use of com.github.zhenwei.core.asn1.x509.Certificate in project robovm by robovm.
the class X509V3CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject,
* using the passed in provider for the signing and the supplied source
* of randomness, if required.
*/
public X509Certificate generate(PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = generateTbsCert();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
try {
return generateJcaObject(tbsCert, signature);
} catch (CertificateParsingException e) {
throw new ExtCertificateEncodingException("exception producing certificate object", e);
}
}
use of com.github.zhenwei.core.asn1.x509.Certificate in project robovm by robovm.
the class AttributeCertificateIssuer method match.
public boolean match(Certificate cert) {
if (!(cert instanceof X509Certificate)) {
return false;
}
X509Certificate x509Cert = (X509Certificate) cert;
if (form instanceof V2Form) {
V2Form issuer = (V2Form) form;
if (issuer.getBaseCertificateID() != null) {
return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) && matchesDN(x509Cert.getIssuerX500Principal(), issuer.getBaseCertificateID().getIssuer());
}
GeneralNames name = issuer.getIssuerName();
if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
return true;
}
} else {
GeneralNames name = (GeneralNames) form;
if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
return true;
}
}
return false;
}
use of com.github.zhenwei.core.asn1.x509.Certificate in project robovm by robovm.
the class X509CRLObject method isRevoked.
/**
* Checks whether the given certificate is on this CRL.
*
* @param cert the certificate to check for.
* @return true if the given certificate is on this CRL,
* false otherwise.
*/
public boolean isRevoked(Certificate cert) {
if (!cert.getType().equals("X.509")) {
throw new RuntimeException("X.509 CRL used with non X.509 Cert");
}
TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
X500Name caName = c.getIssuer();
if (certs != null) {
BigInteger serial = ((X509Certificate) cert).getSerialNumber();
for (int i = 0; i < certs.length; i++) {
if (isIndirect && certs[i].hasExtensions()) {
Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer);
if (currentCaName != null) {
caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
}
}
if (certs[i].getUserCertificate().getValue().equals(serial)) {
X500Name issuer;
if (cert instanceof X509Certificate) {
issuer = X500Name.getInstance(((X509Certificate) cert).getIssuerX500Principal().getEncoded());
} else {
try {
issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
} catch (CertificateEncodingException e) {
throw new RuntimeException("Cannot process certificate");
}
}
if (!caName.equals(issuer)) {
return false;
}
return true;
}
}
}
return false;
}
use of com.github.zhenwei.core.asn1.x509.Certificate in project robovm by robovm.
the class TestKeyStore method createCertificate.
private static X509Certificate createCertificate(PublicKey publicKey, PrivateKey privateKey, X500Principal subject, X500Principal issuer, int keyUsage, boolean ca, List<KeyPurposeId> extendedKeyUsages, List<Boolean> criticalExtendedKeyUsages, List<GeneralName> subjectAltNames, List<GeneralSubtree> permittedNameConstraints, List<GeneralSubtree> excludedNameConstraints) throws Exception {
// Note that there is no way to programmatically make a
// Certificate using java.* or javax.* APIs. The
// CertificateFactory interface assumes you want to read
// in a stream of bytes, typically the X.509 factory would
// allow ASN.1 DER encoded bytes and optionally some PEM
// formats. Here we use Bouncy Castle's
// X509V3CertificateGenerator and related classes.
long millisPerDay = 24 * 60 * 60 * 1000;
long now = System.currentTimeMillis();
Date start = new Date(now - millisPerDay);
Date end = new Date(now + millisPerDay);
BigInteger serial = BigInteger.valueOf(1);
String keyAlgorithm = privateKey.getAlgorithm();
String signatureAlgorithm;
if (keyAlgorithm.equals("RSA")) {
signatureAlgorithm = "sha1WithRSA";
} else if (keyAlgorithm.equals("DSA")) {
signatureAlgorithm = "sha1WithDSA";
} else if (keyAlgorithm.equals("EC")) {
signatureAlgorithm = "sha1WithECDSA";
} else if (keyAlgorithm.equals("EC_RSA")) {
signatureAlgorithm = "sha1WithRSA";
} else {
throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm);
}
X509V3CertificateGenerator x509cg = new X509V3CertificateGenerator();
x509cg.setSubjectDN(subject);
x509cg.setIssuerDN(issuer);
x509cg.setNotBefore(start);
x509cg.setNotAfter(end);
x509cg.setPublicKey(publicKey);
x509cg.setSignatureAlgorithm(signatureAlgorithm);
x509cg.setSerialNumber(serial);
if (keyUsage != 0) {
x509cg.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(keyUsage));
}
if (ca) {
x509cg.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
}
for (int i = 0; i < extendedKeyUsages.size(); i++) {
KeyPurposeId keyPurposeId = extendedKeyUsages.get(i);
boolean critical = criticalExtendedKeyUsages.get(i);
x509cg.addExtension(X509Extensions.ExtendedKeyUsage, critical, new ExtendedKeyUsage(keyPurposeId));
}
for (GeneralName subjectAltName : subjectAltNames) {
x509cg.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(subjectAltName).getEncoded());
}
if (!permittedNameConstraints.isEmpty() || !excludedNameConstraints.isEmpty()) {
x509cg.addExtension(X509Extensions.NameConstraints, true, new NameConstraints(permittedNameConstraints.toArray(new GeneralSubtree[permittedNameConstraints.size()]), excludedNameConstraints.toArray(new GeneralSubtree[excludedNameConstraints.size()])));
}
if (privateKey instanceof ECPrivateKey) {
/*
* bouncycastle needs its own ECPrivateKey implementation
*/
KeyFactory kf = KeyFactory.getInstance(keyAlgorithm, "BC");
PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(privateKey.getEncoded());
privateKey = kf.generatePrivate(ks);
}
X509Certificate x509c = x509cg.generateX509Certificate(privateKey);
if (StandardNames.IS_RI) {
/*
* The RI can't handle the BC EC signature algorithm
* string of "ECDSA", since it expects "...WITHEC...",
* so convert from BC to RI X509Certificate
* implementation via bytes.
*/
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(x509c.getEncoded());
Certificate c = cf.generateCertificate(bais);
x509c = (X509Certificate) c;
}
return x509c;
}
use of com.github.zhenwei.core.asn1.x509.Certificate in project XobotOS by xamarin.
the class X509CertPathImpl method getInstance.
/**
* Generates certification path object on the base of encoding provided via
* input stream. The format of provided encoded form is specified by
* parameter <code>encoding</code>.
* @throws CertificateException if specified encoding form is not supported,
* or some problems occurred during the decoding.
*/
public static X509CertPathImpl getInstance(InputStream in, String encoding) throws CertificateException {
if (!encodings.contains(encoding)) {
throw new CertificateException("Unsupported encoding");
}
try {
if (encodingsArr[0].equals(encoding)) {
// generate the object from PkiPath encoded form
return (X509CertPathImpl) ASN1.decode(in);
} else {
// generate the object from PKCS #7 encoded form
ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
SignedData sd = ci.getSignedData();
if (sd == null) {
throw new CertificateException("Incorrect PKCS7 encoded form: missing signed data");
}
List<Certificate> certs = sd.getCertificates();
if (certs == null) {
// empty chain of certificates
certs = new ArrayList<Certificate>();
}
List<X509CertImpl> result = new ArrayList<X509CertImpl>();
for (Certificate cert : certs) {
result.add(new X509CertImpl(cert));
}
return new X509CertPathImpl(result, PKCS7, ci.getEncoded());
}
} catch (IOException e) {
throw new CertificateException("Incorrect encoded form: " + e.getMessage());
}
}
Aggregations