Example 91 with SubjectPublicKeyInfo
use of org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project runwar by cfmlprojects.
the class SelfSignedCertificate method createSubjectKeyIdentifier.
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key publicKey) throws IOException {
try (ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded()))) {
ASN1Sequence seq = (ASN1Sequence) is.readObject();
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(seq);
return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ByteArrayInputStream(java.io.ByteArrayInputStream)
BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Example 92 with SubjectPublicKeyInfo
use of org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project incubator-pulsar by apache.
the class MessageCrypto method loadPublicKey.
private PublicKey loadPublicKey(byte[] keyBytes) throws Exception {
Reader keyReader = new StringReader(new String(keyBytes));
PublicKey publicKey = null;
try (org.bouncycastle.openssl.PEMParser pemReader = new org.bouncycastle.openssl.PEMParser(keyReader)) {
Object pemObj = pemReader.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
SubjectPublicKeyInfo keyInfo = null;
X9ECParameters ecParam = null;
if (pemObj instanceof ASN1ObjectIdentifier) {
// make sure this is EC Parameter we're handling. In which case
// we'll store it and read the next object which should be our
// EC Public Key
ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj;
ecParam = ECNamedCurveTable.getByOID(ecOID);
if (ecParam == null) {
throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId());
}
pemObj = pemReader.readObject();
} else if (pemObj instanceof X9ECParameters) {
ecParam = (X9ECParameters) pemObj;
pemObj = pemReader.readObject();
}
if (pemObj instanceof org.bouncycastle.cert.X509CertificateHolder) {
keyInfo = ((org.bouncycastle.cert.X509CertificateHolder) pemObj).getSubjectPublicKeyInfo();
} else {
keyInfo = (SubjectPublicKeyInfo) pemObj;
}
publicKey = pemConverter.getPublicKey(keyInfo);
if (ecParam != null && ECDSA.equals(publicKey.getAlgorithm())) {
ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed());
KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME);
ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) publicKey).getQ(), ecSpec);
publicKey = (PublicKey) keyFactory.generatePublic(keySpec);
}
} catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
throw new Exception(e);
}
return publicKey;
}
Also used :
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
Reader(java.io.Reader)
CryptoKeyReader(org.apache.pulsar.client.api.CryptoKeyReader)
StringReader(java.io.StringReader)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
ByteString(com.google.protobuf.ByteString)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
PEMParser(org.bouncycastle.openssl.PEMParser)
StringReader(java.io.StringReader)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
KeyFactory(java.security.KeyFactory)
BCECPublicKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey)
PublicKey(java.security.PublicKey)
PEMParser(org.bouncycastle.openssl.PEMParser)
IOException(java.io.IOException)
PulsarClientException(org.apache.pulsar.client.api.PulsarClientException)
ShortBufferException(javax.crypto.ShortBufferException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
CryptoException(org.apache.pulsar.client.api.PulsarClientException.CryptoException)
PEMException(org.bouncycastle.openssl.PEMException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchProviderException(java.security.NoSuchProviderException)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
PEMException(org.bouncycastle.openssl.PEMException)
NoSuchProviderException(java.security.NoSuchProviderException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 93 with SubjectPublicKeyInfo
use of org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project airavata by apache.
the class MyProxyLogon method generateCertificationRequest.
private org.bouncycastle.pkcs.PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception {
X500Name subject = new X500Name(dn);
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded());
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam);
PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);
AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA);
BcRSAContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1));
AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded());
ContentSigner signer = signerBuilder.build(pkParam);
return builder.build(signer);
}
Also used :
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 94 with SubjectPublicKeyInfo
use of org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project airavata by apache.
the class SecurityUtils method generateShortLivedCertificate.
public static final KeyAndCertCredential generateShortLivedCertificate(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
// 15 minutes
final long CredentialGoodFromOffset = 1000L * 60L * 15L;
// ago
final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
final long endTime = startTime + 30 * 3600 * 1000;
final String keyLengthProp = "1024";
int keyLength = Integer.parseInt(keyLengthProp);
final String signatureAlgorithm = "SHA1withRSA";
KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
kpg.initialize(keyLength);
KeyPair pair = kpg.generateKeyPair();
X500Principal subjectDN = new X500Principal(userDN);
Random rand = new Random();
SubjectPublicKeyInfo publicKeyInfo;
try {
publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
} catch (IOException e) {
throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
}
X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
certificate.checkValidity(new Date());
certificate.verify(caCred.getCertificate().getPublicKey());
KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
return result;
}
Also used :
KeyPair(java.security.KeyPair)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyPairGenerator(java.security.KeyPairGenerator)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Random(java.util.Random)
X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
Example 95 with SubjectPublicKeyInfo
use of org.gudy.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project airavata by apache.
the class SecurityUtils method generateShortLivedCertificate.
public static final KeyAndCertCredential generateShortLivedCertificate(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
// 15 minutes
final long CredentialGoodFromOffset = 1000L * 60L * 15L;
// ago
final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
final long endTime = startTime + 30 * 3600 * 1000;
final String keyLengthProp = "1024";
int keyLength = Integer.parseInt(keyLengthProp);
final String signatureAlgorithm = "SHA1withRSA";
KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
kpg.initialize(keyLength);
KeyPair pair = kpg.generateKeyPair();
X500Principal subjectDN = new X500Principal(userDN);
Random rand = new Random();
SubjectPublicKeyInfo publicKeyInfo;
try {
publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
} catch (IOException e) {
throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
}
X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
certificate.checkValidity(new Date());
certificate.verify(caCred.getCertificate().getPublicKey());
KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
return result;
}
Also used :
KeyPair(java.security.KeyPair)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyPairGenerator(java.security.KeyPairGenerator)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Random(java.util.Random)
X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
Aggregations
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)77
X500Name (org.bouncycastle.asn1.x500.X500Name)37
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)37
Date (java.util.Date)34
IOException (java.io.IOException)31
ContentSigner (org.bouncycastle.operator.ContentSigner)24
BigInteger (java.math.BigInteger)22
KeyPair (java.security.KeyPair)21
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)21
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)19
KeyPairGenerator (java.security.KeyPairGenerator)17
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17
X509Certificate (java.security.cert.X509Certificate)17
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)16
InvalidKeyException (java.security.InvalidKeyException)15
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)15
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)13
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)13
PublicKey (java.security.PublicKey)12
