org.bouncycastle.asn1.DERObjectIdentifier Java Examples
The following examples show how to use
org.bouncycastle.asn1.DERObjectIdentifier.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: X509SubjectAlternativeNameUPNPrincipalResolver.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * Get UPN String. * * @param seq ASN1Sequence abstraction representing subject alternative name. * First element is the object identifier, second is the object itself. * * @return UPN string or null */ private String getUPNStringFromSequence(final ASN1Sequence seq) { if (seq != null) { // First in sequence is the object identifier, that we must check final DERObjectIdentifier id = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); if (id != null && UPN_OBJECTID.equals(id.getId())) { final ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(1); final DERUTF8String str = DERUTF8String.getInstance(obj.getObject()); return str.getString(); } } return null; }
Example #2
Source File: BouncyCastleOpenSSLKey.java From swift-k with Apache License 2.0 | 5 votes |
protected PrivateKey getKey(String alg, byte [] data) throws GeneralSecurityException { if (alg.equals("RSA")) { try { ByteArrayInputStream bis = new ByteArrayInputStream(data); DERInputStream derin = new DERInputStream(bis); DERObject keyInfo = derin.readObject(); DERObjectIdentifier rsa_oid = PKCSObjectIdentifiers.rsaEncryption; AlgorithmIdentifier rsa = new AlgorithmIdentifier(rsa_oid); PrivateKeyInfo pkeyinfo = new PrivateKeyInfo(rsa, keyInfo); DERObject derkey = pkeyinfo.getDERObject(); byte[] keyData = BouncyCastleUtil.toByteArray(derkey); // The DER object needs to be mangled to // create a proper ProvateKeyInfo object PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyData); KeyFactory kfac = KeyFactory.getInstance("RSA"); return kfac.generatePrivate(spec); } catch (IOException e) { // that should never happen return null; } } else { return null; } }
Example #3
Source File: AutoCA.java From swift-k with Apache License 2.0 | 5 votes |
private Map<DERObjectIdentifier, DEREncodable> createExtensions(PublicKey caPub, PublicKey userPub) throws IOException { Map<DERObjectIdentifier, DEREncodable> ext = new HashMap<DERObjectIdentifier, DEREncodable>(); // not a CA ext.put(X509Extensions.BasicConstraints, new BasicConstraints(false)); // obvious ext.put(X509Extensions.KeyUsage, new KeyUsage(KeyUsage.dataEncipherment | KeyUsage.digitalSignature)); ext.put(X509Extensions.SubjectKeyIdentifier, getSubjectKeyInfo(userPub)); ext.put(X509Extensions.AuthorityKeyIdentifier, getAuthorityKeyIdentifier(caPub)); return ext; }
Example #4
Source File: CertificateCreator.java From odo with Apache License 2.0 | 4 votes |
/** * Creates a typical Certification Authority (CA) certificate. * @param keyPair * @throws SecurityException * @throws InvalidKeyException * @throws NoSuchProviderException * @throws NoSuchAlgorithmException * @throws CertificateException */ @SuppressWarnings("deprecation") public static X509Certificate createTypicalMasterCert(final KeyPair keyPair) throws SignatureException, InvalidKeyException, SecurityException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException { X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); // BEGIN ODO CHANGES // Added the Common Name "CN=CyberVillains CA" to the X.509 Distinguished Name below. // This was added to work around a bug in iOS where certificates that lack Common Name's // do not show up in the list of CA certificates found in Settings / General / About / Certificate Trust Settings. // We needed this CA certificate to show up in this list so that we could manually trust it and therefore // avoid the App Transport Security "Untrusted root certificate" errors. X509Principal issuer=new X509Principal("CN=CyberVillains CA,OU=CyberVillains Certification Authority,O=CyberVillains.com,C=US"); // END ODO CHANGES // Create v3CertGen.setSerialNumber(BigInteger.valueOf(1)); v3CertGen.setIssuerDN(issuer); v3CertGen.setSubjectDN(issuer); //Set validity period v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 12 /* months */ *(1000L * 60 * 60 * 24 * 30))); v3CertGen.setNotAfter (new Date(System.currentTimeMillis() + 240 /* months */ *(1000L * 60 * 60 * 24 * 30))); //Set signature algorithm & public key v3CertGen.setPublicKey(keyPair.getPublic()); v3CertGen.setSignatureAlgorithm(CertificateCreator.SIGN_ALGO); // Add typical extensions for signing cert v3CertGen.addExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic())); v3CertGen.addExtension( X509Extensions.BasicConstraints, true, new BasicConstraints(0)); v3CertGen.addExtension( X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.cRLSign | KeyUsage.keyCertSign) ); DEREncodableVector typicalCAExtendedKeyUsages = new DEREncodableVector(); typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth)); typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.OCSPSigning)); typicalCAExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.verisignUnknown)); v3CertGen.addExtension( X509Extensions.ExtendedKeyUsage, false, new DERSequence(typicalCAExtendedKeyUsages)); X509Certificate cert = v3CertGen.generate(keyPair.getPrivate(), "BC"); cert.checkValidity(new Date()); cert.verify(keyPair.getPublic()); return cert; }