List of usage examples for org.bouncycastle.asn1.x9 X9ECParameters X9ECParameters
public X9ECParameters(ECCurve curve, X9ECPoint g, BigInteger n, BigInteger h, byte[] seed)
From source file:eu.betaas.taas.securitymanager.common.certificate.utils.PKCS12Utils.java
License:Apache License
/** * A method to create PKCS12 file that stores the certificates. * @param pfxOut: the output of pkcs12 file (in OutputStream) * @param key: private key that is associated with the credential * @param chain: chain of certificates (within the credential) * @param keyPasswd: key password/* w w w. ja va 2s. c o m*/ * @throws Exception */ public static void createPKCS12FileBc(OutputStream pfxOut, AsymmetricKeyParameter key, X509CertificateHolder[] chain, char[] keyPasswd) throws Exception { OutputEncryptor encOut = new BcPKCS12PBEOutputEncryptorBuilder( PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())) .build(keyPasswd); PKCS12SafeBagBuilder taCertBagBuilder = null; PKCS12SafeBagBuilder caCertBagBuilder = null; PKCS12SafeBagBuilder eeCertBagBuilder = null; SubjectKeyIdentifier pubKeyId = null; // identify the type of certificate from the given certificate chain for (int i = 0; i < chain.length; i++) { Extensions exs = chain[i].getExtensions(); if (exs != null) { KeyUsage ku = KeyUsage.fromExtensions(exs); if (ku.toString().equals("KeyUsage: 0x" + Integer.toHexString(128 | 32))) { // end entity certificate eeCertBagBuilder = new PKCS12SafeBagBuilder(chain[i]); BcX509ExtensionUtils extUtils = new BcX509ExtensionUtils(); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key")); pubKeyId = extUtils.createSubjectKeyIdentifier(chain[i].getSubjectPublicKeyInfo()); eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); } else if (ku.toString().equals("KeyUsage: 0x" + Integer.toHexString(128 | 4 | 2))) { // intermediate certificate caCertBagBuilder = new PKCS12SafeBagBuilder(chain[i]); caCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("BETaaS Intermediate Certificate")); } } else { // root certificate taCertBagBuilder = new PKCS12SafeBagBuilder(chain[i]); taCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("BETaaS Primary Certificate")); } } // PKCS12SafeBagBuilder taCertBagBuilder = new PKCS12SafeBagBuilder(chain[2]); // PKCS12SafeBagBuilder caCertBagBuilder = new PKCS12SafeBagBuilder(chain[1]); // PKCS12SafeBagBuilder eeCertBagBuilder = new PKCS12SafeBagBuilder(chain[0]); // the ECPrivateKey, consists of the key itself and the ECParams BigInteger dPriv = ((ECPrivateKeyParameters) key).getD(); X9ECParameters ecParams = new X9ECParameters(((ECKeyParameters) key).getParameters().getCurve(), ((ECKeyParameters) key).getParameters().getG(), ((ECKeyParameters) key).getParameters().getN(), ((ECKeyParameters) key).getParameters().getH(), ((ECKeyParameters) key).getParameters().getSeed()); ECPrivateKey privParams = new ECPrivateKey(dPriv, ecParams); // include the ecParams AlgorithmIdentifier sigAlg = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, ecParams); // PrivateKeyInfo keyInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(key); PKCS12SafeBagBuilder keyBagBuilder = new PKCS12SafeBagBuilder(new PrivateKeyInfo(sigAlg, privParams), encOut); keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key")); if (pubKeyId != null) keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); builder.addData(keyBagBuilder.build()); // no need to insert SHA1Digest() because it is the default Digest algorithm // check each of the certbagbuilder if (caCertBagBuilder != null && taCertBagBuilder != null && eeCertBagBuilder != null) { // include all types of certificate in the file --> root own's credential builder.addEncryptedData( new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(keyPasswd), new PKCS12SafeBag[] { eeCertBagBuilder.build(), caCertBagBuilder.build(), taCertBagBuilder.build() }); } else if (caCertBagBuilder != null && taCertBagBuilder != null && eeCertBagBuilder == null) { // only root and intermediate --> signer credential builder.addEncryptedData( new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(keyPasswd), new PKCS12SafeBag[] { caCertBagBuilder.build(), taCertBagBuilder.build() }); } else if (caCertBagBuilder == null && taCertBagBuilder == null) { // only end entity --> e.g. application, user, etc builder.addEncryptedData( new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(keyPasswd), new PKCS12SafeBag[] { eeCertBagBuilder.build() }); } else if (caCertBagBuilder != null && taCertBagBuilder == null && eeCertBagBuilder != null) { // only intermediate and end entity --> common GW certificate builder.addEncryptedData( new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(keyPasswd), new PKCS12SafeBag[] { eeCertBagBuilder.build(), caCertBagBuilder.build() }); } // PKCS12PfxPdu pfx = builder.build(new BcPKCS12MacCalculatorBuilder( // new SHA256Digest(), // new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)), keyPasswd); PKCS12PfxPdu pfx = builder.build(new BcPKCS12MacCalculatorBuilder(), keyPasswd); // make sure we don't include indefinite length encoding pfxOut.write(pfx.getEncoded(ASN1Encoding.DL)); pfxOut.close(); }
From source file:org.jmrtd.Util.java
License:Open Source License
public static SubjectPublicKeyInfo toSubjectPublicKeyInfo(PublicKey publicKey) { try {/*from w w w .jav a 2 s. c o m*/ String algorithm = publicKey.getAlgorithm(); if ("EC".equals(algorithm) || "ECDH".equals(algorithm) || (publicKey instanceof ECPublicKey)) { ASN1InputStream asn1In = new ASN1InputStream(publicKey.getEncoded()); SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo( (ASN1Sequence) asn1In.readObject()); asn1In.close(); AlgorithmIdentifier algorithmIdentifier = subjectPublicKeyInfo.getAlgorithm(); String algOID = algorithmIdentifier.getAlgorithm().getId(); if (!SecurityInfo.ID_EC_PUBLIC_KEY.equals(algOID)) { throw new IllegalStateException("Was expecting id-ecPublicKey (" + SecurityInfo.ID_EC_PUBLIC_KEY_TYPE + "), found " + algOID); } ASN1Primitive derEncodedParams = algorithmIdentifier.getParameters().toASN1Primitive(); X9ECParameters params = null; if (derEncodedParams instanceof ASN1ObjectIdentifier) { ASN1ObjectIdentifier paramsOID = (ASN1ObjectIdentifier) derEncodedParams; /* It's a named curve from X9.62. */ params = X962NamedCurves.getByOID(paramsOID); if (params == null) { throw new IllegalStateException( "Could not find X9.62 named curve for OID " + paramsOID.getId()); } /* Reconstruct the parameters. */ org.bouncycastle.math.ec.ECPoint generator = params.getG(); org.bouncycastle.math.ec.ECCurve curve = generator.getCurve(); generator = curve.createPoint(generator.getX().toBigInteger(), generator.getY().toBigInteger(), false); params = new X9ECParameters(params.getCurve(), generator, params.getN(), params.getH(), params.getSeed()); } else { /* It's not a named curve, we can just return the decoded public key info. */ return subjectPublicKeyInfo; } if (publicKey instanceof org.bouncycastle.jce.interfaces.ECPublicKey) { org.bouncycastle.jce.interfaces.ECPublicKey ecPublicKey = (org.bouncycastle.jce.interfaces.ECPublicKey) publicKey; AlgorithmIdentifier id = new AlgorithmIdentifier( subjectPublicKeyInfo.getAlgorithm().getAlgorithm(), params.toASN1Primitive()); org.bouncycastle.math.ec.ECPoint q = ecPublicKey.getQ(); /* FIXME: investigate the compressed versus uncompressed point issue. What is allowed in TR03110? -- MO */ // In case we would like to compress the point: // p = p.getCurve().createPoint(p.getX().toBigInteger(), p.getY().toBigInteger(), true); subjectPublicKeyInfo = new SubjectPublicKeyInfo(id, q.getEncoded()); return subjectPublicKeyInfo; } else { return subjectPublicKeyInfo; } } else if ("DH".equals(algorithm) || (publicKey instanceof DHPublicKey)) { DHPublicKey dhPublicKey = (DHPublicKey) publicKey; DHParameterSpec dhSpec = dhPublicKey.getParams(); return new SubjectPublicKeyInfo( new AlgorithmIdentifier(EACObjectIdentifiers.id_PK_DH, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).toASN1Primitive()), new ASN1Integer(dhPublicKey.getY())); } else { throw new IllegalArgumentException( "Unrecognized key type, found " + publicKey.getAlgorithm() + ", should be DH or ECDH"); } } catch (Exception e) { LOGGER.severe("Exception: " + e.getMessage()); return null; } }