Search in sources :

Example 76 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project runwar by cfmlprojects.

the class SelfSignedCertificate method generateCertificate.

private static X509Certificate generateCertificate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
    final X500Name subject = new X500Name("CN=" + fqdn);
    final SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded());
    final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
    final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    final AsymmetricKeyParameter keyParam = PrivateKeyFactory.createKey(keypair.getPrivate().getEncoded());
    final ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParam);
    X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(subject, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, subject, subPubKeyInfo);
    v3CertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    v3CertBuilder.addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment));
    v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(keypair.getPublic()));
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    X509Certificate cert = converter.getCertificate(v3CertBuilder.build(sigGen));
    cert.checkValidity();
    cert.verify(keypair.getPublic());
    return cert;
}
Also used : ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) BigInteger(java.math.BigInteger) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)

Example 77 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project BiglyBT by BiglySoftware.

the class PKCS10CertificationRequest method getPublicKey.

public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
    SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
    try {
        X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
        AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId();
        return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec);
    } catch (InvalidKeySpecException e) {
        throw new InvalidKeyException("error encoding public key");
    }
}
Also used : X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SubjectPublicKeyInfo(org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.gudy.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 78 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project BiglyBT by BiglySoftware.

the class PKCS7SignedData method getEncoded.

/**
 * return the bytes for the PKCS7SignedData object.
 */
public byte[] getEncoded() {
    try {
        digest = sig.sign();
        // Create the set of Hash algorithms. I've assumed this is the
        // set of all hash agorithms used to created the digest in the
        // "signerInfo" structure. I may be wrong.
        // 
        ASN1EncodableVector v = new ASN1EncodableVector();
        for (Iterator i = digestalgos.iterator(); i.hasNext(); ) {
            AlgorithmIdentifier a = new AlgorithmIdentifier(new DERObjectIdentifier((String) i.next()), null);
            v.add(a);
        }
        DERSet algos = new DERSet(v);
        // Create the contentInfo. Empty, I didn't implement this bit
        // 
        DERSequence contentinfo = new DERSequence(new DERObjectIdentifier(ID_PKCS7_DATA));
        // Get all the certificates
        // 
        v = new ASN1EncodableVector();
        for (Iterator i = certs.iterator(); i.hasNext(); ) {
            DERInputStream tempstream = new DERInputStream(new ByteArrayInputStream(((X509Certificate) i.next()).getEncoded()));
            v.add(tempstream.readObject());
        }
        DERSet dercertificates = new DERSet(v);
        // Create signerinfo structure.
        // 
        ASN1EncodableVector signerinfo = new ASN1EncodableVector();
        // Add the signerInfo version
        // 
        signerinfo.add(new DERInteger(signerversion));
        IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber(new X509Name((ASN1Sequence) getIssuer(signCert.getTBSCertificate())), new DERInteger(signCert.getSerialNumber()));
        signerinfo.add(isAnds);
        // Add the digestAlgorithm
        // 
        signerinfo.add(new AlgorithmIdentifier(new DERObjectIdentifier(digestAlgorithm), new DERNull()));
        // 
        // Add the digestEncryptionAlgorithm
        // 
        signerinfo.add(new AlgorithmIdentifier(new DERObjectIdentifier(digestEncryptionAlgorithm), new DERNull()));
        // 
        // Add the digest
        // 
        signerinfo.add(new DEROctetString(digest));
        // 
        // Finally build the body out of all the components above
        // 
        ASN1EncodableVector body = new ASN1EncodableVector();
        body.add(new DERInteger(version));
        body.add(algos);
        body.add(contentinfo);
        body.add(new DERTaggedObject(false, 0, dercertificates));
        if (crls.size() > 0) {
            v = new ASN1EncodableVector();
            for (Iterator i = crls.iterator(); i.hasNext(); ) {
                DERInputStream t = new DERInputStream(new ByteArrayInputStream((((X509CRL) i.next()).getEncoded())));
                v.add(t.readObject());
            }
            DERSet dercrls = new DERSet(v);
            body.add(new DERTaggedObject(false, 1, dercrls));
        }
        // Only allow one signerInfo
        // 
        body.add(new DERSet(new DERSequence(signerinfo)));
        // Now we have the body, wrap it in it's PKCS7Signed shell
        // and return it
        // 
        ASN1EncodableVector whole = new ASN1EncodableVector();
        whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
        whole.add(new DERTaggedObject(0, new DERSequence(body)));
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        DEROutputStream dout = new DEROutputStream(bOut);
        dout.writeObject(new DERSequence(whole));
        dout.close();
        return bOut.toByteArray();
    } catch (Exception e) {
        throw new RuntimeException(e.toString());
    }
}
Also used : ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) AlgorithmIdentifier(org.gudy.bouncycastle.asn1.x509.AlgorithmIdentifier) X509Name(org.gudy.bouncycastle.asn1.x509.X509Name) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 79 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project BiglyBT by BiglySoftware.

the class JCEECPrivateKey method getEncoded.

/**
 * Return a PKCS8 representation of the key. The sequence returned
 * represents a full PrivateKeyInfo object.
 *
 * @return a PKCS8 representation of the key.
 */
@Override
public byte[] getEncoded() {
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    DEROutputStream dOut = new DEROutputStream(bOut);
    X962Parameters params = null;
    if (ecSpec instanceof ECNamedCurveParameterSpec) {
        params = new X962Parameters(X962NamedCurves.getOID(((ECNamedCurveParameterSpec) ecSpec).getName()));
    } else {
        X9ECParameters ecP = new X9ECParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN(), ecSpec.getH(), ecSpec.getSeed());
        params = new X962Parameters(ecP);
    }
    PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), new ECPrivateKeyStructure(this.getD()).getDERObject());
    try {
        dOut.writeObject(info);
        dOut.close();
    } catch (IOException e) {
        throw new RuntimeException("Error encoding EC private key");
    }
    return bOut.toByteArray();
}
Also used : X962Parameters(org.gudy.bouncycastle.asn1.x9.X962Parameters) X9ECParameters(org.gudy.bouncycastle.asn1.x9.X9ECParameters) ECNamedCurveParameterSpec(org.gudy.bouncycastle.jce.spec.ECNamedCurveParameterSpec) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ECPrivateKeyStructure(org.gudy.bouncycastle.asn1.sec.ECPrivateKeyStructure) IOException(java.io.IOException) PrivateKeyInfo(org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo) AlgorithmIdentifier(org.gudy.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 80 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project BiglyBT by BiglySoftware.

the class JCEECPublicKey method getEncoded.

@Override
public byte[] getEncoded() {
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    DEROutputStream dOut = new DEROutputStream(bOut);
    X962Parameters params = null;
    if (ecSpec instanceof ECNamedCurveParameterSpec) {
        params = new X962Parameters(X962NamedCurves.getOID(((ECNamedCurveParameterSpec) ecSpec).getName()));
    } else {
        X9ECParameters ecP = new X9ECParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN(), ecSpec.getH(), ecSpec.getSeed());
        params = new X962Parameters(ecP);
    }
    ASN1OctetString p = (ASN1OctetString) (new X9ECPoint(this.getQ()).getDERObject());
    SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());
    try {
        dOut.writeObject(info);
        dOut.close();
    } catch (IOException e) {
        throw new RuntimeException("Error encoding EC public key");
    }
    return bOut.toByteArray();
}
Also used : ECNamedCurveParameterSpec(org.gudy.bouncycastle.jce.spec.ECNamedCurveParameterSpec) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SubjectPublicKeyInfo(org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.gudy.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)157 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)79 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)72 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)65 BigInteger (java.math.BigInteger)62 X500Name (org.bouncycastle.asn1.x500.X500Name)52 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)47 Date (java.util.Date)47 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)45 X509Certificate (java.security.cert.X509Certificate)45 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)39 OutputStream (java.io.OutputStream)39 DERSequence (com.github.zhenwei.core.asn1.DERSequence)38 GeneralSecurityException (java.security.GeneralSecurityException)37 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)35 Cipher (javax.crypto.Cipher)33 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33