Search in sources :

Example 61 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project Ethernity-Wallet-Android by kris-krytech.

the class TestAttestation method makeUnsignedx509Att.

private Attestation makeUnsignedx509Att() {
    Attestation att = new Attestation();
    // =v3 since counting starts from 0
    att.setVersion(2);
    att.setSerialNumber(42);
    att.setSignature(OID_SHA256ECDSA);
    att.setIssuer("CN=ALX");
    Date now = new Date();
    att.setNotValidBefore(now);
    // Valid for an hour
    att.setNotValidAfter(new Date(System.currentTimeMillis() + 3600000));
    att.setSubject("CN=0x2042424242424564648");
    att.setSubjectPublicKeyInfo(OID_SHA256ECDSA, subjectKeys.getPublic().getEncoded());
    ASN1EncodableVector extensions = new ASN1EncodableVector();
    extensions.add(new ASN1ObjectIdentifier(Attestation.OID_OCTETSTRING));
    extensions.add(ASN1Boolean.TRUE);
    extensions.add(new DEROctetString("hello world".getBytes()));
    // Double Sequence is needed to be compatible with X509V3
    att.setExtensions(new DERSequence(new DERSequence(extensions)));
    Assert.assertTrue(att.isValidX509());
    return att;
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) Date(java.util.Date) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 62 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project pulsar by yahoo.

the class MessageCryptoBc method loadPublicKey.

private PublicKey loadPublicKey(byte[] keyBytes) throws Exception {
    Reader keyReader = new StringReader(new String(keyBytes));
    PublicKey publicKey = null;
    try (PEMParser pemReader = new PEMParser(keyReader)) {
        Object pemObj = pemReader.readObject();
        JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
        SubjectPublicKeyInfo keyInfo = null;
        X9ECParameters ecParam = null;
        if (pemObj instanceof ASN1ObjectIdentifier) {
            // make sure this is EC Parameter we're handling. In which case
            // we'll store it and read the next object which should be our
            // EC Public Key
            ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj;
            ecParam = ECNamedCurveTable.getByOID(ecOID);
            if (ecParam == null) {
                throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId());
            }
            pemObj = pemReader.readObject();
        } else if (pemObj instanceof X9ECParameters) {
            ecParam = (X9ECParameters) pemObj;
            pemObj = pemReader.readObject();
        }
        if (pemObj instanceof X509CertificateHolder) {
            keyInfo = ((X509CertificateHolder) pemObj).getSubjectPublicKeyInfo();
        } else {
            keyInfo = (SubjectPublicKeyInfo) pemObj;
        }
        publicKey = pemConverter.getPublicKey(keyInfo);
        if (ecParam != null && ECDSA.equals(publicKey.getAlgorithm())) {
            ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed());
            KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME);
            ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) publicKey).getQ(), ecSpec);
            publicKey = keyFactory.generatePublic(keySpec);
        }
    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
        throw new Exception(e);
    }
    return publicKey;
}
Also used : BCECPublicKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey) PublicKey(java.security.PublicKey) X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) Reader(java.io.Reader) CryptoKeyReader(org.apache.pulsar.client.api.CryptoKeyReader) StringReader(java.io.StringReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) PulsarClientException(org.apache.pulsar.client.api.PulsarClientException) ShortBufferException(javax.crypto.ShortBufferException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) CryptoException(org.apache.pulsar.client.api.PulsarClientException.CryptoException) PEMException(org.bouncycastle.openssl.PEMException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) PEMParser(org.bouncycastle.openssl.PEMParser) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) PEMException(org.bouncycastle.openssl.PEMException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) StringReader(java.io.StringReader) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchProviderException(java.security.NoSuchProviderException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) KeyFactory(java.security.KeyFactory)

Example 63 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project oxAuth by GluuFederation.

the class RSAKeyFactory method generateV3Certificate.

public Certificate generateV3Certificate(Date startDate, Date expirationDate, String dnName) throws OperatorCreationException, CertificateException, CertIOException {
    // serial number for certificate
    BigInteger serialNumber = new BigInteger(1024, new SecureRandom());
    X500Name name = new X500Name(dnName);
    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(name, serialNumber, startDate, expirationDate, name, keyPair.getPublic());
    ASN1EncodableVector purposes = new ASN1EncodableVector();
    purposes.add(KeyPurposeId.id_kp_serverAuth);
    purposes.add(KeyPurposeId.id_kp_clientAuth);
    purposes.add(KeyPurposeId.anyExtendedKeyUsage);
    ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37").intern();
    certGen.addExtension(extendedKeyUsage, false, new DERSequence(purposes));
    X509CertificateHolder certHolder = certGen.build(new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithm()).setProvider(SecurityProviderUtility.getBCProviderName()).build(keyPair.getPrivate()));
    X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider(SecurityProviderUtility.getBCProviderName()).getCertificate(certHolder);
    return new Certificate(signatureAlgorithm, x509Certificate);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) SecureRandom(java.security.SecureRandom) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(org.gluu.oxauth.model.crypto.Certificate)

Example 64 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project ats-framework by Axway.

the class SMimePackageEncryptor method encrypt.

@PublicAtsApi
public Package encrypt(Package source) throws ActionException {
    try {
        MimeMessage encryptedMessage = new MimeMessage(Session.getInstance(new Properties()));
        MimeMessage originalMessage = getMimeMessage(source);
        Enumeration<?> hdrEnum = originalMessage.getAllHeaders();
        while (hdrEnum.hasMoreElements()) {
            Header current = (Header) hdrEnum.nextElement();
            encryptedMessage.setHeader(current.getName(), current.getValue());
        }
        KeyStore ks = getKeystore();
        Certificate cer = ks.getCertificate(aliasOrCN);
        SMIMEEnvelopedGenerator encrypter = new SMIMEEnvelopedGenerator();
        encrypter.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator((X509Certificate) cer).setProvider(BouncyCastleProvider.PROVIDER_NAME));
        ASN1ObjectIdentifier encryption = null;
        if (encryptionCipher == null) {
            // set default. Was CMSAlgorithm.RC2_CBC
            encryption = CMSAlgorithm.AES128_CBC;
        } else {
            encryption = encryptionCipher;
        }
        MimeBodyPart mp = encrypter.generate(originalMessage, new JceCMSContentEncryptorBuilder(encryption).setProvider(BouncyCastleProvider.PROVIDER_NAME).build());
        encryptedMessage.setContent(mp.getContent(), mp.getContentType());
        Enumeration<?> mpEnum = mp.getAllHeaders();
        while (mpEnum.hasMoreElements()) {
            Header current = (Header) mpEnum.nextElement();
            encryptedMessage.setHeader(current.getName(), current.getValue());
        }
        encryptedMessage.saveChanges();
        return new MimePackage(encryptedMessage);
    } catch (Exception e) {
        throw new ActionException(ENCRYPTION_EXCEPTION, e);
    }
}
Also used : JceCMSContentEncryptorBuilder(org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder) ActionException(com.axway.ats.action.model.ActionException) Properties(java.util.Properties) KeyStore(java.security.KeyStore) MessagingException(javax.mail.MessagingException) ActionException(com.axway.ats.action.model.ActionException) SMIMEException(org.bouncycastle.mail.smime.SMIMEException) JceKeyTransRecipientInfoGenerator(org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator) MimePackage(com.axway.ats.action.objects.MimePackage) Header(javax.mail.Header) SMIMEEnvelopedGenerator(org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator) MimeMessage(javax.mail.internet.MimeMessage) MimeBodyPart(javax.mail.internet.MimeBodyPart) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) PublicAtsApi(com.axway.ats.common.PublicAtsApi)

Example 65 with ASN1ObjectIdentifier

use of com.github.zhenwei.core.asn1.ASN1ObjectIdentifier in project acme4j by shred.

the class CSRBuilder method addValue.

/**
 * Sets an entry of the subject used for the CSR
 * <p>
 * Note that it is at the discretion of the ACME server to accept this parameter.
 * @param attName The BCStyle attribute name
 * @param value The value
 * @since 2.14
 */
public void addValue(String attName, String value) {
    ASN1ObjectIdentifier oid = X500Name.getDefaultStyle().attrNameToOID(requireNonNull(attName, "attribute name must not be null"));
    addValue(oid, value);
}
Also used : ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)545 IOException (java.io.IOException)161 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)126 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)87 DEROctetString (org.bouncycastle.asn1.DEROctetString)87 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)73 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)71 Enumeration (java.util.Enumeration)70 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)70 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)69 ArrayList (java.util.ArrayList)65 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)64 BigInteger (java.math.BigInteger)60 DERSequence (org.bouncycastle.asn1.DERSequence)60 HashSet (java.util.HashSet)57 DERIA5String (org.bouncycastle.asn1.DERIA5String)52 X500Name (org.bouncycastle.asn1.x500.X500Name)52 X509Certificate (java.security.cert.X509Certificate)50 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)47 Extension (org.bouncycastle.asn1.x509.Extension)46