use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class ITSExplicitCertificateBuilder method build.
public ITSCertificate build(CertificateId certificateId, ITSPublicVerificationKey verificationKey, ITSPublicEncryptionKey publicEncryptionKey) {
ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
tbsBldr.setCertificateId(certificateId);
if (publicEncryptionKey != null) {
tbsBldr.setEncryptionKey(publicEncryptionKey.toASN1Structure());
}
tbsBldr.setVerificationKeyIndicator(VerificationKeyIndicator.builder().publicVerificationKey(verificationKey.toASN1Structure()).createVerificationKeyIndicator());
ToBeSignedCertificate tbsCertificate = tbsBldr.createToBeSignedCertificate();
ToBeSignedCertificate signerCert = null;
VerificationKeyIndicator verificationKeyIndicator;
if (signer.isForSelfSigning()) {
verificationKeyIndicator = tbsCertificate.getVerificationKeyIndicator();
} else {
signerCert = signer.getAssociatedCertificate().toASN1Structure().getCertificateBase().getToBeSignedCertificate();
verificationKeyIndicator = signerCert.getVerificationKeyIndicator();
}
OutputStream sOut = signer.getOutputStream();
try {
sOut.write(OEREncoder.toByteArray(tbsCertificate, IEEE1609dot2.tbsCertificate));
sOut.close();
} catch (IOException e) {
throw new IllegalArgumentException("cannot produce certificate signature");
}
// TODO: signature actually optional.
Signature sig = null;
switch(verificationKeyIndicator.getChoice()) {
case PublicVerificationKey.ecdsaNistP256:
sig = ECDSAEncoder.toITS(SECObjectIdentifiers.secp256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP256r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP384r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP384r1, signer.getSignature());
break;
default:
throw new IllegalStateException("unknown key type");
}
CertificateBase.Builder baseBldr = new CertificateBase.Builder();
IssuerIdentifier.Builder issuerIdentifierBuilder = IssuerIdentifier.builder();
ASN1ObjectIdentifier digestAlg = signer.getDigestAlgorithm().getAlgorithm();
if (signer.isForSelfSigning()) {
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha256);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha384);
} else {
throw new IllegalStateException("unknown digest");
}
} else {
byte[] parentDigest = signer.getAssociatedCertificateDigest();
HashedId.HashedId8 hashedID = new HashedId.HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.sha256AndDigest(hashedID);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.sha384AndDigest(hashedID);
} else {
throw new IllegalStateException("unknown digest");
}
}
baseBldr.setVersion(version);
baseBldr.setType(CertificateType.Explicit);
baseBldr.setIssuer(issuerIdentifierBuilder.createIssuerIdentifier());
baseBldr.setToBeSignedCertificate(tbsCertificate);
baseBldr.setSignature(sig);
Certificate.Builder bldr = new Certificate.Builder();
bldr.setCertificateBase(baseBldr.createCertificateBase());
return new ITSCertificate(bldr.createCertificate());
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V3CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject using the default
* provider, and the passed in source of randomness (if required).
* <p>
* <b>Note:</b> this differs from the deprecated method in that the default provider is
* used - not "BC".
* </p>
*/
public X509Certificate generate(PrivateKey key, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = generateTbsCert();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
try {
return generateJcaObject(tbsCert, signature);
} catch (Exception e) {
throw new ExtCertificateEncodingException("exception producing certificate object", e);
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V3CertificateGenerator method generateJcaObject.
private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws Exception {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgId);
v.add(new DERBitString(signature));
return (X509Certificate) certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V1CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject using the default
* provider and the passed in source of randomness
* <p>
* <b>Note:</b> this differs from the deprecated method in that the default provider is
* used - not "BC".
* </p>
*/
public X509Certificate generate(PrivateKey key, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
return generateJcaObject(tbsCert, signature);
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V1CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject, using the passed in
* provider for the signing, and the passed in source of randomness (if required).
*/
public X509Certificate generate(PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
return generateJcaObject(tbsCert, signature);
}
Aggregations