org.bouncycastle.asn1.DERObjectIdentifier Java Examples

The following examples show how to use org.bouncycastle.asn1.DERObjectIdentifier. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: X509SubjectAlternativeNameUPNPrincipalResolver.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up 
/**
 * Get UPN String.
 *
 * @param seq ASN1Sequence abstraction representing subject alternative name.
 * First element is the object identifier, second is the object itself.
 *
 * @return UPN string or null
 */
private String getUPNStringFromSequence(final ASN1Sequence seq) {
    if (seq != null) {
        // First in sequence is the object identifier, that we must check
        final DERObjectIdentifier id = DERObjectIdentifier.getInstance(seq.getObjectAt(0));
        if (id != null && UPN_OBJECTID.equals(id.getId())) {
            final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1);
            final DERUTF8String str = DERUTF8String.getInstance(obj.getObject());
            return str.getString();
        }
    }
    return null;
}
Example #2
Source File: BouncyCastleOpenSSLKey.java    From swift-k with Apache License 2.0 5 votes vote down vote up 
protected PrivateKey getKey(String alg, byte [] data) 
throws GeneralSecurityException {
if (alg.equals("RSA")) {
    try {
	ByteArrayInputStream bis = new ByteArrayInputStream(data);
	DERInputStream derin = new DERInputStream(bis);
	DERObject keyInfo = derin.readObject();
	
	DERObjectIdentifier rsa_oid = PKCSObjectIdentifiers.rsaEncryption;    	   
	AlgorithmIdentifier rsa = new AlgorithmIdentifier(rsa_oid);
	PrivateKeyInfo pkeyinfo = new PrivateKeyInfo(rsa, keyInfo);
	DERObject derkey = pkeyinfo.getDERObject();		
	
	byte[] keyData = BouncyCastleUtil.toByteArray(derkey);

	// The DER object needs to be mangled to 
	// create a proper ProvateKeyInfo object 
	PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyData);
	KeyFactory kfac = KeyFactory.getInstance("RSA");
	
	return kfac.generatePrivate(spec);
    } catch (IOException e) {
	// that should never happen
	return null;
    }
    
} else {
    return null;
}
   }
Example #3
Source File: AutoCA.java    From swift-k with Apache License 2.0 5 votes vote down vote up 
private Map<DERObjectIdentifier, DEREncodable> createExtensions(PublicKey caPub, PublicKey userPub) throws IOException {
    Map<DERObjectIdentifier, DEREncodable> ext = new HashMap<DERObjectIdentifier, DEREncodable>();
    
    // not a CA
    ext.put(X509Extensions.BasicConstraints, new BasicConstraints(false));
    // obvious
    ext.put(X509Extensions.KeyUsage, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature));
    ext.put(X509Extensions.SubjectKeyIdentifier, getSubjectKeyInfo(userPub));
    ext.put(X509Extensions.AuthorityKeyIdentifier, getAuthorityKeyIdentifier(caPub));
    
    return ext;
}
Example #4
Source File: CertificateCreator.java    From odo with Apache License 2.0 4 votes vote down vote up 
/**
 * Creates a typical Certification Authority (CA) certificate.
 * @param keyPair
 * @throws SecurityException
 * @throws InvalidKeyException
 * @throws NoSuchProviderException
 * @throws NoSuchAlgorithmException
 * @throws CertificateException
 */
@SuppressWarnings("deprecation")
   public static X509Certificate createTypicalMasterCert(final KeyPair keyPair)
throws SignatureException, InvalidKeyException, SecurityException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException
{

	X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();

       // BEGIN ODO CHANGES
       // Added the Common Name "CN=CyberVillains CA" to the X.509 Distinguished Name below.
       // This was added to work around a bug in iOS where certificates that lack Common Name's
       // do not show up in the list of CA certificates found in Settings / General / About / Certificate Trust Settings.
       // We needed this CA certificate to show up in this list so that we could manually trust it and therefore
       // avoid the App Transport Security "Untrusted root certificate" errors.
	X509Principal issuer=new X509Principal("CN=CyberVillains CA,OU=CyberVillains Certification Authority,O=CyberVillains.com,C=US");
	// END ODO CHANGES

	// Create
	v3CertGen.setSerialNumber(BigInteger.valueOf(1));
	v3CertGen.setIssuerDN(issuer);
	v3CertGen.setSubjectDN(issuer);

	//Set validity period
	v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 12 /* months */ *(1000L * 60 * 60 * 24 * 30)));
	v3CertGen.setNotAfter (new Date(System.currentTimeMillis() + 240 /* months */ *(1000L * 60 * 60 * 24 * 30)));

	//Set signature algorithm & public key
	v3CertGen.setPublicKey(keyPair.getPublic());
	v3CertGen.setSignatureAlgorithm(CertificateCreator.SIGN_ALGO);

	// Add typical extensions for signing cert
	v3CertGen.addExtension(
			X509Extensions.SubjectKeyIdentifier,
			false,
			new SubjectKeyIdentifierStructure(keyPair.getPublic()));

	v3CertGen.addExtension(
			X509Extensions.BasicConstraints,
			true,
			new BasicConstraints(0));

	v3CertGen.addExtension(
			X509Extensions.KeyUsage,
			false,
			new KeyUsage(KeyUsage.cRLSign | KeyUsage.keyCertSign) );

	DEREncodableVector typicalCAExtendedKeyUsages = new DEREncodableVector();

	typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth));
	typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.OCSPSigning));
	typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.verisignUnknown));

	v3CertGen.addExtension(
			X509Extensions.ExtendedKeyUsage,
			false,
			new DERSequence(typicalCAExtendedKeyUsages));

	X509Certificate cert = v3CertGen.generate(keyPair.getPrivate(), "BC");

	cert.checkValidity(new Date());

	cert.verify(keyPair.getPublic());

	return cert;
}