/** * Gets the fingerprint of the Certificate associated to the server. * * @return The fingerprint of the server certificate. Returns an empty * String if the server does not contain a certificate. */ public String generateFingerprint(String hashFunction) { try { this.hashFunction = hashFunction; org.bouncycastle.crypto.tls.Certificate chain = TlsUtils.loadCertificateChain(certificateResources); Certificate certificate = chain.getCertificateAt(0); return TlsUtils.fingerprint(this.hashFunction, certificate); } catch (IOException e) { LOGGER.error("Could not get local fingerprint: "+ e.getMessage()); return ""; } }
/** * Gets the fingerprint of the Certificate associated to the server. * * @return The fingerprint of the server certificate. Returns an empty * String if the server does not contain a certificate. */ public String generateFingerprint(String hashFunction) { try { this.hashFunction = hashFunction; org.bouncycastle.crypto.tls.Certificate chain = TlsUtils.loadCertificateChain(certificateResources); Certificate certificate = chain.getCertificateAt(0); return TlsUtils.fingerprint(this.hashFunction, certificate); } catch (IOException e) { LOGGER.error("Could not get local fingerprint: "+ e.getMessage()); return ""; } }
public static X509CertificateObject loadX509Certificate(KeyStore keyStore, String alias) throws KeyStoreException, CertificateEncodingException, IOException, CertificateParsingException { return new X509CertificateObject(loadTLSCertificate(keyStore, alias).getCertificateAt(0)); }
@Override public X509CertificateObject unmarshal(String v) throws Exception { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); Collection<? extends java.security.cert.Certificate> certs = certFactory .generateCertificates(new ByteArrayInputStream(ArrayConverter.hexStringToByteArray(v.replaceAll("\\s+", "")))); java.security.cert.Certificate sunCert = (java.security.cert.Certificate) certs.toArray()[0]; byte[] certBytes = sunCert.getEncoded(); ASN1Primitive asn1Cert = TlsUtils.readDERObject(certBytes); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Cert); org.bouncycastle.asn1.x509.Certificate[] certs2 = new org.bouncycastle.asn1.x509.Certificate[1]; certs2[0] = cert; org.bouncycastle.crypto.tls.Certificate tlsCerts = new org.bouncycastle.crypto.tls.Certificate(certs2); X509CertificateObject x509CertObject = new X509CertificateObject(tlsCerts.getCertificateAt(0)); return x509CertObject; }
public static BCECGOST3410PublicKey extract01PublicKey(Certificate cert) throws IOException { SubjectPublicKeyInfo publicKey = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (BCECGOST3410PublicKey) new JcaPEMKeyConverter().getPublicKey(publicKey); }
public static BCECGOST3410_2012PublicKey extract12PublicKey(Certificate cert) throws IOException { SubjectPublicKeyInfo publicKey = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (BCECGOST3410_2012PublicKey) new JcaPEMKeyConverter().getPublicKey(publicKey); }
public static DHPublicKeyParameters extractDHPublicKeyParameters(Certificate cert) throws IOException { if (hasDHParameters(cert)) { if (cert.isEmpty()) { return null; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return (DHPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { return null; } }
public static ECPublicKeyParameters extractECPublicKeyParameters(Certificate cert) throws IOException { if (hasECParameters(cert)) { if (cert.isEmpty()) { return null; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); if (keyInfo == null) { return null; } return (ECPublicKeyParameters) PublicKeyFactory.createKey(keyInfo); } else { return null; } }
public static boolean hasECParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); if (keyInfo == null) { return false; } return keyInfo.getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey); }
public static boolean hasGOSTParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return keyInfo.getAlgorithm().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_94); }
public static boolean hasGost01EcParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); ASN1ObjectIdentifier alg = keyInfo.getAlgorithm().getAlgorithm(); return alg.equals(CryptoProObjectIdentifiers.gostR3410_2001); }
public static boolean hasDHParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); return keyInfo.getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.dhpublicnumber); }
public static PublicKey fetchServerPublicKey(Config config) { X509CertificateObject cert; try { Certificate fetchedServerCertificate = fetchServerCertificate(config); if (fetchedServerCertificate != null && fetchedServerCertificate.getLength() > 0) { cert = new X509CertificateObject(fetchedServerCertificate.getCertificateAt(0)); return cert.getPublicKey(); } } catch (CertificateParsingException ex) { throw new WorkflowExecutionException("Could not get public key from server certificate", ex); } return null; }
private CertificateKeyType getPublicKeyType(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } AlgorithmIdentifier algorithm = cert.getCertificateAt(0).getSubjectPublicKeyInfo().getAlgorithm(); switch (algorithm.getAlgorithm().getId()) { case "1.2.840.113549.1.1.1": return CertificateKeyType.RSA; case "1.2.840.10045.2.1": return CertificateKeyType.ECDSA; case "1.2.840.113549.1.3.1": return CertificateKeyType.DH; case "1.2.840.10040.4.1": return CertificateKeyType.DSS; case "1.2.643.2.2.19": return CertificateKeyType.GOST01; case "1.2.643.7.1.1.1.1": case "1.2.643.7.1.1.1.2": return CertificateKeyType.GOST12; default: LOGGER.warn("Unknown algorithm ID: " + algorithm.getAlgorithm().getId() + " using \"NONE\""); return CertificateKeyType.NONE; } }
public static boolean hasGost12EcParameters(Certificate cert) { if (cert.isEmpty()) { return false; } SubjectPublicKeyInfo keyInfo = cert.getCertificateAt(0).getSubjectPublicKeyInfo(); ASN1ObjectIdentifier alg = keyInfo.getAlgorithm().getAlgorithm(); return alg.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256) || alg.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512); }
private NamedGroup getPublicNamedGroup(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } if (!(publicKey instanceof CustomEcPublicKey)) { return null; } try { X509CertificateObject obj = new X509CertificateObject(cert.getCertificateAt(0)); if (obj.getPublicKey() instanceof BCECGOST3410PublicKey) { return NamedGroup.GOST3410; } if (obj.getPublicKey() instanceof BCECGOST3410_2012PublicKey) { return NamedGroup.GOST3410_2012; } BCECPublicKey ecKey = (BCECPublicKey) obj.getPublicKey(); ECNamedCurveSpec spec = (ECNamedCurveSpec) ecKey.getParams(); return NamedGroup.fromJavaName(spec.getName()); } catch (Exception ex) { LOGGER.warn("Could not determine EC public key group", ex); return null; } }
private GOSTCurve getGostCurve(Certificate cert) { if (cert.isEmpty()) { throw new IllegalArgumentException("Empty CertChain provided!"); } switch (((ASN1ObjectIdentifier) ((ASN1Sequence) cert.getCertificateAt(0).getSubjectPublicKeyInfo() .getAlgorithm().getParameters()).getObjectAt(0)).getId()) { case "1.2.643.2.2.35.1": return GOSTCurve.GostR3410_2001_CryptoPro_A; case "1.2.643.2.2.35.2": return GOSTCurve.GostR3410_2001_CryptoPro_B; case "1.2.643.2.2.35.3": return GOSTCurve.GostR3410_2001_CryptoPro_C; case "1.2.643.2.2.36.0": return GOSTCurve.GostR3410_2001_CryptoPro_XchA; case "1.2.643.2.2.36.1": return GOSTCurve.GostR3410_2001_CryptoPro_XchB; case "1.2.643.7.1.1.1.2": return GOSTCurve.Tc26_Gost_3410_12_256_paramSetA; case "1.2.643.7.1.2.1.2.1": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetA; case "1.2.643.7.1.2.1.2.2": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetB; case "1.2.643.7.1.1.1.5": return GOSTCurve.Tc26_Gost_3410_12_512_paramSetC; } return null; }
public CertificateKeyPair(CertificateKeyType certPublicKeyType, CertificateKeyType certSignatureType, File certFile, File privateKeyFile) throws CertificateException, IOException { this.certPublicKeyType = certPublicKeyType; this.certSignatureType = certSignatureType; Certificate certificate = PemUtil.readCertificate(certFile); this.publicKey = CertificateUtils.parseCustomPublicKey(PemUtil.readPublicKey(certFile)); this.privateKey = CertificateUtils.parseCustomPrivateKey(PemUtil.readPrivateKey(privateKeyFile)); certificateBytes = certificate.getCertificateAt(0).getEncoded(); signatureGroup = getSignatureNamedGroup(certificate); publicKeyGroup = getPublicNamedGroup(certificate); if (certPublicKeyType == CertificateKeyType.GOST01 || certPublicKeyType == CertificateKeyType.GOST12) { gostCurve = getGostCurve(certificate); } else { gostCurve = null; } }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.isPrivate()) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = validateRSAPublicKey((RSAKeyParameters)this.serverPublicKey); TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyEncipherment); super.processServerCertificate(serverCertificate); }
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); } org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0); SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); super.processServerCertificate(serverCertificate); }