public void testSubKeyId() throws Exception {
MimeBodyPart msg = SMIMETestUtil.makeMimeBodyPart("WallaWallaWashington");
SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator();
//
// create a subject key id - this has to be done the same way as
// it is done in the certificate associated with the private key
//
MessageDigest dig = MessageDigest.getInstance("SHA1", BC);
dig.update(
SubjectPublicKeyInfo.getInstance(_reciCert.getPublicKey().getEncoded())
.getPublicKeyData()
.getBytes());
gen.addRecipientInfoGenerator(
new JceKeyTransRecipientInfoGenerator(dig.digest(), _reciCert.getPublicKey())
.setProvider(BC));
//
// generate a MimeBodyPart object which encapsulates the content
// we want encrypted.
//
MimeBodyPart mp =
gen.generate(
msg,
new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
SMIMEEnveloped m = new SMIMEEnveloped(mp);
dig.update(
SubjectPublicKeyInfo.getInstance(_reciCert.getPublicKey().getEncoded())
.getPublicKeyData()
.getBytes());
RecipientId recId = new KeyTransRecipientId(dig.digest());
RecipientInformationStore recipients = m.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
MimeBodyPart res =
SMIMEUtil.toMimeBodyPart(
recipient.getContent(
new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC)));
verifyMessageBytes(msg, res);
}
/**
* create from an issuer certificate and the serial number of the certificate it signed.
*
* @exception OCSPException if any problems occur creating the id fields.
*/
public CertificateID(
String hashAlgorithm, X509Certificate issuerCert, BigInteger number, String provider)
throws OCSPException {
try {
MessageDigest digest = MessageDigest.getInstance(hashAlgorithm, provider);
AlgorithmIdentifier hashAlg =
new AlgorithmIdentifier(new DERObjectIdentifier(hashAlgorithm), new DERNull());
X509Principal issuerName = PrincipalUtil.getSubjectX509Principal(issuerCert);
digest.update(issuerName.getEncoded());
ASN1OctetString issuerNameHash = new DEROctetString(digest.digest());
PublicKey issuerKey = issuerCert.getPublicKey();
ASN1InputStream aIn = new ASN1InputStream(issuerKey.getEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
digest.update(info.getPublicKeyData().getBytes());
ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest());
DERInteger serialNumber = new DERInteger(number);
this.id = new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber);
} catch (Exception e) {
throw new OCSPException("problem creating ID: " + e, e);
}
}
/**
* Create a self-signed X.509 Certificate. From
* http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws CertificateException thrown if a security error or an IO error ocurred.
*/
public static X509Certificate generateCertificate(
String dn, KeyPair pair, int days, String algorithm) throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId =
new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam =
PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo =
SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen =
new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v1CertificateBuilder v1CertGen =
new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
/**
* Generate version 1 self signed {@link java.security.cert.X509Certificate}..
*
* @param caKeyPair the CA key pair
* @param subject the subject name
* @return the x509 certificate
* @throws Exception the exception
*/
public static X509Certificate generateV1SelfSignedCertificate(KeyPair caKeyPair, String subject)
throws Exception {
try {
X500Name subjectDN = new X500Name("CN=" + subject);
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Date validityStartDate = new Date(System.currentTimeMillis() - 100000);
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 10);
Date validityEndDate = new Date(calendar.getTime().getTime());
SubjectPublicKeyInfo subPubKeyInfo =
SubjectPublicKeyInfo.getInstance(caKeyPair.getPublic().getEncoded());
X509v1CertificateBuilder builder =
new X509v1CertificateBuilder(
subjectDN,
serialNumber,
validityStartDate,
validityEndDate,
subjectDN,
subPubKeyInfo);
X509CertificateHolder holder = builder.build(createSigner(caKeyPair.getPrivate()));
return new JcaX509CertificateConverter().getCertificate(holder);
} catch (Exception e) {
throw new RuntimeException("Error creating X509v1Certificate.", e);
}
}
protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
CipherParameters param;
if (publicKey instanceof ECPublicKey) {
param = ECUtil.generatePublicKeyParameter(publicKey);
} else if (publicKey instanceof GOST3410Key) {
param = GOST3410Util.generatePublicKeyParameter(publicKey);
} else {
try {
byte[] bytes = publicKey.getEncoded();
publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes));
if (publicKey instanceof ECPublicKey) {
param = ECUtil.generatePublicKeyParameter(publicKey);
} else {
throw new InvalidKeyException("can't recognise key type in DSA based signer");
}
} catch (Exception e) {
throw new InvalidKeyException("can't recognise key type in DSA based signer");
}
}
digest.reset();
signer.init(false, param);
}
private static ASN1OctetString fromPublicKey(PublicKey pubKey) throws InvalidKeyException {
try {
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pubKey.getEncoded());
return (ASN1OctetString) (new SubjectKeyIdentifier(info).toASN1Object());
} catch (Exception e) {
throw new InvalidKeyException("Exception extracting key details: " + e.toString());
}
}
protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey key)
throws CertPathValidatorException {
try {
ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
return info.getAlgorithmId();
} catch (Exception e) {
throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e);
}
}
protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey key)
throws CertPathValidatorException {
try {
ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
return info.getAlgorithmId();
} catch (IOException e) {
throw new CertPathValidatorException("exception processing public key");
}
}
public static void checkOrCreateKeyStore(
final String file, final String password, final String domainName)
throws IllegalArgumentException, OperatorCreationException {
final String hostname;
if ("0.0.0.0".equals(domainName)) {
hostname = "localhost";
} else {
hostname = domainName;
}
try {
KeyStore ks = KeyStore.getInstance("JKS");
File keyStoreFile = new File(file);
if (!keyStoreFile.exists()) {
keyStoreFile.createNewFile();
ks.load(null, null);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
X509v3CertificateBuilder v3CertGen =
new X509v3CertificateBuilder(
new X500Name("CN=" + hostname + ", OU=None, O=None L=None, C=None"),
BigInteger.valueOf(System.currentTimeMillis()),
new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)),
new X500Name("CN=" + hostname + ", OU=None, O=None L=None, C=None"),
SubjectPublicKeyInfo.getInstance(KPair.getPublic().getEncoded()));
AlgorithmIdentifier sigAlgId =
new DefaultSignatureAlgorithmIdentifierFinder().find("SHA512withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter foo = PrivateKeyFactory.createKey(KPair.getPrivate().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(foo);
X509CertificateHolder PKCertificateHolder = v3CertGen.build(sigGen);
X509CertificateStructure eeX509CertificateStructure = PKCertificateHolder.toASN1Structure();
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate cert;
try (InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded())) {
cert = (X509Certificate) cf.generateCertificate(is1);
}
ks.setKeyEntry(
"siesta",
KPair.getPrivate(),
password.toCharArray(),
new java.security.cert.Certificate[] {cert});
ks.store(new FileOutputStream(file), password.toCharArray());
}
} catch (GeneralSecurityException | IOException | IllegalStateException ex) {
throw new IllegalArgumentException("Error creating keystore, please manually create one", ex);
}
}
/**
* Converts, if possible, a key specification into a {@link BCMcElieceCCA2PublicKey}. Currently,
* the following key specifications are supported: {@link McElieceCCA2PublicKeySpec}, {@link
* X509EncodedKeySpec}.
*
* @param keySpec the key specification
* @return the McEliece CCA2 public key
* @throws InvalidKeySpecException if the key specification is not supported.
*/
public PublicKey generatePublic(KeySpec keySpec) throws InvalidKeySpecException {
if (keySpec instanceof McElieceCCA2PublicKeySpec) {
return new BCMcElieceCCA2PublicKey((McElieceCCA2PublicKeySpec) keySpec);
} else if (keySpec instanceof X509EncodedKeySpec) {
// get the DER-encoded Key according to X.509 from the spec
byte[] encKey = ((X509EncodedKeySpec) keySpec).getEncoded();
// decode the SubjectPublicKeyInfo data structure to the pki object
SubjectPublicKeyInfo pki;
try {
pki = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey));
} catch (IOException e) {
throw new InvalidKeySpecException(e.toString());
}
try {
// --- Build and return the actual key.
ASN1Primitive innerType = pki.parsePublicKey();
ASN1Sequence publicKey = (ASN1Sequence) innerType;
// decode oidString (but we don't need it right now)
String oidString = ((ASN1ObjectIdentifier) publicKey.getObjectAt(0)).toString();
// decode <n>
BigInteger bigN = ((ASN1Integer) publicKey.getObjectAt(1)).getValue();
int n = bigN.intValue();
// decode <t>
BigInteger bigT = ((ASN1Integer) publicKey.getObjectAt(2)).getValue();
int t = bigT.intValue();
// decode <matrixG>
byte[] matrixG = ((ASN1OctetString) publicKey.getObjectAt(3)).getOctets();
return new BCMcElieceCCA2PublicKey(new McElieceCCA2PublicKeySpec(OID, n, t, matrixG));
} catch (IOException cce) {
throw new InvalidKeySpecException(
"Unable to decode X509EncodedKeySpec: " + cce.getMessage());
}
}
throw new InvalidKeySpecException("Unsupported key specification: " + keySpec.getClass() + ".");
}
public CertificationRequestInfo(ASN1Sequence seq) {
version = (DERInteger) seq.getObjectAt(0);
subject = X509Name.getInstance(seq.getObjectAt(1));
subjectPKInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(2));
//
// some CertificationRequestInfo objects seem to treat this field
// as optional.
//
if (seq.size() > 3) {
DERTaggedObject tagobj = (DERTaggedObject) seq.getObjectAt(3);
attributes = ASN1Set.getInstance(tagobj, false);
}
if ((subject == null) || (version == null) || (subjectPKInfo == null)) {
throw new IllegalArgumentException(
"Not all mandatory fields set in CertificationRequestInfo generator.");
}
}
/**
* Create a public key from a SubjectPublicKeyInfo encoding read from a stream
*
* @param inStr the stream to read the SubjectPublicKeyInfo encoding from
* @return the appropriate key parameter
* @throws IOException on an error decoding the key
*/
public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException {
return createKey(SubjectPublicKeyInfo.getInstance(new ASN1InputStream(inStr).readObject()));
}
/**
* Create a public key from a SubjectPublicKeyInfo encoding
*
* @param keyInfoData the SubjectPublicKeyInfo encoding
* @return the appropriate key parameter
* @throws IOException on an error decoding the key
*/
public static AsymmetricKeyParameter createKey(byte[] keyInfoData) throws IOException {
return createKey(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(keyInfoData)));
}