Example 31 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project attestation by TokenScript.
the class TicketTest method testLisconTicketSunshine.
@Test
public void testLisconTicketSunshine() throws Exception {
LisconTicket ticket = new LisconTicket(MAIL, CONFERENCE_ID, TICKET_ID, TICKET_CLASS, senderKeys, SECRET);
assertEquals(TICKET_ID, ticket.getTicketId());
assertEquals(TICKET_CLASS, ticket.getTicketClass());
assertEquals(CONFERENCE_ID, ticket.getDevconId());
SubjectPublicKeyInfo ticketSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(ticket.getPublicKey());
SubjectPublicKeyInfo senderSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(senderKeys.getPublic());
assertArrayEquals(senderSpki.getEncoded(), ticketSpki.getEncoded());
}
Also used :
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Test(org.junit.jupiter.api.Test)
Example 32 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project attestation by TokenScript.
the class ASN1Util method restorePublicKey.
/**
* Extract the public key from its DER encoded BITString
* @param input
* @return
*/
public static AsymmetricKeyParameter restorePublicKey(byte[] input, X9ECParameters parameters, String oid) throws IOException {
AlgorithmIdentifier identifierEnc = new AlgorithmIdentifier(new ASN1ObjectIdentifier(oid), parameters.toASN1Primitive());
ASN1BitString keyEnc = DERBitString.getInstance(input);
ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifierEnc, keyEnc });
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(spkiEnc);
return PublicKeyFactory.createKey(spki);
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ASN1BitString(org.bouncycastle.asn1.ASN1BitString)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 33 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project attestation by TokenScript.
the class Attestor method constructAttestations.
/**
* Constructs a list of X509 attestations to each of the relevant DatasourceName lists of elements
* in the response json.
*
* @param request Json request in a Sring - verification request that was sent to Trulioo Global Gateway†
* @param verifyRecord Json object of the Record in verifyResponse, from Trulioo Global Gateway‡
* @param signature DER encoded signature of exactly the json request string encoded as UTF-8 using a Secp256k1 key with Keccak
* @param userPK user's public key (SubjectPublicKeyInfo object)
* @return List of DER encoded x509 attestations
*
* † An example can be found https://developer.trulioo.com/docs/identity-verification-step-6-verify
* ‡ Observe the "Record" in https://developer.trulioo.com/docs/identity-verification-verify-response
*/
public List<X509CertificateHolder> constructAttestations(String request, JSONObject verifyRecord, byte[] signature, AsymmetricKeyParameter userPK) {
if (!SignatureUtil.verifySha256(request.getBytes(StandardCharsets.UTF_8), signature, userPK)) {
throw ExceptionUtil.throwException(logger, new IllegalArgumentException("Request signature verification failed. " + "Make sure that your message is unaltered, signature is created by hashing the message with SHA256" + "and using a key of secp256k1 type."));
}
List<X509CertificateHolder> res = new ArrayList<>();
Parser parser = new Parser(new JSONObject(request), verifyRecord);
Map<String, X500Name> subjectNames = parser.getX500Names();
Map<String, Extensions> subjectExtensions = parser.getExtensions();
for (String currentAttName : subjectNames.keySet()) {
try {
long time = System.currentTimeMillis();
V3TBSCertificateGenerator certBuilder = new V3TBSCertificateGenerator();
certBuilder.setSignature(serverSigningAlgo);
certBuilder.setIssuer(serverInfo);
certBuilder.setSerialNumber(new ASN1Integer(time));
certBuilder.setStartDate(new Time(new Date(time)));
certBuilder.setEndDate(new Time(new Date(time + lifeTime)));
SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(userPK);
// // todo hack to create a valid spki without ECNamedParameters
// spki = new SubjectPublicKeyInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(OID_ECDSA)),
// spki.getPublicKeyData());
certBuilder.setSubjectPublicKeyInfo(spki);
certBuilder.setSubject(subjectNames.get(currentAttName));
certBuilder.setExtensions(subjectExtensions.get(currentAttName));
TBSCertificate tbsCert = certBuilder.generateTBSCertificate();
res.add(new X509CertificateHolder(constructSignedAttestation(tbsCert)));
// To ensure that we get a new serial number for every cert
Thread.sleep(1);
} catch (IOException e) {
throw ExceptionUtil.makeRuntimeException(logger, "Could not parse server key", e);
} catch (InterruptedException e) {
throw ExceptionUtil.makeRuntimeException(logger, "Could not sleep", e);
}
}
return res;
}
Also used :
ArrayList(java.util.ArrayList)
Time(org.bouncycastle.asn1.x509.Time)
DERBitString(org.bouncycastle.asn1.DERBitString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
JSONObject(org.json.JSONObject)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
V3TBSCertificateGenerator(org.bouncycastle.asn1.x509.V3TBSCertificateGenerator)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Example 34 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project attestation by TokenScript.
the class Demo method writePubKey.
private static void writePubKey(AsymmetricKeyParameter pubKey, Path pathPubKey) throws IOException {
SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubKey);
byte[] pub = spki.getEncoded();
DERUtility.writePEM(pub, "PUBLIC KEY", pathPubKey);
}
Also used :
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Example 35 with SubjectPublicKeyInfo
use of com.android.apksig.internal.x509.SubjectPublicKeyInfo in project attestation by TokenScript.
the class TicketDecoder method parseEncodingOfPKInfo.
void parseEncodingOfPKInfo(ASN1Sequence publicKeyInfo, String devconId) throws IOException, IllegalArgumentException {
AlgorithmIdentifier algorithm = AlgorithmIdentifier.getInstance(publicKeyInfo.getObjectAt(0));
byte[] publicKeyBytes = DERBitString.getInstance(publicKeyInfo.getObjectAt(1)).getEncoded();
AsymmetricKeyParameter decodedPublicKey = SignatureUtility.restoreDefaultKey(algorithm, publicKeyBytes);
SubjectPublicKeyInfo decodedSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(decodedPublicKey);
// Ensure that the right type of public key is given
if (getPk(devconId) != null) {
SubjectPublicKeyInfo referenceSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(getPk(devconId));
if (!Arrays.equals(referenceSpki.getEncoded(), decodedSpki.getEncoded())) {
throw ExceptionUtil.throwException(logger, new IllegalArgumentException("The public key is not of the same as supplied as argument"));
}
}
idsToKeys.put(devconId, decodedPublicKey);
}
Also used :
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)219
X500Name (org.bouncycastle.asn1.x500.X500Name)92
IOException (java.io.IOException)85
Date (java.util.Date)75
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)75
ContentSigner (org.bouncycastle.operator.ContentSigner)65
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)64
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)61
BigInteger (java.math.BigInteger)54
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)53
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)50
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)42
KeyPair (java.security.KeyPair)39
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)32
SubjectPublicKeyInfo (com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)30
KeyPairGenerator (java.security.KeyPairGenerator)30
PublicKey (java.security.PublicKey)30
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30
InvalidKeyException (java.security.InvalidKeyException)28
