Example 21 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class V3TBSCertificateGenerator method generateTBSCertificate.
public TBSCertificate generateTBSCertificate() {
if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) {
throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
}
ASN1EncodableVector v = new ASN1EncodableVector(10);
v.add(version);
v.add(serialNumber);
v.add(signature);
v.add(issuer);
//
// before and after dates
//
{
ASN1EncodableVector validity = new ASN1EncodableVector(2);
validity.add(startDate);
validity.add(endDate);
v.add(new DERSequence(validity));
}
if (subject != null) {
v.add(subject);
} else {
v.add(new DERSequence());
}
v.add(subjectPublicKeyInfo);
if (issuerUniqueID != null) {
v.add(new DERTaggedObject(false, 1, issuerUniqueID));
}
if (subjectUniqueID != null) {
v.add(new DERTaggedObject(false, 2, subjectUniqueID));
}
if (extensions != null) {
v.add(new DERTaggedObject(true, 3, extensions));
}
return TBSCertificate.getInstance(new DERSequence(v));
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Example 22 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509v3CertificateBuilder method generateStructure.
private static Certificate generateStructure(TBSCertificate tbsCert, AlgorithmIdentifier sigAlgId, byte[] signature) {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgId);
v.add(new DERBitString(signature));
return Certificate.getInstance(new DERSequence(v));
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
Example 23 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project robovm by robovm.
the class X509CertificateHolder method isSignatureValid.
/**
* Validate the signature on the certificate in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertificate tbsCert = x509Certificate.getTBSCertificate();
if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCert.getSignature()));
OutputStream sOut = verifier.getOutputStream();
DEROutputStream dOut = new DEROutputStream(sOut);
dOut.writeObject(tbsCert);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509Certificate.getSignature().getBytes());
}
Also used :
ContentVerifier(org.bouncycastle.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
IOException(java.io.IOException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 24 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project robovm by robovm.
the class X509V1CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject,
* using the passed in provider for the signing, and the passed in source
* of randomness (if required).
*/
public X509Certificate generate(PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
return generateJcaObject(tbsCert, signature);
}
Also used :
IOException(java.io.IOException)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Example 25 with TBSCertificate
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project platform_frameworks_base by android.
the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithFakeSignature.
@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithFakeSignature(PublicKey publicKey) throws IOException, CertificateParsingException {
V3TBSCertificateGenerator tbsGenerator = new V3TBSCertificateGenerator();
ASN1ObjectIdentifier sigAlgOid;
AlgorithmIdentifier sigAlgId;
byte[] signature;
switch(mKeymasterAlgorithm) {
case KeymasterDefs.KM_ALGORITHM_EC:
sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
sigAlgId = new AlgorithmIdentifier(sigAlgOid);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(0));
signature = new DERSequence().getEncoded();
break;
case KeymasterDefs.KM_ALGORITHM_RSA:
sigAlgOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
sigAlgId = new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
signature = new byte[1];
break;
default:
throw new ProviderException("Unsupported key algorithm: " + mKeymasterAlgorithm);
}
try (ASN1InputStream publicKeyInfoIn = new ASN1InputStream(publicKey.getEncoded())) {
tbsGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKeyInfoIn.readObject()));
}
tbsGenerator.setSerialNumber(new ASN1Integer(mSpec.getCertificateSerialNumber()));
X509Principal subject = new X509Principal(mSpec.getCertificateSubject().getEncoded());
tbsGenerator.setSubject(subject);
tbsGenerator.setIssuer(subject);
tbsGenerator.setStartDate(new Time(mSpec.getCertificateNotBefore()));
tbsGenerator.setEndDate(new Time(mSpec.getCertificateNotAfter()));
tbsGenerator.setSignature(sigAlgId);
TBSCertificate tbsCertificate = tbsGenerator.generateTBSCertificate();
ASN1EncodableVector result = new ASN1EncodableVector();
result.add(tbsCertificate);
result.add(sigAlgId);
result.add(new DERBitString(signature));
return new X509CertificateObject(Certificate.getInstance(new DERSequence(result)));
}
Also used :
ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream)
ProviderException(java.security.ProviderException)
Time(com.android.org.bouncycastle.asn1.x509.Time)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
ASN1Integer(com.android.org.bouncycastle.asn1.ASN1Integer)
AlgorithmIdentifier(com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERInteger(com.android.org.bouncycastle.asn1.DERInteger)
DERSequence(com.android.org.bouncycastle.asn1.DERSequence)
X509CertificateObject(com.android.org.bouncycastle.jce.provider.X509CertificateObject)
X509Principal(com.android.org.bouncycastle.jce.X509Principal)
ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector)
V3TBSCertificateGenerator(com.android.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator)
TBSCertificate(com.android.org.bouncycastle.asn1.x509.TBSCertificate)
ASN1ObjectIdentifier(com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
IOException (java.io.IOException)22
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)22
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
CertificateException (java.security.cert.CertificateException)7
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)6
DERSequence (com.github.zhenwei.core.asn1.DERSequence)6
ByteArrayInputStream (java.io.ByteArrayInputStream)6
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
X509Certificate (java.security.cert.X509Certificate)6
DEROctetString (org.bouncycastle.asn1.DEROctetString)6
ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)5
ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)5
ASN1Integer (com.android.org.bouncycastle.asn1.ASN1Integer)5
ASN1ObjectIdentifier (com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)5
DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5
DERInteger (com.android.org.bouncycastle.asn1.DERInteger)5
DERSequence (com.android.org.bouncycastle.asn1.DERSequence)5
AlgorithmIdentifier (com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier)5
TBSCertificate (com.android.org.bouncycastle.asn1.x509.TBSCertificate)5
Time (com.android.org.bouncycastle.asn1.x509.Time)5
