Examples with X509CertificateObject - org.bouncycastle.jce.provider.X509CertificateObject

Example 6 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project robovm by robovm.

the class X509V3CertificateGenerator method generateJcaObject.

private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateParsingException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    return new X509CertificateObject(Certificate.getInstance(new DERSequence(v)));
}

Also used : DERSequence(org.bouncycastle.asn1.DERSequence) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) DERBitString(org.bouncycastle.asn1.DERBitString)

Example 7 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project cas by apereo.

the class WsFederationHelper method getEncryptionCredential.

/**
 * Gets encryption credential.
 * The encryption private key will need to contain the private keypair in PEM format.
 * The encryption certificate is shared with ADFS in DER format, i.e certificate.crt.
 *
 * @param config the config
 * @return the encryption credential
 */
@SneakyThrows
private static Credential getEncryptionCredential(final WsFederationConfiguration config) {
    LOGGER.debug("Locating encryption credential private key [{}]", config.getEncryptionPrivateKey());
    val br = new BufferedReader(new InputStreamReader(config.getEncryptionPrivateKey().getInputStream(), StandardCharsets.UTF_8));
    Security.addProvider(new BouncyCastleProvider());
    LOGGER.debug("Parsing credential private key");
    try (val pemParser = new PEMParser(br)) {
        val privateKeyPemObject = pemParser.readObject();
        val converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
        val kp = FunctionUtils.doIf(Predicates.instanceOf(PEMEncryptedKeyPair.class), Unchecked.supplier(() -> {
            LOGGER.debug("Encryption private key is an encrypted keypair");
            val ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
            val decProv = new JcePEMDecryptorProviderBuilder().build(config.getEncryptionPrivateKeyPassword().toCharArray());
            LOGGER.debug("Attempting to decrypt the encrypted keypair based on the provided encryption private key password");
            return converter.getKeyPair(ckp.decryptKeyPair(decProv));
        }), Unchecked.supplier(() -> {
            LOGGER.debug("Extracting a keypair from the private key");
            return converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
        })).apply(privateKeyPemObject);
        val certParser = new X509CertParser();
        LOGGER.debug("Locating encryption certificate [{}]", config.getEncryptionCertificate());
        certParser.engineInit(config.getEncryptionCertificate().getInputStream());
        LOGGER.debug("Invoking certificate engine to parse the certificate [{}]", config.getEncryptionCertificate());
        val cert = (X509CertificateObject) certParser.engineRead();
        LOGGER.debug("Creating final credential based on the certificate [{}] and the private key", cert.getIssuerDN());
        return new BasicX509Credential(cert, kp.getPrivate());
    }
}

Also used : lombok.val(lombok.val) X509CertParser(org.bouncycastle.jce.provider.X509CertParser) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) InputStreamReader(java.io.InputStreamReader) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) BufferedReader(java.io.BufferedReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) SneakyThrows(lombok.SneakyThrows)

Example 8 with X509CertificateObject

use of org.bouncycastle.jce.provider.X509CertificateObject in project TLS-Scanner by RUB-NDS.

the class CertificateReportGenerator method setSignatureAndHashAlgorithm.

private static void setSignatureAndHashAlgorithm(CertificateReportImplementation report, org.bouncycastle.asn1.x509.Certificate cert) {
    String sigAndHashString = null;
    try {
        X509CertificateObject x509Cert = new X509CertificateObject(cert);
        sigAndHashString = x509Cert.getSigAlgName();
        if (sigAndHashString != null) {
            String[] algos = sigAndHashString.toUpperCase().split("WITH");
            if (algos.length != 2) {
                LOGGER.warn("Could not parse " + sigAndHashString + " into a reasonable SignatureAndHash algorithm");
                return;
            }
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.valueOf(algos[1]);
            HashAlgorithm hashAlgorithm = HashAlgorithm.valueOf(algos[0]);
            if (hashAlgorithm == null) {
                LOGGER.warn("Parsed an unknown HashAlgorithm");
                return;
            }
            if (signatureAlgorithm == null) {
                LOGGER.warn("Parsed an unknown SignatureAlgorithm");
                return;
            }
            SignatureAndHashAlgorithm sigHashAlgo = new SignatureAndHashAlgorithm(signatureAlgorithm, hashAlgorithm);
            report.setSignatureAndHashAlgorithm(sigHashAlgo);
        }
    } catch (Exception E) {
        LOGGER.debug("Could not extraxt SignatureAndHashAlgorithm from String:" + sigAndHashString, E);
    }
}

Also used : X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) SignatureAlgorithm(de.rub.nds.tlsattacker.core.constants.SignatureAlgorithm) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SignatureAndHashAlgorithm(de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm) HashAlgorithm(de.rub.nds.tlsattacker.core.constants.HashAlgorithm) SignatureAndHashAlgorithm(de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm)

Aggregations

X509CertificateObject (org.bouncycastle.jce.provider.X509CertificateObject)8 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4 DERBitString (org.bouncycastle.asn1.DERBitString)4 DERSequence (org.bouncycastle.asn1.DERSequence)4 CertificateParsingException (java.security.cert.CertificateParsingException)3 PEMParser (org.bouncycastle.openssl.PEMParser)3 IOException (java.io.IOException)2 StringReader (java.io.StringReader)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 BigInteger (java.math.BigInteger)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 X509Certificate (java.security.cert.X509Certificate)2 X509CertificateStructure (org.bouncycastle.asn1.x509.X509CertificateStructure)2 HashAlgorithm (de.rub.nds.tlsattacker.core.constants.HashAlgorithm)1 SignatureAlgorithm (de.rub.nds.tlsattacker.core.constants.SignatureAlgorithm)1 SignatureAndHashAlgorithm (de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm)1 BufferedReader (java.io.BufferedReader)1 InputStreamReader (java.io.InputStreamReader)1 NoSuchProviderException (java.security.NoSuchProviderException)1 SneakyThrows (lombok.SneakyThrows)1