Example 76 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project airavata by apache.
the class X509SecurityContext method generateShortLivedCredential.
public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
// 15 minutes
final long CredentialGoodFromOffset = 1000L * 60L * 15L;
// ago
final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
final long endTime = startTime + 30 * 3600 * 1000;
String keyLengthProp = "1024";
int keyLength = Integer.parseInt(keyLengthProp);
String signatureAlgorithm = "SHA1withRSA";
KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
kpg.initialize(keyLength);
KeyPair pair = kpg.generateKeyPair();
X500Principal subjectDN = new X500Principal(userDN);
Random rand = new Random();
SubjectPublicKeyInfo publicKeyInfo;
try {
publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
} catch (IOException e) {
throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
}
X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
certificate.checkValidity(new Date());
certificate.verify(caCred.getCertificate().getPublicKey());
KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
return result;
}
Also used :
KeyPair(java.security.KeyPair)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyPairGenerator(java.security.KeyPairGenerator)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Random(java.util.Random)
X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
Example 77 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project spring-cloud-digital-sign by SpringForAll.
the class ServerPKCSUtil method genCsr.
/**
* genCsr
*
* @param alg0 alg
* 密钥算法
* @return
*/
public static String genCsr(String alg0) {
if ("".equals(alg0)) {
alg = alg0;
}
// 产生秘钥对
KeyPairGenerator kpg = null;
try {
kpg = KeyPairGenerator.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
// 根据秘钥算法配置秘钥长度
if ("SM2".equalsIgnoreCase(alg)) {
kpg.initialize(256);
} else {
kpg.initialize(2048);
}
KeyPair kp = kpg.generateKeyPair();
securityKP = kp;
// 获取公钥以及公钥算法
byte[] publickey = kp.getPublic().getEncoded();
String pubAlg = kp.getPublic().getAlgorithm();
String sAlg = null;
try {
sAlg = AlgorithmId.get(pubAlg).getOID().toString();
} catch (NoSuchAlgorithmException e) {
}
SubjectPublicKeyInfo spki = null;
// 区分SM2和RSA
if (sAlg.equals("1.2.156.10197.1.301")) {
spki = SubjectPublicKeyInfo.getInstance(publickey);
} else {
spki = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publickey));
}
String subject = "CN=defaultName";
X500Name x500 = new X500Name(subject);
// 产生csr构造器
PKCS10CertificationRequestBuilder prb = new PKCS10CertificationRequestBuilder(x500, spki);
// 构建签名信息
ContentSigner signer = null;
PrivateKey privateKey = kp.getPrivate();
Signature sign = null;
try {
if (privateKey.getAlgorithm().equals("SM2")) {
sign = Signature.getInstance("SM3withSM2");
} else {
sign = Signature.getInstance("SHA1withRSA");
}
sign.initSign(privateKey);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
final Signature sign1 = sign;
signer = new ContentSigner() {
ByteArrayOutputStream originStream = new ByteArrayOutputStream();
public byte[] getSignature() {
try {
sign1.update(originStream.toByteArray());
return sign1.sign();
} catch (SignatureException e) {
throw new RuntimeException(e);
}
}
public OutputStream getOutputStream() {
return originStream;
}
public AlgorithmIdentifier getAlgorithmIdentifier() {
try {
return new AlgorithmIdentifier(AlgorithmId.get(sign1.getAlgorithm()).getOID().toString());
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
PKCS10CertificationRequestHolder pr = prb.build(signer);
try {
return new String(Base64.encode(pr.getEncoded()));
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
KeyPairGenerator(java.security.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
PKCS10CertificationRequestHolder(org.bouncycastle.pkcs.PKCS10CertificationRequestHolder)
Signature(java.security.Signature)
Example 78 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project jruby-openssl by jruby.
the class MiscPEMGenerator method createPemObject.
private PemObject createPemObject(Object o) throws IOException {
String type;
byte[] encoding;
if (o instanceof PemObject) {
return (PemObject) o;
}
if (o instanceof PemObjectGenerator) {
return ((PemObjectGenerator) o).generate();
}
if (o instanceof X509CertificateHolder) {
type = "CERTIFICATE";
encoding = ((X509CertificateHolder) o).getEncoded();
} else if (o instanceof X509CRLHolder) {
type = "X509 CRL";
encoding = ((X509CRLHolder) o).getEncoded();
} else if (o instanceof PrivateKeyInfo) {
PrivateKeyInfo info = (PrivateKeyInfo) o;
ASN1ObjectIdentifier algOID = info.getPrivateKeyAlgorithm().getAlgorithm();
if (algOID.equals(PKCSObjectIdentifiers.rsaEncryption)) {
type = "RSA PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else if (algOID.equals(dsaOids[0]) || algOID.equals(dsaOids[1])) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(BigInteger.ZERO));
v.add(new ASN1Integer(p.getP()));
v.add(new ASN1Integer(p.getQ()));
v.add(new ASN1Integer(p.getG()));
BigInteger x = ASN1Integer.getInstance(info.parsePrivateKey()).getValue();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new ASN1Integer(y));
v.add(new ASN1Integer(x));
encoding = new DERSequence(v).getEncoded();
} else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
type = "EC PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else {
throw new IOException("Cannot identify private key");
}
} else if (o instanceof SubjectPublicKeyInfo) {
type = "PUBLIC KEY";
encoding = ((SubjectPublicKeyInfo) o).getEncoded();
} else if (o instanceof X509AttributeCertificateHolder) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509AttributeCertificateHolder) o).getEncoded();
} else if (o instanceof PKCS10CertificationRequest) {
type = "CERTIFICATE REQUEST";
encoding = ((PKCS10CertificationRequest) o).getEncoded();
} else if (o instanceof ContentInfo) {
type = "PKCS7";
encoding = ((ContentInfo) o).getEncoded();
} else //
if (// 1.47 compatibility
o instanceof java.security.cert.X509Certificate) {
type = "CERTIFICATE";
try {
encoding = ((java.security.cert.X509Certificate) o).getEncoded();
} catch (CertificateEncodingException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (// 1.47 compatibility
o instanceof java.security.cert.X509CRL) {
type = "X509 CRL";
try {
encoding = ((java.security.cert.X509CRL) o).getEncoded();
} catch (CRLException e) {
throw new PemGenerationException("Cannot encode object: " + e.toString());
}
} else if (// 1.47 compatibility
o instanceof java.security.KeyPair) {
return createPemObject(((java.security.KeyPair) o).getPrivate());
} else if (// 1.47 compatibility
o instanceof java.security.PrivateKey) {
PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) ASN1Primitive.fromByteArray(((java.security.Key) o).getEncoded()));
if (o instanceof java.security.interfaces.RSAPrivateKey) {
type = "RSA PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else if (o instanceof java.security.interfaces.DSAPrivateKey) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(p.getP()));
v.add(new DERInteger(p.getQ()));
v.add(new DERInteger(p.getG()));
BigInteger x = ((java.security.interfaces.DSAPrivateKey) o).getX();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new DERInteger(y));
v.add(new DERInteger(x));
encoding = new DERSequence(v).getEncoded();
} else if (((java.security.PrivateKey) o).getAlgorithm().equals("ECDSA")) {
type = "EC PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else {
throw new IOException("Cannot identify private key");
}
} else if (// 1.47 compatibility
o instanceof java.security.PublicKey) {
type = "PUBLIC KEY";
encoding = ((java.security.PublicKey) o).getEncoded();
} else if (// 1.47 compatibility
o instanceof X509AttributeCertificate) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509AttributeCertificate) o).getEncoded();
} else //
//
//
{
throw new PemGenerationException("unknown object passed - can't encode.");
}
if (// NEW STUFF (NOT IN OLD)
encryptor != null) {
String dekAlgName = Strings.toUpperCase(encryptor.getAlgorithm());
// Note: For backward compatibility
if (dekAlgName.equals("DESEDE")) {
dekAlgName = "DES-EDE3-CBC";
}
byte[] iv = encryptor.getIV();
byte[] encData = encryptor.encrypt(encoding);
List<PemHeader> headers = new ArrayList<PemHeader>(2);
headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
return new PemObject(type, headers, encData);
}
return new PemObject(type, encoding);
}
Also used :
ArrayList(java.util.ArrayList)
X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DERInteger(org.bouncycastle.asn1.DERInteger)
PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator)
DERSequence(org.bouncycastle.asn1.DERSequence)
ContentInfo(org.bouncycastle.asn1.cms.ContentInfo)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DSAParameter(org.bouncycastle.asn1.x509.DSAParameter)
CRLException(java.security.cert.CRLException)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PemGenerationException(org.bouncycastle.util.io.pem.PemGenerationException)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
PemObject(org.bouncycastle.util.io.pem.PemObject)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PemHeader(org.bouncycastle.util.io.pem.PemHeader)
Example 79 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project runwar by cfmlprojects.
the class SelfSignedCertificate method generateCertificate.
private static X509Certificate generateCertificate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
final X500Name subject = new X500Name("CN=" + fqdn);
final SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded());
final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
final AsymmetricKeyParameter keyParam = PrivateKeyFactory.createKey(keypair.getPrivate().getEncoded());
final ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParam);
X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(subject, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, subject, subPubKeyInfo);
v3CertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
v3CertBuilder.addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment));
v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(keypair.getPublic()));
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
X509Certificate cert = converter.getCertificate(v3CertBuilder.build(sigGen));
cert.checkValidity();
cert.verify(keypair.getPublic());
return cert;
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
BigInteger(java.math.BigInteger)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)
Example 80 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project credhub by cloudfoundry-incubator.
the class CertificateGeneratorTest method makeCert.
private X509CertificateHolder makeCert(final KeyPair certKeyPair, final PrivateKey caPrivateKey, final X500Name caDn, final X500Name subjectDn, final boolean isCa) throws OperatorCreationException, NoSuchAlgorithmException, CertIOException {
final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(certKeyPair.getPublic().getEncoded());
final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleFipsProvider.PROVIDER_NAME).build(caPrivateKey);
final CurrentTimeProvider currentTimeProvider = new CurrentTimeProvider();
final Instant now = Instant.from(currentTimeProvider.getInstant());
final X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(caDn, BigInteger.TEN, Date.from(now), Date.from(now.plus(Duration.ofDays(365))), subjectDn, publicKeyInfo);
x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(isCa));
return x509v3CertificateBuilder.build(contentSigner);
}
Also used :
CurrentTimeProvider(org.cloudfoundry.credhub.util.CurrentTimeProvider)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
Instant(java.time.Instant)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)219
X500Name (org.bouncycastle.asn1.x500.X500Name)92
IOException (java.io.IOException)85
Date (java.util.Date)75
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)75
ContentSigner (org.bouncycastle.operator.ContentSigner)65
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)64
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)61
BigInteger (java.math.BigInteger)54
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)53
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)50
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)42
KeyPair (java.security.KeyPair)39
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)32
SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)30
KeyPairGenerator (java.security.KeyPairGenerator)30
PublicKey (java.security.PublicKey)30
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30
InvalidKeyException (java.security.InvalidKeyException)28
