org.bouncycastle.asn1.x509.SubjectKeyIdentifier Java Examples

The following examples show how to use org.bouncycastle.asn1.x509.SubjectKeyIdentifier. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DSSASN1Utils.java    From dss with GNU Lesser General Public License v2.1 6 votes vote down vote up 
/**
 * This method returns SKI bytes from certificate.
 *
 * @param certificateToken
 *            {@code CertificateToken}
 * @param computeIfMissing
 *            if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public
 *            Key
 * @return ski bytes from the given certificate
 */
public static byte[] getSki(final CertificateToken certificateToken, boolean computeIfMissing) {
	try {
		byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId());
		if (Utils.isArrayNotEmpty(extensionValue)) {
			ASN1Primitive extension = JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
			SubjectKeyIdentifier skiBC = SubjectKeyIdentifier.getInstance(extension);
			return skiBC.getKeyIdentifier();
		} else if (computeIfMissing) {
			// If extension not present, we compute it from the certificate public key
			return computeSkiFromCert(certificateToken);
		}
		return null;
	} catch (IOException e) {
		throw new DSSException(e);
	}
}
Example #2
Source File: DSubjectKeyIdentifier.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up 
private void okPressed() {
	byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier();

	if (keyIdentifier == null) {
		JOptionPane.showMessageDialog(this, res.getString("DSubjectKeyIdentifier.ValueReq.message"), getTitle(),
				JOptionPane.WARNING_MESSAGE);
		return;
	}

	SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(keyIdentifier);

	try {
		value = subjectKeyIdentifier.getEncoded(ASN1Encoding.DER);
	} catch (IOException e) {
		DError.displayError(this, e);
		return;
	}

	closeDialog();
}
Example #3
Source File: X509Ext.java    From keystore-explorer with GNU General Public License v3.0 6 votes vote down vote up 
private String getSubjectKeyIndentifierStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * SubjectKeyIdentifier ::= KeyIdentifier
	 *
	 * KeyIdentifier ::= OCTET STRING
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);

	// Get key identifier from octet string
	byte[] keyIdentifierBytes = subjectKeyIdentifier.getKeyIdentifier();

	sb.append(MessageFormat.format(res.getString("SubjectKeyIdentifier"),
			HexUtil.getHexString(keyIdentifierBytes)));
	sb.append(NEWLINE);

	return sb.toString();
}
Example #4
Source File: EmailService.java    From FairEmail with GNU General Public License v3.0 5 votes vote down vote up 
private static String getKeyId(X509Certificate certificate) {
    try {
        byte[] extension = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
        if (extension == null)
            return null;
        byte[] bytes = DEROctetString.getInstance(extension).getOctets();
        SubjectKeyIdentifier keyId = SubjectKeyIdentifier.getInstance(bytes);
        return Helper.hex(keyId.getKeyIdentifier());
    } catch (Throwable ex) {
        Log.e(ex);
        return null;
    }
}
Example #5
Source File: RsaSsaPss.java    From testarea-itext5 with GNU Affero General Public License v3.0 5 votes vote down vote up 
static SubjectKeyIdentifier createSubjectKeyId(
    PublicKey pub) 
    throws IOException
{
    SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pub.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}
Example #6
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 5 votes vote down vote up 
private void checkExtnSubjectKeyIdentifier(StringBuilder failureMsg,
    byte[] extensionValue, SubjectPublicKeyInfo subjectPublicKeyInfo) {
  // subjectKeyIdentifier
  SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue);
  byte[] ski = asn1.getKeyIdentifier();
  byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes();
  byte[] expectedSki = HashAlgo.SHA1.hash(pkData);
  if (!Arrays.equals(expectedSki, ski)) {
    addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki));
  }
}
Example #7
Source File: AutoCA.java    From swift-k with Apache License 2.0 5 votes vote down vote up 
private Map<DERObjectIdentifier, DEREncodable> createExtensions(PublicKey caPub, PublicKey userPub) throws IOException {
    Map<DERObjectIdentifier, DEREncodable> ext = new HashMap<DERObjectIdentifier, DEREncodable>();
    
    // not a CA
    ext.put(X509Extensions.BasicConstraints, new BasicConstraints(false));
    // obvious
    ext.put(X509Extensions.KeyUsage, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature));
    ext.put(X509Extensions.SubjectKeyIdentifier, getSubjectKeyInfo(userPub));
    ext.put(X509Extensions.AuthorityKeyIdentifier, getAuthorityKeyIdentifier(caPub));
    
    return ext;
}
Example #8
Source File: SignedCertificateGenerator.java    From credhub with Apache License 2.0 5 votes vote down vote up 
public X509Certificate getSelfSigned(final KeyPair keyPair, final CertificateGenerationParameters params) throws Exception {
  final SubjectKeyIdentifier keyIdentifier = getSubjectKeyIdentifierFromKeyInfo(keyPair.getPublic());

  return getSignedByIssuer(
    null,
    keyPair.getPrivate(),
    params.getX500Principal(),
    keyIdentifier,
    keyPair,
    params
  );
}
Example #9
Source File: KeyStoreTableModel.java    From keystore-explorer with GNU General Public License v3.0 5 votes vote down vote up 
private String getCertificateSKI(String alias, KeyStore keyStore) throws CryptoException, KeyStoreException {
	X509Certificate x509Cert = getCertificate(alias, keyStore);
	try {
		byte[] skiValue = x509Cert.getExtensionValue(Extension.subjectKeyIdentifier.getId());
		byte[] octets = DEROctetString.getInstance(skiValue).getOctets();
		byte[] skiBytes = SubjectKeyIdentifier.getInstance(octets).getKeyIdentifier();
		return HexUtil.getHexString(skiBytes);
	} catch (Exception e) {
		return "-";
	}
}
Example #10
Source File: SignedCertificateGenerator.java    From credhub with Apache License 2.0 4 votes vote down vote up 
private SubjectKeyIdentifier getSubjectKeyIdentifierFrom(final X509Certificate certificate) throws Exception {
  final byte[] extensionValue = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
  return extensionValue == null ?
    new SubjectKeyIdentifier(null) :
    SubjectKeyIdentifier.getInstance(parseExtensionValue(extensionValue));
}
Example #11
Source File: CertificateModel.java    From Spark with Apache License 2.0 4 votes vote down vote up 
private String subjectKeyIdentifierExtractor(ASN1Primitive primitive) {
	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(primitive);
	return Hex.toHexString(subjectKeyIdentifier.getKeyIdentifier());
}
Example #12
Source File: AutoCA.java    From swift-k with Apache License 2.0 4 votes vote down vote up 
private DEREncodable getSubjectKeyInfo(PublicKey userPub) throws IOException {
    // convert key to bouncy castle format and get subject key identifier
    DERObject derKey = new ASN1InputStream(userPub.getEncoded()).readObject();
    return new SubjectKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) derKey));
}
Example #13
Source File: DSubjectKeyIdentifier.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up 
private void prepopulateWithValue(byte[] value) throws IOException {
	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);

	jkiKeyIdentifier.setKeyIdentifier(subjectKeyIdentifier.getKeyIdentifier());
}
Example #14
Source File: DSelectStandardExtensionTemplate.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up 
private void addSubjectKeyIdentifier(X509ExtensionSet extensionSet) throws CryptoException, IOException {
	KeyIdentifierGenerator skiGenerator = new KeyIdentifierGenerator(subjectPublicKey);
	SubjectKeyIdentifier ski = new SubjectKeyIdentifier(skiGenerator.generate160BitHashId());
	byte[] skiEncoded = wrapInOctetString(ski.getEncoded());
	extensionSet.addExtension(X509ExtensionType.SUBJECT_KEY_IDENTIFIER.oid(), false, skiEncoded);
}
Example #15
Source File: SignedCertificateGenerator.java    From credhub with Apache License 2.0 4 votes vote down vote up 
private SubjectKeyIdentifier getSubjectKeyIdentifierFromKeyInfo(final PublicKey publicKey) {
  return jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey);
}
Example #16
Source File: DeviceCertificateManager.java    From enmasse with Apache License 2.0 3 votes vote down vote up 
private static SubjectKeyIdentifier createSubjectKeyId(final PublicKey publicKey) throws OperatorCreationException {

        final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        final DigestCalculator digCalc = new BcDigestCalculatorProvider()
                .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));

        return new X509ExtensionUtils(digCalc)
                .createSubjectKeyIdentifier(publicKeyInfo);

    }
Example #17
Source File: AbstractX509CertificateService.java    From flashback with BSD 2-Clause "Simplified" License 3 votes vote down vote up 
/**
 * Create subjectKeyIdentifier
 * The Subject Key Identifier extension identifies the public key certified by this certificate.
 * This extension provides a way of distinguishing public keys if more than one is available for
 * a given subject name.
 * i.e.
 *     Identifier: Subject Key Identifier - 2.5.29.14
 *       Critical: no
 *        Key Identifier:
 *          3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
 *          9C:37:85:84
 *
 * */
protected SubjectKeyIdentifier createSubjectKeyIdentifier(PublicKey publicKey)
    throws IOException {
  try (ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
      ASN1InputStream ais = new ASN1InputStream(bais)) {
    ASN1Sequence asn1Sequence = (ASN1Sequence) ais.readObject();
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(asn1Sequence);
    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(subjectPublicKeyInfo);
  }
}
Example #18
Source File: X509Ext.java    From portecle with GNU General Public License v2.0 3 votes vote down vote up 
/**
 * Get Subject Key Identifier (2.5.29.14) extension value as a string.
 *
 * <pre>
 * SubjectKeyIdentifier ::= KeyIdentifier
 * KeyIdentifier ::= OCTET STRING
 * </pre>
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 */
private String getSubjectKeyIdentifierStringValue(byte[] bValue)
{
	SubjectKeyIdentifier ski = SubjectKeyIdentifier.getInstance(bValue);
	byte[] bKeyIdent = ski.getKeyIdentifier();

	// Output as a hex string
	return convertToHexString(bKeyIdent);
}
Example #19
Source File: BouncyCastleSecurityProviderTool.java    From browserup-proxy with Apache License 2.0 2 votes vote down vote up 
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}
Example #20
Source File: BouncyCastleSecurityProviderTool.java    From AndroidHttpCapture with MIT License 2 votes vote down vote up 
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}
Example #21
Source File: BouncyCastleSecurityProviderTool.java    From Dream-Catcher with MIT License 2 votes vote down vote up 
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}
Example #22
Source File: BouncyCastleSecurityProviderTool.java    From CapturePacket with MIT License 2 votes vote down vote up 
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}