Example 26 with SubjectKeyIdentifier
use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project keystore-explorer by kaikramer.
the class DSelectStandardExtensionTemplate method addSubjectKeyIdentifier.
private void addSubjectKeyIdentifier(X509ExtensionSet extensionSet) throws CryptoException, IOException {
KeyIdentifierGenerator skiGenerator = new KeyIdentifierGenerator(subjectPublicKey);
SubjectKeyIdentifier ski = new SubjectKeyIdentifier(skiGenerator.generate160BitHashId());
byte[] skiEncoded = X509Ext.wrapInOctetString(ski.getEncoded());
extensionSet.addExtension(X509ExtensionType.SUBJECT_KEY_IDENTIFIER.oid(), false, skiEncoded);
}
Also used :
KeyIdentifierGenerator(org.kse.crypto.publickey.KeyIdentifierGenerator)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
Example 27 with SubjectKeyIdentifier
use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project keystore-explorer by kaikramer.
the class DSubjectKeyIdentifier method okPressed.
private void okPressed() {
byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier();
if (keyIdentifier == null) {
JOptionPane.showMessageDialog(this, res.getString("DSubjectKeyIdentifier.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(keyIdentifier);
try {
value = subjectKeyIdentifier.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
DError.displayError(this, e);
return;
}
closeDialog();
}
Also used :
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
IOException(java.io.IOException)
Example 28 with SubjectKeyIdentifier
use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project keystore-explorer by kaikramer.
the class DSubjectKeyIdentifier method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);
jkiKeyIdentifier.setKeyIdentifier(subjectKeyIdentifier.getKeyIdentifier());
}
Also used :
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
Example 29 with SubjectKeyIdentifier
use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project xipki by xipki.
the class Certprofile method getSubjectKeyIdentifier.
public SubjectKeyIdentifier getSubjectKeyIdentifier(SubjectPublicKeyInfo subjectPublicKeyInfo) throws CertprofileException {
SubjectKeyIdentifierControl control = getSubjectKeyIdentifierControl();
SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod method = null;
String hashAlgo = null;
if (control != null) {
method = control.getMethod();
hashAlgo = control.getHashAlgo();
}
HashAlgo hash;
if (hashAlgo == null) {
hash = HashAlgo.SHA1;
} else {
try {
hash = HashAlgo.getInstance(hashAlgo);
} catch (NoSuchAlgorithmException e) {
throw new CertprofileException("unknown hash algorithm " + hashAlgo);
}
}
byte[] encodedSpki = subjectPublicKeyInfo.getPublicKeyData().getBytes();
byte[] skiValue = hash.hash(encodedSpki);
if (method == null || method == SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod.METHOD_1) {
// do nothing
} else if (method == SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod.METHOD_2) {
byte[] bytes = Arrays.copyOfRange(skiValue, skiValue.length - 8, skiValue.length);
bytes[0] &= 0x0F;
bytes[0] |= 0x40;
skiValue = bytes;
} else {
throw new CertprofileException("unknown SubjectKeyIdentifierMethod " + method);
}
String truncateMethod = control == null ? null : control.getTruncateMethod();
if (StringUtil.isNotBlank(truncateMethod)) {
boolean leftmost;
if (StringUtil.startsWithIgnoreCase(truncateMethod, "L:")) {
leftmost = true;
} else if (StringUtil.startsWithIgnoreCase(truncateMethod, "R:")) {
leftmost = false;
} else {
throw new CertprofileException("unknown TruncateMethod " + truncateMethod);
}
int size;
try {
size = Integer.parseUnsignedInt(truncateMethod.substring(2));
} catch (NumberFormatException ex) {
throw new CertprofileException("invalid TruncateMethod " + truncateMethod);
}
if (size < skiValue.length) {
if (leftmost) {
skiValue = Arrays.copyOf(skiValue, size);
} else {
skiValue = Arrays.copyOfRange(skiValue, skiValue.length - size, skiValue.length);
}
}
}
return new SubjectKeyIdentifier(skiValue);
}
Also used :
HashAlgo(org.xipki.security.HashAlgo)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
Example 30 with SubjectKeyIdentifier
use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project xipki by xipki.
the class P12KeyGenerator method generateIdentity.
private static KeyStoreWrapper generateIdentity(KeyPairWithSubjectPublicKeyInfo kp, KeystoreGenerationParameters params, String selfSignedCertSubject) throws Exception {
Date now = new Date();
// 10 minutes past
Date notBefore = new Date(now.getTime() - 10 * MIN);
Date notAfter = new Date(notBefore.getTime() + 3650 * DAY);
String dnStr = (selfSignedCertSubject == null) ? "CN=DUMMY" : selfSignedCertSubject;
X500Name subjectDn = new X500Name(dnStr);
SubjectPublicKeyInfo subjectPublicKeyInfo = kp.getSubjectPublicKeyInfo();
ContentSigner contentSigner = getContentSigner(kp.getKeypair().getPrivate(), kp.getKeypair().getPublic());
// Generate keystore
X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(subjectDn, BigInteger.ONE, notBefore, notAfter, subjectDn, subjectPublicKeyInfo);
byte[] encodedSpki = kp.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
byte[] skiValue = HashAlgo.SHA1.hash(encodedSpki);
certGenerator.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(skiValue));
KeyAndCertPair identity = new KeyAndCertPair(new X509Cert(certGenerator.build(contentSigner)), kp.getKeypair().getPrivate());
KeyStore ks = KeyUtil.getKeyStore("PKCS12");
ks.load(null, params.getPassword());
ks.setKeyEntry("main", identity.key, params.getPassword(), new Certificate[] { identity.cert.toJceCert() });
ByteArrayOutputStream ksStream = new ByteArrayOutputStream();
try {
ks.store(ksStream, params.getPassword());
} finally {
ksStream.flush();
}
KeyStoreWrapper result = new KeyStoreWrapper(ksStream.toByteArray());
result.setKeystoreObject(ks);
return result;
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
Aggregations
SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)34
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)14
X509Certificate (java.security.cert.X509Certificate)13
IOException (java.io.IOException)10
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)10
X500Name (org.bouncycastle.asn1.x500.X500Name)9
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)9
GeneralName (org.bouncycastle.asn1.x509.GeneralName)8
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)8
Date (java.util.Date)7
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)7
ContentSigner (org.bouncycastle.operator.ContentSigner)7
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)6
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)6
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)6
PrivateKey (java.security.PrivateKey)5
CertificateException (java.security.cert.CertificateException)5
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
