Example 26 with ASN1ObjectIdentifier
use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project robovm by robovm.
the class JCEECPrivateKey method populateFromPrivKeyInfo.
private void populateFromPrivKeyInfo(PrivateKeyInfo info) throws IOException {
X962Parameters params = new X962Parameters((ASN1Primitive) info.getPrivateKeyAlgorithm().getParameters());
if (params.isNamedCurve()) {
ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
// BEGIN android-removed
// if (ecP == null) // GOST Curve
// {
// ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
// EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
//
// ecSpec = new ECNamedCurveSpec(
// ECGOST3410NamedCurves.getName(oid),
// ellipticCurve,
// new ECPoint(
// gParam.getG().getX().toBigInteger(),
// gParam.getG().getY().toBigInteger()),
// gParam.getN(),
// gParam.getH());
// }
// else
// END android-removed
{
EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
ecSpec = new ECNamedCurveSpec(ECUtil.getCurveName(oid), ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH());
}
} else if (params.isImplicitlyCA()) {
ecSpec = null;
} else {
X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters());
EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
this.ecSpec = new ECParameterSpec(ellipticCurve, new ECPoint(ecP.getG().getX().toBigInteger(), ecP.getG().getY().toBigInteger()), ecP.getN(), ecP.getH().intValue());
}
ASN1Encodable privKey = info.parsePrivateKey();
if (privKey instanceof DERInteger) {
DERInteger derD = DERInteger.getInstance(privKey);
this.d = derD.getValue();
} else {
ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence) privKey);
this.d = ec.getKey();
this.publicKey = ec.getPublicKey();
}
}
Also used :
X962Parameters(org.bouncycastle.asn1.x9.X962Parameters)
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
EllipticCurve(java.security.spec.EllipticCurve)
ECParameterSpec(java.security.spec.ECParameterSpec)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ECPrivateKeyStructure(org.bouncycastle.asn1.sec.ECPrivateKeyStructure)
ECPoint(java.security.spec.ECPoint)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec)
DERInteger(org.bouncycastle.asn1.DERInteger)
Example 27 with ASN1ObjectIdentifier
use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project robovm by robovm.
the class X509CertificateObject method toString.
public String toString() {
StringBuffer buf = new StringBuffer();
String nl = System.getProperty("line.separator");
buf.append(" [0] Version: ").append(this.getVersion()).append(nl);
buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl);
buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl);
buf.append(" Start Date: ").append(this.getNotBefore()).append(nl);
buf.append(" Final Date: ").append(this.getNotAfter()).append(nl);
buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl);
buf.append(" Public Key: ").append(this.getPublicKey()).append(nl);
buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
byte[] sig = this.getSignature();
buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl);
for (int i = 20; i < sig.length; i += 20) {
if (i < sig.length - 20) {
buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl);
} else {
buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl);
}
}
Extensions extensions = c.getTBSCertificate().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" Extensions: \n");
}
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
if (ext.getExtnValue() != null) {
byte[] octs = ext.getExtnValue().getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(Extension.basicConstraints)) {
buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl);
} else if (oid.equals(Extension.keyUsage)) {
buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) {
buf.append(new NetscapeCertType((DERBitString) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) {
buf.append(new NetscapeRevocationURL((DERIA5String) dIn.readObject())).append(nl);
} else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) {
buf.append(new VerisignCzagExtension((DERIA5String) dIn.readObject())).append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
//buf.append(" value = ").append("*****").append(nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
// buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl);
buf.append(" value = ").append("*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
return buf.toString();
}
Also used :
VerisignCzagExtension(org.bouncycastle.asn1.misc.VerisignCzagExtension)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
Enumeration(java.util.Enumeration)
NetscapeRevocationURL(org.bouncycastle.asn1.misc.NetscapeRevocationURL)
DERBitString(org.bouncycastle.asn1.DERBitString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
Extensions(org.bouncycastle.asn1.x509.Extensions)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateParsingException(java.security.cert.CertificateParsingException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
NoSuchProviderException(java.security.NoSuchProviderException)
Extension(org.bouncycastle.asn1.x509.Extension)
VerisignCzagExtension(org.bouncycastle.asn1.misc.VerisignCzagExtension)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
NetscapeCertType(org.bouncycastle.asn1.misc.NetscapeCertType)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 28 with ASN1ObjectIdentifier
use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project android_frameworks_base by crdroidandroid.
the class AndroidKeyStoreKeyPairGeneratorSpi method generateSelfSignedCertificateWithFakeSignature.
@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithFakeSignature(PublicKey publicKey) throws IOException, CertificateParsingException {
V3TBSCertificateGenerator tbsGenerator = new V3TBSCertificateGenerator();
ASN1ObjectIdentifier sigAlgOid;
AlgorithmIdentifier sigAlgId;
byte[] signature;
switch(mKeymasterAlgorithm) {
case KeymasterDefs.KM_ALGORITHM_EC:
sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
sigAlgId = new AlgorithmIdentifier(sigAlgOid);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(0));
signature = new DERSequence().getEncoded();
break;
case KeymasterDefs.KM_ALGORITHM_RSA:
sigAlgOid = PKCSObjectIdentifiers.sha256WithRSAEncryption;
sigAlgId = new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE);
signature = new byte[1];
break;
default:
throw new ProviderException("Unsupported key algorithm: " + mKeymasterAlgorithm);
}
try (ASN1InputStream publicKeyInfoIn = new ASN1InputStream(publicKey.getEncoded())) {
tbsGenerator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKeyInfoIn.readObject()));
}
tbsGenerator.setSerialNumber(new ASN1Integer(mSpec.getCertificateSerialNumber()));
X509Principal subject = new X509Principal(mSpec.getCertificateSubject().getEncoded());
tbsGenerator.setSubject(subject);
tbsGenerator.setIssuer(subject);
tbsGenerator.setStartDate(new Time(mSpec.getCertificateNotBefore()));
tbsGenerator.setEndDate(new Time(mSpec.getCertificateNotAfter()));
tbsGenerator.setSignature(sigAlgId);
TBSCertificate tbsCertificate = tbsGenerator.generateTBSCertificate();
ASN1EncodableVector result = new ASN1EncodableVector();
result.add(tbsCertificate);
result.add(sigAlgId);
result.add(new DERBitString(signature));
return new X509CertificateObject(Certificate.getInstance(new DERSequence(result)));
}
Also used :
ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream)
ProviderException(java.security.ProviderException)
Time(com.android.org.bouncycastle.asn1.x509.Time)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
ASN1Integer(com.android.org.bouncycastle.asn1.ASN1Integer)
AlgorithmIdentifier(com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DERInteger(com.android.org.bouncycastle.asn1.DERInteger)
DERSequence(com.android.org.bouncycastle.asn1.DERSequence)
X509CertificateObject(com.android.org.bouncycastle.jce.provider.X509CertificateObject)
X509Principal(com.android.org.bouncycastle.jce.X509Principal)
ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector)
V3TBSCertificateGenerator(com.android.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator)
TBSCertificate(com.android.org.bouncycastle.asn1.x509.TBSCertificate)
ASN1ObjectIdentifier(com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 29 with ASN1ObjectIdentifier
use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project athenz by yahoo.
the class Crypto method loadPrivateKey.
public static PrivateKey loadPrivateKey(Reader reader, String pwd) throws CryptoException {
try (PEMParser pemReader = new PEMParser(reader)) {
PrivateKey privKey = null;
X9ECParameters ecParam = null;
Object pemObj = pemReader.readObject();
if (pemObj instanceof ASN1ObjectIdentifier) {
// make sure this is EC Parameter we're handling. In which case
// we'll store it and read the next object which should be our
// EC Private Key
ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj;
ecParam = ECNamedCurveTable.getByOID(ecOID);
if (ecParam == null) {
throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId());
}
pemObj = pemReader.readObject();
} else if (pemObj instanceof X9ECParameters) {
ecParam = (X9ECParameters) pemObj;
pemObj = pemReader.readObject();
}
if (pemObj instanceof PEMKeyPair) {
PrivateKeyInfo pKeyInfo = ((PEMKeyPair) pemObj).getPrivateKeyInfo();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
privKey = pemConverter.getPrivateKey(pKeyInfo);
} else if (pemObj instanceof PKCS8EncryptedPrivateKeyInfo) {
PKCS8EncryptedPrivateKeyInfo pKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObj;
if (pwd == null) {
throw new CryptoException("No password specified to decrypt encrypted private key");
}
// Decrypt the private key with the specified password
InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider(BC_PROVIDER).build(pwd.toCharArray());
PrivateKeyInfo privateKeyInfo = pKeyInfo.decryptPrivateKeyInfo(pkcs8Prov);
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
privKey = pemConverter.getPrivateKey(privateKeyInfo);
}
if (ecParam != null && ECDSA.equals(privKey.getAlgorithm())) {
ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed());
KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BC_PROVIDER);
ECPrivateKeySpec keySpec = new ECPrivateKeySpec(((BCECPrivateKey) privKey).getS(), ecSpec);
privKey = (PrivateKey) keyFactory.generatePrivate(keySpec);
}
return privKey;
} catch (PEMException e) {
LOG.error("loadPrivateKey: Caught PEMException, problem with format of key detected.");
throw new CryptoException(e);
} catch (NoSuchProviderException e) {
LOG.error("loadPrivateKey: Caught NoSuchProviderException, check to make sure the provider is loaded correctly.");
throw new CryptoException(e);
} catch (NoSuchAlgorithmException e) {
LOG.error("loadPrivateKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
throw new CryptoException(e);
} catch (InvalidKeySpecException e) {
LOG.error("loadPrivateKey: Caught InvalidKeySpecException, invalid key spec is being used.");
throw new CryptoException(e);
} catch (OperatorCreationException e) {
LOG.error("loadPrivateKey: Caught OperatorCreationException when creating JceOpenSSLPKCS8DecryptorProviderBuilder.");
throw new CryptoException(e);
} catch (PKCSException e) {
LOG.error("loadPrivateKey: Caught PKCSException when decrypting private key.");
throw new CryptoException(e);
} catch (IOException e) {
LOG.error("loadPrivateKey: Caught IOException, while trying to read key.");
throw new CryptoException(e);
}
}
Also used :
BCECPrivateKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey)
PrivateKey(java.security.PrivateKey)
ECPrivateKeySpec(org.bouncycastle.jce.spec.ECPrivateKeySpec)
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
PEMParser(org.bouncycastle.openssl.PEMParser)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
PEMException(org.bouncycastle.openssl.PEMException)
PemObject(org.bouncycastle.util.io.pem.PemObject)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchProviderException(java.security.NoSuchProviderException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
KeyFactory(java.security.KeyFactory)
Example 30 with ASN1ObjectIdentifier
use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project athenz by yahoo.
the class Crypto method loadPublicKey.
public static PublicKey loadPublicKey(Reader r) throws CryptoException {
try (org.bouncycastle.openssl.PEMParser pemReader = new org.bouncycastle.openssl.PEMParser(r)) {
PublicKey pubKey = null;
Object pemObj = pemReader.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
SubjectPublicKeyInfo keyInfo = null;
X9ECParameters ecParam = null;
if (pemObj instanceof ASN1ObjectIdentifier) {
// make sure this is EC Parameter we're handling. In which case
// we'll store it and read the next object which should be our
// EC Public Key
ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj;
ecParam = ECNamedCurveTable.getByOID(ecOID);
if (ecParam == null) {
throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId());
}
pemObj = pemReader.readObject();
} else if (pemObj instanceof X9ECParameters) {
ecParam = (X9ECParameters) pemObj;
pemObj = pemReader.readObject();
}
if (pemObj instanceof org.bouncycastle.cert.X509CertificateHolder) {
keyInfo = ((org.bouncycastle.cert.X509CertificateHolder) pemObj).getSubjectPublicKeyInfo();
} else {
keyInfo = (SubjectPublicKeyInfo) pemObj;
}
pubKey = pemConverter.getPublicKey(keyInfo);
if (ecParam != null && ECDSA.equals(pubKey.getAlgorithm())) {
ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed());
KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BC_PROVIDER);
ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) pubKey).getQ(), ecSpec);
pubKey = (PublicKey) keyFactory.generatePublic(keySpec);
}
return pubKey;
} catch (PEMException e) {
throw new CryptoException(e);
} catch (NoSuchProviderException e) {
LOG.error("loadPublicKey: Caught NoSuchProviderException, check to make sure the provider is loaded correctly.");
throw new CryptoException(e);
} catch (NoSuchAlgorithmException e) {
LOG.error("loadPublicKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
throw new CryptoException(e);
} catch (InvalidKeySpecException e) {
LOG.error("loadPublicKey: Caught InvalidKeySpecException, invalid key spec is being used.");
throw new CryptoException("InvalidKeySpecException");
} catch (IOException e) {
throw new CryptoException(e);
}
}
Also used :
PEMParser(org.bouncycastle.openssl.PEMParser)
BCECPublicKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey)
PublicKey(java.security.PublicKey)
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
PEMParser(org.bouncycastle.openssl.PEMParser)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
PEMException(org.bouncycastle.openssl.PEMException)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
PemObject(org.bouncycastle.util.io.pem.PemObject)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchProviderException(java.security.NoSuchProviderException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
KeyFactory(java.security.KeyFactory)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)330
IOException (java.io.IOException)76
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)70
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)53
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)49
DEROctetString (org.bouncycastle.asn1.DEROctetString)48
DERIA5String (org.bouncycastle.asn1.DERIA5String)47
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)45
DERSequence (org.bouncycastle.asn1.DERSequence)42
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)38
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)36
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)36
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35
Extension (org.bouncycastle.asn1.x509.Extension)33
ASN1String (org.bouncycastle.asn1.ASN1String)31
HashSet (java.util.HashSet)30
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29
X500Name (org.bouncycastle.asn1.x500.X500Name)29
ArrayList (java.util.ArrayList)28
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)27
