private byte[] getKeyHashFromCertHolder(X509CertificateHolder certHolder) throws IOException { // https://tools.ietf.org/html/rfc2560#section-4.2.1 // KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key // -- (i.e., the SHA-1 hash of the value of the // -- BIT STRING subjectPublicKey [excluding // -- the tag, length, and number of unused // -- bits] in the responder's certificate) // code below inspired by org.bouncycastle.cert.ocsp.CertificateID.createCertID() // tested with SO52757037-Signed3-OCSP-with-KeyHash.pdf SubjectPublicKeyInfo info = certHolder.getSubjectPublicKeyInfo(); try { return MessageDigest.getInstance("SHA-1").digest(info.getPublicKeyData().getBytes()); } catch (NoSuchAlgorithmException ex) { // should not happen LOG.error("SHA-1 Algorithm not found", ex); return new byte[0]; } }
private static byte[] getRawKey(SubjectPublicKeyInfo keyInfo, Object defaultParams, int expectedSize) { /* * TODO[RFC 8422] * - Require defaultParams == null? * - Require keyInfo.getAlgorithm().getParameters() == null? */ byte[] result = keyInfo.getPublicKeyData().getOctets(); if (expectedSize != result.length) { throw new RuntimeException("public key encoding has incorrect length"); } return result; } }
AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) throws IOException { return new NHPublicKeyParameters(keyInfo.getPublicKeyData().getBytes()); } }
private DERBitString getPublicKeyDetails(BCECGOST3410_2012PublicKey pub) { SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(pub.getEncoded()); return info.getPublicKeyData(); }
private byte[] encodeEcPublicKeyAsBitString(ECPublicKey ecPublicKey) { SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ecPublicKey.getEncoded()); byte[] bytes = publicKeyInfo.getPublicKeyData().getBytes(); return bytes; }
private DERBitString getPublicKeyDetails(BCECGOST3410PublicKey pub) { try { SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); return info.getPublicKeyData(); } catch (IOException e) { // should never happen return null; } }
private DERBitString getPublicKeyDetails(BCDSTU4145PublicKey pub) { try { SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); return info.getPublicKeyData(); } catch (IOException e) { // should never happen return null; } }
private DERBitString getPublicKeyDetails(BCECPublicKey pub) { try { SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); return info.getPublicKeyData(); } catch (IOException e) { // should never happen return null; } }
private static NHPublicKeyParameters getPublicKey(byte[] enc) { SubjectPublicKeyInfo pki = SubjectPublicKeyInfo.getInstance(enc); return new NHPublicKeyParameters(pki.getPublicKeyData().getOctets()); } }
private DERBitString getPublicKeyDetails(JCEECPublicKey pub) { try { SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); return info.getPublicKeyData(); } catch (IOException e) { // should never happen return null; } }
private void populateFromPubKeyInfo(SubjectPublicKeyInfo keyInfo) { if (EdECObjectIdentifiers.id_X448.equals(keyInfo.getAlgorithm().getAlgorithm())) { xdhPublicKey = new X448PublicKeyParameters(keyInfo.getPublicKeyData().getOctets(), 0); } else { xdhPublicKey = new X25519PublicKeyParameters(keyInfo.getPublicKeyData().getOctets(), 0); } }
private void populateFromPubKeyInfo(SubjectPublicKeyInfo keyInfo) { if (EdECObjectIdentifiers.id_Ed448.equals(keyInfo.getAlgorithm().getAlgorithm())) { eddsaPublicKey = new Ed448PublicKeyParameters(keyInfo.getPublicKeyData().getOctets(), 0); } else { eddsaPublicKey = new Ed25519PublicKeyParameters(keyInfo.getPublicKeyData().getOctets(), 0); } }
AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) throws IOException { return new QTESLAPublicKeyParameters(Utils.qTeslaLookupSecurityCategory(keyInfo.getAlgorithm()), keyInfo.getPublicKeyData().getOctets()); } }
private void checkExtensionSubjectKeyIdentifier(final StringBuilder failureMsg, final byte[] extensionValue, final SubjectPublicKeyInfo subjectPublicKeyInfo) { // subjectKeyIdentifier SubjectKeyIdentifier asn1 = SubjectKeyIdentifier.getInstance(extensionValue); byte[] ski = asn1.getKeyIdentifier(); byte[] pkData = subjectPublicKeyInfo.getPublicKeyData().getBytes(); byte[] expectedSki = HashAlgoType.SHA1.hash(pkData); if (!Arrays.equals(expectedSki, ski)) { addViolation(failureMsg, "SKI", hex(ski), hex(expectedSki)); } } // method checkExtensionSubjectKeyIdentifier
private static byte[] getDigest(SubjectPublicKeyInfo spki) { Digest digest = DigestFactory.createSHA1(); byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); digest.update(bytes, 0, bytes.length); digest.doFinal(resBuf, 0); return resBuf; }
AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) throws IOException { return new SPHINCSPublicKeyParameters(keyInfo.getPublicKeyData().getBytes(), Utils.sphincs256LookupTreeAlgName(SPHINCS256KeyParams.getInstance(keyInfo.getAlgorithm().getParameters()))); } }
public IssuerHash(final HashAlgoType hashAlgo, final Certificate issuerCert) throws IOException { this.hashAlgo = ParamUtil.requireNonNull("hashAlgo", hashAlgo); ParamUtil.requireNonNull("issuerCert", issuerCert); byte[] encodedName = issuerCert.getSubject().getEncoded(); byte[] encodedKey = issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); this.issuerNameHash = HashCalculator.hash(hashAlgo, encodedName); this.issuerKeyHash = HashCalculator.hash(hashAlgo, encodedKey); }
public IssuerHash(HashAlgo hashAlgo, Certificate issuerCert) throws IOException { this.hashAlgo = Args.notNull(hashAlgo, "hashAlgo"); Args.notNull(issuerCert, "issuerCert"); byte[] encodedName = issuerCert.getSubject().getEncoded(); byte[] encodedKey = issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); this.issuerNameHash = HashCalculator.hash(hashAlgo, encodedName); this.issuerKeyHash = HashCalculator.hash(hashAlgo, encodedKey); }
/** * create an AuthorityKeyIdentifier with the GeneralNames tag and * the serial number provided as well. * @deprecated create the extension using org.bouncycastle.cert.X509ExtensionUtils */ public AuthorityKeyIdentifier( SubjectPublicKeyInfo spki, GeneralNames name, BigInteger serialNumber) { Digest digest = new SHA1Digest(); byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); digest.update(bytes, 0, bytes.length); digest.doFinal(resBuf, 0); this.keyidentifier = new DEROctetString(resBuf); this.certissuer = GeneralNames.getInstance(name.toASN1Primitive()); this.certserno = new ASN1Integer(serialNumber); }
/** * create an AuthorityKeyIdentifier with the GeneralNames tag and * the serial number provided as well. * @deprecated create the extension using org.bouncycastle.cert.X509ExtensionUtils */ public AuthorityKeyIdentifier( SubjectPublicKeyInfo spki, GeneralNames name, BigInteger serialNumber) { Digest digest = new SHA1Digest(); byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); digest.update(bytes, 0, bytes.length); digest.doFinal(resBuf, 0); this.keyidentifier = new DEROctetString(resBuf); this.certissuer = GeneralNames.getInstance(name.toASN1Primitive()); this.certserno = new ASN1Integer(serialNumber); }