List of usage examples for org.bouncycastle.asn1.x509 AlgorithmIdentifier AlgorithmIdentifier
private AlgorithmIdentifier(ASN1Sequence seq)
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static TimeStampToken createTimeStampToken(PrivateKey privateKey, List<X509Certificate> certificateChain) throws Exception { Store certs = new JcaCertStore(certificateChain); TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator(); requestGen.setCertReq(true);/*from w ww . j a v a 2 s . c om*/ TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, certificateChain.get(0)), new JcaDigestCalculatorProviderBuilder().build().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), new ASN1ObjectIdentifier("1.2")); tsTokenGen.addCertificates(certs); return tsTokenGen.generate(request, BigInteger.ONE, new Date()); }
From source file:br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCSignaturePolicyIdentifier.java
License:Open Source License
/** * TODO: Implementar a converso do tipo SigPolicyQualifierInfoUserNotice * para BC.// w ww. ja v a 2 s . c o m * * @return */ @Override public ASN1Set getValue() { if (super.getAttribute() == null) { org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicyIdentifier = new org.bouncycastle.asn1.esf.SignaturePolicyIdentifier(); return new DERSet(signaturePolicyIdentifier); } SignaturePolicyId signaturePolicyId = ((SignaturePolicyIdentifier) super.getAttribute()) .getSignaturePolicyId(); if (signaturePolicyId != null) { DERObjectIdentifier objectIdentifier = new DERObjectIdentifier(signaturePolicyId.getSigPolicyId()); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue( new AlgorithmIdentifier(signaturePolicyId.getHashAlgorithm()), new DEROctetString(signaturePolicyId.getHash())); SigPolicyQualifiers sigPolicyQualifiers = null; if (signaturePolicyId.getSigPolicyQualifiers() != null && signaturePolicyId.getSigPolicyQualifiers().size() > 0) { List<SigPolicyQualifierInfo> sigPolicyQualifierInfos = new ArrayList<SigPolicyQualifierInfo>(); for (br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SigPolicyQualifierInfo sigPolicyQualifierInfo : signaturePolicyId .getSigPolicyQualifiers()) { if (sigPolicyQualifierInfo instanceof SigPolicyQualifierInfoURL) { SigPolicyQualifierInfoURL sigPolicyQualifierInfoURL = (SigPolicyQualifierInfoURL) sigPolicyQualifierInfo; DERObjectIdentifier oi = new DERObjectIdentifier(sigPolicyQualifierInfoURL.getOID()); DERIA5String url = new DERIA5String(sigPolicyQualifierInfoURL.getValue()); SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(oi, url); sigPolicyQualifierInfos.add(bcSigPolicyQualifierInfo); } } sigPolicyQualifiers = new SigPolicyQualifiers( sigPolicyQualifierInfos.toArray(new SigPolicyQualifierInfo[] {})); } org.bouncycastle.asn1.esf.SignaturePolicyId bcSignaturePolicyId = new org.bouncycastle.asn1.esf.SignaturePolicyId( objectIdentifier, otherHashAlgAndValue, sigPolicyQualifiers); org.bouncycastle.asn1.esf.SignaturePolicyIdentifier signaturePolicyIdentifier = new org.bouncycastle.asn1.esf.SignaturePolicyIdentifier( bcSignaturePolicyId); return new DERSet(signaturePolicyIdentifier); } return new DERSet(new DERNull()); }
From source file:br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCSigningCertificateV2.java
License:Open Source License
@Override public ASN1Set getValue() { SigningCertificateV2 attribute = (SigningCertificateV2) super.getAttribute(); X509Certificate cert = attribute.getValue(); Digest digest = DigestFactory.getInstance().factoryDefault(); digest.setAlgorithm(DigestAlgorithmEnum.SHA_256); byte[] certHash = null; try {//from w w w.j a v a 2 s.c om certHash = digest.digest(cert.getEncoded()); } catch (CertificateEncodingException ex) { ex.printStackTrace(); } X509Name dirName = new X509Name(cert.getSubjectDN().getName()); GeneralName name = new GeneralName(dirName); GeneralNames issuer = new GeneralNames(name); DERInteger serial = new DERInteger(cert.getSerialNumber()); IssuerSerial issuerSerial = new IssuerSerial(issuer, serial); String algorithmHashOID = SignerAlgorithmEnum.getSignerAlgorithmEnum(attribute.getAlgorithmHash()) .getOIDAlgorithmHash(); AlgorithmIdentifier algorithmId = new AlgorithmIdentifier(algorithmHashOID); ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(algorithmId, certHash, issuerSerial); return new DERSet(new DERSequence( new ASN1Encodable[] { new DERSequence(essCertIDv2), new DERSequence(new DERNull()) })); }
From source file:co.runrightfast.core.security.bc.SHA512DigestCalculator.java
License:Apache License
@Override public AlgorithmIdentifier getAlgorithmIdentifier() { return new AlgorithmIdentifier(OID.SHA512.oid); }
From source file:com.android.verity.BootSignature.java
License:Apache License
public BootSignature(String target, int length) { this.formatVersion = new ASN1Integer(0); this.target = new DERPrintableString(target); this.length = new ASN1Integer(length); this.algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption); }
From source file:com.android.verity.BootKey.java
License:Apache License
public BootKey(PublicKey key) throws Exception { java.security.interfaces.RSAPublicKey k = (java.security.interfaces.RSAPublicKey) key; this.keyMaterial = new RSAPublicKey(k.getModulus(), k.getPublicExponent()); this.algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption); }
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
private void generateX509() throws Exception { SecureRandom random = new SecureRandom(); X500Name dnName = new X500Name(Subject); Calendar endValidity = Calendar.getInstance(); endValidity.add(Calendar.YEAR, validityYear); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); X509v3CertificateBuilder gen = new X509v3CertificateBuilder( authorityCertificate == null ? dnName : authorityCertificate.getSubject(), BigIntegers.createRandomInRange(BigInteger.ZERO, BigInteger.valueOf(Long.MAX_VALUE), random), new Date(), endValidity.getTime(), dnName, publicKeyInfo); // Public key ID DigestCalculator digCalc = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); gen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo)); // EKU//from w w w . j a v a 2 s. c o m gen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU)); // Basic constraints (is CA?) if (authorityCertificate == null) { gen.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); } // Key usage gen.addExtension(Extension.keyUsage, true, new KeyUsage(keyUsage)); // Subject Alt names ? // Authority if (authorityCertificate != null) { gen.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(authorityCertificate.getSubjectPublicKeyInfo())); } // Signer ContentSigner signer = new JcaContentSignerBuilder("SHA512WithRSAEncryption") .setProvider(Constants.JCA_PROVIDER).build(authorityKey == null ? privateKey : authorityKey); // Go holder = gen.build(signer); }
From source file:com.guardtime.asn1.TimestampRequest.java
License:Apache License
/** * Composes a new {@code TimeStampReq} structure containing the given * hash value and no optional fields./*w w w . j a v a 2s . c o m*/ * * @param algOid * identifier of the hash algorithm that was used to hash the * data. * @param hashedMessage * hash value of the data to be timestamped. * @return a new timestamp request. */ public static TimestampRequest compose(String algOid, byte[] hashedMessage) { if (algOid == null) { throw new IllegalArgumentException("invalid hash algorithm: null"); } else if (hashedMessage == null) { throw new IllegalArgumentException("invalid hashed message: null"); } AlgorithmIdentifier algId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(algOid)); MessageImprint mi = new MessageImprint(algId, hashedMessage); TimeStampReq req = new TimeStampReq(mi, null, null, null, null); return new TimestampRequest(req); }
From source file:com.itextpdf.signatures.SignaturePolicyInfo.java
License:Open Source License
SignaturePolicyIdentifier toSignaturePolicyIdentifier() {
String algId = DigestAlgorithms.getAllowedDigest(this.policyDigestAlgorithm);
if (algId == null || algId.length() == 0) {
throw new IllegalArgumentException("Invalid policy hash algorithm");
}/*ww w .j a va2s . c om*/
SignaturePolicyIdentifier signaturePolicyIdentifier = null;
SigPolicyQualifierInfo spqi = null;
if (this.policyUri != null && this.policyUri.length() > 0) {
spqi = new SigPolicyQualifierInfo(PKCSObjectIdentifiers.id_spq_ets_uri,
new DERIA5String(this.policyUri));
}
signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(
DERObjectIdentifier
.getInstance(new DERObjectIdentifier(this.policyIdentifier.replace("urn:oid:", ""))),
new OtherHashAlgAndValue(new AlgorithmIdentifier(algId), new DEROctetString(this.policyHash)),
SignUtils.createSigPolicyQualifiers(spqi)));
return signaturePolicyIdentifier;
}
From source file:com.spotify.helios.client.tls.X509CertificateFactory.java
License:Apache License
private CertificateAndPrivateKey generate(final AgentProxy agentProxy, final Identity identity, final String username) { final UUID uuid = new UUID(); final Calendar calendar = Calendar.getInstance(); final X500Name issuerDN = new X500Name("C=US,O=Spotify,CN=helios-client"); final X500Name subjectDN = new X500NameBuilder().addRDN(BCStyle.UID, username).build(); calendar.add(Calendar.MILLISECOND, -validBeforeMilliseconds); final Date notBefore = calendar.getTime(); calendar.add(Calendar.MILLISECOND, validBeforeMilliseconds + validAfterMilliseconds); final Date notAfter = calendar.getTime(); // Reuse the UUID time as a SN final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs(); try {//from w ww . j av a 2s. c o m final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(KEY_SIZE, new SecureRandom()); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded())); final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjectPublicKeyInfo); final DigestCalculator digestCalculator = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator); final SubjectKeyIdentifier keyId = utils.createSubjectKeyIdentifier(subjectPublicKeyInfo); final String keyIdHex = KEY_ID_ENCODING.encode(keyId.getKeyIdentifier()); log.info("generating an X509 certificate for {} with key ID={} and identity={}", username, keyIdHex, identity.getComment()); builder.addExtension(Extension.subjectKeyIdentifier, false, keyId); builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo)); builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); final X509CertificateHolder holder = builder.build(new SshAgentContentSigner(agentProxy, identity)); final X509Certificate certificate = CERTIFICATE_CONVERTER.getCertificate(holder); log.debug("generated certificate:\n{}", asPEMString(certificate)); return new CertificateAndPrivateKey(certificate, keyPair.getPrivate()); } catch (Exception e) { throw Throwables.propagate(e); } }