Search in sources :

Example 11 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project modules by assimbly.

the class CertificatesUtil method createSubjectKeyId.

/**
 * Creates the hash value of the public key.
 *
 * @param publicKey of the certificate
 *
 * @return SubjectKeyIdentifier hash
 *
 * @throws OperatorCreationException
 */
private static SubjectKeyIdentifier createSubjectKeyId(final PublicKey publicKey) throws OperatorCreationException {
    final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    final DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
    return new X509ExtensionUtils(digCalc).createSubjectKeyIdentifier(publicKeyInfo);
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) DigestCalculator(org.bouncycastle.operator.DigestCalculator) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 12 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project alibabacloud-dkms-gcs-java-sdk by aliyun.

the class SHA256withRSASigner method formatPkcs1ToPkcs8.

private byte[] formatPkcs1ToPkcs8(byte[] pkcs1PrivateKey) {
    try (ASN1InputStream asn1InputStream = new ASN1InputStream(pkcs1PrivateKey)) {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
        ASN1Primitive asn1Object = asn1InputStream.readObject();
        PrivateKeyInfo privKeyInfo = new PrivateKeyInfo(algorithmIdentifier, asn1Object);
        return privKeyInfo.getEncoded();
    } catch (IOException e) {
        throw new IllegalArgumentException(e.toString());
    }
}
Also used : IOException(java.io.IOException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 13 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project mercury by yellow013.

the class Digester method sha256.

public static DigestCalculator sha256() {
    Digest digest = new SHA256Digest();
    // The OID for SHA-256: http://www.oid-info.com/get/2.16.840.1.101.3.4.2.1
    ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1").intern();
    AlgorithmIdentifier algId = new AlgorithmIdentifier(oid);
    return new Digester(digest, algId);
}
Also used : Digest(org.bouncycastle.crypto.Digest) SHA1Digest(org.bouncycastle.crypto.digests.SHA1Digest) SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest) SHA256Digest(org.bouncycastle.crypto.digests.SHA256Digest) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 14 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project conformance-suite by openid-certification.

the class ValidateMTLSCertificatesAsX509 method verifyECPrivateKey.

private void verifyECPrivateKey(String certString, String keyString, byte[] decodedKey, X509Certificate certificate) {
    PrivateKey privateKey;
    try {
        // try to generate private key is PKCS8
        KeySpec kspec = new PKCS8EncodedKeySpec(decodedKey);
        privateKey = KeyFactory.getInstance("EC", "BC").generatePrivate(kspec);
    } catch (InvalidKeySpecException e) {
        try {
            // try to generate private key isn't PKCS8
            ASN1Sequence seq = ASN1Sequence.getInstance(decodedKey);
            org.bouncycastle.asn1.sec.ECPrivateKey pKey = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(seq);
            AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
            byte[] server_pkcs8 = new PrivateKeyInfo(algId, pKey).getEncoded();
            privateKey = KeyFactory.getInstance("EC", "BC").generatePrivate(new PKCS8EncodedKeySpec(server_pkcs8));
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchProviderException ex) {
            throw error("Couldn't generate private key", e, args("key", keyString));
        }
    } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
        throw error("Provider or Algorithm of KeyFactory is invalid", e);
    }
    // TODO: Need to check that the private key and the certificate match
    // This check isn't sure yet
    ECPublicKey ecPublicKey = (ECPublicKey) certificate.getPublicKey();
    if (!((ECPrivateKey) privateKey).getParameters().equals(ecPublicKey.getParameters())) {
        throw error("MTLS Private Key and Cert do not match", args("cert", certString, "key", keyString));
    }
}
Also used : ECPrivateKey(org.bouncycastle.jce.interfaces.ECPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) ECPrivateKey(org.bouncycastle.jce.interfaces.ECPrivateKey) PrivateKey(java.security.PrivateKey) KeySpec(java.security.spec.KeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ECPublicKey(org.bouncycastle.jce.interfaces.ECPublicKey) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchProviderException(java.security.NoSuchProviderException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Example 15 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project PdfBox-Android by TomRoush.

the class PublicKeySecurityHandler method createDERForRecipient.

private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException {
    String algorithm = PKCSObjectIdentifiers.RC2_CBC.getId();
    AlgorithmParameterGenerator apg;
    KeyGenerator keygen;
    Cipher cipher;
    try {
        apg = AlgorithmParameterGenerator.getInstance(algorithm, SecurityProvider.getProvider());
        keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider());
        cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
    } catch (NoSuchAlgorithmException e) {
        // happens when using the command line app .jar file
        throw new IOException("Could not find a suitable javax.crypto provider for algorithm " + algorithm + "; possible reason: using an unsigned .jar file", e);
    } catch (NoSuchPaddingException e) {
        // should never happen, if this happens throw IOException instead
        throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
    }
    AlgorithmParameters parameters = apg.generateParameters();
    ASN1InputStream input = new ASN1InputStream(parameters.getEncoded("ASN.1"));
    ASN1Primitive object = input.readObject();
    input.close();
    keygen.init(128);
    SecretKey secretkey = keygen.generateKey();
    cipher.init(1, secretkey, parameters);
    byte[] bytes = cipher.doFinal(in);
    KeyTransRecipientInfo recipientInfo = computeRecipientInfo(cert, secretkey.getEncoded());
    DERSet set = new DERSet(new RecipientInfo(recipientInfo));
    AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algorithm), object);
    EncryptedContentInfo encryptedInfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmId, new DEROctetString(bytes));
    EnvelopedData enveloped = new EnvelopedData(null, set, encryptedInfo, (ASN1Set) null);
    ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, enveloped);
    return contentInfo.toASN1Primitive();
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo) AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) DEROctetString(org.bouncycastle.asn1.DEROctetString) COSString(com.tom_roush.pdfbox.cos.COSString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) DERSet(org.bouncycastle.asn1.DERSet) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) SecretKey(javax.crypto.SecretKey) ContentInfo(org.bouncycastle.asn1.cms.ContentInfo) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo) RecipientInfo(org.bouncycastle.asn1.cms.RecipientInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) EnvelopedData(org.bouncycastle.asn1.cms.EnvelopedData) CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData) AlgorithmParameters(java.security.AlgorithmParameters) EncryptedContentInfo(org.bouncycastle.asn1.cms.EncryptedContentInfo)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)157 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)79 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)72 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)65 BigInteger (java.math.BigInteger)62 X500Name (org.bouncycastle.asn1.x500.X500Name)52 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)47 Date (java.util.Date)47 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)45 X509Certificate (java.security.cert.X509Certificate)45 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)39 OutputStream (java.io.OutputStream)39 DERSequence (com.github.zhenwei.core.asn1.DERSequence)38 GeneralSecurityException (java.security.GeneralSecurityException)37 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)35 Cipher (javax.crypto.Cipher)33 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33