Examples with SubjectPublicKeyInfo org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo used on opensource projects

Example 1 with SubjectPublicKeyInfo

use of org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo in project jss by dogtagpki.

the class SSLClientAuth method makeCert.

/**
 * Method that generates a certificate for given credential
 *
 * @param issuerName
 * @param subjectName
 * @param serialNumber
 * @param privKey
 * @param pubKey
 * @param rand
 * @param extensions
 * @throws java.lang.Exception
 * @return Certificate
 */
public static Certificate makeCert(String issuerName, String subjectName, int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand, SEQUENCE extensions) throws Exception {
    AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
    Name issuer = new Name();
    issuer.addCountryName("US");
    issuer.addOrganizationName("Mozilla");
    issuer.addOrganizationalUnitName("JSS Testing" + rand);
    issuer.addCommonName(issuerName);
    Name subject = new Name();
    subject.addCountryName("US");
    subject.addOrganizationName("Mozilla");
    subject.addOrganizationalUnitName("JSS Testing" + rand);
    subject.addCommonName(subjectName);
    Calendar cal = Calendar.getInstance();
    Date notBefore = cal.getTime();
    cal.add(Calendar.YEAR, 1);
    Date notAfter = cal.getTime();
    SubjectPublicKeyInfo.Template spkiTemp = new SubjectPublicKeyInfo.Template();
    SubjectPublicKeyInfo spki = (SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp, pubKey.getEncoded());
    CertificateInfo info = new CertificateInfo(CertificateInfo.v3, new INTEGER(serialNumber), sigAlgID, issuer, notBefore, notAfter, subject, spki);
    if (extensions != null) {
        info.setExtensions(extensions);
    }
    return new Certificate(info, privKey, sigAlg);
}

Example 2 with SubjectPublicKeyInfo

use of org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo in project jss by dogtagpki.

the class GenerateTestCert method makeCert.

/**
 * Method that generates a certificate for given credential
 *
 * @param issuerName
 * @param subjectName
 * @param serialNumber
 * @param privKey
 * @param pubKey
 * @param rand
 * @param extensions
 * @throws java.lang.Exception
 * @return
 */
private Certificate makeCert(String issuerName, String subjectName, int serialNumber, PrivateKey privKey, PublicKey pubKey, int rand, SEQUENCE extensions) throws Exception {
    AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(sigAlg.toOID());
    Name issuer = new Name();
    issuer.addCountryName("US");
    issuer.addOrganizationName("Mozilla");
    issuer.addOrganizationalUnitName("JSS Testing" + rand);
    issuer.addCommonName(issuerName);
    Name subject = new Name();
    subject.addCountryName("US");
    subject.addOrganizationName("Mozilla");
    subject.addOrganizationalUnitName("JSS Testing" + rand);
    subject.addCommonName(subjectName);
    Calendar cal = Calendar.getInstance();
    Date notBefore = cal.getTime();
    cal.add(Calendar.YEAR, 1);
    Date notAfter = cal.getTime();
    SubjectPublicKeyInfo.Template spkiTemp = new SubjectPublicKeyInfo.Template();
    SubjectPublicKeyInfo spki = (SubjectPublicKeyInfo) ASN1Util.decode(spkiTemp, pubKey.getEncoded());
    CertificateInfo info = new CertificateInfo(CertificateInfo.v3, new INTEGER(serialNumber), sigAlgID, issuer, notBefore, notAfter, subject, spki);
    if (extensions != null) {
        info.setExtensions(extensions);
    }
    return new Certificate(info, privKey, sigAlg);
}

Example 3 with SubjectPublicKeyInfo

use of org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo in project jss by dogtagpki.

the class CertReqMsg method verify.

public void verify(CryptoToken token) throws SignatureException, InvalidKeyFormatException, NoSuchAlgorithmException, org.mozilla.jss.NotInitializedException, TokenException, java.security.InvalidKeyException, IOException {
    ProofOfPossession.Type type = pop.getType();
    if (type == ProofOfPossession.SIGNATURE) {
        POPOSigningKey sigkey = pop.getSignature();
        AlgorithmIdentifier alg = sigkey.getAlgorithmIdentifier();
        BIT_STRING sig_from = sigkey.getSignature();
        ByteArrayOutputStream bo = new ByteArrayOutputStream();
        certReq.encode(bo);
        byte[] toBeVerified = bo.toByteArray();
        PublicKey pubkey = null;
        CertTemplate ct = certReq.getCertTemplate();
        if (ct.hasPublicKey()) {
            SubjectPublicKeyInfo spi = ct.getPublicKey();
            pubkey = spi.toPublicKey();
        }
        SignatureAlgorithm sigAlg = SignatureAlgorithm.fromOID(alg.getOID());
        Signature sig = token.getSignatureContext(sigAlg);
        sig.initVerify(pubkey);
        sig.update(toBeVerified);
        if (sig.verify(sig_from.getBits())) {
            // success
            return;
        } else {
            throw new SignatureException("Signed request information does not " + "match signature in POP");
        }
    } else if (type == ProofOfPossession.KEY_ENCIPHERMENT) {
        POPOPrivKey keyEnc = pop.getKeyEncipherment();
        POPOPrivKey.Type ptype = keyEnc.getType();
        if (ptype == POPOPrivKey.THIS_MESSAGE) {
        // BIT_STRING thisMessage = keyEnc.getThisMessage();
        // This should be the same as from the archive control
        // It's verified by DRM.
        } else if (ptype == POPOPrivKey.SUBSEQUENT_MESSAGE) {
            new ChallengeResponseException("requested");
        }
    }
}

Example 4 with SubjectPublicKeyInfo

use of org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo in project jss by dogtagpki.

the class KeyFactorySpi1_2 method engineGeneratePublic.

@Override
protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
    if (keySpec instanceof RSAPublicKeySpec) {
        RSAPublicKeySpec spec = (RSAPublicKeySpec) keySpec;
        // Generate a DER RSA public key
        SEQUENCE seq = new SEQUENCE();
        seq.addElement(new INTEGER(spec.getModulus()));
        seq.addElement(new INTEGER(spec.getPublicExponent()));
        return PK11PubKey.fromRaw(PrivateKey.RSA, ASN1Util.encode(seq));
    } else if (keySpec instanceof DSAPublicKeySpec) {
        // We need to import both the public value and the PQG parameters.
        // The only way to get all that information in DER is to send
        // a full SubjectPublicKeyInfo. So we encode all the information
        // into an SPKI.
        DSAPublicKeySpec spec = (DSAPublicKeySpec) keySpec;
        SEQUENCE pqg = new SEQUENCE();
        pqg.addElement(new INTEGER(spec.getP()));
        pqg.addElement(new INTEGER(spec.getQ()));
        pqg.addElement(new INTEGER(spec.getG()));
        OBJECT_IDENTIFIER oid = null;
        try {
            oid = SignatureAlgorithm.DSASignature.toOID();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No such algorithm: " + e.getMessage(), e);
        }
        AlgorithmIdentifier algID = new AlgorithmIdentifier(oid, pqg);
        INTEGER publicValue = new INTEGER(spec.getY());
        byte[] encodedPublicValue = ASN1Util.encode(publicValue);
        SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algID, new BIT_STRING(encodedPublicValue, 0));
        return PK11PubKey.fromSPKI(ASN1Util.encode(spki));
    // 
    // requires JAVA 1.5
    // 
    // } else if( keySpec instanceof ECPublicKeySpec ) {
    // // We need to import both the public value and the curve.
    // // The only way to get all that information in DER is to send
    // // a full SubjectPublicKeyInfo. So we encode all the information
    // // into an SPKI.
    // 
    // ECPublicKeySpec spec = (ECPublicKeySpec) keySpec;
    // AlgorithmParameters algParams = getInstance("ECParameters");
    // 
    // algParameters.init(spec.getECParameters());
    // OBJECT_IDENTIFIER oid = null;
    // try {
    // oid = SignatureAlgorithm.ECSignature.toOID();
    // } catch(NoSuchAlgorithmException ex ) {
    // Assert.notReached("no such algorithm as DSA?");
    // }
    // AlgorithmIdentifier algID =
    // new AlgorithmIdentifier(oid, ecParams.getParams() );
    // INTEGER publicValueX = new INTEGER(spec.getW().getAffineX());
    // INTEGER publicValueY = new INTEGER(spec.getW().getAffineY());
    // byte[] encodedPublicValue;
    // encodedPublicValue[0] = EC_UNCOMPRESSED_POINT;
    // encodedPublicValue += spec.getW().getAffineX().toByteArray();
    // encodedPublicValue += spec.getW().getAffineY().toByteArray();
    // 
    // byte[] encodedPublicValue = ASN1Util.encode(publicValue);
    // SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(
    // algID, new BIT_STRING(encodedPublicValue, 0) );
    // 
    // return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
    // 
    // use the following for EC keys in 1.4.2
    } else if (keySpec instanceof X509EncodedKeySpec) {
        // 
        // SubjectPublicKeyInfo
        // 
        X509EncodedKeySpec spec = (X509EncodedKeySpec) keySpec;
        return PK11PubKey.fromSPKI(spec.getEncoded());
    }
    throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
}

Example 5 with SubjectPublicKeyInfo

use of org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo in project jss by dogtagpki.

the class CertificateInfo method setSubjectPublicKeyInfo.

/**
 * Extracts the SubjectPublicKeyInfo from the given public key and
 * stores it in the CertificateInfo.
 *
 * @exception InvalidBERException If an error occurs decoding the
 *      the information extracted from the public key.
 */
public void setSubjectPublicKeyInfo(PublicKey pubk) throws InvalidBERException, IOException {
    verifyNotNull(pubk);
    setSubjectPublicKeyInfo(new SubjectPublicKeyInfo(pubk));
}