use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project groovity by disney.
the class PublicKeyValueHandler method doLoad.
@Override
protected Object doLoad(InputStream stream, String contentType, @SuppressWarnings("rawtypes") Class valueClass, @SuppressWarnings("rawtypes") Map config) throws Exception {
Reader reader = new InputStreamReader(stream, getCharset(contentType));
PEMParser pemReader = new PEMParser(reader);
try {
Object o = pemReader.readObject();
if (o instanceof SubjectPublicKeyInfo) {
return new JcaPEMKeyConverter().getPublicKey((SubjectPublicKeyInfo) o);
}
} finally {
pemReader.close();
}
return null;
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project keystore-explorer by kaikramer.
the class KeyIdentifierGenerator method encodeEcPublicKeyAsBitString.
private byte[] encodeEcPublicKeyAsBitString(ECPublicKey ecPublicKey) {
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ecPublicKey.getEncoded());
byte[] bytes = publicKeyInfo.getPublicKeyData().getBytes();
return bytes;
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project xipki by xipki.
the class P12KeyGenerator method genECKeypair.
// CHECKSTYLE:SKIP
private KeyPairWithSubjectPublicKeyInfo genECKeypair(String curveNameOrOid, SecureRandom random) throws Exception {
ASN1ObjectIdentifier curveOid = AlgorithmUtil.getCurveOidForCurveNameOrOid(curveNameOrOid);
if (curveOid == null) {
throw new IllegalArgumentException("invalid curveNameOrOid '" + curveNameOrOid + "'");
}
KeyPair kp = KeyUtil.generateECKeypair(curveOid, random);
AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, curveOid);
BCECPublicKey pub = (BCECPublicKey) kp.getPublic();
byte[] keyData = pub.getQ().getEncoded(false);
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
return new KeyPairWithSubjectPublicKeyInfo(kp, subjectPublicKeyInfo);
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project xipki by xipki.
the class CaLoadTestTemplateEnroll method nextCertRequests.
private Map<Integer, CertRequestWithProfile> nextCertRequests() {
if (maxRequests > 0) {
int num = processedRequests.getAndAdd(1);
if (num >= maxRequests) {
return null;
}
}
Map<Integer, CertRequestWithProfile> certRequests = new HashMap<>();
final int n = loadtestEntries.size();
for (int i = 0; i < n; i++) {
LoadTestEntry loadtestEntry = loadtestEntries.get(i);
final int certId = i + 1;
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
long thisIndex = index.getAndIncrement();
certTempBuilder.setSubject(loadtestEntry.getX500Name(thisIndex));
SubjectPublicKeyInfo spki = loadtestEntry.getSubjectPublicKeyInfo();
certTempBuilder.setPublicKey(spki);
CertTemplate certTemplate = certTempBuilder.build();
CertRequest certRequest = new CertRequest(certId, certTemplate, null);
CertRequestWithProfile requestWithCertprofile = new CertRequestWithProfile(loadtestEntry.getCertprofile(), certRequest);
certRequests.put(certId, requestWithCertprofile);
}
return certRequests;
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project xipki by xipki.
the class X509SelfSignedCertBuilder method generateSelfSigned.
public static GenerateSelfSignedResult generateSelfSigned(SecurityFactory securityFactory, String signerType, String signerConf, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException, InvalidConfException {
ParamUtil.requireNonNull("securityFactory", securityFactory);
ParamUtil.requireNonBlank("signerType", signerType);
ParamUtil.requireNonNull("certprofile", certprofile);
ParamUtil.requireNonNull("csr", csr);
ParamUtil.requireNonNull("serialNumber", serialNumber);
if (serialNumber.compareTo(BigInteger.ZERO) != 1) {
throw new IllegalArgumentException("serialNumber must not be non-positive: " + serialNumber);
}
X509CertLevel level = certprofile.getCertLevel();
if (X509CertLevel.RootCA != level) {
throw new IllegalArgumentException("certprofile is not of level " + X509CertLevel.RootCA);
}
if (!securityFactory.verifyPopo(csr, null)) {
throw new InvalidConfException("could not validate POP for the CSR");
}
if ("pkcs12".equalsIgnoreCase(signerType) || "jks".equalsIgnoreCase(signerType)) {
ConfPairs keyValues = new ConfPairs(signerConf);
String keystoreConf = keyValues.value("keystore");
if (keystoreConf == null) {
throw new InvalidConfException("required parameter 'keystore' for types PKCS12 and JKS, is not specified");
}
}
ConcurrentContentSigner signer;
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(signerConf);
List<String> restrictedSigAlgos = certprofile.getSignatureAlgorithms();
String thisSignerConf = null;
if (CollectionUtil.isEmpty(restrictedSigAlgos)) {
thisSignerConf = signerConfs.get(0)[1];
} else {
for (String algo : restrictedSigAlgos) {
for (String[] m : signerConfs) {
if (m[0].equals(algo)) {
thisSignerConf = m[1];
break;
}
}
if (thisSignerConf != null) {
break;
}
}
}
if (thisSignerConf == null) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CA does not support any signature algorithm restricted by the cert profile");
}
signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null);
} catch (XiSecurityException | ObjectCreationException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
SubjectPublicKeyInfo publicKeyInfo;
if (signer.getCertificate() != null) {
// this cert is the dummy one which can be considered only as public key container
Certificate bcCert;
try {
bcCert = Certificate.getInstance(signer.getCertificate().getEncoded());
} catch (Exception ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not reparse certificate: " + ex.getMessage());
}
publicKeyInfo = bcCert.getSubjectPublicKeyInfo();
} else {
PublicKey signerPublicKey = signer.getPublicKey();
try {
publicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signerPublicKey);
} catch (InvalidKeyException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "cannot generate SubjectPublicKeyInfo from publicKey: " + ex.getMessage());
}
}
X509Certificate newCert = generateCertificate(signer, certprofile, csr, serialNumber, publicKeyInfo, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
return new GenerateSelfSignedResult(signerConf, newCert);
}
Aggregations