Search in sources :

Example 16 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class ITSExplicitCertificateBuilder method build.

public ITSCertificate build(CertificateId certificateId, ITSPublicVerificationKey verificationKey, ITSPublicEncryptionKey publicEncryptionKey) {
    ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
    tbsBldr.setCertificateId(certificateId);
    if (publicEncryptionKey != null) {
        tbsBldr.setEncryptionKey(publicEncryptionKey.toASN1Structure());
    }
    tbsBldr.setVerificationKeyIndicator(VerificationKeyIndicator.builder().publicVerificationKey(verificationKey.toASN1Structure()).createVerificationKeyIndicator());
    ToBeSignedCertificate tbsCertificate = tbsBldr.createToBeSignedCertificate();
    ToBeSignedCertificate signerCert = null;
    VerificationKeyIndicator verificationKeyIndicator;
    if (signer.isForSelfSigning()) {
        verificationKeyIndicator = tbsCertificate.getVerificationKeyIndicator();
    } else {
        signerCert = signer.getAssociatedCertificate().toASN1Structure().getCertificateBase().getToBeSignedCertificate();
        verificationKeyIndicator = signerCert.getVerificationKeyIndicator();
    }
    OutputStream sOut = signer.getOutputStream();
    try {
        sOut.write(OEREncoder.toByteArray(tbsCertificate, IEEE1609dot2.tbsCertificate));
        sOut.close();
    } catch (IOException e) {
        throw new IllegalArgumentException("cannot produce certificate signature");
    }
    // TODO: signature actually optional.
    Signature sig = null;
    switch(verificationKeyIndicator.getChoice()) {
        case PublicVerificationKey.ecdsaNistP256:
            sig = ECDSAEncoder.toITS(SECObjectIdentifiers.secp256r1, signer.getSignature());
            break;
        case PublicVerificationKey.ecdsaBrainpoolP256r1:
            sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP256r1, signer.getSignature());
            break;
        case PublicVerificationKey.ecdsaBrainpoolP384r1:
            sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP384r1, signer.getSignature());
            break;
        default:
            throw new IllegalStateException("unknown key type");
    }
    CertificateBase.Builder baseBldr = new CertificateBase.Builder();
    IssuerIdentifier.Builder issuerIdentifierBuilder = IssuerIdentifier.builder();
    ASN1ObjectIdentifier digestAlg = signer.getDigestAlgorithm().getAlgorithm();
    if (signer.isForSelfSigning()) {
        if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
            issuerIdentifierBuilder.self(HashAlgorithm.sha256);
        } else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
            issuerIdentifierBuilder.self(HashAlgorithm.sha384);
        } else {
            throw new IllegalStateException("unknown digest");
        }
    } else {
        byte[] parentDigest = signer.getAssociatedCertificateDigest();
        HashedId.HashedId8 hashedID = new HashedId.HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
        if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
            issuerIdentifierBuilder.sha256AndDigest(hashedID);
        } else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
            issuerIdentifierBuilder.sha384AndDigest(hashedID);
        } else {
            throw new IllegalStateException("unknown digest");
        }
    }
    baseBldr.setVersion(version);
    baseBldr.setType(CertificateType.Explicit);
    baseBldr.setIssuer(issuerIdentifierBuilder.createIssuerIdentifier());
    baseBldr.setToBeSignedCertificate(tbsCertificate);
    baseBldr.setSignature(sig);
    Certificate.Builder bldr = new Certificate.Builder();
    bldr.setCertificateBase(baseBldr.createCertificateBase());
    return new ITSCertificate(bldr.createCertificate());
}
Also used : OutputStream(java.io.OutputStream) IOException(java.io.IOException) ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate) CertificateBase(com.github.zhenwei.pkix.util.oer.its.CertificateBase) IssuerIdentifier(com.github.zhenwei.pkix.util.oer.its.IssuerIdentifier) Signature(com.github.zhenwei.pkix.util.oer.its.Signature) VerificationKeyIndicator(com.github.zhenwei.pkix.util.oer.its.VerificationKeyIndicator) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) HashedId(com.github.zhenwei.pkix.util.oer.its.HashedId) Certificate(com.github.zhenwei.pkix.util.oer.its.Certificate) ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)

Example 17 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class X509V3CertificateGenerator method generate.

/**
 * generate an X509 certificate, based on the current issuer and subject using the default
 * provider, and the passed in source of randomness (if required).
 * <p>
 * <b>Note:</b> this differs from the deprecated method in that the default provider is
 * used - not "BC".
 * </p>
 */
public X509Certificate generate(PrivateKey key, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
    TBSCertificate tbsCert = generateTbsCert();
    byte[] signature;
    try {
        signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
    } catch (IOException e) {
        throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
    }
    try {
        return generateJcaObject(tbsCert, signature);
    } catch (Exception e) {
        throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
}
Also used : IOException(java.io.IOException) TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate) CertificateParsingException(java.security.cert.CertificateParsingException) GeneralSecurityException(java.security.GeneralSecurityException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 18 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class X509V3CertificateGenerator method generateJcaObject.

private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws Exception {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    return (X509Certificate) certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DERBitString(com.github.zhenwei.core.asn1.DERBitString) X509Certificate(java.security.cert.X509Certificate)

Example 19 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class X509V1CertificateGenerator method generate.

/**
 * generate an X509 certificate, based on the current issuer and subject using the default
 * provider and the passed in source of randomness
 * <p>
 * <b>Note:</b> this differs from the deprecated method in that the default provider is
 * used - not "BC".
 * </p>
 */
public X509Certificate generate(PrivateKey key, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
    TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
    byte[] signature;
    try {
        signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
    } catch (IOException e) {
        throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
    }
    return generateJcaObject(tbsCert, signature);
}
Also used : IOException(java.io.IOException) TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate)

Example 20 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class X509V1CertificateGenerator method generate.

/**
 * generate an X509 certificate, based on the current issuer and subject, using the passed in
 * provider for the signing, and the passed in source of randomness (if required).
 */
public X509Certificate generate(PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
    TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
    byte[] signature;
    try {
        signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
    } catch (IOException e) {
        throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
    }
    return generateJcaObject(tbsCert, signature);
}
Also used : IOException(java.io.IOException) TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate)

Aggregations

IOException (java.io.IOException)22 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)22 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 CertificateException (java.security.cert.CertificateException)7 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)6 DERSequence (com.github.zhenwei.core.asn1.DERSequence)6 ByteArrayInputStream (java.io.ByteArrayInputStream)6 CertificateEncodingException (java.security.cert.CertificateEncodingException)6 X509Certificate (java.security.cert.X509Certificate)6 DEROctetString (org.bouncycastle.asn1.DEROctetString)6 ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)5 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)5 ASN1Integer (com.android.org.bouncycastle.asn1.ASN1Integer)5 ASN1ObjectIdentifier (com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)5 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5 DERInteger (com.android.org.bouncycastle.asn1.DERInteger)5 DERSequence (com.android.org.bouncycastle.asn1.DERSequence)5 AlgorithmIdentifier (com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier)5 TBSCertificate (com.android.org.bouncycastle.asn1.x509.TBSCertificate)5 Time (com.android.org.bouncycastle.asn1.x509.Time)5