Search in sources :

Example 81 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project jruby-openssl by jruby.

the class OCSPBasicResponse method sign.

@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
    Ruby runtime = context.getRuntime();
    int flag = 0;
    IRubyObject additionalCerts = context.nil;
    IRubyObject flags = context.nil;
    IRubyObject digest = context.nil;
    Digest digestInstance = new Digest(runtime, _Digest(runtime));
    List<X509CertificateHolder> addlCerts = new ArrayList<X509CertificateHolder>();
    switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
        case 3:
            additionalCerts = args[2];
            break;
        case 4:
            additionalCerts = args[2];
            flags = args[3];
            break;
        case 5:
            additionalCerts = args[2];
            flags = args[3];
            digest = args[4];
            break;
        default:
            break;
    }
    if (digest.isNil())
        digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
    if (!flags.isNil())
        flag = RubyFixnum.fix2int(flags);
    if (additionalCerts.isNil())
        flag |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS));
    X509Cert signer = (X509Cert) args[0];
    PKey signerKey = (PKey) args[1];
    String keyAlg = signerKey.getAlgorithm();
    String digAlg = ((Digest) digest).getShortAlgorithm();
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg);
    signerBuilder.setProvider("BC");
    ContentSigner contentSigner = null;
    try {
        contentSigner = signerBuilder.build(signerKey.getPrivateKey());
    } catch (OperatorCreationException e) {
        throw newOCSPError(runtime, e);
    }
    BasicOCSPRespBuilder respBuilder = null;
    try {
        if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_RESPID_KEY))) != 0) {
            JcaDigestCalculatorProviderBuilder dcpb = new JcaDigestCalculatorProviderBuilder();
            dcpb.setProvider("BC");
            DigestCalculatorProvider dcp = dcpb.build();
            DigestCalculator calculator = dcp.get(contentSigner.getAlgorithmIdentifier());
            respBuilder = new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(signerKey.getPublicKey().getEncoded()), calculator);
        } else {
            respBuilder = new BasicOCSPRespBuilder(new RespID(signer.getSubject().getX500Name()));
        }
    } catch (Exception e) {
        throw newOCSPError(runtime, e);
    }
    X509CertificateHolder[] chain = null;
    try {
        if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS))) == 0) {
            addlCerts.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
            if (!additionalCerts.isNil()) {
                Iterator<java.security.cert.Certificate> rubyAddlCerts = ((RubyArray) additionalCerts).iterator();
                while (rubyAddlCerts.hasNext()) {
                    java.security.cert.Certificate cert = rubyAddlCerts.next();
                    addlCerts.add(new X509CertificateHolder(cert.getEncoded()));
                }
            }
            chain = addlCerts.toArray(new X509CertificateHolder[addlCerts.size()]);
        }
    } catch (Exception e) {
        throw newOCSPError(runtime, e);
    }
    Date producedAt = null;
    if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOTIME))) == 0) {
        producedAt = new Date();
    }
    for (OCSPSingleResponse resp : singleResponses) {
        SingleResp singleResp = new SingleResp(resp.getBCSingleResp());
        respBuilder.addResponse(singleResp.getCertID(), singleResp.getCertStatus(), singleResp.getThisUpdate(), singleResp.getNextUpdate(), resp.getBCSingleResp().getSingleExtensions());
    }
    try {
        Extension[] respExtAry = new Extension[extensions.size()];
        Extensions respExtensions = new Extensions(extensions.toArray(respExtAry));
        BasicOCSPResp bcBasicOCSPResp = respBuilder.setResponseExtensions(respExtensions).build(contentSigner, chain, producedAt);
        asn1BCBasicOCSPResp = BasicOCSPResponse.getInstance(bcBasicOCSPResp.getEncoded());
    } catch (Exception e) {
        throw newOCSPError(runtime, e);
    }
    return this;
}
Also used : RubyArray(org.jruby.RubyArray) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) DigestCalculator(org.bouncycastle.operator.DigestCalculator) RubyString(org.jruby.RubyString) IRubyObject(org.jruby.runtime.builtin.IRubyObject) Extensions(org.bouncycastle.asn1.x509.Extensions) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) Ruby(org.jruby.Ruby) SingleResp(org.bouncycastle.cert.ocsp.SingleResp) Digest._Digest(org.jruby.ext.openssl.Digest._Digest) MessageDigest(java.security.MessageDigest) ContentSigner(org.bouncycastle.operator.ContentSigner) RubyFixnum(org.jruby.RubyFixnum) RaiseException(org.jruby.exceptions.RaiseException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) Date(java.util.Date) Extension(org.bouncycastle.asn1.x509.Extension) BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) RespID(org.bouncycastle.cert.ocsp.RespID) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 82 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project jruby-openssl by jruby.

the class OCSPCertificateId method initializeImpl.

private IRubyObject initializeImpl(final ThreadContext context, BigInteger serial, IRubyObject issuerCert, IRubyObject digest) {
    Ruby runtime = context.getRuntime();
    Digest rubyDigest = (Digest) digest;
    ASN1ObjectIdentifier oid = ASN1.sym2Oid(runtime, rubyDigest.getName().toLowerCase());
    AlgorithmIdentifier bcAlgId = new AlgorithmIdentifier(oid);
    BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider();
    DigestCalculator calc;
    try {
        calc = calculatorProvider.get(bcAlgId);
    } catch (OperatorCreationException e) {
        throw newOCSPError(runtime, e);
    }
    X509Cert rubyCert = (X509Cert) issuerCert;
    try {
        this.bcCertId = new CertificateID(calc, new X509CertificateHolder(rubyCert.getAuxCert().getEncoded()), serial).toASN1Primitive();
    } catch (Exception e) {
        throw newOCSPError(runtime, e);
    }
    return this;
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) Digest._Digest(org.jruby.ext.openssl.Digest._Digest) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) DigestCalculator(org.bouncycastle.operator.DigestCalculator) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) Ruby(org.jruby.Ruby) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RaiseException(org.jruby.exceptions.RaiseException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) IOException(java.io.IOException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 83 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project jruby-openssl by jruby.

the class OCSPRequest method sign.

@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
    final Ruby runtime = context.runtime;
    int flag = 0;
    IRubyObject additionalCerts = context.nil;
    IRubyObject flags = context.nil;
    IRubyObject digest = context.nil;
    Digest digestInstance = new Digest(runtime, _Digest(runtime));
    IRubyObject nocerts = (RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS);
    switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
        case 3:
            additionalCerts = args[2];
            break;
        case 4:
            additionalCerts = args[2];
            flags = args[3];
            break;
        case 5:
            additionalCerts = args[2];
            flags = args[3];
            digest = args[4];
            break;
        default:
            break;
    }
    if (digest.isNil())
        digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
    if (additionalCerts.isNil())
        flag |= RubyFixnum.fix2int(nocerts);
    if (!flags.isNil())
        flag = RubyFixnum.fix2int(flags);
    X509Cert signer = (X509Cert) args[0];
    PKey signerKey = (PKey) args[1];
    String keyAlg = signerKey.getAlgorithm();
    String digAlg = ((Digest) digest).getShortAlgorithm();
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg);
    signerBuilder.setProvider("BC");
    ContentSigner contentSigner = null;
    try {
        contentSigner = signerBuilder.build(signerKey.getPrivateKey());
    } catch (OperatorCreationException e) {
        throw newOCSPError(runtime, e);
    }
    OCSPReqBuilder builder = new OCSPReqBuilder();
    builder.setRequestorName(signer.getSubject().getX500Name());
    for (OCSPCertificateId certId : certificateIds) {
        builder.addRequest(new CertificateID(certId.getCertID()));
    }
    List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
    if (flag != RubyFixnum.fix2int(nocerts)) {
        try {
            certChain.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
            if (!additionalCerts.isNil()) {
                Iterator<java.security.cert.Certificate> certIt = ((RubyArray) additionalCerts).iterator();
                while (certIt.hasNext()) {
                    certChain.add(new X509CertificateHolder(certIt.next().getEncoded()));
                }
            }
        } catch (Exception e) {
            throw newOCSPError(runtime, e);
        }
    }
    X509CertificateHolder[] chain = new X509CertificateHolder[certChain.size()];
    certChain.toArray(chain);
    try {
        asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest.getInstance(builder.build(contentSigner, chain).getEncoded());
    } catch (Exception e) {
        throw newOCSPError(runtime, e);
    }
    if (nonce != null) {
        addNonceImpl();
    }
    return this;
}
Also used : RubyArray(org.jruby.RubyArray) Digest._Digest(org.jruby.ext.openssl.Digest._Digest) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) ContentSigner(org.bouncycastle.operator.ContentSigner) ArrayList(java.util.ArrayList) RubyString(org.jruby.RubyString) IRubyObject(org.jruby.runtime.builtin.IRubyObject) RubyFixnum(org.jruby.RubyFixnum) RaiseException(org.jruby.exceptions.RaiseException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) Ruby(org.jruby.Ruby) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 84 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project midpoint by Evolveum.

the class OidcClientModuleWebSecurityConfiguration method initializeProofKey.

private static void initializeProofKey(AbstractSimpleKeyType key, OidcAdditionalConfiguration.Builder builder) {
    if (key == null) {
        return;
    }
    PrivateKey pkey;
    try {
        pkey = getPrivateKey(key, protector);
    } catch (IOException | OperatorCreationException | PKCSException | EncryptionException e) {
        throw new OAuth2AuthenticationException(new OAuth2Error("missing_key"), "Unable get key from " + key, e);
    }
    if (!(pkey instanceof RSAPrivateKey)) {
        throw new OAuth2AuthenticationException(new OAuth2Error("missing_key"), "Unable get key from " + key);
    }
    PublicKey publicKey;
    try {
        Certificate certificate = getCertificate(key, protector);
        publicKey = certificate.getPublicKey();
    } catch (Base64Exception | EncryptionException | CertificateException e) {
        throw new OAuth2AuthenticationException(new OAuth2Error("missing_key"), "Unable get certificate from " + key, e);
    }
    builder.privateKey((RSAPrivateKey) pkey);
    builder.publicKey((RSAPublicKey) publicKey);
}
Also used : RSAPrivateKey(java.security.interfaces.RSAPrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) PKCSException(org.bouncycastle.pkcs.PKCSException) Base64Exception(org.apache.cxf.common.util.Base64Exception) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Certificate(java.security.cert.Certificate)

Example 85 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project midpoint by Evolveum.

the class SamlModuleWebSecurityConfiguration method getSaml2Credential.

public static Saml2X509Credential getSaml2Credential(ModuleSaml2SimpleKeyType key, boolean isActive) {
    if (key == null) {
        return null;
    }
    PrivateKey pkey;
    try {
        pkey = getPrivateKey(key, protector);
    } catch (IOException | OperatorCreationException | PKCSException | EncryptionException e) {
        throw new Saml2Exception("Unable get key from " + key, e);
    }
    Certificate certificate;
    try {
        certificate = getCertificate(key, protector);
    } catch (Base64Exception | EncryptionException | CertificateException e) {
        throw new Saml2Exception("Unable get certificate from " + key, e);
    }
    List<Saml2X509Credential.Saml2X509CredentialType> types = getTypesForKey(isActive, key.getType());
    return new Saml2X509Credential(pkey, (X509Certificate) certificate, types.toArray(new Saml2X509Credential.Saml2X509CredentialType[0]));
}
Also used : Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) CertificateException(java.security.cert.CertificateException) Saml2Exception(org.springframework.security.saml2.Saml2Exception) PKCSException(org.bouncycastle.pkcs.PKCSException) Base64Exception(org.apache.cxf.common.util.Base64Exception) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)93 IOException (java.io.IOException)52 ContentSigner (org.bouncycastle.operator.ContentSigner)40 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)38 CertificateException (java.security.cert.CertificateException)32 X509Certificate (java.security.cert.X509Certificate)31 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)23 Date (java.util.Date)21 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)20 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17 CMSException (org.bouncycastle.cms.CMSException)17 X500Name (org.bouncycastle.asn1.x500.X500Name)16 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)16 GeneralName (org.bouncycastle.asn1.x509.GeneralName)15 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14 CMSSignedData (org.bouncycastle.cms.CMSSignedData)12 GeneralSecurityException (java.security.GeneralSecurityException)11 BigInteger (java.math.BigInteger)10 NoSuchProviderException (java.security.NoSuchProviderException)10 CertificateEncodingException (java.security.cert.CertificateEncodingException)10