Example 16 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class ITSExplicitCertificateBuilder method build.
public ITSCertificate build(CertificateId certificateId, ITSPublicVerificationKey verificationKey, ITSPublicEncryptionKey publicEncryptionKey) {
ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
tbsBldr.setCertificateId(certificateId);
if (publicEncryptionKey != null) {
tbsBldr.setEncryptionKey(publicEncryptionKey.toASN1Structure());
}
tbsBldr.setVerificationKeyIndicator(VerificationKeyIndicator.builder().publicVerificationKey(verificationKey.toASN1Structure()).createVerificationKeyIndicator());
ToBeSignedCertificate tbsCertificate = tbsBldr.createToBeSignedCertificate();
ToBeSignedCertificate signerCert = null;
VerificationKeyIndicator verificationKeyIndicator;
if (signer.isForSelfSigning()) {
verificationKeyIndicator = tbsCertificate.getVerificationKeyIndicator();
} else {
signerCert = signer.getAssociatedCertificate().toASN1Structure().getCertificateBase().getToBeSignedCertificate();
verificationKeyIndicator = signerCert.getVerificationKeyIndicator();
}
OutputStream sOut = signer.getOutputStream();
try {
sOut.write(OEREncoder.toByteArray(tbsCertificate, IEEE1609dot2.tbsCertificate));
sOut.close();
} catch (IOException e) {
throw new IllegalArgumentException("cannot produce certificate signature");
}
// TODO: signature actually optional.
Signature sig = null;
switch(verificationKeyIndicator.getChoice()) {
case PublicVerificationKey.ecdsaNistP256:
sig = ECDSAEncoder.toITS(SECObjectIdentifiers.secp256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP256r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP384r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP384r1, signer.getSignature());
break;
default:
throw new IllegalStateException("unknown key type");
}
CertificateBase.Builder baseBldr = new CertificateBase.Builder();
IssuerIdentifier.Builder issuerIdentifierBuilder = IssuerIdentifier.builder();
ASN1ObjectIdentifier digestAlg = signer.getDigestAlgorithm().getAlgorithm();
if (signer.isForSelfSigning()) {
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha256);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha384);
} else {
throw new IllegalStateException("unknown digest");
}
} else {
byte[] parentDigest = signer.getAssociatedCertificateDigest();
HashedId.HashedId8 hashedID = new HashedId.HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.sha256AndDigest(hashedID);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.sha384AndDigest(hashedID);
} else {
throw new IllegalStateException("unknown digest");
}
}
baseBldr.setVersion(version);
baseBldr.setType(CertificateType.Explicit);
baseBldr.setIssuer(issuerIdentifierBuilder.createIssuerIdentifier());
baseBldr.setToBeSignedCertificate(tbsCertificate);
baseBldr.setSignature(sig);
Certificate.Builder bldr = new Certificate.Builder();
bldr.setCertificateBase(baseBldr.createCertificateBase());
return new ITSCertificate(bldr.createCertificate());
}
Also used :
OutputStream(java.io.OutputStream)
IOException(java.io.IOException)
ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)
CertificateBase(com.github.zhenwei.pkix.util.oer.its.CertificateBase)
IssuerIdentifier(com.github.zhenwei.pkix.util.oer.its.IssuerIdentifier)
Signature(com.github.zhenwei.pkix.util.oer.its.Signature)
VerificationKeyIndicator(com.github.zhenwei.pkix.util.oer.its.VerificationKeyIndicator)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
HashedId(com.github.zhenwei.pkix.util.oer.its.HashedId)
Certificate(com.github.zhenwei.pkix.util.oer.its.Certificate)
ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)
Example 17 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V3CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject using the default
* provider, and the passed in source of randomness (if required).
* <p>
* <b>Note:</b> this differs from the deprecated method in that the default provider is
* used - not "BC".
* </p>
*/
public X509Certificate generate(PrivateKey key, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = generateTbsCert();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
try {
return generateJcaObject(tbsCert, signature);
} catch (Exception e) {
throw new ExtCertificateEncodingException("exception producing certificate object", e);
}
}
Also used :
IOException(java.io.IOException)
TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate)
CertificateParsingException(java.security.cert.CertificateParsingException)
GeneralSecurityException(java.security.GeneralSecurityException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Example 18 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V3CertificateGenerator method generateJcaObject.
private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws Exception {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgId);
v.add(new DERBitString(signature));
return (X509Certificate) certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
X509Certificate(java.security.cert.X509Certificate)
Example 19 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V1CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject using the default
* provider and the passed in source of randomness
* <p>
* <b>Note:</b> this differs from the deprecated method in that the default provider is
* used - not "BC".
* </p>
*/
public X509Certificate generate(PrivateKey key, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
return generateJcaObject(tbsCert, signature);
}
Also used :
IOException(java.io.IOException)
TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate)
Example 20 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V1CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject, using the passed in
* provider for the signing, and the passed in source of randomness (if required).
*/
public X509Certificate generate(PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
return generateJcaObject(tbsCert, signature);
}
Also used :
IOException(java.io.IOException)
TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate)
Aggregations
IOException (java.io.IOException)22
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)22
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
CertificateException (java.security.cert.CertificateException)7
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)6
DERSequence (com.github.zhenwei.core.asn1.DERSequence)6
ByteArrayInputStream (java.io.ByteArrayInputStream)6
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
X509Certificate (java.security.cert.X509Certificate)6
DEROctetString (org.bouncycastle.asn1.DEROctetString)6
ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)5
ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)5
ASN1Integer (com.android.org.bouncycastle.asn1.ASN1Integer)5
ASN1ObjectIdentifier (com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)5
DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5
DERInteger (com.android.org.bouncycastle.asn1.DERInteger)5
DERSequence (com.android.org.bouncycastle.asn1.DERSequence)5
AlgorithmIdentifier (com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier)5
TBSCertificate (com.android.org.bouncycastle.asn1.x509.TBSCertificate)5
Time (com.android.org.bouncycastle.asn1.x509.Time)5
