Example 6 with RSAPrivateKey
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project xipki by xipki.
the class P12KeyGenerator method getContentSigner.
// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key) throws Exception {
BcContentSignerBuilder builder;
if (key instanceof RSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
ASN1ObjectIdentifier sigOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
builder = new BcRSAContentSignerBuilder(buildAlgId(sigOid), buildAlgId(hashOid));
} else if (key instanceof DSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
AlgorithmIdentifier sigId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1);
builder = new BcDSAContentSignerBuilder(sigId, buildAlgId(hashOid));
} else if (key instanceof ECPrivateKey) {
HashAlgo hashAlgo;
ASN1ObjectIdentifier sigOid;
int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
if (keysize > 384) {
hashAlgo = HashAlgo.SHA512;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
} else if (keysize > 256) {
hashAlgo = HashAlgo.SHA384;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
} else if (keysize > 224) {
hashAlgo = HashAlgo.SHA224;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA224;
} else if (keysize > 160) {
hashAlgo = HashAlgo.SHA256;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
} else {
hashAlgo = HashAlgo.SHA1;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
}
builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid()));
} else {
throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
}
return builder.build(KeyUtil.generatePrivateKeyParameter(key));
}
Also used :
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
HashAlgo(org.xipki.security.HashAlgo)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
BcDSAContentSignerBuilder(org.bouncycastle.operator.bc.BcDSAContentSignerBuilder)
BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder)
BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 7 with RSAPrivateKey
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project keepass2android by PhilippC.
the class RSAPrivateKeyStructure method toASN1Object.
/**
* This outputs the key in PKCS1v2 format.
* <pre>
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*
* Version ::= INTEGER { two-prime(0), multi(1) }
* (CONSTRAINED BY {-- version must be multi if otherPrimeInfos present --})
* </pre>
* <p>
* This routine is written to output PKCS1 version 2.1, private keys.
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
// version
v.add(new DERInteger(version));
v.add(new DERInteger(getModulus()));
v.add(new DERInteger(getPublicExponent()));
v.add(new DERInteger(getPrivateExponent()));
v.add(new DERInteger(getPrime1()));
v.add(new DERInteger(getPrime2()));
v.add(new DERInteger(getExponent1()));
v.add(new DERInteger(getExponent2()));
v.add(new DERInteger(getCoefficient()));
if (otherPrimeInfos != null) {
v.add(otherPrimeInfos);
}
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
DERInteger(org.bouncycastle.asn1.DERInteger)
Example 8 with RSAPrivateKey
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project candlepin by candlepin.
the class X509CRLStreamWriterTest method testDeleteEntryFromCRL.
@Test
public void testDeleteEntryFromCRL() throws Exception {
X509v2CRLBuilder crlBuilder = createCRLBuilder();
crlBuilder.addCRLEntry(new BigInteger("101"), new Date(), CRLReason.unspecified);
X509CRLHolder holder = crlBuilder.build(signer);
File crlToChange = writeCRL(holder);
CRLEntryValidator validator = new CRLEntryValidator() {
@Override
public boolean shouldDelete(CRLEntry entry) {
return entry.getUserCertificate().getValue().equals(new BigInteger("101"));
}
};
X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
stream.add(new BigInteger("9000"), new Date(), 0);
stream.preScan(crlToChange, validator).lock();
OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
stream.write(o);
o.close();
X509CRL changedCrl = readCRL();
Set<BigInteger> discoveredSerials = new HashSet<>();
for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
discoveredSerials.add(entry.getSerialNumber());
}
Set<BigInteger> expected = new HashSet<>();
expected.add(new BigInteger("100"));
expected.add(new BigInteger("9000"));
assertEquals(expected, discoveredSerials);
}
Also used :
X509CRL(java.security.cert.X509CRL)
BufferedOutputStream(java.io.BufferedOutputStream)
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
X509CRLEntry(java.security.cert.X509CRLEntry)
CRLEntry(org.bouncycastle.asn1.x509.TBSCertList.CRLEntry)
Date(java.util.Date)
X509CRLEntry(java.security.cert.X509CRLEntry)
FileOutputStream(java.io.FileOutputStream)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
File(java.io.File)
BufferedOutputStream(java.io.BufferedOutputStream)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 9 with RSAPrivateKey
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project candlepin by candlepin.
the class X509CRLStreamWriterTest method testUpgradesSignature.
@Test
public void testUpgradesSignature() throws Exception {
X509v2CRLBuilder crlBuilder = createCRLBuilder();
String signingAlg = "SHA1WithRSA";
ContentSigner sha1Signer = new JcaContentSignerBuilder(signingAlg).setProvider(BC_PROVIDER).build(keyPair.getPrivate());
X509CRLHolder holder = crlBuilder.build(sha1Signer);
File crlToChange = writeCRL(holder);
X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
stream.setSigningAlgorithm("SHA256WithRSA");
stream.add(new BigInteger("9000"), new Date(), 0);
stream.preScan(crlToChange).lock();
OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
stream.write(o);
o.close();
X509CRL changedCrl = readCRL();
Set<BigInteger> discoveredSerials = new HashSet<>();
for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
discoveredSerials.add(entry.getSerialNumber());
}
Set<BigInteger> expected = new HashSet<>();
expected.add(new BigInteger("100"));
expected.add(new BigInteger("9000"));
assertEquals(expected, discoveredSerials);
}
Also used :
X509CRL(java.security.cert.X509CRL)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
BufferedOutputStream(java.io.BufferedOutputStream)
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Date(java.util.Date)
X509CRLEntry(java.security.cert.X509CRLEntry)
FileOutputStream(java.io.FileOutputStream)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
File(java.io.File)
BufferedOutputStream(java.io.BufferedOutputStream)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 10 with RSAPrivateKey
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project athenz by yahoo.
the class CryptoTest method validateJWSDocumentMissingKid.
@Test
public void validateJWSDocumentMissingKid() {
Function<String, PublicKey> keyGetter = (String keyId) -> null;
final Base64.Encoder encoder = Base64.getUrlEncoder().withoutPadding();
final String protectedHeader = "{\"alg\":\"ES256\"}";
final byte[] encodedHeader = encoder.encode(protectedHeader.getBytes(StandardCharsets.UTF_8));
final String payload = "{\"domainName\":\"athenz\"}";
final byte[] encodedPayload = encoder.encode(payload.getBytes(StandardCharsets.UTF_8));
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
final byte[] signature = encoder.encode(Crypto.sign(Bytes.concat(encodedHeader, PERIOD, encodedPayload), privateKey, Crypto.SHA256));
assertFalse(Crypto.validateJWSDocument(new String(encodedHeader), new String(encodedPayload), new String(signature), keyGetter));
}
Also used :
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
Test(org.testng.annotations.Test)
Aggregations
BigInteger (java.math.BigInteger)11
PrivateKey (java.security.PrivateKey)10
BufferedOutputStream (java.io.BufferedOutputStream)8
File (java.io.File)8
FileOutputStream (java.io.FileOutputStream)8
OutputStream (java.io.OutputStream)8
X509CRL (java.security.cert.X509CRL)8
DERIA5String (org.bouncycastle.asn1.DERIA5String)8
Test (org.testng.annotations.Test)8
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)7
Test (org.junit.Test)7
PublicKey (java.security.PublicKey)6
X509CRLEntry (java.security.cert.X509CRLEntry)6
Date (java.util.Date)6
HashSet (java.util.HashSet)6
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)5
DERSequence (org.bouncycastle.asn1.DERSequence)5
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)5
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)4
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)4
