Search in sources :

Example 91 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project runwar by cfmlprojects.

the class SelfSignedCertificate method createSubjectKeyIdentifier.

private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key publicKey) throws IOException {
    try (ASN1InputStream is = new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded()))) {
        ASN1Sequence seq = (ASN1Sequence) is.readObject();
        SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(seq);
        return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ByteArrayInputStream(java.io.ByteArrayInputStream) BcX509ExtensionUtils(org.bouncycastle.cert.bc.BcX509ExtensionUtils) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)

Example 92 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project incubator-pulsar by apache.

the class MessageCrypto method loadPublicKey.

private PublicKey loadPublicKey(byte[] keyBytes) throws Exception {
    Reader keyReader = new StringReader(new String(keyBytes));
    PublicKey publicKey = null;
    try (org.bouncycastle.openssl.PEMParser pemReader = new org.bouncycastle.openssl.PEMParser(keyReader)) {
        Object pemObj = pemReader.readObject();
        JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
        SubjectPublicKeyInfo keyInfo = null;
        X9ECParameters ecParam = null;
        if (pemObj instanceof ASN1ObjectIdentifier) {
            // make sure this is EC Parameter we're handling. In which case
            // we'll store it and read the next object which should be our
            // EC Public Key
            ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj;
            ecParam = ECNamedCurveTable.getByOID(ecOID);
            if (ecParam == null) {
                throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId());
            }
            pemObj = pemReader.readObject();
        } else if (pemObj instanceof X9ECParameters) {
            ecParam = (X9ECParameters) pemObj;
            pemObj = pemReader.readObject();
        }
        if (pemObj instanceof org.bouncycastle.cert.X509CertificateHolder) {
            keyInfo = ((org.bouncycastle.cert.X509CertificateHolder) pemObj).getSubjectPublicKeyInfo();
        } else {
            keyInfo = (SubjectPublicKeyInfo) pemObj;
        }
        publicKey = pemConverter.getPublicKey(keyInfo);
        if (ecParam != null && ECDSA.equals(publicKey.getAlgorithm())) {
            ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed());
            KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME);
            ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) publicKey).getQ(), ecSpec);
            publicKey = (PublicKey) keyFactory.generatePublic(keySpec);
        }
    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
        throw new Exception(e);
    }
    return publicKey;
}
Also used : X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters) Reader(java.io.Reader) CryptoKeyReader(org.apache.pulsar.client.api.CryptoKeyReader) StringReader(java.io.StringReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) ByteString(com.google.protobuf.ByteString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) PEMParser(org.bouncycastle.openssl.PEMParser) StringReader(java.io.StringReader) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) KeyFactory(java.security.KeyFactory) BCECPublicKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey) PublicKey(java.security.PublicKey) PEMParser(org.bouncycastle.openssl.PEMParser) IOException(java.io.IOException) PulsarClientException(org.apache.pulsar.client.api.PulsarClientException) ShortBufferException(javax.crypto.ShortBufferException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) CryptoException(org.apache.pulsar.client.api.PulsarClientException.CryptoException) PEMException(org.bouncycastle.openssl.PEMException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) PEMException(org.bouncycastle.openssl.PEMException) NoSuchProviderException(java.security.NoSuchProviderException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 93 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project airavata by apache.

the class MyProxyLogon method generateCertificationRequest.

private org.bouncycastle.pkcs.PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception {
    X500Name subject = new X500Name(dn);
    PublicKey pubKey = kp.getPublic();
    PrivateKey privKey = kp.getPrivate();
    AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded());
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam);
    PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);
    AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA);
    BcRSAContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1));
    AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded());
    ContentSigner signer = signerBuilder.build(pkParam);
    return builder.build(signer);
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 94 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project airavata by apache.

the class SecurityUtils method generateShortLivedCertificate.

public static final KeyAndCertCredential generateShortLivedCertificate(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    final String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    final String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}
Also used : KeyPair(java.security.KeyPair) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPairGenerator(java.security.KeyPairGenerator) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) Random(java.util.Random) X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger)

Example 95 with SubjectPublicKeyInfo

use of org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo in project airavata by apache.

the class SecurityUtils method generateShortLivedCertificate.

public static final KeyAndCertCredential generateShortLivedCertificate(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
    // 15 minutes
    final long CredentialGoodFromOffset = 1000L * 60L * 15L;
    // ago
    final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
    final long endTime = startTime + 30 * 3600 * 1000;
    final String keyLengthProp = "1024";
    int keyLength = Integer.parseInt(keyLengthProp);
    final String signatureAlgorithm = "SHA1withRSA";
    KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
    kpg.initialize(keyLength);
    KeyPair pair = kpg.generateKeyPair();
    X500Principal subjectDN = new X500Principal(userDN);
    Random rand = new Random();
    SubjectPublicKeyInfo publicKeyInfo;
    try {
        publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
    } catch (IOException e) {
        throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
    }
    X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
    X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
    X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
    X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
    certificate.checkValidity(new Date());
    certificate.verify(caCred.getCertificate().getPublicKey());
    KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
    return result;
}
Also used : KeyPair(java.security.KeyPair) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPairGenerator(java.security.KeyPairGenerator) IOException(java.io.IOException) X500Name(org.bouncycastle.asn1.x500.X500Name) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) Random(java.util.Random) X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder) KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger)

Aggregations

SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)77 X500Name (org.bouncycastle.asn1.x500.X500Name)37 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)37 Date (java.util.Date)34 IOException (java.io.IOException)31 ContentSigner (org.bouncycastle.operator.ContentSigner)24 BigInteger (java.math.BigInteger)22 KeyPair (java.security.KeyPair)21 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)21 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)19 KeyPairGenerator (java.security.KeyPairGenerator)17 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17 X509Certificate (java.security.cert.X509Certificate)17 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)16 InvalidKeyException (java.security.InvalidKeyException)15 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)15 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)13 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)13 PublicKey (java.security.PublicKey)12