Search in sources :

Example 1 with AlgorithmId

use of org.mozilla.jss.netscape.security.x509.AlgorithmId in project jss by dogtagpki.

the class PKCS7 method parseSignedData.

private void parseSignedData(DerValue val) throws ParsingException, IOException {
    DerInputStream dis = val.toDerInputStream();
    // Version
    version = dis.getInteger();
    // digestAlgorithmIds
    DerValue[] digestAlgorithmIdVals = dis.getSet(1);
    int len = digestAlgorithmIdVals.length;
    digestAlgorithmIds = new AlgorithmId[len];
    try {
        for (int i = 0; i < len; i++) {
            DerValue oid = digestAlgorithmIdVals[i];
            digestAlgorithmIds[i] = AlgorithmId.parse(oid);
        }
    } catch (IOException e) {
        ParsingException pe = new ParsingException("Error parsing digest AlgorithmId IDs: " + e.getMessage());
        pe.fillInStackTrace();
        throw pe;
    }
    // contentInfo
    contentInfo = new ContentInfo(dis);
    /*
         * check if certificates (implicit tag) are provided
         * (certificates are OPTIONAL)
         */
    if ((byte) (dis.peekByte()) == (byte) 0xA0) {
        DerValue[] certificateVals = dis.getSet(2, true);
        len = certificateVals.length;
        certificates = new X509Certificate[len];
        for (int i = 0; i < len; i++) {
            try {
                X509Certificate cert = new X509CertImpl(certificateVals[i]);
                certificates[i] = cert;
            } catch (CertificateException e) {
                ParsingException pe = new ParsingException("CertificateException: " + e.getMessage());
                pe.fillInStackTrace();
                throw pe;
            }
        }
    }
    // check if crls (implicit tag) are provided (crls are OPTIONAL)
    if ((byte) (dis.peekByte()) == (byte) 0xA1) {
        dis.getSet(0, true);
    }
    // signerInfos
    DerValue[] signerInfoVals = dis.getSet(1);
    len = signerInfoVals.length;
    signerInfos = new SignerInfo[len];
    for (int i = 0; i < len; i++) {
        DerInputStream in = signerInfoVals[i].toDerInputStream();
        signerInfos[i] = new SignerInfo(in);
    }
}
Also used : DerValue(org.mozilla.jss.netscape.security.util.DerValue) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) DerInputStream(org.mozilla.jss.netscape.security.util.DerInputStream) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate)

Example 2 with AlgorithmId

use of org.mozilla.jss.netscape.security.x509.AlgorithmId in project xap by xap.

the class SelfSignedCertificate method generateKeyStore.

private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
    PrivateKey key = keypair.getPrivate();
    // Prepare the information required for generating an X.509 certificate.
    X509CertInfo info = new X509CertInfo();
    X500Name owner = new X500Name("CN=" + fqdn);
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
    try {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.SUBJECT, owner);
    }
    try {
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    } catch (CertificateException ignore) {
        info.set(X509CertInfo.ISSUER, owner);
    }
    info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));
    info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    // Update the algorithm and sign again.
    info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
    cert = new X509CertImpl(info);
    cert.sign(key, "SHA1withRSA");
    cert.verify(keypair.getPublic());
    String keyStoreType = KeyStore.getDefaultType();
    final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
    keyStore.load(null, null);
    // keyStore.setCertificateEntry("CAcert-root", cert);
    keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert });
    return keyStore;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) PrivateKey(java.security.PrivateKey) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) CertificateVersion(sun.security.x509.CertificateVersion) CertificateException(java.security.cert.CertificateException) CertificateValidity(sun.security.x509.CertificateValidity) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) KeyStore(java.security.KeyStore) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 3 with AlgorithmId

use of org.mozilla.jss.netscape.security.x509.AlgorithmId in project CipherTrust_Application_Protection by thalescpl-io.

the class SelfSignedCertificateUtility method generateCertificate.

private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
    String dn = makeDN(certificateProeprties);
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
    CertificateValidity interval = new CertificateValidity(from, to);
    X500Name owner = new X500Name(dn);
    boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
    KeyUsageExtension kue = new KeyUsageExtension(kueOk);
    CertificateExtensions ext = new CertificateExtensions();
    ext.set(KeyUsageExtension.NAME, kue);
    info.set(X509CertInfo.VALIDITY, interval);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    boolean justName = isJavaAtLeast(1.8);
    if (justName) {
        info.set(X509CertInfo.SUBJECT, owner);
        info.set(X509CertInfo.ISSUER, owner);
    } else {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    }
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = null;
    String provider = null;
    switch(certificateProeprties.get("Algorithm")) {
        case "SHA1WithRSA":
            break;
        case "SHA256WithRSA":
            break;
        case "SHA384WithRSA":
            break;
        case "SHA512WithRSA":
            provider = "BC";
            break;
        case "SHA1WithECDSA":
            provider = "BC";
            break;
        case "SHA224WithECDSA":
            provider = "BC";
            break;
        case "SHA256WithECDSA":
            provider = "BC";
            break;
        case "SHA384WithECDSA":
            provider = "BC";
            break;
        case "SHA512WithECDSA":
            provider = "BC";
            break;
        default:
            throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
    }
    algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    info.set(X509CertInfo.EXTENSIONS, ext);
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    if (provider != null)
        cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
    else
        cert.sign(privateKey, certificateProeprties.get("Algorithm"));
    return cert;
}
Also used : CertificateSubjectName(sun.security.x509.CertificateSubjectName) NAEException(com.ingrian.security.nae.NAEException) X509CertInfo(sun.security.x509.X509CertInfo) CertificateIssuerName(sun.security.x509.CertificateIssuerName) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateExtensions(sun.security.x509.CertificateExtensions) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) KeyUsageExtension(sun.security.x509.KeyUsageExtension)

Example 4 with AlgorithmId

use of org.mozilla.jss.netscape.security.x509.AlgorithmId in project j2objc by google.

the class AlgorithmChecker method check.

/**
 * Check the signature algorithm with the specified public key.
 *
 * @param key the public key to verify the CRL signature
 * @param crl the target CRL
 */
static void check(PublicKey key, X509CRL crl) throws CertPathValidatorException {
    X509CRLImpl x509CRLImpl = null;
    try {
        x509CRLImpl = X509CRLImpl.toImpl(crl);
    } catch (CRLException ce) {
        throw new CertPathValidatorException(ce);
    }
    AlgorithmId algorithmId = x509CRLImpl.getSigAlgId();
    check(key, algorithmId);
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) AlgorithmId(sun.security.x509.AlgorithmId) X509CRLImpl(sun.security.x509.X509CRLImpl) CRLException(java.security.cert.CRLException)

Example 5 with AlgorithmId

use of org.mozilla.jss.netscape.security.x509.AlgorithmId in project mockserver by mock-server.

the class X509Generator method buildX509CertInfo.

private X509CertInfo buildX509CertInfo(final X500Name subject, final X500Name issuer, final PublicKey publicKey, final CertificateSigningRequest csr) throws IOException, NoSuchAlgorithmException, CertificateException {
    X509CertInfo x509CertInfo = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(NOT_BEFORE, NOT_AFTER);
    // replaced secure random with random in order to prevent entropy depletion
    BigInteger sn = new BigInteger(64, new Random());
    x509CertInfo.set(X509CertInfo.VALIDITY, interval);
    x509CertInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    x509CertInfo.set(X509CertInfo.SUBJECT, subject);
    x509CertInfo.set(X509CertInfo.ISSUER, issuer);
    x509CertInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    x509CertInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.get(csr.getSigningAlgorithm()).getOID());
    x509CertInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    return x509CertInfo;
}
Also used : CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) X509CertInfo(sun.security.x509.X509CertInfo) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) BigInteger(java.math.BigInteger) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) CertificateX509Key(sun.security.x509.CertificateX509Key) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Aggregations

AlgorithmId (sun.security.x509.AlgorithmId)56 IOException (java.io.IOException)22 BigInteger (java.math.BigInteger)17 ObjectIdentifier (sun.security.util.ObjectIdentifier)17 CertificateException (java.security.cert.CertificateException)16 AlgorithmParameters (java.security.AlgorithmParameters)14 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 SecretKey (javax.crypto.SecretKey)13 X509CertImpl (sun.security.x509.X509CertImpl)13 UnrecoverableKeyException (java.security.UnrecoverableKeyException)12 CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)12 X500Name (sun.security.x509.X500Name)12 KeyStoreException (java.security.KeyStoreException)10 PrivateKey (java.security.PrivateKey)10 ByteArrayInputStream (java.io.ByteArrayInputStream)9 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)8 PrivateKeyInfo (com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8 UnrecoverableEntryException (java.security.UnrecoverableEntryException)8 DestroyFailedException (javax.security.auth.DestroyFailedException)8 EncryptedPrivateKeyInfo (sun.security.pkcs.EncryptedPrivateKeyInfo)8