Search in sources :

Example 56 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class CaClientExample method generateEcKeypair.

protected static MyKeypair generateEcKeypair() throws GeneralSecurityException {
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC");
    ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
    kpGen.initialize(spec);
    KeyPair kp = kpGen.generateKeyPair();
    ECPublicKey pub = (ECPublicKey) kp.getPublic();
    byte[] keyData = new byte[65];
    keyData[0] = 4;
    copyArray(pub.getW().getAffineX().toByteArray(), keyData, 1, 32);
    copyArray(pub.getW().getAffineY().toByteArray(), keyData, 33, 32);
    AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, SECObjectIdentifiers.secp256r1);
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algId, keyData);
    return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
Also used : KeyPair(java.security.KeyPair) ECPublicKey(java.security.interfaces.ECPublicKey) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 57 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class OcspBenchRequestor method init.

public void init(OcspBenchmark responseHandler, String responderUrl, Certificate issuerCert, RequestOptions requestOptions, int queueSize) throws Exception {
    ParamUtil.requireNonNull("issuerCert", issuerCert);
    ParamUtil.requireNonNull("responseHandler", responseHandler);
    this.requestOptions = ParamUtil.requireNonNull("requestOptions", requestOptions);
    HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
    if (hashAlgo == null) {
        throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
    }
    this.issuerhashAlg = hashAlgo.getAlgorithmIdentifier();
    this.issuerNameHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubject().getEncoded()));
    this.issuerKeyHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
    List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
    if (prefSigAlgs == null || prefSigAlgs.size() == 0) {
        this.extensions = null;
    } else {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (AlgorithmIdentifier algId : prefSigAlgs) {
            ASN1Sequence prefSigAlgObj = new DERSequence(algId);
            vec.add(prefSigAlgObj);
        }
        ASN1Sequence extnValue = new DERSequence(vec);
        Extension extn;
        try {
            extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
        } catch (IOException ex) {
            throw new OcspRequestorException(ex.getMessage(), ex);
        }
        this.extensions = new Extension[] { extn };
    }
    URI uri = new URI(responderUrl);
    this.responderRawPathPost = uri.getRawPath();
    if (this.responderRawPathPost.endsWith("/")) {
        this.responderRawPathGet = this.responderRawPathPost;
    } else {
        this.responderRawPathGet = this.responderRawPathPost + "/";
    }
    this.httpClient = new HttpClient(responderUrl, responseHandler, queueSize);
    this.httpClient.start();
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) HashAlgo(org.xipki.security.HashAlgo) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IOException(java.io.IOException) URI(java.net.URI) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 58 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class CaClientExample method generateRsaKeypair.

protected static MyKeypair generateRsaKeypair() throws Exception {
    KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA");
    kpGen.initialize(2048);
    KeyPair kp = kpGen.generateKeyPair();
    RSAPublicKey pubKey = (RSAPublicKey) kp.getPublic();
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(pubKey.getModulus(), pubKey.getPublicExponent()));
    return new MyKeypair(kp.getPrivate(), subjectPublicKeyInfo);
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 59 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class RequestOptions method createPSSRSAParams.

// method createAlgId
// CHECKSTYLE:SKIP
public static RSASSAPSSparams createPSSRSAParams(ASN1ObjectIdentifier digestAlgOid) {
    int saltSize;
    if (X509ObjectIdentifiers.id_SHA1.equals(digestAlgOid)) {
        saltSize = 20;
    } else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOid)) {
        saltSize = 28;
    } else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOid)) {
        saltSize = 32;
    } else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOid)) {
        saltSize = 48;
    } else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOid)) {
        saltSize = 64;
    } else {
        throw new RuntimeException("unknown digest algorithm " + digestAlgOid);
    }
    AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(digestAlgOid, DERNull.INSTANCE);
    return new RSASSAPSSparams(digAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, digAlgId), new ASN1Integer(saltSize), RSASSAPSSparams.DEFAULT_TRAILER_FIELD);
}
Also used : RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 60 with AlgorithmIdentifier

use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project xipki by xipki.

the class RequestOptions method createAlgId.

private static AlgorithmIdentifier createAlgId(String algoName) {
    algoName = algoName.toUpperCase();
    ASN1ObjectIdentifier algOid = null;
    if ("SHA1WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
    } else if ("SHA256WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
    } else if ("SHA384WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha384WithRSAEncryption;
    } else if ("SHA512WITHRSA".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.sha512WithRSAEncryption;
    } else if ("SHA1WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
    } else if ("SHA256WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
    } else if ("SHA384WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
    } else if ("SHA512WITHECDSA".equals(algoName)) {
        algOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
    } else if ("SHA1WITHRSAANDMGF1".equals(algoName) || "SHA256WITHRSAANDMGF1".equals(algoName) || "SHA384WITHRSAANDMGF1".equals(algoName) || "SHA512WITHRSAANDMGF1".equals(algoName)) {
        algOid = PKCSObjectIdentifiers.id_RSASSA_PSS;
    } else {
        // should not happen
        throw new RuntimeException("Unsupported algorithm " + algoName);
    }
    ASN1Encodable params;
    if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algOid)) {
        ASN1ObjectIdentifier digestAlgOid = null;
        if ("SHA1WITHRSAANDMGF1".equals(algoName)) {
            digestAlgOid = X509ObjectIdentifiers.id_SHA1;
        } else if ("SHA256WITHRSAANDMGF1".equals(algoName)) {
            digestAlgOid = NISTObjectIdentifiers.id_sha256;
        } else if ("SHA384WITHRSAANDMGF1".equals(algoName)) {
            digestAlgOid = NISTObjectIdentifiers.id_sha384;
        } else {
            // if ("SHA512WITHRSAANDMGF1".equals(algoName))
            digestAlgOid = NISTObjectIdentifiers.id_sha512;
        }
        params = createPSSRSAParams(digestAlgOid);
    } else {
        params = DERNull.INSTANCE;
    }
    return new AlgorithmIdentifier(algOid, params);
}
Also used : ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)117 IOException (java.io.IOException)54 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)50 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)41 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)40 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)36 DERSequence (org.bouncycastle.asn1.DERSequence)34 BigInteger (java.math.BigInteger)30 X500Name (org.bouncycastle.asn1.x500.X500Name)30 X509Certificate (java.security.cert.X509Certificate)29 DEROctetString (org.bouncycastle.asn1.DEROctetString)29 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)26 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)21 Date (java.util.Date)20 KeyPair (java.security.KeyPair)19 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)19 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)19 ContentSigner (org.bouncycastle.operator.ContentSigner)17 KeyPairGenerator (java.security.KeyPairGenerator)15 CertificateEncodingException (java.security.cert.CertificateEncodingException)15