Example 21 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project axelor-open-suite by axelor.
the class X509Generator method getSubjectKeyIdentifier.
/**
* Returns the <code>SubjectKeyIdentifier</code> corresponding to a given <code>PublicKey</code>
*
* @param publicKey the given public key
* @return the subject key identifier
* @throws IOException
* @throws NoSuchAlgorithmException
*/
private SubjectKeyIdentifier getSubjectKeyIdentifier(PublicKey publicKey) throws IOException, NoSuchAlgorithmException {
InputStream input;
SubjectPublicKeyInfo keyInfo;
input = new ByteArrayInputStream(publicKey.getEncoded());
try (final ASN1InputStream is = new ASN1InputStream(input)) {
keyInfo = SubjectPublicKeyInfo.getInstance((ASN1Sequence) is.readObject());
}
final JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
return jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyInfo);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Example 22 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project documentproduction by qld-gov-au.
the class AwsContentSignerFactory method getPublicKey.
@Override
public PublicKey getPublicKey(SignatureKey key) {
if ("stub".equals(this.region)) {
return null;
}
AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(region).build();
GetPublicKeyResult response = kmsClient.getPublicKey(new GetPublicKeyRequest().withKeyId(key.getKmsId()));
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(response.getPublicKey().array());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
try {
return converter.getPublicKey(spki);
} catch (PEMException e) {
throw new IllegalStateException(e.getMessage(), e);
}
}
Also used :
GetPublicKeyRequest(com.amazonaws.services.kms.model.GetPublicKeyRequest)
PEMException(org.bouncycastle.openssl.PEMException)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
GetPublicKeyResult(com.amazonaws.services.kms.model.GetPublicKeyResult)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
Example 23 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project documentproduction by qld-gov-au.
the class SigningServiceTest method setUpKeys.
private static void setUpKeys() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
KeyPair keyPair = keyGen.generateKeyPair();
X500Name x500Name = new X500Name("CN=test");
SubjectPublicKeyInfo pubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
final X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name, new BigInteger(10, new SecureRandom()), new Date(), new LocalDateTime().plusDays(1).toDate(), x500Name, pubKeyInfo);
contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificateBuilder.build(contentSigner));
}
Also used :
LocalDateTime(org.joda.time.LocalDateTime)
KeyPair(java.security.KeyPair)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
BigInteger(java.math.BigInteger)
SecureRandom(java.security.SecureRandom)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 24 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project fabric-gateway by hyperledger.
the class X509Credentials method generateCertificate.
private X509Certificate generateCertificate(KeyPair keyPair) {
X500Name dnName = new X500Name("CN=John Doe");
// Yesterday
Date validityBeginDate = new Date(System.currentTimeMillis() - 24L * 60 * 60 * 1000);
// 2 years from now
Date validityEndDate = new Date(System.currentTimeMillis() + 2L * 365 * 24 * 60 * 60 * 1000);
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(dnName, BigInteger.valueOf(System.currentTimeMillis()), validityBeginDate, validityEndDate, Locale.getDefault(), dnName, subPubKeyInfo);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
try {
ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()));
X509CertificateHolder holder = builder.build(contentSigner);
return new JcaX509CertificateConverter().getCertificate(holder);
} catch (IOException e) {
throw new UncheckedIOException(e);
} catch (OperatorCreationException | CertificateException e) {
throw new RuntimeException(e);
}
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
UncheckedIOException(java.io.UncheckedIOException)
CertificateException(java.security.cert.CertificateException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
Date(java.util.Date)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Example 25 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project attestation by TokenScript.
the class UseTicketTest method testNegativeUnmatchingKeys.
// Test that the key used to sign the Attested Ticket is the same as attested to
@Test
public void testNegativeUnmatchingKeys() throws Exception {
Attestation att = attestedTicket.getAtt().getUnsignedAttestation();
Field field = att.getClass().getSuperclass().getDeclaredField("subjectPublicKeyInfo");
field.setAccessible(true);
SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(attestorKeys.getPublic());
assertFalse(Arrays.equals(spki.getEncoded(), att.getSubjectPublicKeyInfo().getEncoded()));
// Change public key
field.set(att, spki);
// Validation of attestation should not fail
assertTrue(attestedTicket.getAtt().checkValidity());
// But validation of ticket should since the keys used are not consistent
assertFalse(attestedTicket.checkValidity());
// Verification should fail
assertFalse(attestedTicket.getAtt().verify());
assertFalse(attestedTicket.verify());
}
Also used :
Field(java.lang.reflect.Field)
SignedIdentifierAttestation(org.tokenscript.attestation.SignedIdentifierAttestation)
IdentifierAttestation(org.tokenscript.attestation.IdentifierAttestation)
Attestation(org.tokenscript.attestation.Attestation)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Test(org.junit.jupiter.api.Test)
HelperTest(org.tokenscript.attestation.HelperTest)
Aggregations
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)219
X500Name (org.bouncycastle.asn1.x500.X500Name)92
IOException (java.io.IOException)85
Date (java.util.Date)75
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)75
ContentSigner (org.bouncycastle.operator.ContentSigner)65
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)64
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)61
BigInteger (java.math.BigInteger)54
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)53
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)50
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)42
KeyPair (java.security.KeyPair)39
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)32
SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)30
KeyPairGenerator (java.security.KeyPairGenerator)30
PublicKey (java.security.PublicKey)30
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30
InvalidKeyException (java.security.InvalidKeyException)28
