use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project MaxKey by dromara.
the class X509V3CertGen method genV3Certificate.
public static X509Certificate genV3Certificate(String issuerName, String subjectName, Date notBefore, Date notAfter, KeyPair keyPair) throws Exception {
// issuer same as subject is CA
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
X500Name x500Name = new X500Name(issuerName);
X500Name subject = new X500Name(subjectName);
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
ASN1InputStream publicKeyInputStream = null;
try {
publicKeyInputStream = new ASN1InputStream(publicKey.getEncoded());
Object aiStream = publicKeyInputStream.readObject();
subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream);
} catch (IOException e1) {
e1.printStackTrace();
} finally {
if (publicKeyInputStream != null)
publicKeyInputStream.close();
}
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
// certBuilder.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
// certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment));
// certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
// certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "connsec@163.com")));
X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen);
CertificateFactory certificateFactory = CertificateFactory.class.newInstance();
InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream);
inputStream.close();
return x509Certificate;
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project BiglyBT by BiglySoftware.
the class PKCS10CertificationRequest method getPublicKey.
public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
try {
X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId();
return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec);
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException("error encoding public key");
}
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project BiglyBT by BiglySoftware.
the class JCEECPublicKey method getEncoded.
@Override
public byte[] getEncoded() {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
X962Parameters params = null;
if (ecSpec instanceof ECNamedCurveParameterSpec) {
params = new X962Parameters(X962NamedCurves.getOID(((ECNamedCurveParameterSpec) ecSpec).getName()));
} else {
X9ECParameters ecP = new X9ECParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN(), ecSpec.getH(), ecSpec.getSeed());
params = new X962Parameters(ecP);
}
ASN1OctetString p = (ASN1OctetString) (new X9ECPoint(this.getQ()).getDERObject());
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());
try {
dOut.writeObject(info);
dOut.close();
} catch (IOException e) {
throw new RuntimeException("Error encoding EC public key");
}
return bOut.toByteArray();
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project keycloak by keycloak.
the class CertificateUtils method generateV1SelfSignedCertificate.
public static X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject, BigInteger serialNumber) {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
Date validityStartDate = new Date(System.currentTimeMillis() - 100000);
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 10);
Date validityEndDate = new Date(calendar.getTime().getTime());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(caKeyPair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(subjectDN, serialNumber, validityStartDate, validityEndDate, subjectDN, subPubKeyInfo);
X509CertificateHolder holder = builder.build(createSigner(caKeyPair.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(holder);
} catch (Exception e) {
throw new RuntimeException("Error creating X509v1Certificate.", e);
}
}
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project keycloak by keycloak.
the class CertificateUtils method generateV3Certificate.
/**
* Generates version 3 {@link java.security.cert.X509Certificate}.
*
* @param keyPair the key pair
* @param caPrivateKey the CA private key
* @param caCert the CA certificate
* @param subject the subject name
*
* @return the x509 certificate
*
* @throws Exception the exception
*/
public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
// Serial Number
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));
// Validity
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);
// SubjectPublicKeyInfo
SubjectPublicKeyInfo subjPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()), serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo);
DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);
// Subject Key Identifier
certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));
// Authority Key Identifier
certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));
// Key Usage
certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
// Extended Key Usage
KeyPurposeId[] EKU = new KeyPurposeId[2];
EKU[0] = KeyPurposeId.id_kp_emailProtection;
EKU[1] = KeyPurposeId.id_kp_serverAuth;
certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));
// Basic Constraints
certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
// Content Signer
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
// Certificate
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
} catch (Exception e) {
throw new RuntimeException("Error creating X509v3Certificate.", e);
}
}
Aggregations