public static byte[] getKeyIdentifier(PublicKey publicKey) throws NoSuchAlgorithmException { return new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey).getKeyIdentifier(); }
CertId( PublicKey key) { this.id = createSubjectKeyId(key).getKeyIdentifier(); }
extensionValue = cert.getExtensionValue("2.5.29.14"); octets = DEROctetString.getInstance(extensionValue).getOctets(); SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(octets); keyIdentifier = subjectKeyIdentifier.getKeyIdentifier(); keyIdentifierHex = new String(Hex.encode(keyIdentifier));
public ASN1Primitive toASN1Primitive() { return new DEROctetString(getKeyIdentifier()); } }
@Override public byte[] getSubjectKeyIdentifier() { SubjectKeyIdentifier id = SubjectKeyIdentifier.fromExtensions(this.extensions); return (id != null) ? id.getKeyIdentifier() : null; }
private String getSubjectKeyIndentifierStringValue(byte[] value) throws IOException { // @formatter:off /* * SubjectKeyIdentifier ::= KeyIdentifier * * KeyIdentifier ::= OCTET STRING */ // @formatter:on StringBuilder sb = new StringBuilder(); SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value); // Get key identifier from octet string byte[] keyIdentifierBytes = subjectKeyIdentifier.getKeyIdentifier(); sb.append(MessageFormat.format(res.getString("SubjectKeyIdentifier"), HexUtil.getHexString(keyIdentifierBytes))); sb.append(NEWLINE); return sb.toString(); }
private void prepopulateWithValue(byte[] value) throws IOException { SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(value); jkiKeyIdentifier.setKeyIdentifier(subjectKeyIdentifier.getKeyIdentifier()); }
private String subjectKeyIdentifierExtractor(ASN1Primitive primitive) { SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(primitive); return Hex.toHexString(subjectKeyIdentifier.getKeyIdentifier()); }
/** * Gets the subject key identifier of the given certificate in delimited hexadecimal format, e.g. <code> * 25:48:2f:28:ec:5d:19:bb:1d:25:ae:94:93:b1:7b:b5:35:96:24:66</code>. * * @param cert Certificate to process. * * @return Subject key identifier in colon-delimited hex format. * * @throws EncodingException on cert field extraction. */ public static String subjectKeyId(final X509Certificate cert) throws EncodingException { return CodecUtil.hex(new ExtensionReader(cert).readSubjectKeyIdentifier().getKeyIdentifier(), true); }
private byte[] getSubjectKeyId(X509Certificate cert) throws IOException { byte[] extvalue = cert.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); if (extvalue == null) { return null; } ASN1OctetString str = ASN1OctetString .getInstance(new ASN1InputStream(new ByteArrayInputStream(extvalue)).readObject()); SubjectKeyIdentifier keyId = SubjectKeyIdentifier .getInstance(new ASN1InputStream(new ByteArrayInputStream(str.getOctets())).readObject()); return keyId.getKeyIdentifier(); }
public static byte[] getSubjectKeyIdentifierBytes(X509Certificate cert) { byte[] extensionValue = cert.getExtensionValue("2.5.29.14"); //NOPMD if (extensionValue != null) { byte[] subjectOctets = ASN1OctetString.getInstance(extensionValue).getOctets(); SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(subjectOctets); return subjectKeyIdentifier.getKeyIdentifier(); } return null; }
/** * Get the plain (non-DER encoded) value of the Subject Key Identifier extension of an X.509 certificate, if * present. * * @param certificate an X.509 certificate possibly containing a subject key identifier * @return the plain (non-DER encoded) value of the Subject Key Identifier extension, or null if the certificate * does not contain the extension * @throws IOException */ public static byte[] getSubjectKeyIdentifier(X509Certificate certificate) { Logger log = getLogger(); byte[] derValue = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId()); if (derValue == null || derValue.length == 0) { return null; } SubjectKeyIdentifier ski = null; try { ski = new SubjectKeyIdentifierStructure(derValue); return ski.getKeyIdentifier(); } catch (IOException e) { log.error("Unable to extract subject key identifier from certificate: ASN.1 parsing failed: " + e); return null; } }
private void checkExtensionSubjectKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue, final SubjectPublicKeyInfo subjectPublicKeyInfo) { // subjectKeyIdentifier SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue); byte[] ski = asn1.getKeyIdentifier(); byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes(); byte[] expectedSki = HashAlgoType.SHA1.hash(pkData); if (!Arrays.equals(expectedSki, ski)) { addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki)); } } // method checkExtensionSubjectKeyIdentifier
@Test public void getSelfSigned_generatesACertificateWithTheRightValues() throws Exception { final X509Certificate generatedCertificate = subject.getSelfSigned(generatedCertificateKeyPair, certificateGenerationParameters); assertThat(generatedCertificate.getIssuerDN().getName(), containsString("CN=my cert name")); assertThat(generatedCertificate.getSubjectDN().toString(), containsString("CN=my cert name")); generatedCertificate.verify(generatedCertificateKeyPair.getPublic()); final byte[] authorityKeyIdDer = generatedCertificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer)); final byte[] authorityKeyId = authorityKeyIdentifier.getKeyIdentifier(); expectedSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(generatedCertificateKeyPair.getPublic()).getKeyIdentifier(); assertThat(authorityKeyId, equalTo(expectedSubjectKeyIdentifier)); assertThat(generatedCertificate.getSerialNumber(), equalTo(BigInteger.valueOf(1337))); }
@Test public void getSignedByIssuer_setsSubjectKeyIdentifier() throws Exception { final X509Certificate generatedCertificate = subject .getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate()); expectedSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(generatedCertificateKeyPair.getPublic()).getKeyIdentifier(); final byte[] actual = generatedCertificate.getExtensionValue(Extension.subjectKeyIdentifier.getId()); // four bit type field is added at the beginning as per RFC 5280 assertThat(Arrays.copyOfRange(actual, 4, actual.length), equalTo(expectedSubjectKeyIdentifier)); }
@Test public void getSignedByIssuer_withSubjectKeyIdentifier_setsAuthorityKeyIdentifier() throws Exception { when(serialNumberGenerator.generate()) .thenReturn(BigInteger.valueOf(1337)) .thenReturn(BigInteger.valueOf(666)); final X509Certificate generatedCertificate = subject.getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, certificateAuthorityWithSubjectKeyId, issuerKey.getPrivate()); final byte[] authorityKeyIdDer = generatedCertificate.getExtensionValue(Extension.authorityKeyIdentifier.getId()); final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer)); assertThat(authorityKeyIdentifier.getKeyIdentifier(), equalTo(caSubjectKeyIdentifier.getKeyIdentifier())); }
/** * {@inheritDoc} */ @Override public void injectReferenceValue(X509Certificate value) throws PolicyProcessException { this.certificate = value; final DERObject exValue = getExtensionValue(value); if (exValue == null) { if (isRequired()) throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present."); else { this.policyValue = PolicyValueFactory.getInstance(""); return; } } final SubjectKeyIdentifier keyId = SubjectKeyIdentifier.getInstance(exValue); keyId.getKeyIdentifier(); this.policyValue = PolicyValueFactory.getInstance(PolicyUtils.createByteStringRep(keyId.getKeyIdentifier())); }
private String getCertificateSKI(String alias, KeyStore keyStore) throws CryptoException, KeyStoreException { X509Certificate x509Cert = getCertificate(alias, keyStore); try { byte[] skiValue = x509Cert.getExtensionValue(Extension.subjectKeyIdentifier.getId()); byte[] octets = DEROctetString.getInstance(skiValue).getOctets(); byte[] skiBytes = SubjectKeyIdentifier.getInstance(octets).getKeyIdentifier(); return HexUtil.getHexString(skiBytes); } catch (Exception e) { return "-"; } }
@Override public byte[] getSubjectKeyIdentifier( X509Certificate cert ) { try { byte[] value = cert.getExtensionValue( X509Extensions.SubjectKeyIdentifier.getId() ); if ( value == null ) { return null; } byte[] octets = ( ( ASN1OctetString ) ASN1Object.fromByteArray( value ) ).getOctets(); return SubjectKeyIdentifier.getInstance( ASN1Object.fromByteArray( octets ) ).getKeyIdentifier(); } catch ( IOException ex ) { throw new CryptoFailure( "Unable to extract SubjectKeyIdentifier from X509Certificate extensions", ex ); } }
/** * This method returns SKI bytes from certificate. * * @param certificateToken * {@code CertificateToken} * @param computeIfMissing * if the extension is missing and computeIfMissing = true, it will compute the SKI value from the Public * Key * @return ski bytes from the given certificate */ public static byte[] getSki(final CertificateToken certificateToken, boolean computeIfMissing) { try { byte[] sKI = certificateToken.getCertificate().getExtensionValue(Extension.subjectKeyIdentifier.getId()); if (Utils.isArrayNotEmpty(sKI)) { ASN1Primitive extension = JcaX509ExtensionUtils.parseExtensionValue(sKI); SubjectKeyIdentifier skiBC = SubjectKeyIdentifier.getInstance(extension); return skiBC.getKeyIdentifier(); } else if (computeIfMissing) { // If extension not present, we compute it from the certificate public key return computeSkiFromCert(certificateToken); } return null; } catch (IOException e) { throw new DSSException(e); } }