org.bouncycastle.asn1.x509.SubjectKeyIdentifier Java Exaples

Source File: DSSASN1Utils.java From dss with GNU Lesser General Public License v2.1

6 votes

/**
 * This method returns SKI bytes from certificate.
 *
 * @param certificateToken
 *            {@code CertificateToken}
 * @param computeIfMissing
 *            if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public
 *            Key
 * @return ski bytes from the given certificate
 */
public static byte[] getSki(final CertificateToken certificateToken, boolean computeIfMissing) {
	try {
		byte[] extensionValue = certificateToken.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId());
		if (Utils.isArrayNotEmpty(extensionValue)) {
			ASN1Primitive extension = JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
			SubjectKeyIdentifier skiBC = SubjectKeyIdentifier.getInstance(extension);
			return skiBC.getKeyIdentifier();
		} else if (computeIfMissing) {
			// If extension not present, we compute it from the certificate public key
			return computeSkiFromCert(certificateToken);
		}
		return null;
	} catch (IOException e) {
		throw new DSSException(e);
	}
}

Source File: DSubjectKeyIdentifier.java From keystore-explorer with GNU General Public License v3.0

6 votes

private void okPressed() {
	byte[] keyIdentifier = jkiKeyIdentifier.getKeyIdentifier();

	if (keyIdentifier == null) {
		JOptionPane.showMessageDialog(this, res.getString("DSubjectKeyIdentifier.ValueReq.message"), getTitle(),
				JOptionPane.WARNING_MESSAGE);
		return;
	}

	SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(keyIdentifier);

	try {
		value = subjectKeyIdentifier.getEncoded(ASN1Encoding.DER);
	} catch (IOException e) {
		DError.displayError(this, e);
		return;
	}

	closeDialog();
}

Source File: X509Ext.java From keystore-explorer with GNU General Public License v3.0

6 votes

private String getSubjectKeyIndentifierStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * SubjectKeyIdentifier ::= KeyIdentifier
	 *
	 * KeyIdentifier ::= OCTET STRING
	 */

	// @formatter:on

	StringBuilder sb = new StringBuilder();

	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);

	// Get key identifier from octet string
	byte[] keyIdentifierBytes = subjectKeyIdentifier.getKeyIdentifier();

	sb.append(MessageFormat.format(res.getString("SubjectKeyIdentifier"),
			HexUtil.getHexString(keyIdentifierBytes)));
	sb.append(NEWLINE);

	return sb.toString();
}

Source File: EmailService.java From FairEmail with GNU General Public License v3.0

5 votes

private static String getKeyId(X509Certificate certificate) {
    try {
        byte[] extension = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
        if (extension == null)
            return null;
        byte[] bytes = DEROctetString.getInstance(extension).getOctets();
        SubjectKeyIdentifier keyId = SubjectKeyIdentifier.getInstance(bytes);
        return Helper.hex(keyId.getKeyIdentifier());
    } catch (Throwable ex) {
        Log.e(ex);
        return null;
    }
}

Source File: RsaSsaPss.java From testarea-itext5 with GNU Affero General Public License v3.0

5 votes

static SubjectKeyIdentifier createSubjectKeyId(
    PublicKey pub) 
    throws IOException
{
    SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pub.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(info);
}

Source File: ExtensionsChecker.java From xipki with Apache License 2.0

5 votes

private void checkExtnSubjectKeyIdentifier(StringBuilder failureMsg,
    byte[] extensionValue, SubjectPublicKeyInfo subjectPublicKeyInfo) {
  // subjectKeyIdentifier
  SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue);
  byte[] ski = asn1.getKeyIdentifier();
  byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes();
  byte[] expectedSki = HashAlgo.SHA1.hash(pkData);
  if (!Arrays.equals(expectedSki, ski)) {
    addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki));
  }
}

Source File: AutoCA.java From swift-k with Apache License 2.0

5 votes

private Map<DERObjectIdentifier, DEREncodable> createExtensions(PublicKey caPub, PublicKey userPub) throws IOException {
    Map<DERObjectIdentifier, DEREncodable> ext = new HashMap<DERObjectIdentifier, DEREncodable>();
    
    // not a CA
    ext.put(X509Extensions.BasicConstraints, new BasicConstraints(false));
    // obvious
    ext.put(X509Extensions.KeyUsage, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature));
    ext.put(X509Extensions.SubjectKeyIdentifier, getSubjectKeyInfo(userPub));
    ext.put(X509Extensions.AuthorityKeyIdentifier, getAuthorityKeyIdentifier(caPub));
    
    return ext;
}

Source File: SignedCertificateGenerator.java From credhub with Apache License 2.0

5 votes

public X509Certificate getSelfSigned(final KeyPair keyPair, final CertificateGenerationParameters params) throws Exception {
  final SubjectKeyIdentifier keyIdentifier = getSubjectKeyIdentifierFromKeyInfo(keyPair.getPublic());

  return getSignedByIssuer(
    null,
    keyPair.getPrivate(),
    params.getX500Principal(),
    keyIdentifier,
    keyPair,
    params
  );
}

Source File: KeyStoreTableModel.java From keystore-explorer with GNU General Public License v3.0

5 votes

private String getCertificateSKI(String alias, KeyStore keyStore) throws CryptoException, KeyStoreException {
	X509Certificate x509Cert = getCertificate(alias, keyStore);
	try {
		byte[] skiValue = x509Cert.getExtensionValue(Extension.subjectKeyIdentifier.getId());
		byte[] octets = DEROctetString.getInstance(skiValue).getOctets();
		byte[] skiBytes = SubjectKeyIdentifier.getInstance(octets).getKeyIdentifier();
		return HexUtil.getHexString(skiBytes);
	} catch (Exception e) {
		return "-";
	}
}

Source File: SignedCertificateGenerator.java From credhub with Apache License 2.0

4 votes

private SubjectKeyIdentifier getSubjectKeyIdentifierFrom(final X509Certificate certificate) throws Exception {
  final byte[] extensionValue = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
  return extensionValue == null ?
    new SubjectKeyIdentifier(null) :
    SubjectKeyIdentifier.getInstance(parseExtensionValue(extensionValue));
}

Source File: CertificateModel.java From Spark with Apache License 2.0

4 votes

private String subjectKeyIdentifierExtractor(ASN1Primitive primitive) {
	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(primitive);
	return Hex.toHexString(subjectKeyIdentifier.getKeyIdentifier());
}

Source File: AutoCA.java From swift-k with Apache License 2.0

4 votes

private DEREncodable getSubjectKeyInfo(PublicKey userPub) throws IOException {
    // convert key to bouncy castle format and get subject key identifier
    DERObject derKey = new ASN1InputStream(userPub.getEncoded()).readObject();
    return new SubjectKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) derKey));
}

Source File: DSubjectKeyIdentifier.java From keystore-explorer with GNU General Public License v3.0

4 votes

private void prepopulateWithValue(byte[] value) throws IOException {
	SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value);

	jkiKeyIdentifier.setKeyIdentifier(subjectKeyIdentifier.getKeyIdentifier());
}

Source File: DSelectStandardExtensionTemplate.java From keystore-explorer with GNU General Public License v3.0

4 votes

private void addSubjectKeyIdentifier(X509ExtensionSet extensionSet) throws CryptoException, IOException {
	KeyIdentifierGenerator skiGenerator = new KeyIdentifierGenerator(subjectPublicKey);
	SubjectKeyIdentifier ski = new SubjectKeyIdentifier(skiGenerator.generate160BitHashId());
	byte[] skiEncoded = wrapInOctetString(ski.getEncoded());
	extensionSet.addExtension(X509ExtensionType.SUBJECT_KEY_IDENTIFIER.oid(), false, skiEncoded);
}

Source File: SignedCertificateGenerator.java From credhub with Apache License 2.0

4 votes

private SubjectKeyIdentifier getSubjectKeyIdentifierFromKeyInfo(final PublicKey publicKey) {
  return jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey);
}

Source File: DeviceCertificateManager.java From enmasse with Apache License 2.0

3 votes

private static SubjectKeyIdentifier createSubjectKeyId(final PublicKey publicKey) throws OperatorCreationException {

        final SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        final DigestCalculator digCalc = new BcDigestCalculatorProvider()
                .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));

        return new X509ExtensionUtils(digCalc)
                .createSubjectKeyIdentifier(publicKeyInfo);

    }

Source File: AbstractX509CertificateService.java From flashback with BSD 2-Clause "Simplified" License

3 votes

/**
 * Create subjectKeyIdentifier
 * The Subject Key Identifier extension identifies the public key certified by this certificate.
 * This extension provides a way of distinguishing public keys if more than one is available for
 * a given subject name.
 * i.e.
 *     Identifier: Subject Key Identifier - 2.5.29.14
 *       Critical: no
 *        Key Identifier:
 *          3B:46:83:85:27:BC:F5:9D:8E:63:E3:BE:79:EF:AF:79:
 *          9C:37:85:84
 *
 * */
protected SubjectKeyIdentifier createSubjectKeyIdentifier(PublicKey publicKey)
    throws IOException {
  try (ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());
      ASN1InputStream ais = new ASN1InputStream(bais)) {
    ASN1Sequence asn1Sequence = (ASN1Sequence) ais.readObject();
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(asn1Sequence);
    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(subjectPublicKeyInfo);
  }
}

Source File: X509Ext.java From portecle with GNU General Public License v2.0

3 votes

/**
 * Get Subject Key Identifier (2.5.29.14) extension value as a string.
 *
 * <pre>
 * SubjectKeyIdentifier ::= KeyIdentifier
 * KeyIdentifier ::= OCTET STRING
 * </pre>
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 */
private String getSubjectKeyIdentifierStringValue(byte[] bValue)
{
	SubjectKeyIdentifier ski = SubjectKeyIdentifier.getInstance(bValue);
	byte[] bKeyIdent = ski.getKeyIdentifier();

	// Output as a hex string
	return convertToHexString(bKeyIdent);
}

Source File: BouncyCastleSecurityProviderTool.java From browserup-proxy with Apache License 2.0

2 votes

/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}

Source File: BouncyCastleSecurityProviderTool.java From AndroidHttpCapture with MIT License

2 votes

/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}

Source File: BouncyCastleSecurityProviderTool.java From Dream-Catcher with MIT License

2 votes

/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}

Source File: BouncyCastleSecurityProviderTool.java From CapturePacket with MIT License

2 votes

/**
 * Creates the SubjectKeyIdentifier for a Bouncy Castle X590CertificateHolder.
 *
 * @param key public key to identify
 * @return SubjectKeyIdentifier for the specified key
 */
private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(key.getEncoded());

    return new BcX509ExtensionUtils().createSubjectKeyIdentifier(publicKeyInfo);
}

org.bouncycastle.asn1.x509.SubjectKeyIdentifier Java Examples