use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project jruby-openssl by jruby.
the class PKCS10Request method resetSignedRequest.
private void resetSignedRequest() {
if (signedRequest == null)
return;
CertificationRequest req = signedRequest.toASN1Structure();
CertificationRequestInfo reqInfo = new CertificationRequestInfo(subject, publicKeyInfo, req.getCertificationRequestInfo().getAttributes());
ASN1Sequence seq = (ASN1Sequence) req.toASN1Primitive();
req = new CertificationRequest(reqInfo, (AlgorithmIdentifier) seq.getObjectAt(1), (DERBitString) seq.getObjectAt(2));
// valid = true;
signedRequest = new PKCS10CertificationRequest(req);
}
use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project pac4j by pac4j.
the class SAML2ClientConfiguration method createKeystore.
private void createKeystore() {
try {
if (CommonHelper.isBlank(this.keyStoreAlias)) {
this.keyStoreAlias = getClass().getSimpleName();
LOGGER.warn("Using keystore alias {}", this.keyStoreAlias);
}
if (CommonHelper.isBlank(this.keyStoreType)) {
this.keyStoreType = KeyStore.getDefaultType();
LOGGER.warn("Using keystore type {}", this.keyStoreType);
}
final KeyStore ks = KeyStore.getInstance(this.keyStoreType);
final char[] password = this.keystorePassword.toCharArray();
ks.load(null, password);
final KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
final KeyPair kp = kpg.genKeyPair();
final String sigAlgName = "SHA1WithRSA";
final AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
final String dn = InetAddress.getLocalHost().getHostName();
final PrivateKey signingKey = kp.getPrivate();
final X509Certificate certificate = createSelfSignedCert(new X500Name("CN=" + dn), sigAlgName, sigAlgID, kp);
final char[] keyPassword = this.privateKeyPassword.toCharArray();
ks.setKeyEntry(this.keyStoreAlias, signingKey, keyPassword, new Certificate[] { certificate });
try (final FileOutputStream fos = new FileOutputStream(this.keystoreResource.getFile().getCanonicalPath())) {
ks.store(fos, password);
fos.flush();
}
LOGGER.info("Created keystore {} with key alias {} ", keystoreResource.getFile().getCanonicalPath(), ks.aliases().nextElement());
} catch (final Exception e) {
throw new SAMLException("Could not create keystore", e);
}
}
use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project pac4j by pac4j.
the class SAML2ClientConfiguration method createSelfSignedCert.
/**
* Generate a self-signed certificate for dn using the provided signature algorithm and key pair.
*
* @param dn X.500 name to associate with certificate issuer/subject.
* @param sigName name of the signature algorithm to use.
* @param sigAlgID algorithm ID associated with the signature algorithm name.
* @param keyPair the key pair to associate with the certificate.
* @return an X509Certificate containing the public key in keyPair.
* @throws Exception
*/
private X509Certificate createSelfSignedCert(X500Name dn, String sigName, AlgorithmIdentifier sigAlgID, KeyPair keyPair) throws Exception {
V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
certGen.setIssuer(dn);
certGen.setSubject(dn);
certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
final Calendar c = Calendar.getInstance();
c.setTime(new Date());
c.add(Calendar.YEAR, 1);
certGen.setEndDate(new Time(c.getTime()));
certGen.setSignature(sigAlgID);
certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
Signature sig = Signature.getInstance(sigName);
sig.initSign(keyPair.getPrivate());
sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
TBSCertificate tbsCert = certGen.generateTBSCertificate();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgID);
v.add(new DERBitString(sig.sign()));
X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
// check the certificate - this will confirm the encoded sig algorithm ID is correct.
cert.verify(keyPair.getPublic());
return cert;
}
use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project BiglyBT by BiglySoftware.
the class PKCS10CertificationRequest method getPublicKey.
public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
try {
X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId();
return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec);
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException("error encoding public key");
}
}
use of org.bouncycastle.asn1.x509.AlgorithmIdentifier in project BiglyBT by BiglySoftware.
the class JCEECPrivateKey method getEncoded.
/**
* Return a PKCS8 representation of the key. The sequence returned
* represents a full PrivateKeyInfo object.
*
* @return a PKCS8 representation of the key.
*/
@Override
public byte[] getEncoded() {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
DEROutputStream dOut = new DEROutputStream(bOut);
X962Parameters params = null;
if (ecSpec instanceof ECNamedCurveParameterSpec) {
params = new X962Parameters(X962NamedCurves.getOID(((ECNamedCurveParameterSpec) ecSpec).getName()));
} else {
X9ECParameters ecP = new X9ECParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN(), ecSpec.getH(), ecSpec.getSeed());
params = new X962Parameters(ecP);
}
PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), new ECPrivateKeyStructure(this.getD()).getDERObject());
try {
dOut.writeObject(info);
dOut.close();
} catch (IOException e) {
throw new RuntimeException("Error encoding EC private key");
}
return bOut.toByteArray();
}
Aggregations