Search in sources :

Example 1 with X509CertificateHolder

use of com.github.zhenwei.pkix.cert.X509CertificateHolder in project LinLong-Java by zhenwei1108.

the class JcaPKIXIdentityBuilder method build.

/**
 * Build an identity from the passed in key and certificate stream in PEM format.
 *
 * @param keyStream         the PEM stream containing the key
 * @param certificateStream the PEM stream containing the certificate
 * @return an identity object.
 * @throws IOException          on a general parsing error.
 * @throws CertificateException on a certificate parsing error.
 */
public JcaPKIXIdentity build(InputStream keyStream, InputStream certificateStream) throws IOException, CertificateException {
    PEMParser keyParser = new PEMParser(new InputStreamReader(keyStream));
    PrivateKey privKey;
    Object keyObj = keyParser.readObject();
    if (keyObj instanceof PEMKeyPair) {
        PEMKeyPair kp = (PEMKeyPair) keyObj;
        privKey = keyConverter.getPrivateKey(kp.getPrivateKeyInfo());
    } else if (keyObj instanceof PrivateKeyInfo) {
        privKey = keyConverter.getPrivateKey((PrivateKeyInfo) keyObj);
    } else {
        // TODO: handle encrypted private keys
        throw new IOException("unrecognised private key file");
    }
    PEMParser certParser = new PEMParser(new InputStreamReader(certificateStream));
    List certs = new ArrayList();
    Object certObj;
    while ((certObj = certParser.readObject()) != null) {
        certs.add(certConverter.getCertificate((X509CertificateHolder) certObj));
    }
    return new JcaPKIXIdentity(privKey, (X509Certificate[]) certs.toArray(new X509Certificate[certs.size()]));
}
Also used : PrivateKey(java.security.PrivateKey) PEMParser(com.github.zhenwei.pkix.openssl.PEMParser) InputStreamReader(java.io.InputStreamReader) JcaPKIXIdentity(com.github.zhenwei.pkix.jcajce.JcaPKIXIdentity) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) ArrayList(java.util.ArrayList) PEMKeyPair(com.github.zhenwei.pkix.openssl.PEMKeyPair) ArrayList(java.util.ArrayList) List(java.util.List) IOException(java.io.IOException) PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo) X509Certificate(java.security.cert.X509Certificate)

Example 2 with X509CertificateHolder

use of com.github.zhenwei.pkix.cert.X509CertificateHolder in project LinLong-Java by zhenwei1108.

the class MiscPEMGenerator method createPemObject.

private PemObject createPemObject(Object o) throws IOException {
    String type;
    byte[] encoding;
    if (o instanceof PemObject) {
        return (PemObject) o;
    }
    if (o instanceof PemObjectGenerator) {
        return ((PemObjectGenerator) o).generate();
    }
    if (o instanceof X509CertificateHolder) {
        type = "CERTIFICATE";
        encoding = ((X509CertificateHolder) o).getEncoded();
    } else if (o instanceof X509CRLHolder) {
        type = "X509 CRL";
        encoding = ((X509CRLHolder) o).getEncoded();
    } else if (o instanceof X509TrustedCertificateBlock) {
        type = "TRUSTED CERTIFICATE";
        encoding = ((X509TrustedCertificateBlock) o).getEncoded();
    } else if (o instanceof PrivateKeyInfo) {
        PrivateKeyInfo info = (PrivateKeyInfo) o;
        ASN1ObjectIdentifier algOID = info.getPrivateKeyAlgorithm().getAlgorithm();
        if (algOID.equals(PKCSObjectIdentifiers.rsaEncryption)) {
            type = "RSA PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else if (algOID.equals(dsaOids[0]) || algOID.equals(dsaOids[1])) {
            type = "DSA PRIVATE KEY";
            DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
            ASN1EncodableVector v = new ASN1EncodableVector();
            v.add(new ASN1Integer(0));
            v.add(new ASN1Integer(p.getP()));
            v.add(new ASN1Integer(p.getQ()));
            v.add(new ASN1Integer(p.getG()));
            BigInteger x = ASN1Integer.getInstance(info.parsePrivateKey()).getValue();
            BigInteger y = p.getG().modPow(x, p.getP());
            v.add(new ASN1Integer(y));
            v.add(new ASN1Integer(x));
            encoding = new DERSequence(v).getEncoded();
        } else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
            type = "EC PRIVATE KEY";
            encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
        } else {
            type = "PRIVATE KEY";
            encoding = info.getEncoded();
        }
    } else if (o instanceof SubjectPublicKeyInfo) {
        type = "PUBLIC KEY";
        encoding = ((SubjectPublicKeyInfo) o).getEncoded();
    } else if (o instanceof X509AttributeCertificateHolder) {
        type = "ATTRIBUTE CERTIFICATE";
        encoding = ((X509AttributeCertificateHolder) o).getEncoded();
    } else if (o instanceof com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequest) {
        type = "CERTIFICATE REQUEST";
        encoding = ((PKCS10CertificationRequest) o).getEncoded();
    } else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
        type = "ENCRYPTED PRIVATE KEY";
        encoding = ((PKCS8EncryptedPrivateKeyInfo) o).getEncoded();
    } else if (o instanceof ContentInfo) {
        type = "PKCS7";
        encoding = ((ContentInfo) o).getEncoded();
    } else {
        throw new PemGenerationException("unknown object passed - can't encode.");
    }
    if (encryptor != null) {
        String dekAlgName = Strings.toUpperCase(encryptor.getAlgorithm());
        // Note: For backward compatibility
        if (dekAlgName.equals("DESEDE")) {
            dekAlgName = "DES-EDE3-CBC";
        }
        byte[] iv = encryptor.getIV();
        byte[] encData = encryptor.encrypt(encoding);
        List headers = new ArrayList(2);
        headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
        headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
        return new PemObject(type, headers, encData);
    }
    return new PemObject(type, encoding);
}
Also used : ArrayList(java.util.ArrayList) SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo) PemObjectGenerator(com.github.zhenwei.core.util.io.pem.PemObjectGenerator) DERSequence(com.github.zhenwei.core.asn1.DERSequence) ContentInfo(com.github.zhenwei.pkix.util.asn1.cms.ContentInfo) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) ArrayList(java.util.ArrayList) List(java.util.List) DSAParameter(com.github.zhenwei.core.asn1.x509.DSAParameter) PKCS10CertificationRequest(com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequest) PemGenerationException(com.github.zhenwei.core.util.io.pem.PemGenerationException) X509AttributeCertificateHolder(com.github.zhenwei.pkix.cert.X509AttributeCertificateHolder) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo) PemObject(com.github.zhenwei.core.util.io.pem.PemObject) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) X509CRLHolder(com.github.zhenwei.pkix.cert.X509CRLHolder) BigInteger(java.math.BigInteger) PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo) PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) PemHeader(com.github.zhenwei.core.util.io.pem.PemHeader)

Example 3 with X509CertificateHolder

use of com.github.zhenwei.pkix.cert.X509CertificateHolder in project LinLong-Java by zhenwei1108.

the class CertificateConfirmationContentBuilder method build.

public CertificateConfirmationContent build(DigestCalculatorProvider digesterProvider) throws CMPException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    for (int i = 0; i != acceptedCerts.size(); i++) {
        X509CertificateHolder certHolder = (X509CertificateHolder) acceptedCerts.get(i);
        BigInteger reqID = (BigInteger) acceptedReqIds.get(i);
        AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
        if (digAlg == null) {
            throw new CMPException("cannot find algorithm for digest from signature");
        }
        DigestCalculator digester;
        try {
            digester = digesterProvider.get(digAlg);
        } catch (OperatorCreationException e) {
            throw new CMPException("unable to create digest: " + e.getMessage(), e);
        }
        CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
        v.add(new CertStatus(digester.getDigest(), reqID));
    }
    return new CertificateConfirmationContent(CertConfirmContent.getInstance(new DERSequence(v)), digestAlgFinder);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) CertStatus(com.github.zhenwei.pkix.util.asn1.cmp.CertStatus) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) BigInteger(java.math.BigInteger) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 4 with X509CertificateHolder

use of com.github.zhenwei.pkix.cert.X509CertificateHolder in project LinLong-Java by zhenwei1108.

the class ProtectedPKIMessage method getCertificates.

/**
 * Return the extra certificates associated with this message.
 *
 * @return an array of extra certificates, zero length if none present.
 */
public X509CertificateHolder[] getCertificates() {
    CMPCertificate[] certs = pkiMessage.getExtraCerts();
    if (certs == null) {
        return new X509CertificateHolder[0];
    }
    X509CertificateHolder[] res = new X509CertificateHolder[certs.length];
    for (int i = 0; i != certs.length; i++) {
        res[i] = new X509CertificateHolder(certs[i].getX509v3PKCert());
    }
    return res;
}
Also used : CMPCertificate(com.github.zhenwei.pkix.util.asn1.cmp.CMPCertificate) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder)

Example 5 with X509CertificateHolder

use of com.github.zhenwei.pkix.cert.X509CertificateHolder in project LinLong-Java by zhenwei1108.

the class ESTService method getCACerts.

/**
 * Query the EST server for ca certificates.
 * <p>
 * RFC7030 leans heavily on the verification phases of TLS for both client and server
 * verification.
 * <p>
 * It does however define a bootstrapping mode where if the client does not have the necessary ca
 * certificates to validate the server it can defer to an external source, such as a human, to
 * formally accept the ca certs.
 * <p>
 * If callers are using bootstrapping they must examine the CACertsResponse and validate it
 * externally.
 *
 * @return A store of X509Certificates.
 */
public CACertsResponse getCACerts() throws ESTException {
    ESTResponse resp = null;
    Exception finalThrowable = null;
    CACertsResponse caCertsResponse = null;
    URL url = null;
    boolean failedBeforeClose = false;
    try {
        url = new URL(server + CACERTS);
        ESTClient client = clientProvider.makeClient();
        ESTRequest req = new ESTRequestBuilder("GET", url).withClient(client).build();
        resp = client.doRequest(req);
        Store<X509CertificateHolder> caCerts = null;
        Store<X509CRLHolder> crlHolderStore = null;
        if (resp.getStatusCode() == 200) {
            String contentType = resp.getHeaders().getFirstValue("Content-Type");
            if (contentType == null || !contentType.startsWith("application/pkcs7-mime")) {
                String j = contentType != null ? " got " + contentType : " but was not present.";
                throw new ESTException(("Response : " + url.toString() + "Expecting application/pkcs7-mime ") + j, null, resp.getStatusCode(), resp.getInputStream());
            }
            try {
                if (resp.getContentLength() != null && resp.getContentLength() > 0) {
                    ASN1InputStream ain = new ASN1InputStream(resp.getInputStream());
                    SimplePKIResponse spkr = new SimplePKIResponse(ContentInfo.getInstance((ASN1Sequence) ain.readObject()));
                    caCerts = spkr.getCertificates();
                    crlHolderStore = spkr.getCRLs();
                }
            } catch (Throwable ex) {
                throw new ESTException("Decoding CACerts: " + url.toString() + " " + ex.getMessage(), ex, resp.getStatusCode(), resp.getInputStream());
            }
        } else if (// 204 are No Content
        resp.getStatusCode() != 204) {
            throw new ESTException("Get CACerts: " + url.toString(), null, resp.getStatusCode(), resp.getInputStream());
        }
        caCertsResponse = new CACertsResponse(caCerts, crlHolderStore, req, resp.getSource(), clientProvider.isTrusted());
    } catch (Throwable t) {
        failedBeforeClose = true;
        if (t instanceof ESTException) {
            throw (ESTException) t;
        } else {
            throw new ESTException(t.getMessage(), t);
        }
    } finally {
        if (resp != null) {
            try {
                resp.close();
            } catch (Exception t) {
                finalThrowable = t;
            }
        }
    }
    if (finalThrowable != null) {
        if (finalThrowable instanceof ESTException) {
            throw (ESTException) finalThrowable;
        }
        throw new ESTException("Get CACerts: " + url.toString(), finalThrowable, resp.getStatusCode(), null);
    }
    return caCertsResponse;
}
Also used : ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream) DERPrintableString(com.github.zhenwei.core.asn1.DERPrintableString) IOException(java.io.IOException) CMCException(com.github.zhenwei.pkix.cmc.CMCException) URL(java.net.URL) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) SimplePKIResponse(com.github.zhenwei.pkix.cmc.SimplePKIResponse) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) X509CRLHolder(com.github.zhenwei.pkix.cert.X509CRLHolder)

Aggregations

X509CertificateHolder (com.github.zhenwei.pkix.cert.X509CertificateHolder)10 IOException (java.io.IOException)4 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)3 ArrayList (java.util.ArrayList)3 List (java.util.List)3 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)2 ASN1InputStream (com.github.zhenwei.core.asn1.ASN1InputStream)2 DERPrintableString (com.github.zhenwei.core.asn1.DERPrintableString)2 DERSequence (com.github.zhenwei.core.asn1.DERSequence)2 PrivateKeyInfo (com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo)2 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)2 X509CRLHolder (com.github.zhenwei.pkix.cert.X509CRLHolder)2 CMCException (com.github.zhenwei.pkix.cmc.CMCException)2 SimplePKIResponse (com.github.zhenwei.pkix.cmc.SimplePKIResponse)2 DigestCalculator (com.github.zhenwei.pkix.operator.DigestCalculator)2 BigInteger (java.math.BigInteger)2 GeneralSecurityException (java.security.GeneralSecurityException)2 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)1