Example 31 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project LinLong-Java by zhenwei1108.
the class AuthorityKeyIdentifierStructure method fromCertificate.
private static ASN1Sequence fromCertificate(X509Certificate certificate) throws CertificateParsingException {
try {
if (certificate.getVersion() != 3) {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(certificate.getPublicKey().getEncoded());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Primitive();
} else {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
byte[] ext = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
if (ext != null) {
ASN1OctetString str = (ASN1OctetString) X509ExtensionUtil.fromExtensionValue(ext);
return (ASN1Sequence) new AuthorityKeyIdentifier(str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Primitive();
} else {
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(certificate.getPublicKey().getEncoded());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Primitive();
}
}
} catch (Exception e) {
throw new CertificateParsingException("Exception extracting certificate details: " + e.toString());
}
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
CertificateParsingException(java.security.cert.CertificateParsingException)
GeneralNames(com.github.zhenwei.core.asn1.x509.GeneralNames)
AuthorityKeyIdentifier(com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier)
GeneralName(com.github.zhenwei.core.asn1.x509.GeneralName)
SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
Example 32 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method findIssuerCerts.
/**
* Find the issuer certificates of a given certificate.
*
* @param cert The certificate for which an issuer should be found.
* @return A <code>Collection</code> object containing the issuer
* <code>X509Certificate</code>s. Never <code>null</code>.
* @throws AnnotatedException if an error occurs.
*/
static Collection findIssuerCerts(X509Certificate cert, List<CertStore> certStores, List<PKIXCertStore> pkixCertStores) throws AnnotatedException {
X509CertSelector selector = new X509CertSelector();
try {
selector.setSubject(PrincipalUtils.getIssuerPrincipal(cert).getEncoded());
} catch (Exception e) {
throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e);
}
try {
byte[] akiExtensionValue = cert.getExtensionValue(AUTHORITY_KEY_IDENTIFIER);
if (akiExtensionValue != null) {
ASN1OctetString aki = ASN1OctetString.getInstance(akiExtensionValue);
byte[] authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(aki.getOctets()).getKeyIdentifier();
if (authorityKeyIdentifier != null) {
selector.setSubjectKeyIdentifier(new DEROctetString(authorityKeyIdentifier).getEncoded());
}
}
} catch (Exception e) {
// authority key identifier could not be retrieved from target cert, just search without it
}
PKIXCertStoreSelector certSelect = new PKIXCertStoreSelector.Builder(selector).build();
LinkedHashSet certs = new LinkedHashSet();
try {
CertPathValidatorUtilities.findCertificates(certs, certSelect, certStores);
CertPathValidatorUtilities.findCertificates(certs, certSelect, pkixCertStores);
} catch (AnnotatedException e) {
throw new AnnotatedException("Issuer certificate cannot be searched.", e);
}
return certs;
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
LinkedHashSet(java.util.LinkedHashSet)
PKIXCertStoreSelector(com.github.zhenwei.provider.jcajce.PKIXCertStoreSelector)
X509CertSelector(java.security.cert.X509CertSelector)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
CertStoreException(java.security.cert.CertStoreException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CRLException(java.security.cert.CRLException)
StoreException(com.github.zhenwei.core.util.StoreException)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
ExtCertPathBuilderException(com.github.zhenwei.provider.jce.exception.ExtCertPathBuilderException)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
Example 33 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project LinLong-Java by zhenwei1108.
the class CertBuilder method generateCertificate.
/**
* @param [dn, publicKey, privateKey]
* @return java.security.cert.Certificate
* @author zhangzhenwei
* @description 生成证书
* todo just support sm2
* @date 2022/3/15 9:09 下午
* @since: 1.0.0
*/
public static byte[] generateCertificate(String subjectDn, String issuerDn, PublicKey publicKey, PrivateKey privateKey, SignAlgEnum signAlgEnum, int time, TimeUnit timeUnit) throws WeGooCryptoException {
try {
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
// SubjectPublicKeyInfo publicKeyInfo = (SubjectPublicKeyInfo)publicKey;
X500Name subject = new X500Name(subjectDn);
X500Name issuer = new X500Name(issuerDn);
byte[] bytes = new byte[15];
Random random = new Random();
random.nextBytes(bytes);
byte[] bytes1 = ByteArrayUtil.mergeBytes("9".getBytes(StandardCharsets.UTF_8), bytes);
BigInteger sn = new BigInteger(bytes1);
Date notBefore = DateUtil.now();
int max = Math.max(1, (int) timeUnit.toDays(time));
Date notAfter = DateUtil.nowPlusDays(max);
BcX509ExtensionUtils x509ExtensionUtils = new BcX509ExtensionUtils();
// 密钥用途: 签名和不可抵赖
int usage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation;
// 使用者标识符
SubjectKeyIdentifier subjectKeyIdentifier = x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo);
// 授权者标识符
AuthorityKeyIdentifier authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
// 判断是否签发根证书
if (subject.toString().equals(subject.toString())) {
// 根证书 颁发者标识符
authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
// 补充证书签名用途
usage = usage | KeyUsage.keyCertSign;
}
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, sn, notBefore, notAfter, subject, publicKeyInfo);
// 增加扩展项
Extension keyUsage = new Extension(Extension.keyUsage, false, new KeyUsage(usage).getEncoded());
Extension subjectKeyId = new Extension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier.getEncoded());
Extension authorityKeyId = new Extension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier.getEncoded());
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signAlgEnum.getOid());
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(signAlgEnum.getDigestAlgEnum().getOid());
builder.addExtension(keyUsage);
builder.addExtension(subjectKeyId);
builder.addExtension(authorityKeyId);
X509CertificateHolder holder;
BcContentSignerBuilder signerBuilder;
AsymmetricKeyParameter keyParameters;
if (publicKey.getAlgorithm().equals("EC")) {
signerBuilder = new BcECContentSignerBuilder(sigAlgId, digAlgId);
BCECPrivateKey key = (BCECPrivateKey) privateKey;
ECParameterSpec parameters = key.getParameters();
ECDomainParameters params = new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN());
keyParameters = new ECPrivateKeyParameters(key.getD(), params);
holder = builder.build(signerBuilder.build(keyParameters));
} else {
BCRSAPrivateKey key = (BCRSAPrivateKey) privateKey;
signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
keyParameters = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent());
holder = builder.build(signerBuilder.build(keyParameters));
}
return holder.toASN1Structure().getEncoded();
} catch (Exception e) {
throw new WeGooCryptoException(CryptoExceptionMassageEnum.generate_cert_err, e);
}
}
Also used :
ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters)
BCRSAPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey)
X500Name(com.github.zhenwei.core.asn1.x500.X500Name)
RSAKeyParameters(com.github.zhenwei.core.crypto.params.RSAKeyParameters)
BcRSAContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcRSAContentSignerBuilder)
Random(java.util.Random)
BcContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcContentSignerBuilder)
Date(java.util.Date)
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
BCECPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.ec.BCECPrivateKey)
ECPrivateKeyParameters(com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
AsymmetricKeyParameter(com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(com.github.zhenwei.pkix.cert.X509v3CertificateBuilder)
ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec)
X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
BcX509ExtensionUtils(com.github.zhenwei.pkix.cert.bc.BcX509ExtensionUtils)
BcECContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcECContentSignerBuilder)
Example 34 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project camel-quarkus by apache.
the class As2CertificateHelper method createAuthorityKeyId.
public static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey pub) throws IOException {
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pub.getEncoded());
BcX509ExtensionUtils utils = new BcX509ExtensionUtils();
return utils.createAuthorityKeyIdentifier(info);
}
Also used :
BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Example 35 with AuthorityKeyIdentifier
use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project robovm by robovm.
the class AuthorityKeyIdentifierStructure method fromCertificate.
private static ASN1Sequence fromCertificate(X509Certificate certificate) throws CertificateParsingException {
try {
if (certificate.getVersion() != 3) {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
} else {
GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
byte[] ext = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
if (ext != null) {
ASN1OctetString str = (ASN1OctetString) X509ExtensionUtil.fromExtensionValue(ext);
return (ASN1Sequence) new AuthorityKeyIdentifier(str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
} else {
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
}
}
} catch (Exception e) {
throw new CertificateParsingException("Exception extracting certificate details: " + e.toString());
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
CertificateParsingException(java.security.cert.CertificateParsingException)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
Aggregations
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)49
BigInteger (java.math.BigInteger)24
X509Certificate (java.security.cert.X509Certificate)21
IOException (java.io.IOException)17
GeneralName (org.bouncycastle.asn1.x509.GeneralName)16
Test (org.junit.Test)16
SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)15
Date (java.util.Date)14
X500Name (org.bouncycastle.asn1.x500.X500Name)13
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)13
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)10
DEROctetString (org.bouncycastle.asn1.DEROctetString)9
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)9
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)8
X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)8
ContentSigner (org.bouncycastle.operator.ContentSigner)8
HashSet (java.util.HashSet)7
Extension (org.bouncycastle.asn1.x509.Extension)7
