use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project athenz by yahoo.
the class CryptoTest method testX509CSRrequest.
@Test(dataProvider = "x500Principal")
public void testX509CSRrequest(String x500Principal, boolean badRequest) {
PublicKey publicKey = Crypto.loadPublicKey(rsaPublicKey);
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
String certRequest = null;
GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
GeneralName[] sanArray = new GeneralName[] { otherName1, otherName2 };
try {
certRequest = Crypto.generateX509CSR(privateKey, publicKey, x500Principal, sanArray);
} catch (Exception e) {
if (!badRequest) {
fail("Should not have failed to create csr");
}
}
if (!badRequest) {
// Now validate the csr
Crypto.getPKCS10CertRequest(certRequest);
}
}
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project athenz by yahoo.
the class CryptoTest method testSignVerifyRSAKey.
@Test
public void testSignVerifyRSAKey() {
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
assertNotNull(privateKey);
String signature = Crypto.sign(serviceToken, privateKey);
assertEquals(signature, serviceRSASignature);
PublicKey publicKey = Crypto.loadPublicKey(rsaPublicKey);
assertNotNull(publicKey);
assertTrue(Crypto.verify(serviceToken, publicKey, signature));
}
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project athenz by yahoo.
the class CryptoTest method testSignVerifyExtractedRSAKey.
@Test
public void testSignVerifyExtractedRSAKey() {
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
assertNotNull(privateKey);
String signature = Crypto.sign(serviceToken, privateKey);
assertEquals(signature, serviceRSASignature);
PublicKey publicKey = Crypto.extractPublicKey(privateKey);
assertNotNull(publicKey);
assertTrue(Crypto.verify(serviceToken, publicKey, signature));
}
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project XobotOS by xamarin.
the class RSAPrivateKeyStructure method toASN1Object.
/**
* This outputs the key in PKCS1v2 format.
* <pre>
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*
* Version ::= INTEGER { two-prime(0), multi(1) }
* (CONSTRAINED BY {-- version must be multi if otherPrimeInfos present --})
* </pre>
* <p>
* This routine is written to output PKCS1 version 2.1, private keys.
*/
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
// version
v.add(new DERInteger(version));
v.add(new DERInteger(getModulus()));
v.add(new DERInteger(getPublicExponent()));
v.add(new DERInteger(getPrivateExponent()));
v.add(new DERInteger(getPrime1()));
v.add(new DERInteger(getPrime2()));
v.add(new DERInteger(getExponent1()));
v.add(new DERInteger(getExponent2()));
v.add(new DERInteger(getCoefficient()));
if (otherPrimeInfos != null) {
v.add(otherPrimeInfos);
}
return new DERSequence(v);
}
use of org.bouncycastle.asn1.pkcs.RSAPrivateKey in project candlepin by candlepin.
the class CrlFileUtil method updateCRLFile.
/**
* Updates the specified CRL file by adding or removing entries. If both lists are either null
* or empty, the CRL file will not be modified by this method. If the file does not exist or
* appears to be empty, it will be initialized before processing the lists.
*
* @param file
* The CRL file to update
*
* @param revoke
* A collection of serials to revoke (add)
*
* @param unrevoke
* A collection of serials to unrevoke (remove)
*
* @throws IOException
* if an IO error occurs while updating the CRL file
*/
public void updateCRLFile(File file, final Collection<BigInteger> revoke, final Collection<BigInteger> unrevoke) throws IOException {
if (!file.exists() || file.length() == 0) {
this.initializeCRLFile(file, revoke);
return;
}
File strippedFile = stripCRLFile(file);
InputStream input = null;
InputStream reaper = null;
BufferedOutputStream output = null;
OutputStream filter = null;
OutputStream encoder = null;
try {
// Impl note:
// Due to the way the X509CRLStreamWriter works (and the DER format in general), we have
// to make two passes through the file.
input = new Base64InputStream(new FileInputStream(strippedFile));
reaper = new Base64InputStream(new FileInputStream(strippedFile));
// Note: This will break if we ever stop using RSA keys
PrivateKey key = this.certificateReader.getCaKey();
X509CRLStreamWriter writer = new X509CRLStreamWriter(input, (RSAPrivateKey) key, this.certificateReader.getCACert());
// Add new entries
if (revoke != null) {
Date now = new Date();
for (BigInteger serial : revoke) {
writer.add(serial, now, CRLReason.privilegeWithdrawn);
}
}
// or we could miss cases where we have entries to remove, but nothing to add.
if (unrevoke != null && !unrevoke.isEmpty()) {
writer.preScan(reaper, new CRLEntryValidator() {
public boolean shouldDelete(CRLEntry entry) {
BigInteger certSerial = entry.getUserCertificate().getValue();
return unrevoke.contains(certSerial);
}
});
} else {
writer.preScan(reaper);
}
writer.setSigningAlgorithm(PKIUtility.SIGNATURE_ALGO);
// Verify we actually have work to do now
if (writer.hasChangesQueued()) {
output = new BufferedOutputStream(new FileOutputStream(file));
filter = new FilterOutputStream(output) {
private boolean needsLineBreak = true;
public void write(int b) throws IOException {
this.needsLineBreak = (b != (byte) '\n');
super.write(b);
}
public void write(byte[] buffer) throws IOException {
this.needsLineBreak = (buffer[buffer.length - 1] != (byte) '\n');
super.write(buffer);
}
public void write(byte[] buffer, int off, int len) throws IOException {
this.needsLineBreak = (buffer[off + len - 1] != (byte) '\n');
super.write(buffer, off, len);
}
public void close() throws IOException {
if (this.needsLineBreak) {
super.write((int) '\n');
this.needsLineBreak = false;
}
// Impl note:
// We're intentionally not propagating the call here.
}
};
encoder = new Base64OutputStream(filter, true, 76, new byte[] { (byte) '\n' });
output.write("-----BEGIN X509 CRL-----\n".getBytes());
writer.lock();
writer.write(encoder);
encoder.close();
filter.close();
output.write("-----END X509 CRL-----\n".getBytes());
output.close();
}
} catch (GeneralSecurityException e) {
// This should never actually happen
log.error("Unexpected security error occurred while retrieving CA key", e);
} catch (CryptoException e) {
// Something went horribly wrong with the stream writer
log.error("Unexpected error occurred while writing new CRL file", e);
} finally {
for (Closeable stream : Arrays.asList(encoder, output, reaper, input)) {
if (stream != null) {
try {
stream.close();
} catch (IOException e) {
log.error("Unexpected exception occurred while closing stream: {}", stream, e);
}
}
}
if (!strippedFile.delete()) {
log.error("Unable to delete temporary CRL file: {}", strippedFile);
}
}
}
Aggregations