Example 6 with SubjectKeyIdentifier
use of org.openmuc.jasn1.compiler.pkix1implicit88.SubjectKeyIdentifier in project xipki by xipki.
the class IdentifiedX509Certprofile method getExtensions.
/**
* TODO.
* @param requestedSubject
* Subject requested subject. Must not be {@code null}.
* @param grantedSubject
* Granted subject. Must not be {@code null}.
* @param requestedExtensions
* Extensions requested by the requestor. Could be {@code null}.
* @param publicKeyInfo
* Subject public key. Must not be {@code null}.
* @param publicCaInfo
* CA information. Must not be {@code null}.
* @param crlSignerCert
* CRL signer certificate. Could be {@code null}.
* @param notBefore
* NotBefore. Must not be {@code null}.
* @param notAfter
* NotAfter. Must not be {@code null}.
* @param caInfo
* CA information.
* @return the extensions of the certificate to be issued.
*/
public ExtensionValues getExtensions(X500Name requestedSubject, X500Name grantedSubject, Extensions requestedExtensions, SubjectPublicKeyInfo publicKeyInfo, PublicCaInfo publicCaInfo, X509Certificate crlSignerCert, Date notBefore, Date notAfter) throws CertprofileException, BadCertTemplateException {
ParamUtil.requireNonNull("publicKeyInfo", publicKeyInfo);
ExtensionValues values = new ExtensionValues();
Map<ASN1ObjectIdentifier, ExtensionControl> controls = new HashMap<>(certprofile.getExtensionControls());
Set<ASN1ObjectIdentifier> neededExtTypes = new HashSet<>();
Set<ASN1ObjectIdentifier> wantedExtTypes = new HashSet<>();
if (requestedExtensions != null) {
Extension reqExtension = requestedExtensions.getExtension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions);
if (reqExtension != null) {
ExtensionExistence ee = ExtensionExistence.getInstance(reqExtension.getParsedValue());
neededExtTypes.addAll(ee.getNeedExtensions());
wantedExtTypes.addAll(ee.getWantExtensions());
}
for (ASN1ObjectIdentifier oid : neededExtTypes) {
if (wantedExtTypes.contains(oid)) {
wantedExtTypes.remove(oid);
}
if (!controls.containsKey(oid)) {
throw new BadCertTemplateException("could not add needed extension " + oid.getId());
}
}
}
// SubjectKeyIdentifier
ASN1ObjectIdentifier extType = Extension.subjectKeyIdentifier;
ExtensionControl extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
byte[] encodedSpki = publicKeyInfo.getPublicKeyData().getBytes();
byte[] skiValue = HashAlgo.SHA1.hash(encodedSpki);
SubjectKeyIdentifier value = new SubjectKeyIdentifier(skiValue);
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// Authority key identifier
extType = Extension.authorityKeyIdentifier;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
byte[] ikiValue = publicCaInfo.getSubjectKeyIdentifer();
AuthorityKeyIdentifier value = null;
if (ikiValue != null) {
if (certprofile.includesIssuerAndSerialInAki()) {
GeneralNames x509CaSubject = new GeneralNames(new GeneralName(publicCaInfo.getX500Subject()));
value = new AuthorityKeyIdentifier(ikiValue, x509CaSubject, publicCaInfo.getSerialNumber());
} else {
value = new AuthorityKeyIdentifier(ikiValue);
}
}
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// IssuerAltName
extType = Extension.issuerAlternativeName;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
GeneralNames value = publicCaInfo.getSubjectAltName();
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// AuthorityInfoAccess
extType = Extension.authorityInfoAccess;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
AuthorityInfoAccessControl aiaControl = certprofile.getAiaControl();
List<String> caIssuers = null;
if (aiaControl == null || aiaControl.isIncludesCaIssuers()) {
caIssuers = publicCaInfo.getCaCertUris();
}
List<String> ocspUris = null;
if (aiaControl == null || aiaControl.isIncludesOcsp()) {
ocspUris = publicCaInfo.getOcspUris();
}
if (CollectionUtil.isNonEmpty(caIssuers) || CollectionUtil.isNonEmpty(ocspUris)) {
AuthorityInformationAccess value = CaUtil.createAuthorityInformationAccess(caIssuers, ocspUris);
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
}
if (controls.containsKey(Extension.cRLDistributionPoints) || controls.containsKey(Extension.freshestCRL)) {
X500Name crlSignerSubject = (crlSignerCert == null) ? null : X500Name.getInstance(crlSignerCert.getSubjectX500Principal().getEncoded());
X500Name x500CaPrincipal = publicCaInfo.getX500Subject();
// CRLDistributionPoints
extType = Extension.cRLDistributionPoints;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
if (CollectionUtil.isNonEmpty(publicCaInfo.getCrlUris())) {
CRLDistPoint value = CaUtil.createCrlDistributionPoints(publicCaInfo.getCrlUris(), x500CaPrincipal, crlSignerSubject);
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
}
// FreshestCRL
extType = Extension.freshestCRL;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
if (CollectionUtil.isNonEmpty(publicCaInfo.getDeltaCrlUris())) {
CRLDistPoint value = CaUtil.createCrlDistributionPoints(publicCaInfo.getDeltaCrlUris(), x500CaPrincipal, crlSignerSubject);
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
}
}
// BasicConstraints
extType = Extension.basicConstraints;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
BasicConstraints value = CaUtil.createBasicConstraints(certprofile.getCertLevel(), certprofile.getPathLenBasicConstraint());
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// KeyUsage
extType = Extension.keyUsage;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
Set<KeyUsage> usages = new HashSet<>();
Set<KeyUsageControl> usageOccs = certprofile.getKeyUsage();
for (KeyUsageControl k : usageOccs) {
if (k.isRequired()) {
usages.add(k.getKeyUsage());
}
}
// the optional KeyUsage will only be set if requested explicitly
if (requestedExtensions != null && extControl.isRequest()) {
addRequestedKeyusage(usages, requestedExtensions, usageOccs);
}
org.bouncycastle.asn1.x509.KeyUsage value = X509Util.createKeyUsage(usages);
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// ExtendedKeyUsage
extType = Extension.extendedKeyUsage;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
List<ASN1ObjectIdentifier> usages = new LinkedList<>();
Set<ExtKeyUsageControl> usageOccs = certprofile.getExtendedKeyUsages();
for (ExtKeyUsageControl k : usageOccs) {
if (k.isRequired()) {
usages.add(k.getExtKeyUsage());
}
}
// the optional ExtKeyUsage will only be set if requested explicitly
if (requestedExtensions != null && extControl.isRequest()) {
addRequestedExtKeyusage(usages, requestedExtensions, usageOccs);
}
if (extControl.isCritical() && usages.contains(ObjectIdentifiers.id_anyExtendedKeyUsage)) {
extControl = new ExtensionControl(false, extControl.isRequired(), extControl.isRequest());
}
ExtendedKeyUsage value = X509Util.createExtendedUsage(usages);
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// ocsp-nocheck
extType = ObjectIdentifiers.id_extension_pkix_ocsp_nocheck;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
// the extension ocsp-nocheck will only be set if requested explicitly
DERNull value = DERNull.INSTANCE;
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// SubjectInfoAccess
extType = Extension.subjectInfoAccess;
extControl = controls.remove(extType);
if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
ASN1Sequence value = null;
if (requestedExtensions != null && extControl.isRequest()) {
value = createSubjectInfoAccess(requestedExtensions, certprofile.getSubjectInfoAccessModes());
}
addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
}
// remove extensions that are not required frrom the list
List<ASN1ObjectIdentifier> listToRm = null;
for (ASN1ObjectIdentifier extnType : controls.keySet()) {
ExtensionControl ctrl = controls.get(extnType);
if (ctrl.isRequired()) {
continue;
}
if (neededExtTypes.contains(extnType) || wantedExtTypes.contains(extnType)) {
continue;
}
if (listToRm == null) {
listToRm = new LinkedList<>();
}
listToRm.add(extnType);
}
if (listToRm != null) {
for (ASN1ObjectIdentifier extnType : listToRm) {
controls.remove(extnType);
}
}
ExtensionValues subvalues = certprofile.getExtensions(Collections.unmodifiableMap(controls), requestedSubject, grantedSubject, requestedExtensions, notBefore, notAfter, publicCaInfo);
Set<ASN1ObjectIdentifier> extTypes = new HashSet<>(controls.keySet());
for (ASN1ObjectIdentifier type : extTypes) {
extControl = controls.remove(type);
boolean addMe = addMe(type, extControl, neededExtTypes, wantedExtTypes);
if (addMe) {
ExtensionValue value = null;
if (requestedExtensions != null && extControl.isRequest()) {
Extension reqExt = requestedExtensions.getExtension(type);
if (reqExt != null) {
value = new ExtensionValue(reqExt.isCritical(), reqExt.getParsedValue());
}
}
if (value == null) {
value = subvalues.getExtensionValue(type);
}
addExtension(values, type, value, extControl, neededExtTypes, wantedExtTypes);
}
}
Set<ASN1ObjectIdentifier> unprocessedExtTypes = new HashSet<>();
for (ASN1ObjectIdentifier type : controls.keySet()) {
if (controls.get(type).isRequired()) {
unprocessedExtTypes.add(type);
}
}
if (CollectionUtil.isNonEmpty(unprocessedExtTypes)) {
throw new CertprofileException("could not add required extensions " + toString(unprocessedExtTypes));
}
if (CollectionUtil.isNonEmpty(neededExtTypes)) {
throw new BadCertTemplateException("could not add requested extensions " + toString(neededExtTypes));
}
return values;
}
Also used :
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
AuthorityInfoAccessControl(org.xipki.ca.api.profile.x509.AuthorityInfoAccessControl)
HashMap(java.util.HashMap)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
KeyUsage(org.xipki.security.KeyUsage)
KeyUsageControl(org.xipki.ca.api.profile.x509.KeyUsageControl)
ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
DERNull(org.bouncycastle.asn1.DERNull)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ExtensionControl(org.xipki.ca.api.profile.ExtensionControl)
ExtensionValues(org.xipki.ca.api.profile.ExtensionValues)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage)
HashSet(java.util.HashSet)
ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
LinkedList(java.util.LinkedList)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ExtensionExistence(org.xipki.security.ExtensionExistence)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 7 with SubjectKeyIdentifier
use of org.openmuc.jasn1.compiler.pkix1implicit88.SubjectKeyIdentifier in project credhub by cloudfoundry-incubator.
the class CertificateGenerateTest method certificateGeneration_shouldGenerateCorrectCertificate.
@Test
public void certificateGeneration_shouldGenerateCorrectCertificate() throws Exception {
MockHttpServletRequestBuilder caPost = post("/api/v1/data").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + " \"name\" : \"picard\",\n" + " \"type\" : \"certificate\",\n" + " \"parameters\" : {\n" + " \"common_name\" : \"federation\",\n" + " \"is_ca\" : true,\n" + " \"self_sign\" : true\n" + " }\n" + "}");
String caResult = this.mockMvc.perform(caPost).andDo(print()).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
String picardCert = (new JSONObject(caResult)).getJSONObject("value").getString("certificate");
String picardCA = (new JSONObject(caResult)).getJSONObject("value").getString("ca");
assertThat(picardCert, equalTo(picardCA));
assertThat(picardCert, notNullValue());
MockHttpServletRequestBuilder certPost = post("/api/v1/data").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + " \"name\" : \"riker\",\n" + " \"type\" : \"certificate\",\n" + " \"parameters\" : {\n" + " \"common_name\" : \"federation\",\n" + " \"ca\" : \"picard\"\n" + " }\n" + "}");
String certResult = this.mockMvc.perform(certPost).andDo(print()).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
String certCa = (new JSONObject(certResult)).getJSONObject("value").getString("ca");
String cert = (new JSONObject(certResult)).getJSONObject("value").getString("certificate");
assertThat(certCa, equalTo(picardCert));
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate caPem = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(picardCert.getBytes()));
X509Certificate certPem = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(cert.getBytes()));
byte[] subjectKeyIdDer = caPem.getExtensionValue(Extension.subjectKeyIdentifier.getId());
SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(subjectKeyIdDer));
byte[] subjectKeyId = subjectKeyIdentifier.getKeyIdentifier();
byte[] authorityKeyIdDer = certPem.getExtensionValue(Extension.authorityKeyIdentifier.getId());
AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(JcaX509ExtensionUtils.parseExtensionValue(authorityKeyIdDer));
byte[] authKeyId = authorityKeyIdentifier.getKeyIdentifier();
assertThat(subjectKeyId, equalTo(authKeyId));
}
Also used :
JSONObject(org.json.JSONObject)
ByteArrayInputStream(java.io.ByteArrayInputStream)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Example 8 with SubjectKeyIdentifier
use of org.openmuc.jasn1.compiler.pkix1implicit88.SubjectKeyIdentifier in project jruby-openssl by jruby.
the class X509Utils method checkIfIssuedBy.
/**
* c: X509_check_issued
*/
public static int checkIfIssuedBy(final X509AuxCertificate issuer, final X509AuxCertificate subject) throws IOException {
if (!issuer.getSubjectX500Principal().equals(subject.getIssuerX500Principal())) {
return V_ERR_SUBJECT_ISSUER_MISMATCH;
}
if (subject.getExtensionValue("2.5.29.35") != null) {
// authorityKeyID
// I hate ASN1 and DER
Object key = get(subject.getExtensionValue("2.5.29.35"));
if (!(key instanceof ASN1Sequence))
key = get((DEROctetString) key);
final ASN1Sequence seq = (ASN1Sequence) key;
final AuthorityKeyIdentifier sakid;
if (seq.size() == 1 && (seq.getObjectAt(0) instanceof ASN1OctetString)) {
sakid = AuthorityKeyIdentifier.getInstance(new DLSequence(new DERTaggedObject(0, seq.getObjectAt(0))));
} else {
sakid = AuthorityKeyIdentifier.getInstance(seq);
}
if (sakid.getKeyIdentifier() != null) {
if (issuer.getExtensionValue("2.5.29.14") != null) {
DEROctetString der = (DEROctetString) get(issuer.getExtensionValue("2.5.29.14"));
SubjectKeyIdentifier iskid = SubjectKeyIdentifier.getInstance(get(der.getOctets()));
if (iskid.getKeyIdentifier() != null) {
if (!Arrays.equals(sakid.getKeyIdentifier(), iskid.getKeyIdentifier())) {
return V_ERR_AKID_SKID_MISMATCH;
}
}
}
}
final BigInteger serialNumber = sakid.getAuthorityCertSerialNumber();
if (serialNumber != null && !serialNumber.equals(issuer.getSerialNumber())) {
return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
}
if (sakid.getAuthorityCertIssuer() != null) {
GeneralName[] gens = sakid.getAuthorityCertIssuer().getNames();
X500Name x500Name = null;
for (int i = 0; i < gens.length; i++) {
if (gens[i].getTagNo() == GeneralName.directoryName) {
ASN1Encodable name = gens[i].getName();
if (name instanceof X500Name) {
x500Name = (X500Name) name;
} else if (name instanceof ASN1Sequence) {
x500Name = X500Name.getInstance((ASN1Sequence) name);
} else {
throw new RuntimeException("unknown name type: " + name);
}
break;
}
}
if (x500Name != null) {
if (!new Name(x500Name).equalTo(issuer.getIssuerX500Principal())) {
return V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
}
}
}
}
final boolean[] keyUsage = issuer.getKeyUsage();
if (subject.getExtensionValue("1.3.6.1.5.5.7.1.14") != null) {
if (keyUsage != null && !keyUsage[0]) {
// KU_DIGITAL_SIGNATURE
return V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
}
} else if (keyUsage != null && !keyUsage[5]) {
// KU_KEY_CERT_SIGN
return V_ERR_KEYUSAGE_NO_CERTSIGN;
}
return V_OK;
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DLSequence(org.bouncycastle.asn1.DLSequence)
BigInteger(java.math.BigInteger)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 9 with SubjectKeyIdentifier
use of org.openmuc.jasn1.compiler.pkix1implicit88.SubjectKeyIdentifier in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method createKeySafeBagBuilder.
private static PKCS12SafeBagBuilder createKeySafeBagBuilder(String alias, KeyPair key, char[] passwordChars) throws GeneralSecurityException {
PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(key.getPrivate(), PKCS12_ENCRYPTOR_BUILDER.build(passwordChars));
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(alias));
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier subjectKeyIdentifier = extensionUtils.createSubjectKeyIdentifier(key.getPublic());
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, subjectKeyIdentifier);
return safeBagBuilder;
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
PKCS12SafeBagBuilder(org.bouncycastle.pkcs.PKCS12SafeBagBuilder)
JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)
Example 10 with SubjectKeyIdentifier
use of org.openmuc.jasn1.compiler.pkix1implicit88.SubjectKeyIdentifier in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method createKeySafeBagBuilder.
private static PKCS12SafeBagBuilder createKeySafeBagBuilder(String alias, KeyPair key) throws GeneralSecurityException {
PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(key.getPrivate());
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(alias));
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
SubjectKeyIdentifier subjectKeyIdentifier = extensionUtils.createSubjectKeyIdentifier(key.getPublic());
safeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, subjectKeyIdentifier);
return safeBagBuilder;
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
PKCS12SafeBagBuilder(org.bouncycastle.pkcs.PKCS12SafeBagBuilder)
JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)
Aggregations
SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)17
X509Certificate (java.security.cert.X509Certificate)6
BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)6
IOException (java.io.IOException)5
GeneralName (org.bouncycastle.asn1.x509.GeneralName)5
KeyPair (java.security.KeyPair)4
CertificateException (java.security.cert.CertificateException)4
Date (java.util.Date)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
X500NameBuilder (org.bouncycastle.asn1.x500.X500NameBuilder)4
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)4
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)4
BigInteger (java.math.BigInteger)3
KeyStore (java.security.KeyStore)3
PrivateKey (java.security.PrivateKey)3
PublicKey (java.security.PublicKey)3
SecureRandom (java.security.SecureRandom)3
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)3
DERBMPString (org.bouncycastle.asn1.DERBMPString)3
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)3
