Search in sources :

Example 6 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project sshj by hierynomus.

the class RSAPrivateKeyInfoKeyPairConverter method getKeyPair.

/**
 * Get PEM Key Pair parsing RSA Public Key attributes from RSA Private Key Information
 *
 * @param privateKeyInfo RSA Private Key Information
 * @return PEM Key Pair
 * @throws IOException Thrown on Public Key parsing failures
 */
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
    Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
    final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
    final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
    if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
        logger.debug("RSA Algorithm Found [{}]", algorithm);
    } else {
        throw new IllegalArgumentException(String.format("RSA Algorithm OID required [%s]", algorithm));
    }
    final RSAPublicKey rsaPublicKey = getRsaPublicKey(privateKeyInfo);
    final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, rsaPublicKey);
    return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
Also used : RSAPublicKey(org.bouncycastle.asn1.pkcs.RSAPublicKey) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 7 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project hedera-services by hashgraph.

the class Ed25519PrivateKey method toString.

@Override
public String toString() {
    PrivateKeyInfo privateKeyInfo;
    try {
        privateKeyInfo = new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), new DEROctetString(privKeyParams.getEncoded()));
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    byte[] encoded;
    try {
        encoded = privateKeyInfo.getEncoded("DER");
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return CommonUtils.hex(encoded);
}
Also used : IOException(java.io.IOException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 8 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project gdmatrix by gdmatrix.

the class CMSUtils method createTimeStampRequest.

public static TimeStampReq createTimeStampRequest(byte[] message, String nonce, boolean requireCert, Extensions extensions, String digestAlgorithm, String timestampPolicy) throws NoSuchAlgorithmException {
    MessageDigest md = MessageDigest.getInstance("SHA1");
    byte[] hashedMsg = md.digest(message);
    ASN1ObjectIdentifier identifier = new ASN1ObjectIdentifier(digestAlgorithm);
    org.bouncycastle.asn1.tsp.MessageImprint imprint = new org.bouncycastle.asn1.tsp.MessageImprint(new AlgorithmIdentifier(identifier), hashedMsg);
    TimeStampReq request = new TimeStampReq(imprint, timestampPolicy != null ? new ASN1ObjectIdentifier(timestampPolicy) : null, nonce != null ? new ASN1Integer(nonce.getBytes()) : null, ASN1Boolean.getInstance(requireCert), extensions);
    return request;
}
Also used : TimeStampReq(org.bouncycastle.asn1.tsp.TimeStampReq) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) MessageDigest(java.security.MessageDigest) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 9 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project snowblossom by snowblossomcoin.

the class CertGen method generateSelfSignedCert.

/**
 * @param key_pair Key pair to use to sign the cert inner signed message, the node key
 * @param tls_wkp The temporary key to use just for this cert and TLS sessions
 * @param spec Address for 'key_pair'
 */
public static X509Certificate generateSelfSignedCert(WalletKeyPair key_pair, WalletKeyPair tls_wkp, AddressSpec spec) throws Exception {
    AddressSpecHash address_hash = AddressUtil.getHashForSpec(spec);
    String address = AddressUtil.getAddressString(Globals.NODE_ADDRESS_STRING, address_hash);
    byte[] encoded_pub = tls_wkp.getPublicKey().toByteArray();
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encoded_pub));
    String dn = String.format("CN=%s, O=Snowblossom", address);
    X500Name issuer = new X500Name(dn);
    BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
    Date notBefore = new Date(System.currentTimeMillis());
    Date notAfter = new Date(System.currentTimeMillis() + 86400000L * 365L * 10L);
    X500Name subject = issuer;
    X509v3CertificateBuilder cert_builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
    // System.out.println(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName);
    ASN1ObjectIdentifier snow_claim_oid = new ASN1ObjectIdentifier("2.5.29.134");
    // System.out.println(spec);
    SignedMessagePayload payload = SignedMessagePayload.newBuilder().setTlsPublicKey(tls_wkp.getPublicKey()).build();
    SignedMessage sm = MsgSigUtil.signMessage(spec, key_pair, payload);
    byte[] sm_data = sm.toByteString().toByteArray();
    cert_builder.addExtension(snow_claim_oid, true, sm_data);
    String algorithm = "SHA256withRSA";
    AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(tls_wkp.getPrivateKey().toByteArray());
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    // ContentSigner sigGen = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
    ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
    X509CertificateHolder certificateHolder = cert_builder.build(sigGen);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
    return cert;
}
Also used : SignedMessagePayload(snowblossom.proto.SignedMessagePayload) SignedMessage(snowblossom.proto.SignedMessage) ContentSigner(org.bouncycastle.operator.ContentSigner) ByteString(com.google.protobuf.ByteString) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) AddressSpecHash(snowblossom.lib.AddressSpecHash) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 10 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project modules by assimbly.

the class CertificatesUtil method createAuthorityKeyId.

/**
 * Creates the hash value of the authority public key.
 *
 * @param publicKey of the authority certificate
 *
 * @return AuthorityKeyIdentifier hash
 *
 * @throws OperatorCreationException
 */
private static AuthorityKeyIdentifier createAuthorityKeyId(final PublicKey publicKey) throws OperatorCreationException {
    final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    final DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
    return new X509ExtensionUtils(digCalc).createAuthorityKeyIdentifier(publicKeyInfo);
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) DigestCalculator(org.bouncycastle.operator.DigestCalculator) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)157 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)79 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)72 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)65 BigInteger (java.math.BigInteger)62 X500Name (org.bouncycastle.asn1.x500.X500Name)52 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)47 Date (java.util.Date)47 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)45 X509Certificate (java.security.cert.X509Certificate)45 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)39 OutputStream (java.io.OutputStream)39 DERSequence (com.github.zhenwei.core.asn1.DERSequence)38 GeneralSecurityException (java.security.GeneralSecurityException)37 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)35 Cipher (javax.crypto.Cipher)33 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33