Example 11 with AlgorithmId
use of sun.security.x509.AlgorithmId in project jdk8u_jdk by JetBrains.
the class RSASignature method encodeSignature.
/**
* Encode the digest, return the to-be-signed data.
* Also used by the PKCS#11 provider.
*/
public static byte[] encodeSignature(ObjectIdentifier oid, byte[] digest) throws IOException {
DerOutputStream out = new DerOutputStream();
new AlgorithmId(oid).encode(out);
out.putOctetString(digest);
DerValue result = new DerValue(DerValue.tag_Sequence, out.toByteArray());
return result.toByteArray();
}
Also used :
AlgorithmId(sun.security.x509.AlgorithmId)
Example 12 with AlgorithmId
use of sun.security.x509.AlgorithmId in project cdap by caskdata.
the class KeyStores method getCertificate.
/**
* Generate an X.509 certificate
*
* @param dn Distinguished name for the owner of the certificate, it will also be the signer of the certificate.
* @param pair Key pair used for signing the certificate.
* @param days Validity of the certificate.
* @param algorithm Name of the signature algorithm used.
* @return A X.509 certificate
*/
private static X509Certificate getCertificate(String dn, KeyPair pair, int days, String algorithm) throws IOException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
// Calculate the validity interval of the certificate
Date from = new Date();
Date to = DateUtils.addDays(from, days);
CertificateValidity interval = new CertificateValidity(from, to);
// Generate a random number to use as the serial number for the certificate
BigInteger sn = new BigInteger(64, new SecureRandom());
// Create the name of the owner based on the provided distinguished name
X500Name owner = new X500Name(dn);
// Create an info objects with the provided information, which will be used to create the certificate
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
// In java 7, subject is of type CertificateSubjectName and issuer is of type CertificateIssuerName.
// These were changed to X500Name in Java8. So looking at the field type before setting them.
// This certificate will be self signed, hence the subject and the issuer are same.
Field subjectField = null;
try {
subjectField = info.getClass().getDeclaredField("subject");
if (subjectField.getType().equals(X500Name.class)) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
} catch (NoSuchFieldException e) {
// Trying to set it to Java 8 types. If one of the underlying fields has changed then this will throw a
// CertificateException which is handled by the caller.
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Create the certificate and sign it with the private key
X509CertImpl cert = new X509CertImpl(info);
PrivateKey privateKey = pair.getPrivate();
cert.sign(privateKey, algorithm);
return cert;
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
Date(java.util.Date)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
Field(java.lang.reflect.Field)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 13 with AlgorithmId
use of sun.security.x509.AlgorithmId in project bazel by bazelbuild.
the class SignedJarBuilder method writeSignatureBlock.
/** Write the certificate file with a digital signature. */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey, PrivateKey privateKey) throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(new X500Name(publicKey.getIssuerX500Principal().getName()), publicKey.getSerialNumber(), AlgorithmId.get(DIGEST_ALGORITHM), AlgorithmId.get(privateKey.getAlgorithm()), signature.sign());
PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) }, new ContentInfo(ContentInfo.DATA_OID, null), new X509Certificate[] { publicKey }, new SignerInfo[] { signerInfo });
pkcs7.encodeSignedData(mOutputJar);
}
Also used :
SignerInfo(sun.security.pkcs.SignerInfo)
ContentInfo(sun.security.pkcs.ContentInfo)
PKCS7(sun.security.pkcs.PKCS7)
X500Name(sun.security.x509.X500Name)
Example 14 with AlgorithmId
use of sun.security.x509.AlgorithmId in project netty by netty.
the class OpenJdkSelfSignedCertGenerator method generate.
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random, Date notBefore, Date notAfter) throws Exception {
PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
X509CertInfo info = new X509CertInfo();
X500Name owner = new X500Name("CN=" + fqdn);
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
try {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.SUBJECT, owner);
}
try {
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
} catch (CertificateException ignore) {
info.set(X509CertInfo.ISSUER, owner);
}
info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, notAfter));
info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
// Update the algorithm and sign again.
info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
cert = new X509CertImpl(info);
cert.sign(key, "SHA1withRSA");
cert.verify(keypair.getPublic());
return newSelfSignedCertificate(fqdn, key, cert);
}
Also used :
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
PrivateKey(java.security.PrivateKey)
X509CertInfo(sun.security.x509.X509CertInfo)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateException(java.security.cert.CertificateException)
CertificateValidity(sun.security.x509.CertificateValidity)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 15 with AlgorithmId
use of sun.security.x509.AlgorithmId in project dex2jar by pxb1988.
the class SunJarSignImpl method writeSignatureBlock.
/** Write a .RSA file with a digital signature. */
@SuppressWarnings("all")
protected void writeSignatureBlock(byte[] signature, OutputStream out) throws IOException {
try {
SignerInfo signerInfo = new SignerInfo(new X500Name(cert.getIssuerX500Principal().getName()), cert.getSerialNumber(), AlgorithmId.get(digestAlg), AlgorithmId.get("RSA"), signature);
PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get(digestAlg) }, new ContentInfo(ContentInfo.DATA_OID, null), new X509Certificate[] { cert }, new SignerInfo[] { signerInfo });
pkcs7.encodeSignedData(out);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
Also used :
SignerInfo(sun.security.pkcs.SignerInfo)
ContentInfo(sun.security.pkcs.ContentInfo)
PKCS7(sun.security.pkcs.PKCS7)
X500Name(sun.security.x509.X500Name)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Aggregations
AlgorithmId (sun.security.x509.AlgorithmId)24
CertificateException (java.security.cert.CertificateException)10
X500Name (sun.security.x509.X500Name)10
X509CertImpl (sun.security.x509.X509CertImpl)9
AlgorithmParameters (java.security.AlgorithmParameters)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
X509Certificate (java.security.cert.X509Certificate)7
SecretKey (javax.crypto.SecretKey)7
IOException (java.io.IOException)6
BigInteger (java.math.BigInteger)6
UnrecoverableKeyException (java.security.UnrecoverableKeyException)6
ObjectIdentifier (sun.security.util.ObjectIdentifier)6
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)6
KeyStoreException (java.security.KeyStoreException)5
CertificateFactory (java.security.cert.CertificateFactory)5
ContentInfo (sun.security.pkcs.ContentInfo)5
PKCS7 (sun.security.pkcs.PKCS7)5
SignerInfo (sun.security.pkcs.SignerInfo)5
PrivateKey (java.security.PrivateKey)4
UnrecoverableEntryException (java.security.UnrecoverableEntryException)4
