Search in sources :

Example 91 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project jmulticard by ctt-gob-es.

the class SubjectPublicKeyInfoFactory method createSubjectPublicKeyInfo.

/**
 * Create a SubjectPublicKeyInfo public key.
 *
 * @param publicKey the key to be encoded into the info object.
 * @return a SubjectPublicKeyInfo representing the key.
 * @throws java.io.IOException on an error encoding the key
 */
public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(AsymmetricKeyParameter publicKey) throws IOException {
    if (publicKey instanceof QTESLAPublicKeyParameters) {
        QTESLAPublicKeyParameters keyParams = (QTESLAPublicKeyParameters) publicKey;
        AlgorithmIdentifier algorithmIdentifier = Utils.qTeslaLookupAlgID(keyParams.getSecurityCategory());
        return new SubjectPublicKeyInfo(algorithmIdentifier, keyParams.getPublicData());
    } else if (publicKey instanceof SPHINCSPublicKeyParameters) {
        SPHINCSPublicKeyParameters params = (SPHINCSPublicKeyParameters) publicKey;
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.sphincs256, new SPHINCS256KeyParams(Utils.sphincs256LookupTreeAlgID(params.getTreeDigest())));
        return new SubjectPublicKeyInfo(algorithmIdentifier, params.getKeyData());
    } else if (publicKey instanceof NHPublicKeyParameters) {
        NHPublicKeyParameters params = (NHPublicKeyParameters) publicKey;
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.newHope);
        return new SubjectPublicKeyInfo(algorithmIdentifier, params.getPubData());
    } else if (publicKey instanceof LMSPublicKeyParameters) {
        LMSPublicKeyParameters params = (LMSPublicKeyParameters) publicKey;
        byte[] encoding = Composer.compose().u32str(1).bytes(params).build();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(encoding));
    } else if (publicKey instanceof HSSPublicKeyParameters) {
        HSSPublicKeyParameters params = (HSSPublicKeyParameters) publicKey;
        byte[] encoding = Composer.compose().u32str(params.getL()).bytes(params.getLMSPublicKey()).build();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(encoding));
    } else if (publicKey instanceof SPHINCSPlusPublicKeyParameters) {
        SPHINCSPlusPublicKeyParameters params = (SPHINCSPlusPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.sphincsPlusOidLookup(params.getParameters()));
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(encoding));
    } else if (publicKey instanceof CMCEPublicKeyParameters) {
        CMCEPublicKeyParameters params = (CMCEPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.mcElieceOidLookup(params.getParameters()));
        // https://datatracker.ietf.org/doc/draft-uni-qsckeys/
        return new SubjectPublicKeyInfo(algorithmIdentifier, new CMCEPublicKey(encoding));
    } else if (publicKey instanceof XMSSPublicKeyParameters) {
        XMSSPublicKeyParameters keyParams = (XMSSPublicKeyParameters) publicKey;
        byte[] publicSeed = keyParams.getPublicSeed();
        byte[] root = keyParams.getRoot();
        byte[] keyEnc = keyParams.getEncoded();
        if (keyEnc.length > publicSeed.length + root.length) {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(IsaraObjectIdentifiers.id_alg_xmss);
            return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(keyEnc));
        } else {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.xmss, new XMSSKeyParams(keyParams.getParameters().getHeight(), Utils.xmssLookupTreeAlgID(keyParams.getTreeDigest())));
            return new SubjectPublicKeyInfo(algorithmIdentifier, new XMSSPublicKey(publicSeed, root));
        }
    } else if (publicKey instanceof XMSSMTPublicKeyParameters) {
        XMSSMTPublicKeyParameters keyParams = (XMSSMTPublicKeyParameters) publicKey;
        byte[] publicSeed = keyParams.getPublicSeed();
        byte[] root = keyParams.getRoot();
        byte[] keyEnc = keyParams.getEncoded();
        if (keyEnc.length > publicSeed.length + root.length) {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(IsaraObjectIdentifiers.id_alg_xmssmt);
            return new SubjectPublicKeyInfo(algorithmIdentifier, new DEROctetString(keyEnc));
        } else {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.xmss_mt, new XMSSMTKeyParams(keyParams.getParameters().getHeight(), keyParams.getParameters().getLayers(), Utils.xmssLookupTreeAlgID(keyParams.getTreeDigest())));
            return new SubjectPublicKeyInfo(algorithmIdentifier, new XMSSMTPublicKey(keyParams.getPublicSeed(), keyParams.getRoot()));
        }
    } else if (publicKey instanceof McElieceCCA2PublicKeyParameters) {
        McElieceCCA2PublicKeyParameters pub = (McElieceCCA2PublicKeyParameters) publicKey;
        McElieceCCA2PublicKey mcEliecePub = new McElieceCCA2PublicKey(pub.getN(), pub.getT(), pub.getG(), Utils.getAlgorithmIdentifier(pub.getDigest()));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.mcElieceCca2);
        return new SubjectPublicKeyInfo(algorithmIdentifier, mcEliecePub);
    } else if (publicKey instanceof FrodoPublicKeyParameters) {
        FrodoPublicKeyParameters params = (FrodoPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.frodoOidLookup(params.getParameters()));
        return new SubjectPublicKeyInfo(algorithmIdentifier, (new DEROctetString(encoding)));
    } else if (publicKey instanceof SABERPublicKeyParameters) {
        SABERPublicKeyParameters params = (SABERPublicKeyParameters) publicKey;
        byte[] encoding = params.getEncoded();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(Utils.saberOidLookup(params.getParameters()));
        // https://datatracker.ietf.org/doc/draft-uni-qsckeys/
        return new SubjectPublicKeyInfo(algorithmIdentifier, new DERSequence(new DEROctetString(encoding)));
    } else {
        throw new IOException("key parameters not recognized");
    }
}
Also used : CMCEPublicKeyParameters(org.bouncycastle.pqc.crypto.cmce.CMCEPublicKeyParameters) SABERPublicKeyParameters(org.bouncycastle.pqc.crypto.saber.SABERPublicKeyParameters) XMSSKeyParams(org.bouncycastle.pqc.asn1.XMSSKeyParams) CMCEPublicKey(org.bouncycastle.pqc.asn1.CMCEPublicKey) LMSPublicKeyParameters(org.bouncycastle.pqc.crypto.lms.LMSPublicKeyParameters) McElieceCCA2PublicKeyParameters(org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PublicKeyParameters) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) XMSSMTPublicKey(org.bouncycastle.pqc.asn1.XMSSMTPublicKey) DERSequence(org.bouncycastle.asn1.DERSequence) SPHINCSPublicKeyParameters(org.bouncycastle.pqc.crypto.sphincs.SPHINCSPublicKeyParameters) HSSPublicKeyParameters(org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters) QTESLAPublicKeyParameters(org.bouncycastle.pqc.crypto.qtesla.QTESLAPublicKeyParameters) IOException(java.io.IOException) McElieceCCA2PublicKey(org.bouncycastle.pqc.asn1.McElieceCCA2PublicKey) SPHINCS256KeyParams(org.bouncycastle.pqc.asn1.SPHINCS256KeyParams) XMSSMTKeyParams(org.bouncycastle.pqc.asn1.XMSSMTKeyParams) FrodoPublicKeyParameters(org.bouncycastle.pqc.crypto.frodo.FrodoPublicKeyParameters) XMSSPublicKeyParameters(org.bouncycastle.pqc.crypto.xmss.XMSSPublicKeyParameters) XMSSMTPublicKeyParameters(org.bouncycastle.pqc.crypto.xmss.XMSSMTPublicKeyParameters) SPHINCSPlusPublicKeyParameters(org.bouncycastle.pqc.crypto.sphincsplus.SPHINCSPlusPublicKeyParameters) NHPublicKeyParameters(org.bouncycastle.pqc.crypto.newhope.NHPublicKeyParameters) XMSSPublicKey(org.bouncycastle.pqc.asn1.XMSSPublicKey)

Example 92 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project signer by demoiselle.

the class CreateCA method main.

// http://stackoverflow.com/questions/18633273/correctly-creating-a-new-certificate-with-an-intermediate-certificate-using-boun
// http://stackoverflow.com/questions/31618568/how-can-i-create-a-ca-root-certificate-with-bouncy-castle
public static void main(String[] args) throws IOException, OperatorCreationException, NoSuchAlgorithmException {
    // ---------------------- CA Creation ----------------------
    // System.out.println("Generating Keys");
    KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
    rsa.initialize(1024);
    KeyPair kp = rsa.generateKeyPair();
    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.YEAR, 100);
    // System.out.println("Getting data");
    byte[] pk = kp.getPublic().getEncoded();
    SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk);
    // System.out.println("Creating cert");
    X509v1CertificateBuilder certGen = new X509v1CertificateBuilder(new X500Name("CN=CA Cert"), BigInteger.ONE, new Date(), cal.getTime(), new X500Name("CN=CA Cert"), bcPk);
    X509CertificateHolder certHolder = certGen.build(new JcaContentSignerBuilder("SHA1withRSA").build(kp.getPrivate()));
    StringBuffer s = new StringBuffer();
    s.append(X509Factory.BEGIN_CERT + "\n");
    s.append(Base64Utils.base64Encode(certHolder.getEncoded()) + "\n");
    s.append(X509Factory.END_CERT);
    saveFile(s.toString().getBytes());
// ---------------------- ISSUER Creation ----------------------
}
Also used : KeyPair(java.security.KeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date)

Example 93 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project smoke by textbrowser.

the class Cryptography method publicKeyAlgorithm.

public static String publicKeyAlgorithm(PublicKey publicKey) {
    if (publicKey == null)
        return "";
    try {
        ASN1ObjectIdentifier asn1ObjectIdentifier = null;
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        asn1ObjectIdentifier = subjectPublicKeyInfo.getAlgorithm().getAlgorithm();
        if (asn1ObjectIdentifier.equals(PQCObjectIdentifiers.mcElieceCca2))
            return "McEliece-CCA2";
        else if (asn1ObjectIdentifier.equals(PQCObjectIdentifiers.mcElieceFujisaki))
            return "McEliece-Fujisaki";
        else if (asn1ObjectIdentifier.equals(PQCObjectIdentifiers.mcEliecePointcheval))
            return "McEliece-Pointcheval";
        else if (publicKey instanceof BCRainbowPublicKey)
            return "Rainbow";
        else if (publicKey instanceof BCSphincs256PublicKey)
            return "SPHINCS";
        else if (publicKey.getAlgorithm().equals("EC"))
            return "ECDSA";
        else
            return "RSA";
    } catch (Exception exception) {
    }
    return "";
}
Also used : BCSphincs256PublicKey(org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PublicKey) BCRainbowPublicKey(org.bouncycastle.pqc.jcajce.provider.rainbow.BCRainbowPublicKey) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 94 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project fdroidclient by f-droid.

the class LocalRepoKeyStore method generateSelfSignedCertChain.

private Certificate generateSelfSignedCertChain(KeyPair kp, X500Name subject, String hostname) throws CertificateException, OperatorCreationException, IOException {
    SecureRandom rand = new SecureRandom();
    PrivateKey privKey = kp.getPrivate();
    PublicKey pubKey = kp.getPublic();
    ContentSigner sigGen = new JcaContentSignerBuilder(DEFAULT_SIG_ALG).build(privKey);
    SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(pubKey.getEncoded()));
    // now
    Date now = new Date();
    /* force it to use a English/Gregorian dates for the cert, hardly anyone
           ever looks at the cert metadata anyway, and its very likely that they
           understand English/Gregorian dates */
    Calendar c = new GregorianCalendar(Locale.ENGLISH);
    c.setTime(now);
    c.add(Calendar.YEAR, 1);
    Time startTime = new Time(now, Locale.ENGLISH);
    Time endTime = new Time(c.getTime(), Locale.ENGLISH);
    X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(subject, BigInteger.valueOf(rand.nextLong()), startTime, endTime, subject, subPubKeyInfo);
    if (hostname != null) {
        GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.iPAddress, hostname));
        v3CertGen.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);
    }
    X509CertificateHolder certHolder = v3CertGen.build(sigGen);
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ContentSigner(org.bouncycastle.operator.ContentSigner) GregorianCalendar(java.util.GregorianCalendar) SecureRandom(java.security.SecureRandom) Time(org.bouncycastle.asn1.x509.Time) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 95 with SubjectPublicKeyInfo

use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project amazon-corretto-crypto-provider by corretto.

the class EcGenTest method knownCurves.

@ParameterizedTest
@MethodSource("knownCurveParams")
public void knownCurves(ArgumentsAccessor arguments) throws GeneralSecurityException {
    for (final Object name : arguments.toArray()) {
        ECGenParameterSpec spec = new ECGenParameterSpec((String) name);
        nativeGen.initialize(spec);
        KeyPair nativePair = nativeGen.generateKeyPair();
        jceGen.initialize(spec);
        KeyPair jcePair = jceGen.generateKeyPair();
        final ECParameterSpec jceParams = ((ECPublicKey) jcePair.getPublic()).getParams();
        final ECParameterSpec nativeParams = ((ECPublicKey) nativePair.getPublic()).getParams();
        assertECEquals((String) name, jceParams, nativeParams);
        // Ensure we can construct the curve using raw numbers rather than the name
        nativeGen.initialize(jceParams);
        nativePair = nativeGen.generateKeyPair();
        assertECEquals(name + "-explicit", jceParams, nativeParams);
        final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(nativePair.getPublic().getEncoded());
        ASN1Encodable algorithmParameters = publicKeyInfo.getAlgorithm().getParameters();
        assertTrue(algorithmParameters instanceof ASN1ObjectIdentifier, "Public key uses named curve");
        // PKCS #8 = SEQ [ Integer, AlgorithmIdentifier, Octet String, ???]
        // AlgorithmIdentifier = SEQ [ OID, {OID | SEQ}]
        final ASN1Sequence p8 = ASN1Sequence.getInstance(nativePair.getPrivate().getEncoded());
        final ASN1Sequence algIdentifier = (ASN1Sequence) p8.getObjectAt(1);
        assertTrue(algIdentifier.getObjectAt(1) instanceof ASN1ObjectIdentifier, "Private key uses named curve");
        // Check encoding/decoding
        Key bouncedKey = KEY_FACTORY.generatePublic(new X509EncodedKeySpec(nativePair.getPublic().getEncoded()));
        assertEquals(nativePair.getPublic(), bouncedKey, "Public key survives encoding");
        bouncedKey = KEY_FACTORY.generatePrivate(new PKCS8EncodedKeySpec(nativePair.getPrivate().getEncoded()));
        assertEquals(nativePair.getPrivate(), bouncedKey, "Private key survives encoding");
    }
}
Also used : KeyPair(java.security.KeyPair) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Key(java.security.Key) ECPublicKey(java.security.interfaces.ECPublicKey) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Aggregations

SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)219 X500Name (org.bouncycastle.asn1.x500.X500Name)92 IOException (java.io.IOException)85 Date (java.util.Date)75 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)75 ContentSigner (org.bouncycastle.operator.ContentSigner)65 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)64 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)61 BigInteger (java.math.BigInteger)54 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)53 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)50 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)42 KeyPair (java.security.KeyPair)39 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)32 SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)30 KeyPairGenerator (java.security.KeyPairGenerator)30 PublicKey (java.security.PublicKey)30 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30 InvalidKeyException (java.security.InvalidKeyException)28