Search in sources :

Example 46 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project spring-cloud-digital-sign by SpringForAll.

the class ServerPKCSUtil method genCsr.

/**
 * genCsr
 *
 * @param alg0 alg
 * 密钥算法
 * @return
 */
public static String genCsr(String alg0) {
    if ("".equals(alg0)) {
        alg = alg0;
    }
    // 产生秘钥对
    KeyPairGenerator kpg = null;
    try {
        kpg = KeyPairGenerator.getInstance(alg);
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    // 根据秘钥算法配置秘钥长度
    if ("SM2".equalsIgnoreCase(alg)) {
        kpg.initialize(256);
    } else {
        kpg.initialize(2048);
    }
    KeyPair kp = kpg.generateKeyPair();
    securityKP = kp;
    // 获取公钥以及公钥算法
    byte[] publickey = kp.getPublic().getEncoded();
    String pubAlg = kp.getPublic().getAlgorithm();
    String sAlg = null;
    try {
        sAlg = AlgorithmId.get(pubAlg).getOID().toString();
    } catch (NoSuchAlgorithmException e) {
    }
    SubjectPublicKeyInfo spki = null;
    // 区分SM2和RSA
    if (sAlg.equals("1.2.156.10197.1.301")) {
        spki = SubjectPublicKeyInfo.getInstance(publickey);
    } else {
        spki = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publickey));
    }
    String subject = "CN=defaultName";
    X500Name x500 = new X500Name(subject);
    // 产生csr构造器
    PKCS10CertificationRequestBuilder prb = new PKCS10CertificationRequestBuilder(x500, spki);
    // 构建签名信息
    ContentSigner signer = null;
    PrivateKey privateKey = kp.getPrivate();
    Signature sign = null;
    try {
        if (privateKey.getAlgorithm().equals("SM2")) {
            sign = Signature.getInstance("SM3withSM2");
        } else {
            sign = Signature.getInstance("SHA1withRSA");
        }
        sign.initSign(privateKey);
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    }
    final Signature sign1 = sign;
    signer = new ContentSigner() {

        ByteArrayOutputStream originStream = new ByteArrayOutputStream();

        public byte[] getSignature() {
            try {
                sign1.update(originStream.toByteArray());
                return sign1.sign();
            } catch (SignatureException e) {
                throw new RuntimeException(e);
            }
        }

        public OutputStream getOutputStream() {
            return originStream;
        }

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            try {
                return new AlgorithmIdentifier(AlgorithmId.get(sign1.getAlgorithm()).getOID().toString());
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
    };
    PKCS10CertificationRequestHolder pr = prb.build(signer);
    try {
        return new String(Base64.encode(pr.getEncoded()));
    } catch (IOException e) {
        e.printStackTrace();
    }
    return null;
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) KeyPairGenerator(java.security.KeyPairGenerator) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X500Name(org.bouncycastle.asn1.x500.X500Name) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SignatureException(java.security.SignatureException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) PKCS10CertificationRequestHolder(org.bouncycastle.pkcs.PKCS10CertificationRequestHolder) Signature(java.security.Signature)

Example 47 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project signer by demoiselle.

the class CertificateHelper method createSubjectKeyIdentifier.

private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
    ByteArrayInputStream bIn = new ByteArrayInputStream(key.getEncoded());
    ASN1InputStream is = null;
    try {
        is = new ASN1InputStream(bIn);
        ASN1Sequence seq = (ASN1Sequence) is.readObject();
        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(seq);
        return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
    } finally {
        IOUtils.closeQuietly(is);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ByteArrayInputStream(java.io.ByteArrayInputStream) BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)

Example 48 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project signer by demoiselle.

the class CreateCA method main.

// http://stackoverflow.com/questions/18633273/correctly-creating-a-new-certificate-with-an-intermediate-certificate-using-boun
// http://stackoverflow.com/questions/31618568/how-can-i-create-a-ca-root-certificate-with-bouncy-castle
public static void main(String[] args) throws IOException, OperatorCreationException, NoSuchAlgorithmException {
    // ---------------------- CA Creation ----------------------
    // System.out.println("Generating Keys");
    KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
    rsa.initialize(1024);
    KeyPair kp = rsa.generateKeyPair();
    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.YEAR, 100);
    // System.out.println("Getting data");
    byte[] pk = kp.getPublic().getEncoded();
    SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk);
    // System.out.println("Creating cert");
    X509v1CertificateBuilder certGen = new X509v1CertificateBuilder(new X500Name("CN=CA Cert"), BigInteger.ONE, new Date(), cal.getTime(), new X500Name("CN=CA Cert"), bcPk);
    X509CertificateHolder certHolder = certGen.build(new JcaContentSignerBuilder("SHA1withRSA").build(kp.getPrivate()));
    StringBuffer s = new StringBuffer();
    s.append(X509Factory.BEGIN_CERT + "\n");
    s.append(Base64Utils.base64Encode(certHolder.getEncoded()) + "\n");
    s.append(X509Factory.END_CERT);
    saveFile(s.toString().getBytes());
// ---------------------- ISSUER Creation ----------------------
}
Also used : KeyPair(java.security.KeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date)

Example 49 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project open-ecard by ecsec.

the class KeyLengthVerifier method isValid.

@Override
public void isValid(TlsServerCertificate chain, String hostname) throws CertificateVerificationException {
    try {
        boolean firstCert = true;
        for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
            Certificate x509 = Certificate.getInstance(next.getEncoded());
            boolean selfSigned = x509.getIssuer().equals(x509.getSubject());
            // skip key comparison step if this is a root certificate, but still check self signed server certs
            boolean isRootCert = selfSigned && !firstCert;
            if (!isRootCert) {
                // get public key and determine minimum size for the actual type
                SubjectPublicKeyInfo pkInfo = x509.getSubjectPublicKeyInfo();
                AsymmetricKeyParameter key = PublicKeyFactory.createKey(pkInfo);
                KeyTools.assertKeyLength(key);
                firstCert = false;
            }
        }
    } catch (IOException ex) {
        String msg = "Failed to extract public key from certificate.";
        throw new CertificateVerificationException(msg, ex);
    } catch (KeyLengthException ex) {
        String msg = "The key in the certificate does not satisfy the length requirements.";
        throw new CertificateVerificationException(msg, ex);
    }
}
Also used : AsymmetricKeyParameter(org.openecard.bouncycastle.crypto.params.AsymmetricKeyParameter) CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException) IOException(java.io.IOException) SubjectPublicKeyInfo(org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo) KeyLengthException(org.openecard.crypto.common.keystore.KeyLengthException) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate) TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) Certificate(org.openecard.bouncycastle.asn1.x509.Certificate) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)

Example 50 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project jruby-openssl by jruby.

the class PKey method readECPrivateKey.

public static KeyPair readECPrivateKey(final KeyFactory ecFactory, final byte[] input) throws IOException, InvalidKeySpecException {
    try {
        ECPrivateKeyStructure pKey = new ECPrivateKeyStructure((ASN1Sequence) ASN1Primitive.fromByteArray(input));
        AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
        PrivateKeyInfo privInfo = new PrivateKeyInfo(algId, pKey.toASN1Primitive());
        SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(algId, pKey.getPublicKey().getBytes());
        PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privInfo.getEncoded());
        X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
        // KeyFactory            fact = KeyFactory.getInstance("ECDSA", provider);
        ECPrivateKey privateKey = (ECPrivateKey) ecFactory.generatePrivate(privSpec);
        if (algId.getParameters() instanceof ASN1ObjectIdentifier) {
            privateKey = ECPrivateKeyWithName.wrap(privateKey, (ASN1ObjectIdentifier) algId.getParameters());
        }
        return new KeyPair(ecFactory.generatePublic(pubSpec), privateKey);
    } catch (ClassCastException ex) {
        throw new IOException("wrong ASN.1 object found in stream", ex);
    }
// catch (Exception ex) {
// throw new IOException("problem parsing EC private key: " + ex);
// }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) KeyPair(java.security.KeyPair) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) ECPrivateKeyStructure(org.bouncycastle.asn1.sec.ECPrivateKeyStructure) IOException(java.io.IOException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Aggregations

SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)77 X500Name (org.bouncycastle.asn1.x500.X500Name)37 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)37 Date (java.util.Date)34 IOException (java.io.IOException)31 ContentSigner (org.bouncycastle.operator.ContentSigner)24 BigInteger (java.math.BigInteger)22 KeyPair (java.security.KeyPair)21 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)21 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)19 KeyPairGenerator (java.security.KeyPairGenerator)17 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17 X509Certificate (java.security.cert.X509Certificate)17 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)16 InvalidKeyException (java.security.InvalidKeyException)15 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)15 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)13 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)13 PublicKey (java.security.PublicKey)12