Example 46 with AlgorithmIdentifier
use of org.spongycastle.asn1.x509.AlgorithmIdentifier in project airavata by apache.
the class MyProxyLogon method generateCertificationRequest.
private PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception {
X500Name subject = new X500Name(dn);
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded());
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam);
PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);
AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA);
BcRSAContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1));
AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded());
ContentSigner signer = signerBuilder.build(pkParam);
return builder.build(signer);
}
Also used :
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
PrivateKey(java.security.PrivateKey)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
PublicKey(java.security.PublicKey)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 47 with AlgorithmIdentifier
use of org.spongycastle.asn1.x509.AlgorithmIdentifier in project airavata by apache.
the class X509SecurityContext method generateShortLivedCredential.
public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
// 15 minutes
final long CredentialGoodFromOffset = 1000L * 60L * 15L;
// ago
final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
final long endTime = startTime + 30 * 3600 * 1000;
String keyLengthProp = "1024";
int keyLength = Integer.parseInt(keyLengthProp);
String signatureAlgorithm = "SHA1withRSA";
KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
kpg.initialize(keyLength);
KeyPair pair = kpg.generateKeyPair();
X500Principal subjectDN = new X500Principal(userDN);
Random rand = new Random();
SubjectPublicKeyInfo publicKeyInfo;
try {
publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
} catch (IOException e) {
throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
}
X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
certificate.checkValidity(new Date());
certificate.verify(caCred.getCertificate().getPublicKey());
KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
return result;
}
Also used :
KeyPair(java.security.KeyPair)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyPairGenerator(java.security.KeyPairGenerator)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Random(java.util.Random)
X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
Example 48 with AlgorithmIdentifier
use of org.spongycastle.asn1.x509.AlgorithmIdentifier in project runwar by cfmlprojects.
the class SelfSignedCertificate method generateCertificate.
private static X509Certificate generateCertificate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
final X500Name subject = new X500Name("CN=" + fqdn);
final SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keypair.getPublic().getEncoded());
final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
final AsymmetricKeyParameter keyParam = PrivateKeyFactory.createKey(keypair.getPrivate().getEncoded());
final ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParam);
X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(subject, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, subject, subPubKeyInfo);
v3CertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
v3CertBuilder.addExtension(Extension.keyUsage, true, new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.nonRepudiation | X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment));
v3CertBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(keypair.getPublic()));
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
X509Certificate cert = converter.getCertificate(v3CertBuilder.build(sigGen));
cert.checkValidity();
cert.verify(keypair.getPublic());
return cert;
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
BigInteger(java.math.BigInteger)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)
Example 49 with AlgorithmIdentifier
use of org.spongycastle.asn1.x509.AlgorithmIdentifier in project spring-cloud-digital-sign by SpringForAll.
the class ServerPKCSUtil method genCsr.
/**
* genCsr
*
* @param alg0 alg
* 密钥算法
* @return
*/
public static String genCsr(String alg0) {
if ("".equals(alg0)) {
alg = alg0;
}
// 产生秘钥对
KeyPairGenerator kpg = null;
try {
kpg = KeyPairGenerator.getInstance(alg);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
// 根据秘钥算法配置秘钥长度
if ("SM2".equalsIgnoreCase(alg)) {
kpg.initialize(256);
} else {
kpg.initialize(2048);
}
KeyPair kp = kpg.generateKeyPair();
securityKP = kp;
// 获取公钥以及公钥算法
byte[] publickey = kp.getPublic().getEncoded();
String pubAlg = kp.getPublic().getAlgorithm();
String sAlg = null;
try {
sAlg = AlgorithmId.get(pubAlg).getOID().toString();
} catch (NoSuchAlgorithmException e) {
}
SubjectPublicKeyInfo spki = null;
// 区分SM2和RSA
if (sAlg.equals("1.2.156.10197.1.301")) {
spki = SubjectPublicKeyInfo.getInstance(publickey);
} else {
spki = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publickey));
}
String subject = "CN=defaultName";
X500Name x500 = new X500Name(subject);
// 产生csr构造器
PKCS10CertificationRequestBuilder prb = new PKCS10CertificationRequestBuilder(x500, spki);
// 构建签名信息
ContentSigner signer = null;
PrivateKey privateKey = kp.getPrivate();
Signature sign = null;
try {
if (privateKey.getAlgorithm().equals("SM2")) {
sign = Signature.getInstance("SM3withSM2");
} else {
sign = Signature.getInstance("SHA1withRSA");
}
sign.initSign(privateKey);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
final Signature sign1 = sign;
signer = new ContentSigner() {
ByteArrayOutputStream originStream = new ByteArrayOutputStream();
public byte[] getSignature() {
try {
sign1.update(originStream.toByteArray());
return sign1.sign();
} catch (SignatureException e) {
throw new RuntimeException(e);
}
}
public OutputStream getOutputStream() {
return originStream;
}
public AlgorithmIdentifier getAlgorithmIdentifier() {
try {
return new AlgorithmIdentifier(AlgorithmId.get(sign1.getAlgorithm()).getOID().toString());
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
PKCS10CertificationRequestHolder pr = prb.build(signer);
try {
return new String(Base64.encode(pr.getEncoded()));
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
KeyPairGenerator(java.security.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
PKCS10CertificationRequestHolder(org.bouncycastle.pkcs.PKCS10CertificationRequestHolder)
Signature(java.security.Signature)
Example 50 with AlgorithmIdentifier
use of org.spongycastle.asn1.x509.AlgorithmIdentifier in project jruby-openssl by jruby.
the class SecurityHelper method verify.
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
if (crl instanceof X509CRLObject) {
final CertificateList crlList = (CertificateList) getCertificateList(crl);
final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
if (silent)
return false;
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
signature.initVerify(publicKey);
signature.update(crl.getTBSCertList());
if (!signature.verify(crl.getSignature())) {
if (silent)
return false;
throw new SignatureException("CRL does not verify with supplied public key.");
}
return true;
} else {
try {
final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
final ContentVerifierProvider verifierProvider;
if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
BigInteger y = ((DSAPublicKey) publicKey).getY();
DSAParams params = ((DSAPublicKey) publicKey).getParams();
DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
} else {
BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
}
return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
} catch (OperatorException e) {
throw new SignatureException(e);
} catch (CertException e) {
throw new SignatureException(e);
}// can happen if the input is DER but does not match expected strucure
catch (ClassCastException e) {
throw new SignatureException(e);
} catch (IOException e) {
throw new SignatureException(e);
}
}
}
Also used :
DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters)
X509CRLObject(org.bouncycastle.jce.provider.X509CRLObject)
BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
CertException(org.bouncycastle.cert.CertException)
SignatureException(java.security.SignatureException)
DSAParams(java.security.interfaces.DSAParams)
IOException(java.io.IOException)
DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
Signature(java.security.Signature)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder)
CRLException(java.security.cert.CRLException)
DSAParameters(org.bouncycastle.crypto.params.DSAParameters)
OperatorException(org.bouncycastle.operator.OperatorException)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
Aggregations
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)114
IOException (java.io.IOException)47
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)36
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)35
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)32
BigInteger (java.math.BigInteger)29
X509Certificate (java.security.cert.X509Certificate)27
X500Name (org.bouncycastle.asn1.x500.X500Name)27
DEROctetString (org.bouncycastle.asn1.DEROctetString)21
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)20
KeyPair (java.security.KeyPair)19
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)19
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)19
Date (java.util.Date)18
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)18
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)17
DERSequence (org.bouncycastle.asn1.DERSequence)16
KeyPairGenerator (java.security.KeyPairGenerator)15
PublicKey (java.security.PublicKey)14
ContentSigner (org.bouncycastle.operator.ContentSigner)14
