Search in sources :

Example 1 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project oxAuth by GluuFederation.

the class JwtUtil method getPublicKey.

public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
    log.debug("Retrieving JWK...");
    JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
    if (jsonKeyValue == null) {
        return null;
    }
    org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
    try {
        String resultKeyId = jsonKeyValue.getString(KEY_ID);
        if (signatureAlgorithm == null) {
            signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
            if (signatureAlgorithm == null) {
                log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
                return null;
            }
        }
        JSONObject jsonPublicKey = jsonKeyValue;
        if (jsonKeyValue.has(PUBLIC_KEY)) {
            // Use internal jwks.json format
            jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
        }
        if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
            //String alg = jsonKeyValue.getString(ALGORITHM);
            //String use = jsonKeyValue.getString(KEY_USE);
            String exp = jsonPublicKey.getString(EXPONENT);
            String mod = jsonPublicKey.getString(MODULUS);
            BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
            BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
            publicKey = new RSAPublicKey(modulus, publicExponent);
        } else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
            //String alg = jsonKeyValue.getString(ALGORITHM);
            //String use = jsonKeyValue.getString(KEY_USE);
            //String crv = jsonKeyValue.getString(CURVE);
            String xx = jsonPublicKey.getString(X);
            String yy = jsonPublicKey.getString(Y);
            BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
            BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
            publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
        }
        if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
            final String BEGIN = "-----BEGIN CERTIFICATE-----";
            final String END = "-----END CERTIFICATE-----";
            JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
            String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
            StringReader sr = new StringReader(certificateString);
            PEMParser pemReader = new PEMParser(sr);
            X509Certificate cert = (X509CertificateObject) pemReader.readObject();
            Certificate certificate = new Certificate(signatureAlgorithm, cert);
            publicKey.setCertificate(certificate);
        }
        if (publicKey != null) {
            publicKey.setKeyId(resultKeyId);
            publicKey.setSignatureAlgorithm(signatureAlgorithm);
        }
    } catch (Exception ex) {
        log.error(ex.getMessage(), ex);
    }
    return publicKey;
}
Also used : JSONArray(org.codehaus.jettison.json.JSONArray) PublicKey(org.xdi.oxauth.model.crypto.PublicKey) X509Certificate(java.security.cert.X509Certificate) UnsupportedEncodingException(java.io.UnsupportedEncodingException) JSONObject(org.codehaus.jettison.json.JSONObject) RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) StringReader(java.io.StringReader) BigInteger(java.math.BigInteger) ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey) X509Certificate(java.security.cert.X509Certificate) Certificate(org.xdi.oxauth.model.crypto.Certificate)

Example 2 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project XobotOS by xamarin.

the class X509V3CertificateGenerator method generateJcaObject.

private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature) throws CertificateParsingException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERBitString(org.bouncycastle.asn1.DERBitString) X509CertificateStructure(org.bouncycastle.asn1.x509.X509CertificateStructure)

Example 3 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project XobotOS by xamarin.

the class X509V1CertificateGenerator method generateJcaObject.

private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature) throws CertificateEncodingException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    try {
        return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
    } catch (CertificateParsingException e) {
        throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) CertificateParsingException(java.security.cert.CertificateParsingException) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERBitString(org.bouncycastle.asn1.DERBitString) X509CertificateStructure(org.bouncycastle.asn1.x509.X509CertificateStructure)

Example 4 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project oxAuth by GluuFederation.

the class JwtUtil method getPublicKey.

public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
    log.debug("Retrieving JWK...");
    JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
    if (jsonKeyValue == null) {
        return null;
    }
    org.gluu.oxauth.model.crypto.PublicKey publicKey = null;
    try {
        String resultKeyId = jsonKeyValue.getString(KEY_ID);
        if (signatureAlgorithm == null) {
            signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
            if (signatureAlgorithm == null) {
                log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
                return null;
            }
        }
        JSONObject jsonPublicKey = jsonKeyValue;
        if (jsonKeyValue.has(PUBLIC_KEY)) {
            // Use internal jwks.json format
            jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
        }
        if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
            // String alg = jsonKeyValue.getString(ALGORITHM);
            // String use = jsonKeyValue.getString(KEY_USE);
            String exp = jsonPublicKey.getString(EXPONENT);
            String mod = jsonPublicKey.getString(MODULUS);
            BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
            BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
            publicKey = new RSAPublicKey(modulus, publicExponent);
        } else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
            // String alg = jsonKeyValue.getString(ALGORITHM);
            // String use = jsonKeyValue.getString(KEY_USE);
            // String crv = jsonKeyValue.getString(CURVE);
            String xx = jsonPublicKey.getString(X);
            String yy = jsonPublicKey.getString(Y);
            BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
            BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
            publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
        }
        if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
            final String BEGIN = "-----BEGIN CERTIFICATE-----";
            final String END = "-----END CERTIFICATE-----";
            JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
            String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
            StringReader sr = new StringReader(certificateString);
            PEMParser pemReader = new PEMParser(sr);
            X509Certificate cert = (X509CertificateObject) pemReader.readObject();
            Certificate certificate = new Certificate(signatureAlgorithm, cert);
            publicKey.setCertificate(certificate);
        }
        if (publicKey != null) {
            publicKey.setKeyId(resultKeyId);
            publicKey.setSignatureAlgorithm(signatureAlgorithm);
        }
    } catch (Exception ex) {
        log.error(ex.getMessage(), ex);
    }
    return publicKey;
}
Also used : JSONArray(org.json.JSONArray) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NoSuchProviderException(java.security.NoSuchProviderException) PublicKey(org.gluu.oxauth.model.crypto.PublicKey) JSONObject(org.json.JSONObject) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) StringReader(java.io.StringReader) BigInteger(java.math.BigInteger) ECDSAPublicKey(org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey) X509Certificate(java.security.cert.X509Certificate) Certificate(org.gluu.oxauth.model.crypto.Certificate)

Example 5 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project robovm by robovm.

the class X509V1CertificateGenerator method generateJcaObject.

private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateEncodingException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    try {
        return new X509CertificateObject(Certificate.getInstance(new DERSequence(v)));
    } catch (CertificateParsingException e) {
        throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) CertificateParsingException(java.security.cert.CertificateParsingException) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERBitString(org.bouncycastle.asn1.DERBitString)

Aggregations

X509CertificateObject (org.bouncycastle.jce.provider.X509CertificateObject)8 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4 DERBitString (org.bouncycastle.asn1.DERBitString)4 DERSequence (org.bouncycastle.asn1.DERSequence)4 CertificateParsingException (java.security.cert.CertificateParsingException)3 PEMParser (org.bouncycastle.openssl.PEMParser)3 IOException (java.io.IOException)2 StringReader (java.io.StringReader)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 BigInteger (java.math.BigInteger)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 X509Certificate (java.security.cert.X509Certificate)2 X509CertificateStructure (org.bouncycastle.asn1.x509.X509CertificateStructure)2 HashAlgorithm (de.rub.nds.tlsattacker.core.constants.HashAlgorithm)1 SignatureAlgorithm (de.rub.nds.tlsattacker.core.constants.SignatureAlgorithm)1 SignatureAndHashAlgorithm (de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm)1 BufferedReader (java.io.BufferedReader)1 InputStreamReader (java.io.InputStreamReader)1 NoSuchProviderException (java.security.NoSuchProviderException)1 SneakyThrows (lombok.SneakyThrows)1