use of org.spongycastle.asn1.DEROctetString in project felix by apache.
the class CertificateUtil method createSelfSignedCert.
private static X509Certificate createSelfSignedCert(String commonName, KeyPair keypair) throws Exception {
PublicKey publicKey = keypair.getPublic();
String keyAlg = DPSigner.getSignatureAlgorithm(publicKey);
X500Name issuer = new X500Name(commonName);
BigInteger serial = BigInteger.probablePrime(16, new Random());
Date notBefore = new Date(System.currentTimeMillis() - 1000);
Date notAfter = new Date(notBefore.getTime() + 6000);
SubjectPublicKeyInfo pubKeyInfo;
try (ASN1InputStream is = new ASN1InputStream(publicKey.getEncoded())) {
pubKeyInfo = SubjectPublicKeyInfo.getInstance(is.readObject());
}
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, issuer, pubKeyInfo);
builder.addExtension(new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(false))));
X509CertificateHolder certHolder = builder.build(new JcaContentSignerBuilder(keyAlg).build(keypair.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(certHolder);
}
use of org.spongycastle.asn1.DEROctetString in project android_packages_apps_Settings by LineageOS.
the class CertInstallerHelper method isCa.
private boolean isCa(X509Certificate cert) {
try {
byte[] asn1EncodedBytes = cert.getExtensionValue("2.5.29.19");
if (asn1EncodedBytes == null) {
return false;
}
DEROctetString derOctetString = (DEROctetString) new ASN1InputStream(asn1EncodedBytes).readObject();
byte[] octets = derOctetString.getOctets();
ASN1Sequence sequence = (ASN1Sequence) new ASN1InputStream(octets).readObject();
return BasicConstraints.getInstance(sequence).isCA();
} catch (IOException e) {
return false;
}
}
use of org.spongycastle.asn1.DEROctetString in project pdfbox by apache.
the class CertInformationHelper method getAuthorityInfoExtensionValue.
/**
* Extracts authority information access extension values from the given data. The Data
* structure has to be implemented as described in RFC 2459, 4.2.2.1.
*
* @param extensionValue byte[] of the extension value.
* @param certInfo where to put the found values
* @throws IOException when there is a problem with the extensionValue
*/
protected static void getAuthorityInfoExtensionValue(byte[] extensionValue, CertSignatureInformation certInfo) throws IOException {
ASN1Sequence asn1Seq = (ASN1Sequence) X509ExtensionUtil.fromExtensionValue(extensionValue);
Enumeration<?> objects = asn1Seq.getObjects();
while (objects.hasMoreElements()) {
// AccessDescription
ASN1Sequence obj = (ASN1Sequence) objects.nextElement();
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) obj.getObjectAt(0);
// accessLocation
DERTaggedObject location = (DERTaggedObject) obj.getObjectAt(1);
if (oid.equals(X509ObjectIdentifiers.id_ad_ocsp) && location.getTagNo() == GeneralName.uniformResourceIdentifier) {
DEROctetString url = (DEROctetString) location.getObject();
certInfo.setOcspUrl(new String(url.getOctets()));
} else if (oid.equals(X509ObjectIdentifiers.id_ad_caIssuers)) {
DEROctetString uri = (DEROctetString) location.getObject();
certInfo.setIssuerUrl(new String(uri.getOctets()));
}
}
}
use of org.spongycastle.asn1.DEROctetString in project nuls by nuls-io.
the class SM2Utils method encrypt.
public static byte[] encrypt(byte[] publicKey, byte[] data) throws IOException {
if (publicKey == null || publicKey.length == 0) {
return null;
}
if (data == null || data.length == 0) {
return null;
}
byte[] source = new byte[data.length];
System.arraycopy(data, 0, source, 0, data.length);
Cipher cipher = new Cipher();
SM2 sm2 = SM2.Instance();
ECPoint userKey = sm2.ecc_curve.decodePoint(publicKey);
ECPoint c1 = cipher.initEnc(sm2, userKey);
cipher.encrypt(source);
byte[] c3 = new byte[32];
cipher.dofinal(c3);
DERInteger x = new DERInteger(c1.getX().toBigInteger());
DERInteger y = new DERInteger(c1.getY().toBigInteger());
DEROctetString derDig = new DEROctetString(c3);
DEROctetString derEnc = new DEROctetString(source);
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(x);
v.add(y);
v.add(derDig);
v.add(derEnc);
DERSequence seq = new DERSequence(v);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(seq);
return bos.toByteArray();
}
use of org.spongycastle.asn1.DEROctetString in project xipki by xipki.
the class OcspBenchRequestor method init.
public void init(OcspBenchmark responseHandler, String responderUrl, Certificate issuerCert, RequestOptions requestOptions, int queueSize) throws Exception {
ParamUtil.requireNonNull("issuerCert", issuerCert);
ParamUtil.requireNonNull("responseHandler", responseHandler);
this.requestOptions = ParamUtil.requireNonNull("requestOptions", requestOptions);
HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
if (hashAlgo == null) {
throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
}
this.issuerhashAlg = hashAlgo.getAlgorithmIdentifier();
this.issuerNameHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubject().getEncoded()));
this.issuerKeyHash = new DEROctetString(hashAlgo.hash(issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
if (prefSigAlgs == null || prefSigAlgs.size() == 0) {
this.extensions = null;
} else {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (AlgorithmIdentifier algId : prefSigAlgs) {
ASN1Sequence prefSigAlgObj = new DERSequence(algId);
vec.add(prefSigAlgObj);
}
ASN1Sequence extnValue = new DERSequence(vec);
Extension extn;
try {
extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
} catch (IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
this.extensions = new Extension[] { extn };
}
URI uri = new URI(responderUrl);
this.responderRawPathPost = uri.getRawPath();
if (this.responderRawPathPost.endsWith("/")) {
this.responderRawPathGet = this.responderRawPathPost;
} else {
this.responderRawPathGet = this.responderRawPathPost + "/";
}
this.httpClient = new HttpClient(responderUrl, responseHandler, queueSize);
this.httpClient.start();
}
Aggregations