Search in sources :

Example 16 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project PdfBox-Android by TomRoush.

the class PublicKeySecurityHandler method computeRecipientInfo.

private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
    ASN1InputStream input = new ASN1InputStream(x509certificate.getTBSCertificate());
    TBSCertificate certificate = TBSCertificate.getInstance(input.readObject());
    input.close();
    AlgorithmIdentifier algorithmId = certificate.getSubjectPublicKeyInfo().getAlgorithm();
    IssuerAndSerialNumber serial = new IssuerAndSerialNumber(certificate.getIssuer(), certificate.getSerialNumber().getValue());
    Cipher cipher;
    try {
        cipher = Cipher.getInstance(algorithmId.getAlgorithm().getId(), SecurityProvider.getProvider());
    } catch (NoSuchAlgorithmException e) {
        // should never happen, if this happens throw IOException instead
        throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
    } catch (NoSuchPaddingException e) {
        // should never happen, if this happens throw IOException instead
        throw new RuntimeException("Could not find a suitable javax.crypto provider", e);
    }
    cipher.init(1, x509certificate.getPublicKey());
    DEROctetString octets = new DEROctetString(cipher.doFinal(abyte0));
    RecipientIdentifier recipientId = new RecipientIdentifier(serial);
    return new KeyTransRecipientInfo(recipientId, algorithmId, octets);
}
Also used : IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyTransRecipientInfo(org.bouncycastle.asn1.cms.KeyTransRecipientInfo) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) Cipher(javax.crypto.Cipher) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RecipientIdentifier(org.bouncycastle.asn1.cms.RecipientIdentifier) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 17 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project fabric-gateway by hyperledger.

the class X509Credentials method generateCertificate.

private X509Certificate generateCertificate(KeyPair keyPair) {
    X500Name dnName = new X500Name("CN=John Doe");
    // Yesterday
    Date validityBeginDate = new Date(System.currentTimeMillis() - 24L * 60 * 60 * 1000);
    // 2 years from now
    Date validityEndDate = new Date(System.currentTimeMillis() + 2L * 365 * 24 * 60 * 60 * 1000);
    SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
    X509v3CertificateBuilder builder = new X509v3CertificateBuilder(dnName, BigInteger.valueOf(System.currentTimeMillis()), validityBeginDate, validityEndDate, Locale.getDefault(), dnName, subPubKeyInfo);
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    try {
        ContentSigner contentSigner = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()));
        X509CertificateHolder holder = builder.build(contentSigner);
        return new JcaX509CertificateConverter().getCertificate(holder);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    } catch (OperatorCreationException | CertificateException e) {
        throw new RuntimeException(e);
    }
}
Also used : ContentSigner(org.bouncycastle.operator.ContentSigner) UncheckedIOException(java.io.UncheckedIOException) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) Date(java.util.Date) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)

Example 18 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project attestation by TokenScript.

the class ASN1Util method restorePublicKey.

/**
 * Extract the public key from its DER encoded BITString
 * @param input
 * @return
 */
public static AsymmetricKeyParameter restorePublicKey(byte[] input, X9ECParameters parameters, String oid) throws IOException {
    AlgorithmIdentifier identifierEnc = new AlgorithmIdentifier(new ASN1ObjectIdentifier(oid), parameters.toASN1Primitive());
    ASN1BitString keyEnc = DERBitString.getInstance(input);
    ASN1Sequence spkiEnc = new DERSequence(new ASN1Encodable[] { identifierEnc, keyEnc });
    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(spkiEnc);
    return PublicKeyFactory.createKey(spki);
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 19 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project attestation by TokenScript.

the class Attestor method constructAttestations.

/**
 * Constructs a list of X509 attestations to each of the relevant DatasourceName lists of elements
 * in the response json.
 *
 * @param request Json request in a Sring - verification request that was sent to Trulioo Global Gateway†
 * @param verifyRecord Json object of the Record in verifyResponse, from Trulioo Global Gateway‡
 * @param signature DER encoded signature of exactly the json request string encoded as UTF-8 using a Secp256k1 key with Keccak
 * @param userPK user's public key (SubjectPublicKeyInfo object)
 * @return List of DER encoded x509 attestations
 *
 * † An example can be found https://developer.trulioo.com/docs/identity-verification-step-6-verify
 * ‡ Observe the "Record" in https://developer.trulioo.com/docs/identity-verification-verify-response
 */
public List<X509CertificateHolder> constructAttestations(String request, JSONObject verifyRecord, byte[] signature, AsymmetricKeyParameter userPK) {
    if (!SignatureUtil.verifySha256(request.getBytes(StandardCharsets.UTF_8), signature, userPK)) {
        throw ExceptionUtil.throwException(logger, new IllegalArgumentException("Request signature verification failed. " + "Make sure that your message is unaltered, signature is created by hashing the message with SHA256" + "and using a key of secp256k1 type."));
    }
    List<X509CertificateHolder> res = new ArrayList<>();
    Parser parser = new Parser(new JSONObject(request), verifyRecord);
    Map<String, X500Name> subjectNames = parser.getX500Names();
    Map<String, Extensions> subjectExtensions = parser.getExtensions();
    for (String currentAttName : subjectNames.keySet()) {
        try {
            long time = System.currentTimeMillis();
            V3TBSCertificateGenerator certBuilder = new V3TBSCertificateGenerator();
            certBuilder.setSignature(serverSigningAlgo);
            certBuilder.setIssuer(serverInfo);
            certBuilder.setSerialNumber(new ASN1Integer(time));
            certBuilder.setStartDate(new Time(new Date(time)));
            certBuilder.setEndDate(new Time(new Date(time + lifeTime)));
            SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(userPK);
            // // todo hack to create a valid spki without ECNamedParameters
            // spki = new SubjectPublicKeyInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(OID_ECDSA)),
            // spki.getPublicKeyData());
            certBuilder.setSubjectPublicKeyInfo(spki);
            certBuilder.setSubject(subjectNames.get(currentAttName));
            certBuilder.setExtensions(subjectExtensions.get(currentAttName));
            TBSCertificate tbsCert = certBuilder.generateTBSCertificate();
            res.add(new X509CertificateHolder(constructSignedAttestation(tbsCert)));
            // To ensure that we get a new serial number for every cert
            Thread.sleep(1);
        } catch (IOException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not parse server key", e);
        } catch (InterruptedException e) {
            throw ExceptionUtil.makeRuntimeException(logger, "Could not sleep", e);
        }
    }
    return res;
}
Also used : ArrayList(java.util.ArrayList) Time(org.bouncycastle.asn1.x509.Time) DERBitString(org.bouncycastle.asn1.DERBitString) X500Name(org.bouncycastle.asn1.x500.X500Name) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) JSONObject(org.json.JSONObject) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) V3TBSCertificateGenerator(org.bouncycastle.asn1.x509.V3TBSCertificateGenerator) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)

Example 20 with AlgorithmIdentifier

use of com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier in project attestation by TokenScript.

the class TicketDecoder method parseEncodingOfPKInfo.

void parseEncodingOfPKInfo(ASN1Sequence publicKeyInfo, String devconId) throws IOException, IllegalArgumentException {
    AlgorithmIdentifier algorithm = AlgorithmIdentifier.getInstance(publicKeyInfo.getObjectAt(0));
    byte[] publicKeyBytes = DERBitString.getInstance(publicKeyInfo.getObjectAt(1)).getEncoded();
    AsymmetricKeyParameter decodedPublicKey = SignatureUtility.restoreDefaultKey(algorithm, publicKeyBytes);
    SubjectPublicKeyInfo decodedSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(decodedPublicKey);
    // Ensure that the right type of public key is given
    if (getPk(devconId) != null) {
        SubjectPublicKeyInfo referenceSpki = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(getPk(devconId));
        if (!Arrays.equals(referenceSpki.getEncoded(), decodedSpki.getEncoded())) {
            throw ExceptionUtil.throwException(logger, new IllegalArgumentException("The public key is not of the same as supplied as argument"));
        }
    }
    idsToKeys.put(devconId, decodedPublicKey);
}
Also used : AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)249 IOException (java.io.IOException)157 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)140 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)79 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)72 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)65 BigInteger (java.math.BigInteger)62 X500Name (org.bouncycastle.asn1.x500.X500Name)52 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)47 Date (java.util.Date)47 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)45 X509Certificate (java.security.cert.X509Certificate)45 ContentSigner (org.bouncycastle.operator.ContentSigner)40 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)39 OutputStream (java.io.OutputStream)39 DERSequence (com.github.zhenwei.core.asn1.DERSequence)38 GeneralSecurityException (java.security.GeneralSecurityException)37 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)35 Cipher (javax.crypto.Cipher)33 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)33