Example 21 with SubjectKeyIdentifier
use of org.bouncycastle.asn1.x509.SubjectKeyIdentifier in project keystore-explorer by kaikramer.
the class DSubjectKeyIdentifier method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);
jkiKeyIdentifier.setKeyIdentifier(subjectKeyIdentifier.getKeyIdentifier());
}
Also used :
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
Example 22 with SubjectKeyIdentifier
use of org.bouncycastle.asn1.x509.SubjectKeyIdentifier in project runwar by cfmlprojects.
the class SelfSignedCertificate method createSubjectKeyIdentifier.
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key publicKey) throws IOException {
try (ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded()))) {
ASN1Sequence seq = (ASN1Sequence) is.readObject();
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(seq);
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Example 23 with SubjectKeyIdentifier
use of org.bouncycastle.asn1.x509.SubjectKeyIdentifier in project jasn1 by openmuc.
the class InitiateAuthenticationOkEs9 method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int codeLength = 0;
int subCodeLength = 0;
BerTag berTag = new BerTag();
if (withTag) {
codeLength += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
codeLength += length.decode(is);
int totalLength = length.val;
if (totalLength == -1) {
subCodeLength += berTag.decode(is);
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.PRIMITIVE, 0)) {
transactionId = new TransactionId();
subCodeLength += transactionId.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
subCodeLength += serverSigned1.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
subCodeLength += serverSignature1.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
subCodeLength += euiccCiPKIdToBeUsed.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
subCodeLength += serverCertificate.decode(is, false);
subCodeLength += berTag.decode(is);
}
int nextByte = is.read();
if (berTag.tagNumber != 0 || berTag.tagClass != 0 || berTag.primitive != 0 || nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
codeLength += totalLength;
subCodeLength += berTag.decode(is);
if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.PRIMITIVE, 0)) {
transactionId = new TransactionId();
subCodeLength += transactionId.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
subCodeLength += serverSigned1.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
subCodeLength += serverSignature1.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
subCodeLength += euiccCiPKIdToBeUsed.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
subCodeLength += serverCertificate.decode(is, false);
if (subCodeLength == totalLength) {
return codeLength;
}
}
throw new IOException("Unexpected end of sequence, length tag: " + totalLength + ", actual sequence length: " + subCodeLength);
}
Also used :
EOFException(java.io.EOFException)
IOException(java.io.IOException)
SubjectKeyIdentifier(org.openmuc.jasn1.compiler.pkix1implicit88.SubjectKeyIdentifier)
Certificate(org.openmuc.jasn1.compiler.pkix1explicit88.Certificate)
Example 24 with SubjectKeyIdentifier
use of org.bouncycastle.asn1.x509.SubjectKeyIdentifier in project jasn1 by openmuc.
the class AuthenticateServerRequest method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int codeLength = 0;
int subCodeLength = 0;
BerTag berTag = new BerTag();
if (withTag) {
codeLength += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
codeLength += length.decode(is);
int totalLength = length.val;
if (totalLength == -1) {
subCodeLength += berTag.decode(is);
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
subCodeLength += serverSigned1.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
subCodeLength += serverSignature1.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
subCodeLength += euiccCiPKIdToBeUsed.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
subCodeLength += serverCertificate.decode(is, false);
subCodeLength += berTag.decode(is);
}
if (berTag.tagNumber == 0 && berTag.tagClass == 0 && berTag.primitive == 0) {
int nextByte = is.read();
if (nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
ctxParams1 = new CtxParams1();
int choiceDecodeLength = ctxParams1.decode(is, berTag);
if (choiceDecodeLength != 0) {
subCodeLength += choiceDecodeLength;
subCodeLength += berTag.decode(is);
} else {
ctxParams1 = null;
}
int nextByte = is.read();
if (berTag.tagNumber != 0 || berTag.tagClass != 0 || berTag.primitive != 0 || nextByte != 0) {
if (nextByte == -1) {
throw new EOFException("Unexpected end of input stream.");
}
throw new IOException("Decoded sequence has wrong end of contents octets");
}
codeLength += subCodeLength + 1;
return codeLength;
}
codeLength += totalLength;
subCodeLength += berTag.decode(is);
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
subCodeLength += serverSigned1.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
subCodeLength += serverSignature1.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
subCodeLength += euiccCiPKIdToBeUsed.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
subCodeLength += serverCertificate.decode(is, false);
subCodeLength += berTag.decode(is);
} else {
throw new IOException("Tag does not match the mandatory sequence element tag.");
}
ctxParams1 = new CtxParams1();
subCodeLength += ctxParams1.decode(is, berTag);
if (subCodeLength == totalLength) {
return codeLength;
}
throw new IOException("Unexpected end of sequence, length tag: " + totalLength + ", actual sequence length: " + subCodeLength);
}
Also used :
EOFException(java.io.EOFException)
IOException(java.io.IOException)
SubjectKeyIdentifier(org.openmuc.jasn1.compiler.pkix1implicit88.SubjectKeyIdentifier)
Certificate(org.openmuc.jasn1.compiler.pkix1explicit88.Certificate)
Example 25 with SubjectKeyIdentifier
use of org.bouncycastle.asn1.x509.SubjectKeyIdentifier in project credhub by cloudfoundry-incubator.
the class SignedCertificateGenerator method getSignedByIssuer.
private X509Certificate getSignedByIssuer(X509Certificate issuerCertificate, PrivateKey issuerKey, X500Principal issuerDn, SubjectKeyIdentifier caSubjectKeyIdentifier, KeyPair keyPair, CertificateGenerationParameters params) throws Exception {
Instant now = timeProvider.getNow().toInstant();
BigInteger certificateSerialNumber = serialNumberGenerator.generate();
BigInteger caSerialNumber = issuerCertificate != null ? issuerCertificate.getSerialNumber() : certificateSerialNumber;
final JcaX509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(issuerDn, certificateSerialNumber, Date.from(now), Date.from(now.plus(Duration.ofDays(params.getDuration()))), params.getX500Principal(), keyPair.getPublic());
certificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, getSubjectKeyIdentifierFromKeyInfo(keyPair.getPublic()));
if (params.getAlternativeNames() != null) {
certificateBuilder.addExtension(Extension.subjectAlternativeName, false, params.getAlternativeNames());
}
if (params.getKeyUsage() != null) {
certificateBuilder.addExtension(Extension.keyUsage, true, params.getKeyUsage());
}
if (params.getExtendedKeyUsage() != null) {
certificateBuilder.addExtension(Extension.extendedKeyUsage, false, params.getExtendedKeyUsage());
}
if (caSubjectKeyIdentifier.getKeyIdentifier() != null) {
PublicKey issuerPublicKey = issuerCertificate != null ? issuerCertificate.getPublicKey() : keyPair.getPublic();
AuthorityKeyIdentifier authorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(issuerPublicKey, issuerDn, caSerialNumber);
certificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
}
certificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(params.isCa()));
ContentSigner contentSigner = jcaContentSignerBuilder.build(issuerKey);
X509CertificateHolder holder = certificateBuilder.build(contentSigner);
return jcaX509CertificateConverter.getCertificate(holder);
}
Also used :
PublicKey(java.security.PublicKey)
Instant(java.time.Instant)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
BigInteger(java.math.BigInteger)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Aggregations
SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)18
X509Certificate (java.security.cert.X509Certificate)9
IOException (java.io.IOException)7
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)7
CertificateException (java.security.cert.CertificateException)6
GeneralName (org.bouncycastle.asn1.x509.GeneralName)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
Date (java.util.Date)5
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)5
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)5
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)5
BigInteger (java.math.BigInteger)4
KeyPair (java.security.KeyPair)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
Extension (org.bouncycastle.asn1.x509.Extension)4
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)4
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)4
