Search in sources :

Example 31 with SubjectPublicKeyInfo

use of org.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project XobotOS by xamarin.

the class V1TBSCertificateGenerator method generateTBSCertificate.

public TBSCertificateStructure generateTBSCertificate() {
    if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null) || (subjectPublicKeyInfo == null)) {
        throw new IllegalStateException("not all mandatory fields set in V1 TBScertificate generator");
    }
    ASN1EncodableVector seq = new ASN1EncodableVector();
    // seq.add(version); - not required as default value.
    seq.add(serialNumber);
    seq.add(signature);
    seq.add(issuer);
    //
    // before and after dates
    //
    ASN1EncodableVector validity = new ASN1EncodableVector();
    validity.add(startDate);
    validity.add(endDate);
    seq.add(new DERSequence(validity));
    seq.add(subject);
    seq.add(subjectPublicKeyInfo);
    return new TBSCertificateStructure(new DERSequence(seq));
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 32 with SubjectPublicKeyInfo

use of org.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project XobotOS by xamarin.

the class V3TBSCertificateGenerator method generateTBSCertificate.

public TBSCertificateStructure generateTBSCertificate() {
    if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) {
        throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
    }
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(version);
    v.add(serialNumber);
    v.add(signature);
    v.add(issuer);
    //
    // before and after dates
    //
    ASN1EncodableVector validity = new ASN1EncodableVector();
    validity.add(startDate);
    validity.add(endDate);
    v.add(new DERSequence(validity));
    if (subject != null) {
        v.add(subject);
    } else {
        v.add(new DERSequence());
    }
    v.add(subjectPublicKeyInfo);
    if (issuerUniqueID != null) {
        v.add(new DERTaggedObject(false, 1, issuerUniqueID));
    }
    if (subjectUniqueID != null) {
        v.add(new DERTaggedObject(false, 2, subjectUniqueID));
    }
    if (extensions != null) {
        v.add(new DERTaggedObject(3, extensions));
    }
    return new TBSCertificateStructure(new DERSequence(v));
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 33 with SubjectPublicKeyInfo

use of org.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project cloudstack by apache.

the class ClientNtlmsspPubKeyAuth method getServerPublicKey.

private byte[] getServerPublicKey() {
    // SSL certificate public key with algorithm
    ByteBuffer subjectPublicKeyInfo = new ByteBuffer(sslState.serverCertificateSubjectPublicKeyInfo);
    // Parse subjectPublicKeyInfo
    SubjectPublicKeyInfo parser = new SubjectPublicKeyInfo("SubjectPublicKeyInfo");
    parser.readTag(subjectPublicKeyInfo);
    // Copy subjectPublicKey subfield to separate byte buffer
    ByteBuffer subjectPublicKey = new ByteBuffer(subjectPublicKeyInfo.length);
    parser.subjectPublicKey.writeTag(subjectPublicKey);
    subjectPublicKeyInfo.unref();
    subjectPublicKey.trimAtCursor();
    // Skip tag:
    // 03 82 01 0f (tag) 00 (padding byte)
    // FIXME: parse it properly
    subjectPublicKey.trimHeader(5);
    // * DEBUG */System.out.println("DEBUG: subjectPublicKey:\n" +
    // subjectPublicKey.dump());
    ntlmState.subjectPublicKey = subjectPublicKey.toByteArray();
    return ntlmState.subjectPublicKey;
}
Also used : ByteBuffer(streamer.ByteBuffer) SubjectPublicKeyInfo(rdpclient.ntlmssp.asn1.SubjectPublicKeyInfo)

Example 34 with SubjectPublicKeyInfo

use of org.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project poi by apache.

the class PkiTestUtils method generateCertificate.

static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, Date notBefore, Date notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri, String ocspUri, KeyUsage keyUsage) throws IOException, OperatorCreationException, CertificateException {
    String signatureAlgorithm = "SHA1withRSA";
    X500Name issuerName;
    if (issuerCertificate != null) {
        issuerName = new X509CertificateHolder(issuerCertificate.getEncoded()).getIssuer();
    } else {
        issuerName = new X500Name(subjectDn);
    }
    RSAPublicKey rsaPubKey = (RSAPublicKey) subjectPublicKey;
    RSAKeyParameters rsaSpec = new RSAKeyParameters(false, rsaPubKey.getModulus(), rsaPubKey.getPublicExponent());
    SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(rsaSpec);
    DigestCalculator digestCalc = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1);
    X509v3CertificateBuilder certificateGenerator = new X509v3CertificateBuilder(issuerName, new BigInteger(128, new SecureRandom()), notBefore, notAfter, new X500Name(subjectDn), subjectPublicKeyInfo);
    X509ExtensionUtils exUtils = new X509ExtensionUtils(digestCalc);
    SubjectKeyIdentifier subKeyId = exUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
    AuthorityKeyIdentifier autKeyId = (issuerCertificate != null) ? exUtils.createAuthorityKeyIdentifier(new X509CertificateHolder(issuerCertificate.getEncoded())) : exUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo);
    certificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, subKeyId);
    certificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, autKeyId);
    if (caFlag) {
        BasicConstraints bc;
        if (-1 == pathLength) {
            bc = new BasicConstraints(true);
        } else {
            bc = new BasicConstraints(pathLength);
        }
        certificateGenerator.addExtension(Extension.basicConstraints, false, bc);
    }
    if (null != crlUri) {
        int uri = GeneralName.uniformResourceIdentifier;
        DERIA5String crlUriDer = new DERIA5String(crlUri);
        GeneralName gn = new GeneralName(uri, crlUriDer);
        DERSequence gnDer = new DERSequence(gn);
        GeneralNames gns = GeneralNames.getInstance(gnDer);
        DistributionPointName dpn = new DistributionPointName(0, gns);
        DistributionPoint distp = new DistributionPoint(dpn, null, null);
        DERSequence distpDer = new DERSequence(distp);
        certificateGenerator.addExtension(Extension.cRLDistributionPoints, false, distpDer);
    }
    if (null != ocspUri) {
        int uri = GeneralName.uniformResourceIdentifier;
        GeneralName ocspName = new GeneralName(uri, ocspUri);
        AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, ocspName);
        certificateGenerator.addExtension(Extension.authorityInfoAccess, false, authorityInformationAccess);
    }
    if (null != keyUsage) {
        certificateGenerator.addExtension(Extension.keyUsage, true, keyUsage);
    }
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
    signerBuilder.setProvider("BC");
    X509CertificateHolder certHolder = certificateGenerator.build(signerBuilder.build(issuerPrivateKey));
    //                        .getEncoded()));
    return new JcaX509CertificateConverter().getCertificate(certHolder);
}
Also used : AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) DigestCalculator(org.bouncycastle.operator.DigestCalculator) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERSequence(org.bouncycastle.asn1.DERSequence) RSAPublicKey(java.security.interfaces.RSAPublicKey) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) DistributionPointName(org.bouncycastle.asn1.x509.DistributionPointName) SecureRandom(java.security.SecureRandom) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Aggregations

SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)16 IOException (java.io.IOException)13 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)9 X962Parameters (org.bouncycastle.asn1.x9.X962Parameters)8 X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)8 X9ECPoint (org.bouncycastle.asn1.x9.X9ECPoint)8 BigInteger (java.math.BigInteger)7 DEROctetString (org.bouncycastle.asn1.DEROctetString)7 DERSequence (org.bouncycastle.asn1.DERSequence)7 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)6 DERBitString (org.bouncycastle.asn1.DERBitString)6 X500Name (org.bouncycastle.asn1.x500.X500Name)6 ECNamedCurveSpec (org.bouncycastle.jce.spec.ECNamedCurveSpec)6 ECCurve (org.bouncycastle.math.ec.ECCurve)6 Date (java.util.Date)5 PublicKey (java.security.PublicKey)4 X509Certificate (java.security.cert.X509Certificate)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)4 AlgorithmIdentifier (org.apache.harmony.security.x509.AlgorithmIdentifier)4