List of usage examples for org.bouncycastle.asn1.x509 SubjectPublicKeyInfo getAlgorithmId
public AlgorithmIdentifier getAlgorithmId()
From source file:ElGamalPublicPGKey.java
License:Open Source License
public ElGamalPublicPGKey(SubjectPublicKeyInfo info) { ElGamalParameter params = new ElGamalParameter((ASN1Sequence) info.getAlgorithmId().getParameters()); DERInteger derY = null;// w w w . ja v a 2s .c o m try { derY = (DERInteger) info.getPublicKey(); } catch (IOException e) { throw new IllegalArgumentException("invalid info structure in DSA public key"); } this.y = derY.getValue(); this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG()); }
From source file:de.thiemann.ssl.report.model.CertificateV3.java
License:Open Source License
private PubKeyInfo transferPublicKeyInfo(byte[] encodedPublicKey) { PubKeyInfo info = new PubKeyInfo(); try {/*from w w w .jav a 2 s. co m*/ SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo( (ASN1Sequence) ASN1Object.fromByteArray(encodedPublicKey)); String asn1PubKeyId = subPubKeyInfo.getAlgorithmId().getAlgorithm().getId(); if (asn1PubKeyId.equals(ASN1PublicKeyIds.RSA.getOid())) { DERSequence seq = (DERSequence) subPubKeyInfo.getPublicKey(); ASN1Integer iModulus = (ASN1Integer) seq.getObjectAt(0); BigInteger modulus = iModulus.getPositiveValue(); info.pubKeyAlgorithm = ASN1PublicKeyIds.RSA.name(); info.pubKeySize = modulus.bitLength(); } else if (asn1PubKeyId.equals(ASN1PublicKeyIds.DSA.getOid())) { info.pubKeyAlgorithm = ASN1PublicKeyIds.DSA.name(); } else if (asn1PubKeyId.equals(ASN1PublicKeyIds.Diffie_Hellman.getOid())) { info.pubKeyAlgorithm = ASN1PublicKeyIds.Diffie_Hellman.name(); } else if (asn1PubKeyId.equals(ASN1PublicKeyIds.KEA.getOid())) { info.pubKeyAlgorithm = ASN1PublicKeyIds.KEA.name(); } else if (asn1PubKeyId.equals(ASN1PublicKeyIds.ECDH.getOid())) { info.pubKeyAlgorithm = ASN1PublicKeyIds.ECDH.name(); } else info.pubKeyAlgorithm = "Unknown public key! OID: " + asn1PubKeyId; } catch (IOException e) { e.printStackTrace(); } return info; }
From source file:org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.java
License:Open Source License
/** * Helper function to unpack public keys from DER encoding into Java PublicKey format * @param spki a decoded SubjectPublicKeyInfo containing the desired public key * @return the decoded PublicKey//from w w w. ja v a 2s. c om * @throws CertificateEncodingException if there is a problem decoding the content * @throws NoSuchAlgorithmException if the key algorithm is unknown * @throws InvalidKeySpecException if the data in the SubjectPublicKeyInfo doesn't correctly represent a key */ public static PublicKey getPublicKey(SubjectPublicKeyInfo spki) throws CertificateEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { // Reencode SubjectPublicKeyInfo, let java decode it. byte[] encodedKey = encode(spki); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); String algorithmOID = spki.getAlgorithmId().getObjectId().getId(); String algorithm = OIDLookup.getCipherName(algorithmOID); if (algorithm == null) { throw new CertificateEncodingException("Unknown key algorithm!"); } KeyFactory fact = KeyFactory.getInstance(algorithm); return fact.generatePublic(keySpec); }
From source file:org.ccnx.ccn.impl.security.crypto.util.CryptoUtil.java
License:Open Source License
/** * Helper function to decode and unpack a public key from DER encoding to a Java PublicKey * @param derEncodedPublicKey DER encoding of public key in standard format (SubjectPublicKeyInfo) * @return the decoded PublicKey//w w w. ja v a2s . co m * @throws CertificateEncodingException if there is a problem decoding the content * @throws NoSuchAlgorithmException if the key algorithm is unknown * @throws InvalidKeySpecException if the data in the SubjectPublicKeyInfo doesn't correctly represent a key */ public static PublicKey getPublicKey(byte[] derEncodedPublicKey) throws CertificateEncodingException, InvalidKeySpecException { X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derEncodedPublicKey); // Problem is, we need the algorithm identifier inside // the key to decode it. So in essence we need to // decode it twice. DERObject genericObject = decode(derEncodedPublicKey); if (!(genericObject instanceof ASN1Sequence)) { throw new InvalidKeySpecException("This object is not a public key!"); } // At this point it might also be a certificate, or // any number of things. SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence) genericObject); String keyTypeOID = keyInfo.getAlgorithmId().getObjectId().toString(); String keyType = OIDLookup.getCipherName(keyTypeOID); if (keyType == null) { Log.warning("Cannot find key type corresponding to OID: " + keyTypeOID); throw new InvalidKeySpecException("Unknown key type OID " + keyTypeOID + " in stored key."); } KeyFactory keyFactory = null; PublicKey key = null; try { keyFactory = KeyFactory.getInstance(keyType); key = keyFactory.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { Log.warning("Unknown key type " + keyType + " in stored key."); throw new InvalidKeySpecException("Unknown key type " + keyType + " in stored key."); } return key; }
From source file:org.ejbca.core.ejb.ra.CertificateRequestSessionBean.java
License:Open Source License
@Override public byte[] processCertReq(Admin admin, UserDataVO userdata, String req, int reqType, String hardTokenSN, int responseType) throws CADoesntExistsException, AuthorizationDeniedException, NotFoundException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException, SignatureException, IOException, ObjectNotFoundException, CertificateException, UserDoesntFullfillEndEntityProfile, ApprovalException, EjbcaException { byte[] retval = null; // Check tokentype if (userdata.getTokenType() != SecConst.TOKEN_SOFT_BROWSERGEN) { throw new WrongTokenTypeException( "Error: Wrong Token Type of user, must be 'USERGENERATED' for PKCS10/SPKAC/CRMF/CVC requests"); }//from w w w . j a v a2 s . c om // This is the secret sauce, do the end entity handling automagically here before we get the cert addOrEditUser(admin, userdata, false, true); // Process request try { String password = userdata.getPassword(); String username = userdata.getUsername(); IRequestMessage imsg = null; if (reqType == SecConst.CERT_REQ_TYPE_PKCS10) { IRequestMessage pkcs10req = RequestMessageUtils.genPKCS10RequestMessage(req.getBytes()); PublicKey pubKey = pkcs10req.getRequestPublicKey(); imsg = new SimpleRequestMessage(pubKey, username, password); } else if (reqType == SecConst.CERT_REQ_TYPE_SPKAC) { // parts copied from request helper. byte[] reqBytes = req.getBytes(); if (reqBytes != null) { log.debug("Received NS request: " + new String(reqBytes)); byte[] buffer = Base64.decode(reqBytes); if (buffer == null) { return null; } ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(buffer)); ASN1Sequence spkacSeq = (ASN1Sequence) in.readObject(); in.close(); NetscapeCertRequest nscr = new NetscapeCertRequest(spkacSeq); // Verify POPO, we don't care about the challenge, it's not important. nscr.setChallenge("challenge"); if (nscr.verify("challenge") == false) { log.debug("POPO verification Failed"); throw new SignRequestSignatureException( "Invalid signature in NetscapeCertRequest, popo-verification failed."); } log.debug("POPO verification successful"); PublicKey pubKey = nscr.getPublicKey(); imsg = new SimpleRequestMessage(pubKey, username, password); } } else if (reqType == SecConst.CERT_REQ_TYPE_CRMF) { byte[] request = Base64.decode(req.getBytes()); ASN1InputStream in = new ASN1InputStream(request); ASN1Sequence crmfSeq = (ASN1Sequence) in.readObject(); ASN1Sequence reqSeq = (ASN1Sequence) ((ASN1Sequence) crmfSeq.getObjectAt(0)).getObjectAt(0); CertRequest certReq = new CertRequest(reqSeq); SubjectPublicKeyInfo pKeyInfo = certReq.getCertTemplate().getPublicKey(); KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC"); KeySpec keySpec = new X509EncodedKeySpec(pKeyInfo.getEncoded()); PublicKey pubKey = keyFact.generatePublic(keySpec); // just check it's ok imsg = new SimpleRequestMessage(pubKey, username, password); // a simple crmf is not a complete PKI message, as desired by the CrmfRequestMessage class //PKIMessage msg = PKIMessage.getInstance(new ASN1InputStream(new ByteArrayInputStream(request)).readObject()); //CrmfRequestMessage reqmsg = new CrmfRequestMessage(msg, null, true, null); //imsg = reqmsg; } else if (reqType == SecConst.CERT_REQ_TYPE_PUBLICKEY) { byte[] request; // Request can be Base64 encoded or in PEM format try { request = FileTools.getBytesFromPEM(req.getBytes(), CertTools.BEGIN_PUBLIC_KEY, CertTools.END_PUBLIC_KEY); } catch (IOException ex) { try { request = Base64.decode(req.getBytes()); if (request == null) { throw new IOException("Base64 decode of buffer returns null"); } } catch (ArrayIndexOutOfBoundsException ae) { throw new IOException( "Base64 decode fails, message not base64 encoded: " + ae.getMessage()); } } final ASN1InputStream in = new ASN1InputStream(request); final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(in.readObject()); final AlgorithmIdentifier keyAlg = keyInfo.getAlgorithmId(); final X509EncodedKeySpec xKeySpec = new X509EncodedKeySpec(new DERBitString(keyInfo).getBytes()); final KeyFactory keyFact = KeyFactory.getInstance(keyAlg.getObjectId().getId(), "BC"); final PublicKey pubKey = keyFact.generatePublic(xKeySpec); imsg = new SimpleRequestMessage(pubKey, username, password); } if (imsg != null) { retval = getCertResponseFromPublicKey(admin, imsg, hardTokenSN, responseType, userdata); } } catch (NotFoundException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (InvalidKeyException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (NoSuchAlgorithmException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (InvalidKeySpecException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (NoSuchProviderException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (SignatureException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (IOException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (CertificateException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } catch (EjbcaException e) { sessionContext.setRollbackOnly(); // This is an application exception so it wont trigger a roll-back automatically throw e; } return retval; }
From source file:org.xwiki.crypto.x509.internal.SpkacRequest.java
License:Open Source License
/** * Return the public key embedded in the request. * @param provider the JCA provider to use to create the public key instance. * @return a public key.// w w w . ja va2s. co m * @throws NoSuchAlgorithmException if the public key algorithm is invalid. * @throws InvalidKeySpecException if the public key specification is invalid. * @throws IOException on IO error */ public PublicKey getPublicKey(Provider provider) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { SubjectPublicKeyInfo subjectPKInfo = pkac.getSubjectPublicKeyInfo(); X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes()); return KeyFactory.getInstance(subjectPKInfo.getAlgorithmId().getAlgorithm().getId(), provider) .generatePublic(xspec); }