List of usage examples for org.bouncycastle.asn1 ASN1EncodableVector ASN1EncodableVector
public ASN1EncodableVector()
From source file:com.difference.historybook.server.CertManager.java
License:Apache License
/** * Create a self-signed certificate and store in a keystore (if it doesn't already exist) * /*from w w w . j a v a2s.c o m*/ * @param keystore path to the keystore to save to * @param password password to use to encrypt keystore * @param alias name to give the certificate in the keystore * @param x500String X500 name for the certificate. (e.g. "CN=localhost,OU=issuer) * @param duration length of time a newly created certificate should remain valid (in seconds) * * @throws @RuntimeException if an error occurs in creating the certificate */ public static void initialize(Path keystore, String password, String alias, String commonName, String organization, long duration) { if (keystore.toFile().exists()) { LOG.info("Keystore {} found.", keystore); return; } try { Security.addProvider(new BouncyCastleProvider()); // generate a key pair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER_NAME); keyPairGenerator.initialize(KEY_LENGTH, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); PublicKey pubKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); // build name X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, commonName); nameBuilder.addRDN(BCStyle.O, organization); nameBuilder.addRDN(BCStyle.OU, organization); X500Name issuerName = nameBuilder.build(); X500Name subjectName = issuerName; // build serial BigInteger serial = BigInteger.valueOf(new Random().nextInt()); // build a certificate generator X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerName, serial, new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000), // yesterday new Date(System.currentTimeMillis() + duration * 1000), subjectName, pubKey); KeyUsage usage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment); certBuilder.addExtension(Extension.keyUsage, true, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); certBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); X509Certificate[] chain = new X509Certificate[1]; chain[0] = signCertificate(certBuilder, keyPair.getPrivate()); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), chain); keyStore.store(new FileOutputStream(keystore.toFile()), password.toCharArray()); Files.setPosixFilePermissions(keystore, ImmutableSet.of(PosixFilePermission.OWNER_READ)); LOG.info("Created keystore at {}.", keystore); } catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateException | KeyStoreException | IOException | OperatorCreationException e) { LOG.error(e.getLocalizedMessage()); throw new RuntimeException(e); } }
From source file:com.goodvikings.cryptim.api.KeyRing.java
License:BEER-WARE LICENSE
private byte[] ASN1EncodeKeys() throws IOException, PGPException { JcaPGPKeyConverter converter = new JcaPGPKeyConverter(); PrivateKey priv = converter.getPrivateKey(kp.getPrivateKey()); PublicKey pub = converter.getPublicKey(kp.getPublicKey()); ASN1EncodableVector pubSeq = new ASN1EncodableVector(); for (String jid : keys.keySet()) { pubSeq.add(new DERSequence(new ASN1Encodable[] { new DERUTF8String(jid), new DERUTF8String(nicks.get(jid)), new DERUTCTime(keys.get(jid).getCreationTime()), new DEROctetString(converter.getPublicKey(keys.get(jid)).getEncoded()) })); }// w w w . j a v a 2 s. c o m DERSequence seq = new DERSequence(new ASN1Encodable[] { new DERSequence(new ASN1Encodable[] { new DERUTCTime(kp.getPublicKey().getCreationTime()), new DEROctetString(pub.getEncoded()) }), new DEROctetString(priv.getEncoded()), new DERSequence(pubSeq) }); return seq.getEncoded(); }
From source file:com.guardtime.asn1.Asn1Util.java
License:Apache License
/** * Extends the given content info with data from the given certification * token.//from w ww .j a va2s .co m * * @param contentInfo * the original timestamp encoded in a CMS {@code ContentInfo} * structure. * @param certToken * the {@code CertToken} from the GuardTime online verification * service. * @return updated (extended) timestamp encoded in a new CMS * {@code ContentInfo} structure. */ static org.bouncycastle.asn1.cms.ContentInfo extend(org.bouncycastle.asn1.cms.ContentInfo contentInfo, Asn1CertToken certToken) throws Asn1FormatException { ASN1EncodableVector v; // Extract signed data ASN1Encodable asn1SignedData = contentInfo.getContent(); org.bouncycastle.asn1.cms.SignedData content = org.bouncycastle.asn1.cms.SignedData .getInstance(asn1SignedData); // Extract signer info ASN1Encodable asn1SignerInfo = content.getSignerInfos().getObjectAt(0); org.bouncycastle.asn1.cms.SignerInfo signerInfo = org.bouncycastle.asn1.cms.SignerInfo .getInstance(asn1SignerInfo); // Extract time signature ASN1Primitive asn1TimeSignature = null; try { asn1TimeSignature = ASN1Primitive.fromByteArray(signerInfo.getEncryptedDigest().getOctets()); } catch (IOException e) { throw new Asn1FormatException("time signature has invalid format"); } Asn1TimeSignature timeSignature = Asn1TimeSignature.getInstance(asn1TimeSignature); // Extend TimeSignature v = new ASN1EncodableVector(); v.add(timeSignature.getLocation()); v.add(certToken.getHistory()); v.add(certToken.getPublishedData()); // Skip PK signature <- updated v.add(new DERTaggedObject(false, 1, certToken.getPubReference())); timeSignature = Asn1TimeSignature.getInstance(new DERSequence(v)); // Extend SignerInfo v = new ASN1EncodableVector(); v.add(signerInfo.getVersion()); v.add(signerInfo.getSID()); v.add(signerInfo.getDigestAlgorithm()); ASN1Set signedAttrs = signerInfo.getAuthenticatedAttributes(); if (signedAttrs != null) { v.add(new DERTaggedObject(false, 0, signedAttrs)); } v.add(signerInfo.getDigestEncryptionAlgorithm()); try { v.add(new DEROctetString(timeSignature)); // <- updated } catch (IOException e) { throw new Asn1FormatException(e); } ASN1Set unsignedAttrs = signerInfo.getUnauthenticatedAttributes(); if (unsignedAttrs != null) { v.add(new DERTaggedObject(false, 1, unsignedAttrs)); } signerInfo = org.bouncycastle.asn1.cms.SignerInfo.getInstance(new DERSequence(v)); // Extend SignedData v = new ASN1EncodableVector(); v.add(content.getVersion()); v.add(content.getDigestAlgorithms()); v.add(content.getEncapContentInfo()); // Skipping certificates <- updated // Skipping CRLs <- updated v.add(new DERSet(signerInfo)); // <- updated content = org.bouncycastle.asn1.cms.SignedData.getInstance(new DERSequence(v)); // Extend ContentInfo v = new ASN1EncodableVector(); v.add(contentInfo.getContentType()); v.add(new DERTaggedObject(true, 0, content)); // <- updated contentInfo = org.bouncycastle.asn1.cms.ContentInfo.getInstance(new DERSequence(v)); return contentInfo; }
From source file:com.guardtime.asn1.CertToken.java
License:Apache License
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(version);/*from w ww . j a va2 s.c o m*/ v.add(history); v.add(publishedData); v.add(pubReference); if (extensions != null) { v.add(new DERTaggedObject(false, 0, extensions)); } return new DERSequence(v); }
From source file:com.guardtime.asn1.CertTokenRequest.java
License:Apache License
/** * Composes a new {@code CertTokenRequest} structure containing the given * history identifier and no extensions. * * @param historyId/* w ww . j av a 2 s . co m*/ * identifier of the second for which the certification token in * requested. * @return a new certification token request. */ public static CertTokenRequest compose(BigInteger historyId) { if (historyId == null) { throw new IllegalArgumentException("invalid history ID: null"); } ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(VERSION)); v.add(new ASN1Integer(historyId)); ASN1Sequence seq = new DERSequence(v); Asn1CertTokenRequest req = new Asn1CertTokenRequest(seq); return new CertTokenRequest(req); }
From source file:com.guardtime.asn1.CertTokenRequest.java
License:Apache License
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(version);// ww w.j a v a 2 s . c o m v.add(historyIdentifier); if (extensions != null) { v.add(new DERTaggedObject(false, 0, extensions)); } return new DERSequence(v); }
From source file:com.guardtime.asn1.CertTokenResponse.java
License:Apache License
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(status);/*from w w w . ja va2 s . c om*/ if (certToken != null) { v.add(new DERTaggedObject(0, certToken)); } return new DERSequence(v); }
From source file:com.guardtime.asn1.PublishedData.java
License:Apache License
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(publicationIdentifier);/*from w w w .j a v a 2 s .co m*/ v.add(publicationImprint); return new DERSequence(v); }
From source file:com.guardtime.asn1.SignatureInfo.java
License:Apache License
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(signatureAlgorithm);/*from w w w. j a v a 2s . com*/ v.add(signatureValue); if (pkiReferences != null) { v.add(new DERTaggedObject(false, 0, pkiReferences)); } return new DERSequence(v); }
From source file:com.guardtime.asn1.TimeSignature.java
License:Apache License
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(location);//w w w . jav a2 s . c om v.add(history); v.add(publishedData); if (pkSignature != null) { v.add(new DERTaggedObject(false, 0, pkSignature)); } if (pubReferences != null) { v.add(new DERTaggedObject(false, 1, pubReferences)); } return new DERSequence(v); }