List of usage examples for java.security.cert X509Certificate getPublicKey
public abstract PublicKey getPublicKey();
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testPSS256() throws Exception { Security.addProvider(new BeIDProvider()); Security.addProvider(new BouncyCastleProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);// w w w. ja va2 s .c o m PrivateKey authnPrivateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); PublicKey authnPublicKey = authnCertificate.getPublicKey(); Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); signature.initSign(authnPrivateKey); byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); signature.initVerify(authnPublicKey); signature.update(toBeSigned); boolean result = signature.verify(signatureValue); assertTrue(result); }
From source file:test.integ.be.fedict.hsm.client.HSMProxyClientTest.java
@Test public void testSign() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore beidKeyStore = KeyStore.getInstance("BeID"); beidKeyStore.load(null);/* www . j av a2 s. c o m*/ X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication"); PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null); String location = "http://localhost:8080/hsm-proxy-ws/dss"; // String location = "https://www.e-contract.be/hsm-proxy-ws/dss"; HSMProxyClient client = new HSMProxyClient(location, authnPrivateKey, authnCert); // client.setProxy("proxy.yourict.net", 8080); byte[] toBeSigned = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); messageDigest.update(toBeSigned); byte[] digestValue = messageDigest.digest(); String keyAlias = "alias"; byte[] signatureValue = client.sign(digestValue, "SHA1", keyAlias); assertNotNull(signatureValue); LOG.debug("signature value length: " + signatureValue.length); X509Certificate certificate = client.getCertificateChain(keyAlias).get(0); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initVerify(certificate.getPublicKey()); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); }
From source file:test.integ.be.fedict.hsm.jca.HSMProxySignatureTest.java
private void signAndVerify(X509Certificate certificate, PrivateKey privateKey, String signatureAlgo) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { Signature signature = Signature.getInstance(signatureAlgo); signature.initSign(privateKey);/*from w w w .j a va 2 s . c o m*/ byte[] toBeSigned = "hello world".getBytes(); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); assertNotNull(signatureValue); signature = Signature.getInstance(signatureAlgo); signature.initVerify(certificate.getPublicKey()); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); }
From source file:test.integ.be.fedict.hsm.model.KeyStoreSingletonBeanTest.java
private void checkSigning(long keyStoreId) throws Exception { List<String> aliases = this.testedInstance.getKeyStoreAliases(keyStoreId); assertFalse(aliases.isEmpty());/*from w w w.j a v a 2s . co m*/ String alias = aliases.get(0); byte[] toBeSigned = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); messageDigest.update(toBeSigned); byte[] digestValue = messageDigest.digest(); byte[] signatureValue = this.testedInstance.sign(keyStoreId, alias, "SHA-1", digestValue); Signature signature = Signature.getInstance("SHA1withRSA"); Certificate[] certificateChain = this.testedInstance.getCertificateChain(keyStoreId, alias); assertTrue(certificateChain.length > 0); X509Certificate certificate = (X509Certificate) certificateChain[0]; signature.initVerify(certificate.getPublicKey()); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); }
From source file:test.integ.be.fedict.trust.Foreigner201305Test.java
@Test public void testForeigner201305() throws Exception { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate rootCert = (X509Certificate) certificateFactory .generateCertificate(Foreigner201305Test.class.getResourceAsStream("/belgiumrca2.crt")); X509Certificate foreigner201304Cert = (X509Certificate) certificateFactory .generateCertificate(Foreigner201305Test.class.getResourceAsStream("/foreigner201304.crt")); foreigner201304Cert.verify(rootCert.getPublicKey()); X509Certificate foreigner201305Cert = (X509Certificate) certificateFactory .generateCertificate(Foreigner201305Test.class.getResourceAsStream("/foreigner201305.crt")); foreigner201305Cert.verify(rootCert.getPublicKey()); byte[] foreigner201304SignatureValue = foreigner201304Cert.getSignature(); byte[] foreigner201305SignatureValue = foreigner201305Cert.getSignature(); LOG.debug("201304 signature size: " + foreigner201304SignatureValue.length); LOG.debug("201305 signature size: " + foreigner201305SignatureValue.length); RSAPublicKey rootPublicKey = (RSAPublicKey) rootCert.getPublicKey(); BigInteger foreigner201304Signature = new BigInteger(foreigner201304SignatureValue); BigInteger foreigner201305Signature = new BigInteger(foreigner201305SignatureValue); LOG.debug("201305 signature size: " + foreigner201305Signature.toByteArray().length); BigInteger foreigner201304PaddedMessage = foreigner201304Signature.modPow(rootPublicKey.getPublicExponent(), rootPublicKey.getModulus()); BigInteger foreigner201305PaddedMessage = foreigner201305Signature.modPow(rootPublicKey.getPublicExponent(), rootPublicKey.getModulus()); LOG.debug(/*from ww w. j a v a2 s. c o m*/ "201304 padded message: " + new String(Hex.encodeHex(foreigner201304PaddedMessage.toByteArray()))); LOG.debug( "201305 padded message: " + new String(Hex.encodeHex(foreigner201305PaddedMessage.toByteArray()))); LOG.debug("201304 modulus size: " + ((RSAPublicKey) foreigner201304Cert.getPublicKey()).getModulus().toByteArray().length); LOG.debug("201305 modulus size: " + ((RSAPublicKey) foreigner201305Cert.getPublicKey()).getModulus().toByteArray().length); LOG.debug("201304 modulus: " + new String( Hex.encodeHex(((RSAPublicKey) foreigner201304Cert.getPublicKey()).getModulus().toByteArray()))); LOG.debug("201305 modulus: " + new String( Hex.encodeHex(((RSAPublicKey) foreigner201305Cert.getPublicKey()).getModulus().toByteArray()))); }
From source file:test.integ.be.fedict.trust.Foreigner201305Test.java
/** * wget --recursive -e robots=off http://certs.eid.belgium.be * //from ww w . j a v a 2 s . c om * @throws Exception */ @Test public void testAllCertificateAuthorities() throws Exception { File dirFile = new File("/home/fcorneli/certs/certs.eid.belgium.be"); LOG.debug("directory: " + dirFile.getAbsolutePath()); File[] certFiles = dirFile.listFiles(new FilenameFilter() { @Override public boolean accept(File dir, String name) { LOG.debug(name); return name.endsWith("crt"); } }); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); for (File certFile : certFiles) { X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new FileInputStream(certFile)); LOG.debug("certificate: " + certificate.getSubjectX500Principal()); RSAPublicKey rsaPublicKey = (RSAPublicKey) certificate.getPublicKey(); int modulusSize = rsaPublicKey.getModulus().toByteArray().length; LOG.debug("modulus size: " + modulusSize); int signatureSize = certificate.getSignature().length; LOG.debug("signature size: " + signatureSize); assertEquals(modulusSize - 1, signatureSize); } LOG.debug("total number of CAs: " + certFiles.length); }
From source file:test.integ.be.fedict.trust.util.TestUtils.java
public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, PrivateKey issuerPrivateKey, X509Certificate issuerCert, DateTime notBefore, DateTime notAfter, String signatureAlgorithm, boolean includeAuthorityKeyIdentifier, boolean caCert, boolean timeStampingPurpose, String ocspUri, String crlUri, KeyUsage keyUsage, BigInteger serialNumber) throws IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException { String finalSignatureAlgorithm = signatureAlgorithm; if (null == signatureAlgorithm) { finalSignatureAlgorithm = "SHA512WithRSAEncryption"; }/*w w w . j av a2 s.co m*/ X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.reset(); certificateGenerator.setPublicKey(subjectPublicKey); certificateGenerator.setSignatureAlgorithm(finalSignatureAlgorithm); certificateGenerator.setNotBefore(notBefore.toDate()); certificateGenerator.setNotAfter(notAfter.toDate()); X509Principal issuerDN; if (null != issuerCert) { issuerDN = new X509Principal(issuerCert.getSubjectX500Principal().getName()); } else { issuerDN = new X509Principal(subjectDn); } certificateGenerator.setIssuerDN(issuerDN); certificateGenerator.setSubjectDN(new X509Principal(subjectDn)); certificateGenerator.setSerialNumber(serialNumber); certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey)); PublicKey issuerPublicKey; if (null != issuerCert) { issuerPublicKey = issuerCert.getPublicKey(); } else { issuerPublicKey = subjectPublicKey; } if (includeAuthorityKeyIdentifier) { certificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey)); } certificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(caCert)); if (timeStampingPurpose) { certificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping)); } if (null != ocspUri) { GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri); AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, ocspName); certificateGenerator.addExtension(X509Extensions.AuthorityInfoAccess.getId(), false, authorityInformationAccess); } if (null != crlUri) { GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(crlUri)); GeneralNames gns = new GeneralNames(gn); DistributionPointName dpn = new DistributionPointName(0, gns); DistributionPoint distp = new DistributionPoint(dpn, null, null); certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints, false, new DERSequence(distp)); } if (null != keyUsage) { certificateGenerator.addExtension(X509Extensions.KeyUsage, true, keyUsage); } return certificateGenerator.generate(issuerPrivateKey); // /* // * Make sure the default certificate provider is active. // */ // CertificateFactory certificateFactory = CertificateFactory // .getInstance("X.509"); // certificate = (X509Certificate) certificateFactory // .generateCertificate(new ByteArrayInputStream(certificate // .getEncoded())); // // return certificate; }
From source file:test.unit.be.fedict.eid.idp.protocol.saml2.SAML2ArtifactProtocolServiceTest.java
private X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, DateTime notBefore, DateTime notAfter, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey) throws Exception { X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.reset();// www. j a va 2 s .co m certificateGenerator.setPublicKey(subjectPublicKey); certificateGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption"); certificateGenerator.setNotBefore(notBefore.toDate()); certificateGenerator.setNotAfter(notAfter.toDate()); X509Principal issuerDN; if (null != issuerCertificate) { issuerDN = new X509Principal(issuerCertificate.getSubjectX500Principal().toString()); } else { issuerDN = new X509Principal(subjectDn); } certificateGenerator.setIssuerDN(issuerDN); certificateGenerator.setSubjectDN(new X509Principal(subjectDn)); certificateGenerator.setSerialNumber(new BigInteger(128, new SecureRandom())); certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey)); PublicKey issuerPublicKey; if (null != issuerCertificate) { issuerPublicKey = issuerCertificate.getPublicKey(); } else { issuerPublicKey = subjectPublicKey; } certificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey)); X509Certificate certificate; certificate = certificateGenerator.generate(issuerPrivateKey); /* * Next certificate factory trick is needed to make sure that the * certificate delivered to the caller is provided by the default * security provider instead of BouncyCastle. If we don't do this trick * we might run into trouble when trying to use the CertPath validator. */ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(certificate.getEncoded())); return certificate; }
From source file:test.unit.org.owasp.webscarab.util.SunCertificateUtilsTest.java
@Test public void testSign() throws Exception { // setup//ww w . java 2 s . c o m KeyPair caKeyPair = generateKeyPair(); KeyPair entityKeyPair = generateKeyPair(); X500Principal subject = new X500Principal("CN=Test"); PublicKey pubKey = entityKeyPair.getPublic(); X500Principal issuer = new X500Principal("CN=CA"); PublicKey caPubKey = caKeyPair.getPublic(); PrivateKey caKey = caKeyPair.getPrivate(); Date begin = new Date(); Date ends = new Date(begin.getTime() + (long) 1000 * 60 * 60 * 24 * 30); BigInteger serialNo = BigInteger.valueOf(1234); JcaX509ExtensionUtils jxeu = new JcaX509ExtensionUtils(); // operate X509Certificate resultCert = SunCertificateUtils.sign(subject, pubKey, issuer, caPubKey, caKey, begin, ends, serialNo, null); // verify assertNotNull(resultCert); LOG.debug("result certificate: " + resultCert); resultCert.verify(caPubKey); assertEquals(subject, resultCert.getSubjectX500Principal()); assertEquals(issuer, resultCert.getIssuerX500Principal()); assertEquals(serialNo, resultCert.getSerialNumber()); assertEquals(pubKey, resultCert.getPublicKey()); LOG.debug("expected begin: " + begin.getTime()); LOG.debug("actual begin: " + resultCert.getNotBefore().getTime()); /* * BouncyCastle drops the milliseconds. */ assertTrue(Math.abs(begin.getTime() - resultCert.getNotBefore().getTime()) < 1000); assertTrue(Math.abs(ends.getTime() - resultCert.getNotAfter().getTime()) < 1000); byte[] subjectKeyIdentifierExtValue = resultCert .getExtensionValue(X509Extension.subjectKeyIdentifier.getId()); assertNotNull(subjectKeyIdentifierExtValue); ASN1Primitive subjectKeyIdentifier = JcaX509ExtensionUtils .parseExtensionValue(subjectKeyIdentifierExtValue); ASN1Primitive expSKI = jxeu.createSubjectKeyIdentifier(pubKey).toASN1Primitive(); assertArrayEquals(expSKI.getEncoded(), subjectKeyIdentifier.getEncoded()); byte[] authorityKeyIdentifierExtValue = resultCert .getExtensionValue(X509Extension.authorityKeyIdentifier.getId()); ASN1Primitive authorityKeyIdentifier = JcaX509ExtensionUtils .parseExtensionValue(authorityKeyIdentifierExtValue); ASN1Primitive expAKI = jxeu.createAuthorityKeyIdentifier(caPubKey).toASN1Primitive(); assertArrayEquals(expAKI.getEncoded(), authorityKeyIdentifier.getEncoded()); assertEquals(-1, resultCert.getBasicConstraints()); byte[] netscapeCertTypeExtValue = resultCert .getExtensionValue(MiscObjectIdentifiers.netscapeCertType.getId()); assertNotNull(netscapeCertTypeExtValue); DERBitString netscapeCertTypeExt = (DERBitString) X509ExtensionUtil .fromExtensionValue(netscapeCertTypeExtValue); NetscapeCertType netscapeCertType = new NetscapeCertType(netscapeCertTypeExt); assertEquals(NetscapeCertType.sslClient, netscapeCertType.intValue() & NetscapeCertType.sslClient); assertEquals(NetscapeCertType.sslServer, netscapeCertType.intValue() & NetscapeCertType.sslServer); assertTrue(resultCert.getKeyUsage()[0]); assertTrue(resultCert.getKeyUsage()[2]); byte[] extendedKeyUsageExtValue = resultCert.getExtensionValue(X509Extension.extendedKeyUsage.getId()); assertNotNull(extendedKeyUsageExtValue); ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage .getInstance(X509ExtensionUtil.fromExtensionValue(extendedKeyUsageExtValue)); assertTrue(extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); assertTrue(extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_serverAuth)); }
From source file:uk.org.ukfederation.mda.validate.X509RSAOpenSSLBlacklistValidator.java
/** {@inheritDoc} */ @Override/* w ww . j a v a2s.com*/ public void validate(@Nonnull final X509Certificate cert, @Nonnull final Item<?> item, @Nonnull final String stageId) throws StageProcessingException { ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); final PublicKey key = cert.getPublicKey(); if ("RSA".equals(key.getAlgorithm())) { final RSAPublicKey rsaKey = (RSAPublicKey) key; final BigInteger modulus = rsaKey.getModulus(); if (keySize == 0 || keySize == modulus.bitLength()) { final String value = openSSLDigest(modulus); if (blacklistedValues.contains(value)) { addError("RSA modulus included in key blacklist (" + value + ")", item, stageId); } } } }