Examples with OperatorException org.bouncycastle.operator.OperatorException used on opensource projects

Search in sources :

Example 1 with OperatorException

use of org.bouncycastle.operator.OperatorException in project jruby-openssl by jruby.

the class SecurityHelper method verify.

static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
    if (crl instanceof X509CRLObject) {
        final CertificateList crlList = (CertificateList) getCertificateList(crl);
        final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
        if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
            if (silent)
                return false;
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
        signature.initVerify(publicKey);
        signature.update(crl.getTBSCertList());
        if (!signature.verify(crl.getSignature())) {
            if (silent)
                return false;
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
        return true;
    } else {
        try {
            final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
            final ContentVerifierProvider verifierProvider;
            if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
                BigInteger y = ((DSAPublicKey) publicKey).getY();
                DSAParams params = ((DSAPublicKey) publicKey).getParams();
                DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
                AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
                verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
            } else {
                BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
                BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
                AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
                verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
            }
            return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
        } catch (OperatorException e) {
            throw new SignatureException(e);
        } catch (CertException e) {
            throw new SignatureException(e);
        }// can happen if the input is DER but does not match expected strucure
         catch (ClassCastException e) {
            throw new SignatureException(e);
        } catch (IOException e) {
            throw new SignatureException(e);
        }
    }
}
Also used : DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters) X509CRLObject(org.bouncycastle.jce.provider.X509CRLObject) BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder) CertificateList(org.bouncycastle.asn1.x509.CertificateList) CertException(org.bouncycastle.cert.CertException) SignatureException(java.security.SignatureException) DSAParams(java.security.interfaces.DSAParams) IOException(java.io.IOException) DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DSAPublicKey(java.security.interfaces.DSAPublicKey) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) RSAPublicKey(java.security.interfaces.RSAPublicKey) Signature(java.security.Signature) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder) CRLException(java.security.cert.CRLException) DSAParameters(org.bouncycastle.crypto.params.DSAParameters) OperatorException(org.bouncycastle.operator.OperatorException) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Example 2 with OperatorException

use of org.bouncycastle.operator.OperatorException in project vespa by vespa-engine.

the class X509CertificateBuilder method build.

public X509Certificate build() {
    try {
        JcaX509v3CertificateBuilder jcaCertBuilder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(serialNumber), Date.from(notBefore), Date.from(notAfter), subject, certPublicKey);
        if (basicConstraintsExtension != null) {
            jcaCertBuilder.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            jcaCertBuilder.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        ContentSigner contentSigner = new JcaContentSignerBuilder(signingAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(caPrivateKey);
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProviderHolder.getInstance()).getCertificate(jcaCertBuilder.build(contentSigner));
    } catch (OperatorException | GeneralSecurityException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) GeneralSecurityException(java.security.GeneralSecurityException) ContentSigner(org.bouncycastle.operator.ContentSigner) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) OperatorException(org.bouncycastle.operator.OperatorException)

Example 3 with OperatorException

use of org.bouncycastle.operator.OperatorException in project qpid-broker-j by apache.

the class TlsResourceBuilder method createCertificate.

private static X509Certificate createCertificate(final KeyPair keyPair, final KeyCertificatePair ca, final String dn, final ValidityPeriod validityPeriod, final Extension... extensions) throws CertificateException {
    try {
        final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(ca.getCertificate(), generateSerialNumber(), new Date(validityPeriod.getFrom().toEpochMilli()), new Date(validityPeriod.getTo().toEpochMilli()), new X500Name(RFC4519Style.INSTANCE, dn), keyPair.getPublic());
        builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        for (Extension e : extensions) {
            builder.addExtension(e);
        }
        return buildX509Certificate(builder, ca.getPrivateKey());
    } catch (OperatorException | IOException e) {
        throw new CertificateException(e);
    }
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Date(java.util.Date) OperatorException(org.bouncycastle.operator.OperatorException)

Example 4 with OperatorException

use of org.bouncycastle.operator.OperatorException in project qpid-broker-j by apache.

the class TlsResourceBuilder method createRootCACertificate.

private static X509Certificate createRootCACertificate(final KeyPair keyPair, final String dn, final ValidityPeriod validityPeriod) throws CertificateException {
    try {
        final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, dn), generateSerialNumber(), new Date(validityPeriod.getFrom().toEpochMilli()), new Date(validityPeriod.getTo().toEpochMilli()), new X500Name(RFC4519Style.INSTANCE, dn), keyPair.getPublic());
        builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
        builder.addExtension(createSubjectKeyExtension(keyPair.getPublic()));
        builder.addExtension(createAuthorityKeyExtension(keyPair.getPublic()));
        return buildX509Certificate(builder, keyPair.getPrivate());
    } catch (OperatorException | IOException e) {
        throw new CertificateException(e);
    }
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Date(java.util.Date) OperatorException(org.bouncycastle.operator.OperatorException)

Example 5 with OperatorException

use of org.bouncycastle.operator.OperatorException in project qpid-broker-j by apache.

the class TlsResourceBuilder method generateIntermediateCertificate.

private static X509Certificate generateIntermediateCertificate(final KeyPair keyPair, final KeyCertificatePair rootCA, final String dn, final ValidityPeriod validityPeriod, final String crlUri) throws CertificateException {
    try {
        final X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(rootCA.getCertificate(), generateSerialNumber(), new Date(validityPeriod.getFrom().toEpochMilli()), new Date(validityPeriod.getTo().toEpochMilli()), new X500Name(RFC4519Style.INSTANCE, dn), keyPair.getPublic());
        // builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.keyCertSign));
        builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
        builder.addExtension(createSubjectKeyExtension(keyPair.getPublic()));
        builder.addExtension(createAuthorityKeyExtension(rootCA.getCertificate().getPublicKey()));
        if (crlUri != null) {
            builder.addExtension(createDistributionPointExtension(crlUri));
        }
        return buildX509Certificate(builder, rootCA.getPrivateKey());
    } catch (OperatorException | IOException e) {
        throw new CertificateException(e);
    }
}
Also used : JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) CertificateException(java.security.cert.CertificateException) X500Name(org.bouncycastle.asn1.x500.X500Name) IOException(java.io.IOException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Date(java.util.Date) OperatorException(org.bouncycastle.operator.OperatorException)

Aggregations

IOException (java.io.IOException)7 OperatorException (org.bouncycastle.operator.OperatorException)7 CertificateException (java.security.cert.CertificateException)5 Date (java.util.Date)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)5 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)5 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)4 CRLException (java.security.cert.CRLException)2 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)2 ContentSigner (org.bouncycastle.operator.ContentSigner)2 UncheckedIOException (java.io.UncheckedIOException)1 BigInteger (java.math.BigInteger)1 GeneralSecurityException (java.security.GeneralSecurityException)1 Signature (java.security.Signature)1 SignatureException (java.security.SignatureException)1 X509Certificate (java.security.cert.X509Certificate)1 DSAParams (java.security.interfaces.DSAParams)1 DSAPublicKey (java.security.interfaces.DSAPublicKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial