use of org.bouncycastle.operator.OperatorCreationException in project jruby-openssl by jruby.
the class OCSPBasicResponse method sign.
@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
Ruby runtime = context.getRuntime();
int flag = 0;
IRubyObject additionalCerts = context.nil;
IRubyObject flags = context.nil;
IRubyObject digest = context.nil;
Digest digestInstance = new Digest(runtime, _Digest(runtime));
List<X509CertificateHolder> addlCerts = new ArrayList<X509CertificateHolder>();
switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
case 3:
additionalCerts = args[2];
break;
case 4:
additionalCerts = args[2];
flags = args[3];
break;
case 5:
additionalCerts = args[2];
flags = args[3];
digest = args[4];
break;
default:
break;
}
if (digest.isNil())
digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
if (!flags.isNil())
flag = RubyFixnum.fix2int(flags);
if (additionalCerts.isNil())
flag |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS));
X509Cert signer = (X509Cert) args[0];
PKey signerKey = (PKey) args[1];
String keyAlg = signerKey.getAlgorithm();
String digAlg = ((Digest) digest).getShortAlgorithm();
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg);
signerBuilder.setProvider("BC");
ContentSigner contentSigner = null;
try {
contentSigner = signerBuilder.build(signerKey.getPrivateKey());
} catch (OperatorCreationException e) {
throw newOCSPError(runtime, e);
}
BasicOCSPRespBuilder respBuilder = null;
try {
if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_RESPID_KEY))) != 0) {
JcaDigestCalculatorProviderBuilder dcpb = new JcaDigestCalculatorProviderBuilder();
dcpb.setProvider("BC");
DigestCalculatorProvider dcp = dcpb.build();
DigestCalculator calculator = dcp.get(contentSigner.getAlgorithmIdentifier());
respBuilder = new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(signerKey.getPublicKey().getEncoded()), calculator);
} else {
respBuilder = new BasicOCSPRespBuilder(new RespID(signer.getSubject().getX500Name()));
}
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
X509CertificateHolder[] chain = null;
try {
if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS))) == 0) {
addlCerts.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
if (!additionalCerts.isNil()) {
Iterator<java.security.cert.Certificate> rubyAddlCerts = ((RubyArray) additionalCerts).iterator();
while (rubyAddlCerts.hasNext()) {
java.security.cert.Certificate cert = rubyAddlCerts.next();
addlCerts.add(new X509CertificateHolder(cert.getEncoded()));
}
}
chain = addlCerts.toArray(new X509CertificateHolder[addlCerts.size()]);
}
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
Date producedAt = null;
if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOTIME))) == 0) {
producedAt = new Date();
}
for (OCSPSingleResponse resp : singleResponses) {
SingleResp singleResp = new SingleResp(resp.getBCSingleResp());
respBuilder.addResponse(singleResp.getCertID(), singleResp.getCertStatus(), singleResp.getThisUpdate(), singleResp.getNextUpdate(), resp.getBCSingleResp().getSingleExtensions());
}
try {
Extension[] respExtAry = new Extension[extensions.size()];
Extensions respExtensions = new Extensions(extensions.toArray(respExtAry));
BasicOCSPResp bcBasicOCSPResp = respBuilder.setResponseExtensions(respExtensions).build(contentSigner, chain, producedAt);
asn1BCBasicOCSPResp = BasicOCSPResponse.getInstance(bcBasicOCSPResp.getEncoded());
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
return this;
}
use of org.bouncycastle.operator.OperatorCreationException in project jruby-openssl by jruby.
the class OCSPCertificateId method initializeImpl.
private IRubyObject initializeImpl(final ThreadContext context, BigInteger serial, IRubyObject issuerCert, IRubyObject digest) {
Ruby runtime = context.getRuntime();
Digest rubyDigest = (Digest) digest;
ASN1ObjectIdentifier oid = ASN1.sym2Oid(runtime, rubyDigest.getName().toLowerCase());
AlgorithmIdentifier bcAlgId = new AlgorithmIdentifier(oid);
BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider();
DigestCalculator calc;
try {
calc = calculatorProvider.get(bcAlgId);
} catch (OperatorCreationException e) {
throw newOCSPError(runtime, e);
}
X509Cert rubyCert = (X509Cert) issuerCert;
try {
this.bcCertId = new CertificateID(calc, new X509CertificateHolder(rubyCert.getAuxCert().getEncoded()), serial).toASN1Primitive();
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
return this;
}
use of org.bouncycastle.operator.OperatorCreationException in project jruby-openssl by jruby.
the class OCSPRequest method sign.
@JRubyMethod(name = "sign", rest = true)
public IRubyObject sign(final ThreadContext context, IRubyObject[] args) {
final Ruby runtime = context.runtime;
int flag = 0;
IRubyObject additionalCerts = context.nil;
IRubyObject flags = context.nil;
IRubyObject digest = context.nil;
Digest digestInstance = new Digest(runtime, _Digest(runtime));
IRubyObject nocerts = (RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS);
switch(Arity.checkArgumentCount(runtime, args, 2, 5)) {
case 3:
additionalCerts = args[2];
break;
case 4:
additionalCerts = args[2];
flags = args[3];
break;
case 5:
additionalCerts = args[2];
flags = args[3];
digest = args[4];
break;
default:
break;
}
if (digest.isNil())
digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") });
if (additionalCerts.isNil())
flag |= RubyFixnum.fix2int(nocerts);
if (!flags.isNil())
flag = RubyFixnum.fix2int(flags);
X509Cert signer = (X509Cert) args[0];
PKey signerKey = (PKey) args[1];
String keyAlg = signerKey.getAlgorithm();
String digAlg = ((Digest) digest).getShortAlgorithm();
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg);
signerBuilder.setProvider("BC");
ContentSigner contentSigner = null;
try {
contentSigner = signerBuilder.build(signerKey.getPrivateKey());
} catch (OperatorCreationException e) {
throw newOCSPError(runtime, e);
}
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.setRequestorName(signer.getSubject().getX500Name());
for (OCSPCertificateId certId : certificateIds) {
builder.addRequest(new CertificateID(certId.getCertID()));
}
List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
if (flag != RubyFixnum.fix2int(nocerts)) {
try {
certChain.add(new X509CertificateHolder(signer.getAuxCert().getEncoded()));
if (!additionalCerts.isNil()) {
Iterator<java.security.cert.Certificate> certIt = ((RubyArray) additionalCerts).iterator();
while (certIt.hasNext()) {
certChain.add(new X509CertificateHolder(certIt.next().getEncoded()));
}
}
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
}
X509CertificateHolder[] chain = new X509CertificateHolder[certChain.size()];
certChain.toArray(chain);
try {
asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest.getInstance(builder.build(contentSigner, chain).getEncoded());
} catch (Exception e) {
throw newOCSPError(runtime, e);
}
if (nonce != null) {
addNonceImpl();
}
return this;
}
use of org.bouncycastle.operator.OperatorCreationException in project midpoint by Evolveum.
the class OidcClientModuleWebSecurityConfiguration method initializeProofKey.
private static void initializeProofKey(AbstractSimpleKeyType key, OidcAdditionalConfiguration.Builder builder) {
if (key == null) {
return;
}
PrivateKey pkey;
try {
pkey = getPrivateKey(key, protector);
} catch (IOException | OperatorCreationException | PKCSException | EncryptionException e) {
throw new OAuth2AuthenticationException(new OAuth2Error("missing_key"), "Unable get key from " + key, e);
}
if (!(pkey instanceof RSAPrivateKey)) {
throw new OAuth2AuthenticationException(new OAuth2Error("missing_key"), "Unable get key from " + key);
}
PublicKey publicKey;
try {
Certificate certificate = getCertificate(key, protector);
publicKey = certificate.getPublicKey();
} catch (Base64Exception | EncryptionException | CertificateException e) {
throw new OAuth2AuthenticationException(new OAuth2Error("missing_key"), "Unable get certificate from " + key, e);
}
builder.privateKey((RSAPrivateKey) pkey);
builder.publicKey((RSAPublicKey) publicKey);
}
use of org.bouncycastle.operator.OperatorCreationException in project midpoint by Evolveum.
the class SamlModuleWebSecurityConfiguration method getSaml2Credential.
public static Saml2X509Credential getSaml2Credential(ModuleSaml2SimpleKeyType key, boolean isActive) {
if (key == null) {
return null;
}
PrivateKey pkey;
try {
pkey = getPrivateKey(key, protector);
} catch (IOException | OperatorCreationException | PKCSException | EncryptionException e) {
throw new Saml2Exception("Unable get key from " + key, e);
}
Certificate certificate;
try {
certificate = getCertificate(key, protector);
} catch (Base64Exception | EncryptionException | CertificateException e) {
throw new Saml2Exception("Unable get certificate from " + key, e);
}
List<Saml2X509Credential.Saml2X509CredentialType> types = getTypesForKey(isActive, key.getType());
return new Saml2X509Credential(pkey, (X509Certificate) certificate, types.toArray(new Saml2X509Credential.Saml2X509CredentialType[0]));
}
Aggregations