = csrBuilder.build(contentSigner);
if (!verifyCsr(csr)) {
throw new CryptoException(res.getString("NoVerifyGenPkcs10Csr.exception.message"));
}
return csr;
} catch (CertificateEncodingException e) {
throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e);
} catch (OperatorCreationException e) {
throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e);
}
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
CryptoException(org.kse.crypto.CryptoException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Aggregations
Certificate (org.bouncycastle.asn1.x509.Certificate)53
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)37
CertificateException (java.security.cert.CertificateException)27
File (java.io.File)12
Test (org.junit.Test)11
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9
Test (org.junit.jupiter.api.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8
SQLException (java.sql.SQLException)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6
Extension (org.bouncycastle.asn1.x509.Extension)6
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6
ArrayList (java.util.ArrayList)5
