use of com.github.zhenwei.core.asn1.x509.SubjectKeyIdentifier in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method createCRTSafeBagBuilder.
private static PKCS12SafeBagBuilder createCRTSafeBagBuilder(String alias, X509Certificate crt, boolean addKeyId) throws IOException, GeneralSecurityException {
PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(crt);
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(alias));
if (addKeyId) {
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier subjectKeyIdentifier = extensionUtils.createSubjectKeyIdentifier(crt.getPublicKey());
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, subjectKeyIdentifier);
}
return safeBagBuilder;
}
use of com.github.zhenwei.core.asn1.x509.SubjectKeyIdentifier in project credhub by cloudfoundry-incubator.
the class CertificateGenerateTest method certificateGeneration_shouldGenerateCorrectCertificate.
@Test
public void certificateGeneration_shouldGenerateCorrectCertificate() throws Exception {
final MockHttpServletRequestBuilder caPost = post("/api/v1/data").header("Authorization", "Bearer " + ALL_PERMISSIONS_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + " \"name\" : \"picard\",\n" + " \"type\" : \"certificate\",\n" + " \"parameters\" : {\n" + " \"common_name\" : \"federation\",\n" + " \"is_ca\" : true,\n" + " \"self_sign\" : true,\n" + " \"duration\" : 1 \n" + " }\n" + "}");
final String caResult = this.mockMvc.perform(caPost).andDo(print()).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
JSONObject result = new JSONObject(caResult);
final String picardCert = result.getJSONObject("value").getString("certificate");
final String picardCA = result.getJSONObject("value").getString("ca");
assertThat(picardCert, equalTo(picardCA));
final String expiryDate = result.getString("expiry_date");
final String truncatedExpiryDate = expiryDate.substring(0, expiryDate.indexOf('T'));
final Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DATE, 1);
final String expectedTime = calendar.getTime().toInstant().truncatedTo(ChronoUnit.SECONDS).toString();
final String truncatedExpected = expectedTime.substring(0, expectedTime.indexOf('T'));
assertThat(truncatedExpiryDate, equalTo(truncatedExpected));
assertThat(result.getBoolean("certificate_authority"), equalTo(true));
assertThat(result.getBoolean("self_signed"), equalTo(true));
assertThat(result.getBoolean("generated"), equalTo(true));
assertThat(picardCert, notNullValue());
final MockHttpServletRequestBuilder certPost = post("/api/v1/data").header("Authorization", "Bearer " + ALL_PERMISSIONS_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + " \"name\" : \"riker\",\n" + " \"type\" : \"certificate\",\n" + " \"parameters\" : {\n" + " \"common_name\" : \"federation\",\n" + " \"ca\" : \"picard\"\n" + " }\n" + "}");
final String certResult = this.mockMvc.perform(certPost).andDo(print()).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
final String certCa = (new JSONObject(certResult)).getJSONObject("value").getString("ca");
final String cert = (new JSONObject(certResult)).getJSONObject("value").getString("certificate");
assertThat(certCa, equalTo(picardCert));
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate caPem = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(picardCert.getBytes(UTF_8)));
final X509Certificate certPem = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(cert.getBytes(UTF_8)));
final byte[] subjectKeyIdDer = caPem.getExtensionValue(Extension.subjectKeyIdentifier.getId());
final SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(subjectKeyIdDer));
final byte[] subjectKeyId = subjectKeyIdentifier.getKeyIdentifier();
final byte[] authorityKeyIdDer = certPem.getExtensionValue(Extension.authorityKeyIdentifier.getId());
final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(authorityKeyIdDer));
final byte[] authKeyId = authorityKeyIdentifier.getKeyIdentifier();
assertThat(subjectKeyId, equalTo(authKeyId));
}
use of com.github.zhenwei.core.asn1.x509.SubjectKeyIdentifier in project credhub by cloudfoundry-incubator.
the class SignedCertificateGeneratorTest method getSignedByIssuer_withNonGeneratedSubjectKeyIdentifier_setsAuthorityKeyIdentifier.
@Test
public void getSignedByIssuer_withNonGeneratedSubjectKeyIdentifier_setsAuthorityKeyIdentifier() throws Exception {
final X509Certificate caCertificate = new CertificateReader(TEST_CA_WITH_DIFFERENT_SKID).getCertificate();
PrivateKey caPrivateKey = PrivateKeyReader.getPrivateKey(TEST_KEY_WITH_DIFFERENT_SKID);
final X509Certificate generatedCert = subject.getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, caCertificate, caPrivateKey);
final byte[] authorityKeyIdDer = generatedCert.getExtensionValue(Extension.authorityKeyIdentifier.getId());
final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer));
final byte[] subjectKeyIdDer = caCertificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(parseExtensionValue(subjectKeyIdDer));
assertThat(authorityKeyIdentifier.getKeyIdentifier(), equalTo(subjectKeyIdentifier.getKeyIdentifier()));
}
use of com.github.zhenwei.core.asn1.x509.SubjectKeyIdentifier in project vcert-java by Venafi.
the class PEMCollection method toPkcs12.
public byte[] toPkcs12(String password) throws PKCSException {
try {
SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(certificate.getPublicKey());
OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes128_CBC).setProvider("BC").build(password.toCharArray());
ArrayList<PKCS12SafeBag> safeBags = new ArrayList<>();
safeBags.ensureCapacity(chain.size() + 2);
safeBags.add(new JcaPKCS12SafeBagBuilder((X509Certificate) certificate).addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId).build());
for (Certificate intermediateCert : chain) {
safeBags.add(new JcaPKCS12SafeBagBuilder((X509Certificate) intermediateCert).build());
}
safeBags.add(new JcaPKCS12SafeBagBuilder(privateKey, encOut).addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId).build());
PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder();
builder.addEncryptedData(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC).setProvider("BC").build(password.toCharArray()), safeBags.toArray(new PKCS12SafeBag[] {}));
PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password.toCharArray());
ByteArrayOutputStream out = new ByteArrayOutputStream();
out.write(pfx.getEncoded(ASN1Encoding.DL));
out.close();
return out.toByteArray();
} catch (IOException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new RuntimeException(e);
}
}
use of com.github.zhenwei.core.asn1.x509.SubjectKeyIdentifier in project keystore-explorer by kaikramer.
the class X509Ext method getSubjectKeyIndentifierStringValue.
private static String getSubjectKeyIndentifierStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* SubjectKeyIdentifier ::= KeyIdentifier
*
* KeyIdentifier ::= OCTET STRING
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);
// Get key identifier from octet string
byte[] keyIdentifierBytes = subjectKeyIdentifier.getKeyIdentifier();
sb.append(MessageFormat.format(res.getString("SubjectKeyIdentifier"), HexUtil.getHexString(keyIdentifierBytes)));
sb.append(NEWLINE);
return sb.toString();
}
Aggregations