public PublicKey getPublicKey() { try { return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); } catch (IOException e) { return null; // should never happen... } }
public PublicKey getPublicKey() { try { return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); } catch (IOException e) { return null; // should never happen... } }
public static BCECGOST3410PublicKey extract01PublicKey(Certificate cert) throws IOException { SubjectPublicKeyInfo publicKey = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (BCECGOST3410PublicKey) new JcaPEMKeyConverter().getPublicKey(publicKey); }
public static BCECGOST3410_2012PublicKey extract12PublicKey(Certificate cert) throws IOException { SubjectPublicKeyInfo publicKey = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (BCECGOST3410_2012PublicKey) new JcaPEMKeyConverter().getPublicKey(publicKey); }
public static DHPublicKeyParameters extractDHPublicKeyParameters(Certificate cert) throws IOException { if (hasDHParameters(cert)) { if (cert.isEmpty()) { return null; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (DHPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { return null; } }
public static ECPublicKeyParameters extractECPublicKeyParameters(Certificate cert) throws IOException { if (hasECParameters(cert)) { if (cert.isEmpty()) { return null; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); if (keyInfo == null) { return null; } return (ECPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { return null; } }
public static boolean hasDHParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return keyInfo.getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.dhpublicnumber); }
public static boolean hasGOSTParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return keyInfo.getAlgorithm().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_94); }
public static boolean hasGost01EcParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); ASN1ObjectIdentifier alg = keyInfo.getAlgorithm().getAlgorithm(); return alg.equals(CryptoProObjectIdentifiers.gostR3410_2001); }
public static boolean hasECParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); if (keyInfo == null) { return false; } return keyInfo.getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey); }
private CertificateKeyType getPublicKeyType(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } AlgorithmIdentifier algorithm = cert.getCertificateAt(0).getSubjectPublicKeyInfo().getAlgorithm(); switch (algorithm.getAlgorithm().getId()) { case "1.2.840.113549.1.1.1": return CertificateKeyType.RSA; case "1.2.840.10045.2.1": return CertificateKeyType.ECDSA; case "1.2.840.113549.1.3.1": return CertificateKeyType.DH; case "1.2.840.10040.4.1": return CertificateKeyType.DSS; case "1.2.643.2.2.19": return CertificateKeyType.GOST01; case "1.2.643.7.1.1.1.1": case "1.2.643.7.1.1.1.2": return CertificateKeyType.GOST12; default: LOGGER.warn("Unknown algorithm ID: " + algorithm.getAlgorithm().getId() + " using \"NONE\""); return CertificateKeyType.NONE; } }
public static boolean hasGost12EcParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); ASN1ObjectIdentifier alg = keyInfo.getAlgorithm().getAlgorithm(); return alg.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256) || alg.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512); }
private GOSTCurve getGostCurve(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } switch (((ASN1ObjectIdentifier) ((ASN1Sequence) cert.getCertificateAt(0).getSubjectPublicKeyInfo() .getAlgorithm().getParameters()).getObjectAt(0)).getId()) { case "1.2.643.2.2.35.1": return GOSTCurve.GostR3410_2001_CryptoPro_A; case "1.2.643.2.2.35.2": return GOSTCurve.GostR3410_2001_CryptoPro_B; case "1.2.643.2.2.35.3": return GOSTCurve.GostR3410_2001_CryptoPro_C; case "1.2.643.2.2.36.0": return GOSTCurve.GostR3410_2001_CryptoPro_XchA; case "1.2.643.2.2.36.1": return GOSTCurve.GostR3410_2001_CryptoPro_XchB; case "1.2.643.7.1.1.1.2": return GOSTCurve.Tc26_Gost_3410_12_256_paramSetA; case "1.2.643.7.1.2.1.2.1": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetA; case "1.2.643.7.1.2.1.2.2": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetB; case "1.2.643.7.1.1.1.5": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetC; } return null; }
public IssuerHash(HashAlgo hashAlgo, Certificate issuerCert) throws IOException { this.hashAlgo = Args.notNull(hashAlgo, "hashAlgo"); Args.notNull(issuerCert, "issuerCert"); byte[] encodedName = issuerCert.getSubject().getEncoded(); byte[] encodedKey = issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); this.issuerNameHash = HashCalculator.hash(hashAlgo, encodedName); this.issuerKeyHash = HashCalculator.hash(hashAlgo, encodedKey); }
public IssuerHash(final HashAlgoType hashAlgo, final Certificate issuerCert) throws IOException { this.hashAlgo = ParamUtil.requireNonNull("hashAlgo", hashAlgo); ParamUtil.requireNonNull("issuerCert", issuerCert); byte[] encodedName = issuerCert.getSubject().getEncoded(); byte[] encodedKey = issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); this.issuerNameHash = HashCalculator.hash(hashAlgo, encodedName); this.issuerKeyHash = HashCalculator.hash(hashAlgo, encodedKey); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (keyExchange != KeyExchangeAlgorithm.RSA_PSK) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }