Search in sources :

Example 16 with SubjectPublicKeyInfo

use of rdpclient.ntlmssp.asn1.SubjectPublicKeyInfo in project robovm by robovm.

the class KeyFactory method engineGeneratePublic.

protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
    if (keySpec instanceof X509EncodedKeySpec) {
        try {
            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(((X509EncodedKeySpec) keySpec).getEncoded());
            PublicKey key = BouncyCastleProvider.getPublicKey(info);
            if (key != null) {
                return key;
            }
            throw new InvalidKeySpecException("no factory found for OID: " + info.getAlgorithm().getAlgorithm());
        } catch (Exception e) {
            throw new InvalidKeySpecException(e.toString());
        }
    }
    throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
}
Also used : PublicKey(java.security.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidKeyException(java.security.InvalidKeyException)

Example 17 with SubjectPublicKeyInfo

use of rdpclient.ntlmssp.asn1.SubjectPublicKeyInfo in project robovm by robovm.

the class PKCS10CertificationRequest method getPublicKey.

public PublicKey getPublicKey(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
    SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();
    try {
        X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
        AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm();
        try {
            if (provider == null) {
                return KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
            } else {
                return KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), provider).generatePublic(xspec);
            }
        } catch (NoSuchAlgorithmException e) {
            //
            if (keyAlgorithms.get(keyAlg.getObjectId()) != null) {
                String keyAlgorithm = (String) keyAlgorithms.get(keyAlg.getObjectId());
                if (provider == null) {
                    return KeyFactory.getInstance(keyAlgorithm).generatePublic(xspec);
                } else {
                    return KeyFactory.getInstance(keyAlgorithm, provider).generatePublic(xspec);
                }
            }
            throw e;
        }
    } catch (InvalidKeySpecException e) {
        throw new InvalidKeyException("error decoding public key");
    } catch (IOException e) {
        throw new InvalidKeyException("error decoding public key");
    }
}
Also used : X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DERBitString(org.bouncycastle.asn1.DERBitString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) DERBitString(org.bouncycastle.asn1.DERBitString) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 18 with SubjectPublicKeyInfo

use of rdpclient.ntlmssp.asn1.SubjectPublicKeyInfo in project robovm by robovm.

the class AuthorityKeyIdentifierStructure method fromCertificate.

private static ASN1Sequence fromCertificate(X509Certificate certificate) throws CertificateParsingException {
    try {
        if (certificate.getVersion() != 3) {
            GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
            return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
        } else {
            GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate));
            byte[] ext = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId());
            if (ext != null) {
                ASN1OctetString str = (ASN1OctetString) X509ExtensionUtil.fromExtensionValue(ext);
                return (ASN1Sequence) new AuthorityKeyIdentifier(str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
            } else {
                SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject());
                return (ASN1Sequence) new AuthorityKeyIdentifier(info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object();
            }
        }
    } catch (Exception e) {
        throw new CertificateParsingException("Exception extracting certificate details: " + e.toString());
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) CertificateParsingException(java.security.cert.CertificateParsingException) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) GeneralName(org.bouncycastle.asn1.x509.GeneralName) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) CertificateParsingException(java.security.cert.CertificateParsingException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException)

Example 19 with SubjectPublicKeyInfo

use of rdpclient.ntlmssp.asn1.SubjectPublicKeyInfo in project robovm by robovm.

the class SubjectPublicKeyInfoTest method test_getPublicKey_WellKnownOid.

public void test_getPublicKey_WellKnownOid() throws Exception {
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
    KeyPair pair = kpg.generateKeyPair();
    final RSAPublicKey rsaPubKey = (RSAPublicKey) pair.getPublic();
    /* Do some fancy footwork to get an ASN.1 SubjectPublicKey for RSA */
    final ASN1Sequence rsaPubKeyInfo = new ASN1Sequence(new ASN1Type[] { ASN1Integer.getInstance(), ASN1Integer.getInstance() }) {

        @Override
        protected void getValues(Object object, Object[] values) {
            values[0] = rsaPubKey.getModulus().toByteArray();
            values[1] = rsaPubKey.getPublicExponent().toByteArray();
        }
    };
    /* The algorithm ID for RSA encryption */
    AlgorithmIdentifier algid = new AlgorithmIdentifier("1.2.840.113549.1.1.1");
    SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algid, rsaPubKeyInfo.encode(null));
    PublicKey pubKey = spki.getPublicKey();
    assertNotNull(pubKey);
    assertTrue(pubKey instanceof RSAPublicKey);
}
Also used : KeyPair(java.security.KeyPair) ASN1Sequence(org.apache.harmony.security.asn1.ASN1Sequence) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509PublicKey(org.apache.harmony.security.x509.X509PublicKey) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) SubjectPublicKeyInfo(org.apache.harmony.security.x509.SubjectPublicKeyInfo) AlgorithmIdentifier(org.apache.harmony.security.x509.AlgorithmIdentifier)

Example 20 with SubjectPublicKeyInfo

use of rdpclient.ntlmssp.asn1.SubjectPublicKeyInfo in project helios by spotify.

the class X509CertificateFactory method generate.

private CertificateAndPrivateKey generate(final AgentProxy agentProxy, final Identity identity, final String username) {
    final UUID uuid = new UUID();
    final Calendar calendar = Calendar.getInstance();
    final X500Name issuerdn = new X500Name("C=US,O=Spotify,CN=helios-client");
    final X500Name subjectdn = new X500NameBuilder().addRDN(BCStyle.UID, username).build();
    calendar.add(Calendar.MILLISECOND, -validBeforeMilliseconds);
    final Date notBefore = calendar.getTime();
    calendar.add(Calendar.MILLISECOND, validBeforeMilliseconds + validAfterMilliseconds);
    final Date notAfter = calendar.getTime();
    // Reuse the UUID time as a SN
    final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs();
    try {
        final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(KEY_SIZE, new SecureRandom());
        final KeyPair keyPair = keyPairGenerator.generateKeyPair();
        final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));
        final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerdn, serialNumber, notBefore, notAfter, subjectdn, subjectPublicKeyInfo);
        final DigestCalculator digestCalculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
        final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator);
        final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
        final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier());
        log.info("generating an X509 certificate for {} with key ID={} and identity={}", username, keyIdHex, identity.getComment());
        builder.addExtension(Extension.subjectKeyIdentifier, false, keyId);
        builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo));
        builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign));
        builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        final X509CertificateHolder holder = builder.build(new SshAgentContentSigner(agentProxy, identity));
        final X509Certificate certificate = CERTIFICATE_CONVERTER.getCertificate(holder);
        log.debug("generated certificate:\n{}", asPemString(certificate));
        return new CertificateAndPrivateKey(certificate, keyPair.getPrivate());
    } catch (Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider) KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) Calendar(java.util.Calendar) DigestCalculator(org.bouncycastle.operator.DigestCalculator) SecureRandom(java.security.SecureRandom) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyPairGenerator(java.security.KeyPairGenerator) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) UUID(com.eaio.uuid.UUID) X509ExtensionUtils(org.bouncycastle.cert.X509ExtensionUtils) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Aggregations

SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)16 IOException (java.io.IOException)9 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8 X500Name (org.bouncycastle.asn1.x500.X500Name)6 Date (java.util.Date)5 AlgorithmIdentifier (org.apache.harmony.security.x509.AlgorithmIdentifier)5 SubjectPublicKeyInfo (org.apache.harmony.security.x509.SubjectPublicKeyInfo)5 BigInteger (java.math.BigInteger)4 GeneralSecurityException (java.security.GeneralSecurityException)4 InvalidKeyException (java.security.InvalidKeyException)4 PublicKey (java.security.PublicKey)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)4 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 SecureRandom (java.security.SecureRandom)3 CertificateParsingException (java.security.cert.CertificateParsingException)3 X509PublicKey (org.apache.harmony.security.x509.X509PublicKey)3 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)3 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)3