/** * Parses an encoded, signed PKCS #10 certificate request, verifying * the request's signature as it does so. This constructor would * typically be used by a Certificate Authority, from which a new * certificate would then be constructed. * * @param data the DER-encoded PKCS #10 request. * @exception IOException for low level errors reading the data * @exception SignatureException when the signature is invalid * @exception NoSuchAlgorithmException when the signature * algorithm is not supported in this environment */ public PKCS10(byte[] data) throws IOException, SignatureException, NoSuchAlgorithmException { DerInputStream in; DerValue[] seq; AlgorithmId id; byte[] sigData; Signature sig; encoded = data; // // Outer sequence: request, signature algorithm, signature. // Parse, and prepare to verify later. // in = new DerInputStream(data); seq = in.getSequence(3); if (seq.length != 3) throw new IllegalArgumentException("not a PKCS #10 request"); data = seq[0].toByteArray(); // reusing this variable id = AlgorithmId.parse(seq[1]); sigData = seq[2].getBitString(); // // Inner sequence: version, name, key, attributes // BigInteger serial; DerValue val; serial = seq[0].data.getBigInteger(); if (!serial.equals(BigInteger.ZERO)) throw new IllegalArgumentException("not PKCS #10 v1"); subject = new X500Name(seq[0].data); subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); // Cope with a somewhat common illegal PKCS #10 format if (seq[0].data.available() != 0) attributeSet = new PKCS10Attributes(seq[0].data); else attributeSet = new PKCS10Attributes(); if (seq[0].data.available() != 0) throw new IllegalArgumentException("illegal PKCS #10 data"); // // OK, we parsed it all ... validate the signature using the // key and signature algorithm we found. // try { sig = Signature.getInstance(id.getName()); sig.initVerify(subjectPublicKeyInfo); sig.update(data); if (!sig.verify(sigData)) throw new SignatureException("Invalid PKCS #10 signature"); } catch (InvalidKeyException e) { throw new SignatureException("invalid key"); } }
public static byte[] x509EncodeECPublicKey(ECPoint w, ECParameterSpec params) throws InvalidKeySpecException { KeyFactory keyFactory = getKeyFactory(); ECPublicKeySpec keySpec = new ECPublicKeySpec(w, params); X509Key key = (X509Key)keyFactory.generatePublic(keySpec); return key.getEncoded(); }
static byte[] x509EncodeECPublicKey(ECPoint w, ECParameterSpec params) throws InvalidKeySpecException { ECPublicKeySpec keySpec = new ECPublicKeySpec(w, params); X509Key key = (X509Key)ECGeneratePublic(keySpec); return key.getEncoded(); }
/** * Parses an encoded, signed PKCS #10 certificate request, verifying * the request's signature as it does so. This constructor would * typically be used by a Certificate Authority, from which a new * certificate would then be constructed. * * @param data the DER-encoded PKCS #10 request. * @exception IOException for low level errors reading the data * @exception SignatureException when the signature is invalid * @exception NoSuchAlgorithmException when the signature * algorithm is not supported in this environment */ public PKCS10(byte[] data) throws IOException, SignatureException, NoSuchAlgorithmException { DerInputStream in; DerValue[] seq; AlgorithmId id; byte[] sigData; Signature sig; encoded = data; // // Outer sequence: request, signature algorithm, signature. // Parse, and prepare to verify later. // in = new DerInputStream(data); seq = in.getSequence(3); if (seq.length != 3) throw new IllegalArgumentException("not a PKCS #10 request"); data = seq[0].toByteArray(); // reusing this variable id = AlgorithmId.parse(seq[1]); sigData = seq[2].getBitString(); // // Inner sequence: version, name, key, attributes // BigInteger serial; DerValue val; serial = seq[0].data.getBigInteger(); if (!serial.equals(BigInteger.ZERO)) throw new IllegalArgumentException("not PKCS #10 v1"); subject = new X500Name(seq[0].data); subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue()); // Cope with a somewhat common illegal PKCS #10 format if (seq[0].data.available() != 0) attributeSet = new PKCS10Attributes(seq[0].data); else attributeSet = new PKCS10Attributes(); if (seq[0].data.available() != 0) throw new IllegalArgumentException("illegal PKCS #10 data"); // // OK, we parsed it all ... validate the signature using the // key and signature algorithm we found. // try { sigAlg = id.getName(); sig = Signature.getInstance(sigAlg); sig.initVerify(subjectPublicKeyInfo); sig.update(data); if (!sig.verify(sigData)) throw new SignatureException("Invalid PKCS #10 signature"); } catch (InvalidKeyException e) { throw new SignatureException("invalid key"); } }
public static void main(String[] args) throws Exception { // initializations int len = ids.length; Object[] values = { new ObjectIdentifier("1.2.3.4"), new GregorianCalendar(1970, 1, 25, 8, 56, 7).getTime(), "challenging" }; for (int j = 0; j < len; j++) { constructedMap.put(ids[j], values[j]); } X500Name subject = new X500Name("cn=Test"); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); String sigAlg = "DSA"; keyGen.initialize(512); KeyPair pair = keyGen.generateKeyPair(); X509Key publicKey = (X509Key) pair.getPublic(); PrivateKey privateKey = pair.getPrivate(); Signature signature = Signature.getInstance(sigAlg); signature.initSign(privateKey); // Create the PKCS10 request PKCS10Attribute[] attrs = new PKCS10Attribute[len]; for (int j = 0; j < len; j++) { attrs[j] = new PKCS10Attribute(ids[j], values[j]); } PKCS10 req = new PKCS10(publicKey, new PKCS10Attributes(attrs)); System.out.println("List of attributes in constructed PKCS10 " + "request: "); checkAttributes(req.getAttributes().getElements()); // Encode the PKCS10 request and generate another PKCS10 request from // the encoded byte array req.encodeAndSign(subject, signature); PKCS10 resp = new PKCS10(req.getEncoded()); System.out.println("List of attributes in DER encoded PKCS10 Request:"); checkAttributes(resp.getAttributes().getElements()); if (failedCount > 0) { throw new RuntimeException("Attributes Compared : Failed"); } System.out.println("Attributes Compared : Pass"); }
public SimpleSigner(String digestAlg, String encryptionAlg, KeyPair keyPair, X500Name agent) throws Exception { if (agent == null) { agent = new X500Name("cn=test"); } if (digestAlg == null) { digestAlg = "SHA"; } if (encryptionAlg == null) { encryptionAlg = "DSA"; } if (keyPair == null) { KeyPairGenerator keyGen = KeyPairGenerator.getInstance(encryptionAlg); keyGen.initialize(1024); keyPair = keyGen.generateKeyPair(); } publicKey = (X509Key) keyPair.getPublic(); privateKey = keyPair.getPrivate(); if ("DSA".equals(encryptionAlg)) { this.sig = Signature.getInstance(encryptionAlg); } else { // RSA this.sig = Signature.getInstance(digestAlg + "/" + encryptionAlg); } this.sig.initSign(privateKey); this.agent = agent; this.digestAlgId = AlgorithmId.get(digestAlg); this.encryptionAlgId = AlgorithmId.get(encryptionAlg); this.algId = AlgorithmId.get(this.sig.getAlgorithm()); this.cert = getSelfCert(); }
