Java Code Examples for org.bouncycastle.asn1.x509.SubjectKeyIdentifier

The following examples show how to use org.bouncycastle.asn1.x509.SubjectKeyIdentifier. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: keystore-explorer   Source File: X509Ext.java    License: GNU General Public License v3.0 6 votes vote down vote up
private String getSubjectKeyIndentifierStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * SubjectKeyIdentifier ::= KeyIdentifier
	 *
	 * KeyIdentifier ::= OCTET STRING
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);

	// Get key identifier from octet string
	byte[] keyIdentifierBytes = subjectKeyIdentifier.getKeyIdentifier();

	sb.append(MessageFormat.format(res.getString("SubjectKeyIdentifier"),
			HexUtil.getHexString(keyIdentifierBytes)));
	sb.append(NEWLINE);

	return sb.toString();
}
 
Example 2
private void okPressed() {
	byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier();

	if (keyIdentifier == null) {
		JOptionPane.showMessageDialog(this, res.getString("DSubjectKeyIdentifier.ValueReq.message"), getTitle(),
				JOptionPane.WARNING_MESSAGE);
		return;
	}

	SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(keyIdentifier);

	try {
		value = subjectKeyIdentifier.getEncoded(ASN1Encoding.DER);
	} catch (IOException e) {
		DError.displayError(this, e);
		return;
	}

	closeDialog();
}
 
Example 3
Source Project: dss   Source File: DSSASN1Utils.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * This method returns SKI bytes from certificate.
 *
 * @param certificateToken
 *            {@code CertificateToken}
 * @param computeIfMissing
 *            if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public
 *            Key
 * @return ski bytes from the given certificate
 */
public static byte[] getSki(final CertificateToken certificateToken, boolean computeIfMissing) {
	try {
		byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId());
		if (Utils.isArrayNotEmpty(extensionValue)) {
			ASN1Primitive extension = JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
			SubjectKeyIdentifier skiBC = SubjectKeyIdentifier.getInstance(extension);
			return skiBC.getKeyIdentifier();
		} else if (computeIfMissing) {
			// If extension not present, we compute it from the certificate public key
			return computeSkiFromCert(certificateToken);
		}
		return null;
	} catch (IOException e) {
		throw new DSSException(e);
	}
}
 
Example 4
Source Project: FairEmail   Source File: EmailService.java    License: GNU General Public License v3.0 5 votes vote down vote up
private static String getKeyId(X509Certificate certificate) {
    try {
        byte[] extension = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
        if (extension == null)
            return null;
        byte[] bytes = DEROctetString.getInstance(extension).getOctets();
        SubjectKeyIdentifier keyId = SubjectKeyIdentifier.getInstance(bytes);
        return Helper.hex(keyId.getKeyIdentifier());
    } catch (Throwable ex) {
        Log.e(ex);
        return null;
    }
}
 
Example 5
static SubjectKeyIdentifier createSubjectKeyId(
    PublicKey pub) 
    throws IOException
{
    SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pub.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}
 
Example 6
Source Project: credhub   Source File: SignedCertificateGenerator.java    License: Apache License 2.0 5 votes vote down vote up
public X509Certificate getSelfSigned(final KeyPair keyPair, final CertificateGenerationParameters params) throws Exception {
  final SubjectKeyIdentifier keyIdentifier = getSubjectKeyIdentifierFromKeyInfo(keyPair.getPublic());

  return getSignedByIssuer(
    null,
    keyPair.getPrivate(),
    params.getX500Principal(),
    keyIdentifier,
    keyPair,
    params
  );
}
 
Example 7
private String getCertificateSKI(String alias, KeyStore keyStore) throws CryptoException, KeyStoreException {
	X509Certificate x509Cert = getCertificate(alias, keyStore);
	try {
		byte[] skiValue = x509Cert.getExtensionValue(Extension.subjectKeyIdentifier.getId());
		byte[] octets = DEROctetString.getInstance(skiValue).getOctets();
		byte[] skiBytes = SubjectKeyIdentifier.getInstance(octets).getKeyIdentifier();
		return HexUtil.getHexString(skiBytes);
	} catch (Exception e) {
		return "-";
	}
}
 
Example 8
Source Project: swift-k   Source File: AutoCA.java    License: Apache License 2.0 5 votes vote down vote up
private Map<DERObjectIdentifier, DEREncodable> createExtensions(PublicKey caPub, PublicKey userPub) throws IOException {
    Map<DERObjectIdentifier, DEREncodable> ext = new HashMap<DERObjectIdentifier, DEREncodable>();
    
    // not a CA
    ext.put(X509Extensions.BasicConstraints, new BasicConstraints(false));
    // obvious
    ext.put(X509Extensions.KeyUsage, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature));
    ext.put(X509Extensions.SubjectKeyIdentifier, getSubjectKeyInfo(userPub));
    ext.put(X509Extensions.AuthorityKeyIdentifier, getAuthorityKeyIdentifier(caPub));
    
    return ext;
}
 
Example 9
Source Project: xipki   Source File: ExtensionsChecker.java    License: Apache License 2.0 5 votes vote down vote up
private void checkExtnSubjectKeyIdentifier(StringBuilder failureMsg,
    byte[] extensionValue, SubjectPublicKeyInfo subjectPublicKeyInfo) {
  // subjectKeyIdentifier
  SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue);
  byte[] ski = asn1.getKeyIdentifier();
  byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes();
  byte[] expectedSki = HashAlgo.SHA1.hash(pkData);
  if (!Arrays.equals(expectedSki, ski)) {
    addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki));
  }
}
 
Example 10
Source Project: credhub   Source File: SignedCertificateGenerator.java    License: Apache License 2.0 4 votes vote down vote up
private SubjectKeyIdentifier getSubjectKeyIdentifierFromKeyInfo(final PublicKey publicKey) {
  return jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey);
}
 
Example 11
Source Project: credhub   Source File: SignedCertificateGenerator.java    License: Apache License 2.0 4 votes vote down vote up
private SubjectKeyIdentifier getSubjectKeyIdentifierFrom(final X509Certificate certificate) throws Exception {
  final byte[] extensionValue = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
  return extensionValue == null ?
    new SubjectKeyIdentifier(null) :
    SubjectKeyIdentifier.getInstance(parseExtensionValue(extensionValue));
}
 
Example 12
private void addSubjectKeyIdentifier(X509ExtensionSet extensionSet) throws CryptoException, IOException {
	KeyIdentifierGenerator skiGenerator = new KeyIdentifierGenerator(subjectPublicKey);
	SubjectKeyIdentifier ski = new SubjectKeyIdentifier(skiGenerator.generate160BitHashId());
	byte[] skiEncoded = wrapInOctetString(ski.getEncoded());
	extensionSet.addExtension(X509ExtensionType.SUBJECT_KEY_IDENTIFIER.oid(), false, skiEncoded);
}
 
Example 13
private void prepopulateWithValue(byte[] value) throws IOException {
	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);

	jkiKeyIdentifier.setKeyIdentifier(subjectKeyIdentifier.getKeyIdentifier());
}
 
Example 14
Source Project: swift-k   Source File: AutoCA.java    License: Apache License 2.0 4 votes vote down vote up
private DEREncodable getSubjectKeyInfo(PublicKey userPub) throws IOException {
    // convert key to bouncy castle format and get subject key identifier
    DERObject derKey = new ASN1InputStream(userPub.getEncoded()).readObject();
    return new SubjectKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) derKey));
}
 
Example 15
Source Project: Spark   Source File: CertificateModel.java    License: Apache License 2.0 4 votes vote down vote up
private String subjectKeyIdentifierExtractor(ASN1Primitive primitive) {
	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(primitive);
	return Hex.toHexString(subjectKeyIdentifier.getKeyIdentifier());
}
 
Example 16
Source Project: portecle   Source File: X509Ext.java    License: GNU General Public License v2.0 3 votes vote down vote up
/**
 * Get Subject Key Identifier (2.5.29.14) extension value as a string.
 *
 * <pre>
 * SubjectKeyIdentifier ::= KeyIdentifier
 * KeyIdentifier ::= OCTET STRING
 * </pre>
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 */
private String getSubjectKeyIdentifierStringValue(byte[] bValue)
{
	SubjectKeyIdentifier ski = SubjectKeyIdentifier.getInstance(bValue);
	byte[] bKeyIdent = ski.getKeyIdentifier();

	// Output as a hex string
	return convertToHexString(bKeyIdent);
}
 
Example 17
/**
 * Create subjectKeyIdentifier
 * The Subject Key Identifier extension identifies the public key certified by this certificate.
 * This extension provides a way of distinguishing public keys if more than one is available for
 * a given subject name.
 * i.e.
 *     Identifier: Subject Key Identifier - 2.5.29.14
 *       Critical: no
 *        Key Identifier:
 *          3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
 *          9C:37:85:84
 *
 * */
protected SubjectKeyIdentifier createSubjectKeyIdentifier(PublicKey publicKey)
    throws IOException {
  try (ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
      ASN1InputStream ais = new ASN1InputStream(bais)) {
    ASN1Sequence asn1Sequence = (ASN1Sequence) ais.readObject();
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(asn1Sequence);
    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(subjectPublicKeyInfo);
  }
}
 
Example 18
Source Project: enmasse   Source File: DeviceCertificateManager.java    License: Apache License 2.0 3 votes vote down vote up
private static SubjectKeyIdentifier createSubjectKeyId(final PublicKey publicKey) throws OperatorCreationException {

        final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        final DigestCalculator digCalc = new BcDigestCalculatorProvider()
                .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));

        return new X509ExtensionUtils(digCalc)
                .createSubjectKeyIdentifier(publicKeyInfo);

    }
 
Example 19
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}
 
Example 20
Source Project: CapturePacket   Source File: BouncyCastleSecurityProviderTool.java    License: MIT License 2 votes vote down vote up
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}
 
Example 21
Source Project: Dream-Catcher   Source File: BouncyCastleSecurityProviderTool.java    License: MIT License 2 votes vote down vote up
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}
 
Example 22
/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}