Search in sources :

Example 81 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project MaxKey by dromara.

the class X509V3CertGen method genV3Certificate.

public static X509Certificate genV3Certificate(String issuerName, String subjectName, Date notBefore, Date notAfter, KeyPair keyPair) throws Exception {
    // issuer same as  subject is CA
    BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
    X500Name x500Name = new X500Name(issuerName);
    X500Name subject = new X500Name(subjectName);
    PublicKey publicKey = keyPair.getPublic();
    PrivateKey privateKey = keyPair.getPrivate();
    SubjectPublicKeyInfo subjectPublicKeyInfo = null;
    ASN1InputStream publicKeyInputStream = null;
    try {
        publicKeyInputStream = new ASN1InputStream(publicKey.getEncoded());
        Object aiStream = publicKeyInputStream.readObject();
        subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aiStream);
    } catch (IOException e1) {
        e1.printStackTrace();
    } finally {
        if (publicKeyInputStream != null)
            publicKeyInputStream.close();
    }
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
    // certBuilder.addExtension(X509Extensions.BasicConstraints,  true, new BasicConstraints(false));
    // certBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature| KeyUsage.keyEncipherment));
    // certBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
    // certBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "connsec@163.com")));
    X509CertificateHolder x509CertificateHolder = certBuilder.build(sigGen);
    CertificateFactory certificateFactory = CertificateFactory.class.newInstance();
    InputStream inputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
    X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(inputStream);
    inputStream.close();
    return x509Certificate;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertificateFactory(org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger)

Example 82 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project BiglyBT by BiglySoftware.

the class PKCS10CertificationRequest method getPublicKey.

public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
    SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
    try {
        X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
        AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId();
        return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec);
    } catch (InvalidKeySpecException e) {
        throw new InvalidKeyException("error encoding public key");
    }
}
Also used : X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SubjectPublicKeyInfo(org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.gudy.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 83 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project BiglyBT by BiglySoftware.

the class JCEECPublicKey method getEncoded.

@Override
public byte[] getEncoded() {
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    DEROutputStream dOut = new DEROutputStream(bOut);
    X962Parameters params = null;
    if (ecSpec instanceof ECNamedCurveParameterSpec) {
        params = new X962Parameters(X962NamedCurves.getOID(((ECNamedCurveParameterSpec) ecSpec).getName()));
    } else {
        X9ECParameters ecP = new X9ECParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN(), ecSpec.getH(), ecSpec.getSeed());
        params = new X962Parameters(ecP);
    }
    ASN1OctetString p = (ASN1OctetString) (new X9ECPoint(this.getQ()).getDERObject());
    SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());
    try {
        dOut.writeObject(info);
        dOut.close();
    } catch (IOException e) {
        throw new RuntimeException("Error encoding EC public key");
    }
    return bOut.toByteArray();
}
Also used : ECNamedCurveParameterSpec(org.gudy.bouncycastle.jce.spec.ECNamedCurveParameterSpec) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SubjectPublicKeyInfo(org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.gudy.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 84 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project keycloak by keycloak.

the class CertificateUtils method generateV1SelfSignedCertificate.

public static X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject, BigInteger serialNumber) {
    try {
        X500Name subjectDN = new X500Name("CN=" + subject);
        Date validityStartDate = new Date(System.currentTimeMillis() - 100000);
        Calendar calendar = Calendar.getInstance();
        calendar.add(Calendar.YEAR, 10);
        Date validityEndDate = new Date(calendar.getTime().getTime());
        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(caKeyPair.getPublic().getEncoded());
        X509v1CertificateBuilder builder = new X509v1CertificateBuilder(subjectDN, serialNumber, validityStartDate, validityEndDate, subjectDN, subPubKeyInfo);
        X509CertificateHolder holder = builder.build(createSigner(caKeyPair.getPrivate()));
        return new JcaX509CertificateConverter().getCertificate(holder);
    } catch (Exception e) {
        throw new RuntimeException("Error creating X509v1Certificate.", e);
    }
}
Also used : JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) Calendar(java.util.Calendar) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date)

Example 85 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project keycloak by keycloak.

the class CertificateUtils method generateV3Certificate.

/**
 * Generates version 3 {@link java.security.cert.X509Certificate}.
 *
 * @param keyPair the key pair
 * @param caPrivateKey the CA private key
 * @param caCert the CA certificate
 * @param subject the subject name
 *
 * @return the x509 certificate
 *
 * @throws Exception the exception
 */
public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception {
    try {
        X500Name subjectDN = new X500Name("CN=" + subject);
        // Serial Number
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
        BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt()));
        // Validity
        Date notBefore = new Date(System.currentTimeMillis());
        Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3);
        // SubjectPublicKeyInfo
        SubjectPublicKeyInfo subjPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(new X500Name(caCert.getSubjectDN().getName()), serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo);
        DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
        X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc);
        // Subject Key Identifier
        certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo));
        // Authority Key Identifier
        certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo));
        // Key Usage
        certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
        // Extended Key Usage
        KeyPurposeId[] EKU = new KeyPurposeId[2];
        EKU[0] = KeyPurposeId.id_kp_emailProtection;
        EKU[1] = KeyPurposeId.id_kp_serverAuth;
        certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU));
        // Basic Constraints
        certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        // Content Signer
        ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(caPrivateKey);
        // Certificate
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
    } catch (Exception e) {
        throw new RuntimeException("Error creating X509v3Certificate.", e);
    }
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) DigestCalculator(org.bouncycastle.operator.DigestCalculator) ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) BigInteger(java.math.BigInteger) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Aggregations

SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)219 X500Name (org.bouncycastle.asn1.x500.X500Name)92 IOException (java.io.IOException)85 Date (java.util.Date)75 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)75 ContentSigner (org.bouncycastle.operator.ContentSigner)65 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)64 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)61 BigInteger (java.math.BigInteger)54 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)53 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)50 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)42 KeyPair (java.security.KeyPair)39 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)32 SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)30 KeyPairGenerator (java.security.KeyPairGenerator)30 PublicKey (java.security.PublicKey)30 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30 InvalidKeyException (java.security.InvalidKeyException)28