Search in sources :

Example 26 with SubjectKeyIdentifier

use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project keystore-explorer by kaikramer.

the class DSelectStandardExtensionTemplate method addSubjectKeyIdentifier.

private void addSubjectKeyIdentifier(X509ExtensionSet extensionSet) throws CryptoException, IOException {
    KeyIdentifierGenerator skiGenerator = new KeyIdentifierGenerator(subjectPublicKey);
    SubjectKeyIdentifier ski = new SubjectKeyIdentifier(skiGenerator.generate160BitHashId());
    byte[] skiEncoded = X509Ext.wrapInOctetString(ski.getEncoded());
    extensionSet.addExtension(X509ExtensionType.SUBJECT_KEY_IDENTIFIER.oid(), false, skiEncoded);
}
Also used : KeyIdentifierGenerator(org.kse.crypto.publickey.KeyIdentifierGenerator) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)

Example 27 with SubjectKeyIdentifier

use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project keystore-explorer by kaikramer.

the class DSubjectKeyIdentifier method okPressed.

private void okPressed() {
    byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier();
    if (keyIdentifier == null) {
        JOptionPane.showMessageDialog(this, res.getString("DSubjectKeyIdentifier.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return;
    }
    SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(keyIdentifier);
    try {
        value = subjectKeyIdentifier.getEncoded(ASN1Encoding.DER);
    } catch (IOException e) {
        DError.displayError(this, e);
        return;
    }
    closeDialog();
}
Also used : SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) IOException(java.io.IOException)

Example 28 with SubjectKeyIdentifier

use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project keystore-explorer by kaikramer.

the class DSubjectKeyIdentifier method prepopulateWithValue.

private void prepopulateWithValue(byte[] value) throws IOException {
    SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);
    jkiKeyIdentifier.setKeyIdentifier(subjectKeyIdentifier.getKeyIdentifier());
}
Also used : SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)

Example 29 with SubjectKeyIdentifier

use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project xipki by xipki.

the class Certprofile method getSubjectKeyIdentifier.

public SubjectKeyIdentifier getSubjectKeyIdentifier(SubjectPublicKeyInfo subjectPublicKeyInfo) throws CertprofileException {
    SubjectKeyIdentifierControl control = getSubjectKeyIdentifierControl();
    SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod method = null;
    String hashAlgo = null;
    if (control != null) {
        method = control.getMethod();
        hashAlgo = control.getHashAlgo();
    }
    HashAlgo hash;
    if (hashAlgo == null) {
        hash = HashAlgo.SHA1;
    } else {
        try {
            hash = HashAlgo.getInstance(hashAlgo);
        } catch (NoSuchAlgorithmException e) {
            throw new CertprofileException("unknown hash algorithm " + hashAlgo);
        }
    }
    byte[] encodedSpki = subjectPublicKeyInfo.getPublicKeyData().getBytes();
    byte[] skiValue = hash.hash(encodedSpki);
    if (method == null || method == SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod.METHOD_1) {
    // do nothing
    } else if (method == SubjectKeyIdentifierControl.SubjectKeyIdentifierMethod.METHOD_2) {
        byte[] bytes = Arrays.copyOfRange(skiValue, skiValue.length - 8, skiValue.length);
        bytes[0] &= 0x0F;
        bytes[0] |= 0x40;
        skiValue = bytes;
    } else {
        throw new CertprofileException("unknown SubjectKeyIdentifierMethod " + method);
    }
    String truncateMethod = control == null ? null : control.getTruncateMethod();
    if (StringUtil.isNotBlank(truncateMethod)) {
        boolean leftmost;
        if (StringUtil.startsWithIgnoreCase(truncateMethod, "L:")) {
            leftmost = true;
        } else if (StringUtil.startsWithIgnoreCase(truncateMethod, "R:")) {
            leftmost = false;
        } else {
            throw new CertprofileException("unknown TruncateMethod " + truncateMethod);
        }
        int size;
        try {
            size = Integer.parseUnsignedInt(truncateMethod.substring(2));
        } catch (NumberFormatException ex) {
            throw new CertprofileException("invalid TruncateMethod " + truncateMethod);
        }
        if (size < skiValue.length) {
            if (leftmost) {
                skiValue = Arrays.copyOf(skiValue, size);
            } else {
                skiValue = Arrays.copyOfRange(skiValue, skiValue.length - size, skiValue.length);
            }
        }
    }
    return new SubjectKeyIdentifier(skiValue);
}
Also used : HashAlgo(org.xipki.security.HashAlgo) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)

Example 30 with SubjectKeyIdentifier

use of com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier in project xipki by xipki.

the class P12KeyGenerator method generateIdentity.

private static KeyStoreWrapper generateIdentity(KeyPairWithSubjectPublicKeyInfo kp, KeystoreGenerationParameters params, String selfSignedCertSubject) throws Exception {
    Date now = new Date();
    // 10 minutes past
    Date notBefore = new Date(now.getTime() - 10 * MIN);
    Date notAfter = new Date(notBefore.getTime() + 3650 * DAY);
    String dnStr = (selfSignedCertSubject == null) ? "CN=DUMMY" : selfSignedCertSubject;
    X500Name subjectDn = new X500Name(dnStr);
    SubjectPublicKeyInfo subjectPublicKeyInfo = kp.getSubjectPublicKeyInfo();
    ContentSigner contentSigner = getContentSigner(kp.getKeypair().getPrivate(), kp.getKeypair().getPublic());
    // Generate keystore
    X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(subjectDn, BigInteger.ONE, notBefore, notAfter, subjectDn, subjectPublicKeyInfo);
    byte[] encodedSpki = kp.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    byte[] skiValue = HashAlgo.SHA1.hash(encodedSpki);
    certGenerator.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(skiValue));
    KeyAndCertPair identity = new KeyAndCertPair(new X509Cert(certGenerator.build(contentSigner)), kp.getKeypair().getPrivate());
    KeyStore ks = KeyUtil.getKeyStore("PKCS12");
    ks.load(null, params.getPassword());
    ks.setKeyEntry("main", identity.key, params.getPassword(), new Certificate[] { identity.cert.toJceCert() });
    ByteArrayOutputStream ksStream = new ByteArrayOutputStream();
    try {
        ks.store(ksStream, params.getPassword());
    } finally {
        ksStream.flush();
    }
    KeyStoreWrapper result = new KeyStoreWrapper(ksStream.toByteArray());
    result.setKeystoreObject(ks);
    return result;
}
Also used : ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)

Aggregations

SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)34 AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)14 X509Certificate (java.security.cert.X509Certificate)13 IOException (java.io.IOException)10 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)10 X500Name (org.bouncycastle.asn1.x500.X500Name)9 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)9 GeneralName (org.bouncycastle.asn1.x509.GeneralName)8 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)8 Date (java.util.Date)7 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)7 ContentSigner (org.bouncycastle.operator.ContentSigner)7 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)6 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)6 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)6 PrivateKey (java.security.PrivateKey)5 CertificateException (java.security.cert.CertificateException)5 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5