code polish
This commit is contained in:
parent
41363e4f28
commit
9845d72a36
@ -207,8 +207,7 @@ public class CryptoX509 {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static String getDigestNameFromCert(X509CertificateHolder x509CertificateHolder) {
|
public static String getDigestNameFromCert(X509CertificateHolder x509CertificateHolder) {
|
||||||
String digestName = CryptoX509.Util.getDigestNameFromSigAlgId(x509CertificateHolder.getSignatureAlgorithm().getAlgorithm());
|
return Util.getDigestNameFromSigAlgId(x509CertificateHolder.getSignatureAlgorithm().getAlgorithm());
|
||||||
return digestName;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String getDigestNameFromSigAlgId(ASN1ObjectIdentifier algorithm) {
|
public static String getDigestNameFromSigAlgId(ASN1ObjectIdentifier algorithm) {
|
||||||
@ -380,7 +379,7 @@ public class CryptoX509 {
|
|||||||
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
|
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
|
||||||
|
|
||||||
|
|
||||||
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
|
SubjectPublicKeyInfo subjectPublicKeyInfo;
|
||||||
DSAParameters parameters = publicKey.getParameters();
|
DSAParameters parameters = publicKey.getParameters();
|
||||||
try {
|
try {
|
||||||
byte[] encoded = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa,
|
byte[] encoded = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa,
|
||||||
@ -402,7 +401,7 @@ public class CryptoX509 {
|
|||||||
|
|
||||||
BcDSAContentSignerBuilder contentSignerBuilder = new BcDSAContentSignerBuilder(sigAlgId, digAlgId);
|
BcDSAContentSignerBuilder contentSignerBuilder = new BcDSAContentSignerBuilder(sigAlgId, digAlgId);
|
||||||
|
|
||||||
ContentSigner build = null;
|
ContentSigner build;
|
||||||
try {
|
try {
|
||||||
build = contentSignerBuilder.build(privateKey);
|
build = contentSignerBuilder.build(privateKey);
|
||||||
} catch (OperatorCreationException e) {
|
} catch (OperatorCreationException e) {
|
||||||
@ -410,8 +409,7 @@ public class CryptoX509 {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
X509CertificateHolder certHolder = v3CertBuilder.build(build);
|
return v3CertBuilder.build(build);
|
||||||
return certHolder;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -422,7 +420,7 @@ public class CryptoX509 {
|
|||||||
* <p>
|
* <p>
|
||||||
* @return true if it was a valid cert.
|
* @return true if it was a valid cert.
|
||||||
*/
|
*/
|
||||||
public static final boolean validate(X509CertificateHolder x509CertificateHolder) {
|
public static boolean validate(X509CertificateHolder x509CertificateHolder) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
// this is unique in that it verifies that the certificate is a LEGIT certificate, but not necessarily
|
// this is unique in that it verifies that the certificate is a LEGIT certificate, but not necessarily
|
||||||
@ -475,8 +473,8 @@ public class CryptoX509 {
|
|||||||
SignedData newSignedData = SignedData.getInstance(tagged.getObject());
|
SignedData newSignedData = SignedData.getInstance(tagged.getObject());
|
||||||
|
|
||||||
@SuppressWarnings("rawtypes")
|
@SuppressWarnings("rawtypes")
|
||||||
Enumeration newSigOjects = newSignedData.getCertificates().getObjects();
|
Enumeration newSigObjects = newSignedData.getCertificates().getObjects();
|
||||||
Object newSigElement = newSigOjects.nextElement();
|
Object newSigElement = newSigObjects.nextElement();
|
||||||
|
|
||||||
if (newSigElement instanceof DERSequence) {
|
if (newSigElement instanceof DERSequence) {
|
||||||
DERSequence newSigDERElement = (DERSequence) newSigElement;
|
DERSequence newSigDERElement = (DERSequence) newSigElement;
|
||||||
@ -519,6 +517,7 @@ public class CryptoX509 {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
public static class RSA {
|
public static class RSA {
|
||||||
static {
|
static {
|
||||||
addProvider();
|
addProvider();
|
||||||
@ -681,27 +680,53 @@ public class CryptoX509 {
|
|||||||
/**
|
/**
|
||||||
* Generate a cert that is signed by a CA cert.
|
* Generate a cert that is signed by a CA cert.
|
||||||
*/
|
*/
|
||||||
public static X509Certificate generateCert(KeyFactory factory, Date startDate, Date expiryDate,
|
public static
|
||||||
X509Certificate issuerCert, String subject, String friendlyName,
|
X509Certificate generateCert(KeyFactory factory,
|
||||||
RSAKeyParameters publicKey, RSAPrivateCrtKeyParameters signingCaKey) throws InvalidKeySpecException, InvalidKeyException, IOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
|
Date startDate,
|
||||||
|
Date expiryDate,
|
||||||
|
X509Certificate issuerCert,
|
||||||
|
String subject,
|
||||||
|
String friendlyName,
|
||||||
|
RSAKeyParameters publicKey,
|
||||||
|
RSAPrivateCrtKeyParameters signingCaKey)
|
||||||
|
throws InvalidKeySpecException, InvalidKeyException, IOException, OperatorCreationException, CertificateException,
|
||||||
|
NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
|
||||||
|
|
||||||
return CryptoX509.RSA.generateCert(factory, startDate, expiryDate,
|
return CryptoX509.RSA.generateCert(factory,
|
||||||
X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(issuerCert)), new X500Name(subject), friendlyName,
|
startDate,
|
||||||
|
expiryDate,
|
||||||
|
X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(issuerCert)),
|
||||||
|
new X500Name(subject),
|
||||||
|
friendlyName,
|
||||||
publicKey,
|
publicKey,
|
||||||
issuerCert, signingCaKey);
|
issuerCert,
|
||||||
|
signingCaKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generate a cert that is self signed.
|
* Generate a cert that is self signed.
|
||||||
*/
|
*/
|
||||||
public static X509Certificate generateCert(KeyFactory factory, Date startDate, Date expiryDate,
|
public static
|
||||||
String subject, String friendlyName,
|
X509Certificate generateCert(KeyFactory factory,
|
||||||
RSAKeyParameters publicKey, RSAPrivateCrtKeyParameters privateKey) throws InvalidKeySpecException, InvalidKeyException, IOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
|
Date startDate,
|
||||||
|
Date expiryDate,
|
||||||
|
String subject,
|
||||||
|
String friendlyName,
|
||||||
|
RSAKeyParameters publicKey,
|
||||||
|
RSAPrivateCrtKeyParameters privateKey)
|
||||||
|
throws InvalidKeySpecException, InvalidKeyException, IOException, OperatorCreationException, CertificateException,
|
||||||
|
NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
|
||||||
|
|
||||||
return CryptoX509.RSA.generateCert(factory, startDate, expiryDate,
|
return CryptoX509.RSA.generateCert(factory,
|
||||||
new X500Name(subject), new X500Name(subject), friendlyName,
|
startDate,
|
||||||
publicKey, null, privateKey);
|
expiryDate,
|
||||||
|
new X500Name(subject),
|
||||||
|
new X500Name(subject),
|
||||||
|
friendlyName,
|
||||||
|
publicKey,
|
||||||
|
null,
|
||||||
|
privateKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -709,7 +734,9 @@ public class CryptoX509 {
|
|||||||
private static X509Certificate generateCert(KeyFactory factory, Date startDate, Date expiryDate,
|
private static X509Certificate generateCert(KeyFactory factory, Date startDate, Date expiryDate,
|
||||||
X500Name issuer, X500Name subject, String friendlyName,
|
X500Name issuer, X500Name subject, String friendlyName,
|
||||||
RSAKeyParameters certPublicKey,
|
RSAKeyParameters certPublicKey,
|
||||||
X509Certificate signingCertificate, RSAPrivateCrtKeyParameters signingPrivateKey) throws InvalidKeySpecException, IOException, InvalidKeyException, OperatorCreationException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
|
X509Certificate signingCertificate, RSAPrivateCrtKeyParameters signingPrivateKey)
|
||||||
|
throws InvalidKeySpecException, IOException, InvalidKeyException, OperatorCreationException, CertificateException,
|
||||||
|
NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
|
||||||
|
|
||||||
|
|
||||||
String signatureAlgorithm = "SHA1withRSA";
|
String signatureAlgorithm = "SHA1withRSA";
|
||||||
@ -842,8 +869,8 @@ public class CryptoX509 {
|
|||||||
|
|
||||||
public static PrivateKey convertToJCE(KeyFactory keyFactory, RSAKeyParameters publicKey, RSAPrivateCrtKeyParameters privateKey) throws InvalidKeySpecException {
|
public static PrivateKey convertToJCE(KeyFactory keyFactory, RSAKeyParameters publicKey, RSAPrivateCrtKeyParameters privateKey) throws InvalidKeySpecException {
|
||||||
return keyFactory.generatePrivate(new RSAPrivateCrtKeySpec(publicKey.getModulus(), publicKey.getExponent(),
|
return keyFactory.generatePrivate(new RSAPrivateCrtKeySpec(publicKey.getModulus(), publicKey.getExponent(),
|
||||||
privateKey.getExponent(), privateKey.getP(), privateKey.getQ(),
|
privateKey.getExponent(), privateKey.getP(), privateKey.getQ(),
|
||||||
privateKey.getDP(), privateKey.getDQ(), privateKey.getQInv()));
|
privateKey.getDP(), privateKey.getDQ(), privateKey.getQInv()));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -862,7 +889,7 @@ public class CryptoX509 {
|
|||||||
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
|
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
|
||||||
|
|
||||||
|
|
||||||
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
|
SubjectPublicKeyInfo subjectPublicKeyInfo;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// JCE format needed for the certificate - because getEncoded() is necessary...
|
// JCE format needed for the certificate - because getEncoded() is necessary...
|
||||||
@ -896,9 +923,8 @@ public class CryptoX509 {
|
|||||||
|
|
||||||
|
|
||||||
ContentSigner hashSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKey);
|
ContentSigner hashSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKey);
|
||||||
X509CertificateHolder certHolder = certBuilder.build(hashSigner);
|
|
||||||
|
|
||||||
return certHolder;
|
return certBuilder.build(hashSigner);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Error generating certificate.", e);
|
logger.error("Error generating certificate.", e);
|
||||||
return null;
|
return null;
|
||||||
@ -913,7 +939,7 @@ public class CryptoX509 {
|
|||||||
* <p>
|
* <p>
|
||||||
* @return true if it was a valid cert.
|
* @return true if it was a valid cert.
|
||||||
*/
|
*/
|
||||||
public static final boolean validate(X509CertificateHolder x509CertificateHolder) {
|
public static boolean validate(X509CertificateHolder x509CertificateHolder) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
// this is unique in that it verifies that the certificate is a LEGIT certificate, but not necessarily
|
// this is unique in that it verifies that the certificate is a LEGIT certificate, but not necessarily
|
||||||
@ -1033,7 +1059,7 @@ public class CryptoX509 {
|
|||||||
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm);
|
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm);
|
||||||
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
|
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
|
||||||
|
|
||||||
SubjectPublicKeyInfo subjectPublicKeyInfo = null;
|
SubjectPublicKeyInfo subjectPublicKeyInfo;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
byte[] encoded = pubKey.getEncoded();
|
byte[] encoded = pubKey.getEncoded();
|
||||||
@ -1050,7 +1076,7 @@ public class CryptoX509 {
|
|||||||
|
|
||||||
BcECDSAContentSignerBuilder contentSignerBuilder = new BcECDSAContentSignerBuilder(sigAlgId, digAlgId);
|
BcECDSAContentSignerBuilder contentSignerBuilder = new BcECDSAContentSignerBuilder(sigAlgId, digAlgId);
|
||||||
|
|
||||||
ContentSigner build = null;
|
ContentSigner build;
|
||||||
try {
|
try {
|
||||||
build = contentSignerBuilder.build(privateKey);
|
build = contentSignerBuilder.build(privateKey);
|
||||||
} catch (OperatorCreationException e) {
|
} catch (OperatorCreationException e) {
|
||||||
@ -1058,8 +1084,7 @@ public class CryptoX509 {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
X509CertificateHolder certHolder = v3CertBuilder.build(build);
|
return v3CertBuilder.build(build);
|
||||||
return certHolder;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1069,7 +1094,7 @@ public class CryptoX509 {
|
|||||||
* <p>
|
* <p>
|
||||||
* @return true if it was a valid cert.
|
* @return true if it was a valid cert.
|
||||||
*/
|
*/
|
||||||
public static final boolean validate(X509CertificateHolder x509CertificateHolder) {
|
public static boolean validate(X509CertificateHolder x509CertificateHolder) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
// this is unique in that it verifies that the certificate is a LEGIT certificate, but not necessarily
|
// this is unique in that it verifies that the certificate is a LEGIT certificate, but not necessarily
|
||||||
@ -1213,12 +1238,7 @@ public class CryptoX509 {
|
|||||||
|
|
||||||
SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(x509CertificateHolder.toASN1Structure()));
|
SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(x509CertificateHolder.toASN1Structure()));
|
||||||
|
|
||||||
SignerInfo inf = new SignerInfo(sigId,
|
SignerInfo inf = new SignerInfo(sigId, digAlgId, null, digEncryptionAlgorithm, new DEROctetString(sigBytes), (ASN1Set) null);
|
||||||
digAlgId,
|
|
||||||
(ASN1Set) null,
|
|
||||||
digEncryptionAlgorithm,
|
|
||||||
new DEROctetString(sigBytes),
|
|
||||||
(ASN1Set) null);
|
|
||||||
|
|
||||||
digestAlgs.add(inf.getDigestAlgorithm());
|
digestAlgs.add(inf.getDigestAlgorithm());
|
||||||
signerInfos.add(inf);
|
signerInfos.add(inf);
|
||||||
@ -1240,9 +1260,8 @@ public class CryptoX509 {
|
|||||||
|
|
||||||
ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
|
ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd);
|
||||||
CMSSignedData cmsSignedData2 = new CMSSignedData(content, contentInfo);
|
CMSSignedData cmsSignedData2 = new CMSSignedData(content, contentInfo);
|
||||||
byte[] signatureBlock = cmsSignedData2.getEncoded();
|
|
||||||
|
|
||||||
return signatureBlock;
|
return cmsSignedData2.getEncoded();
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
logger.error("Error signing data.", t);
|
logger.error("Error signing data.", t);
|
||||||
throw new RuntimeException("Error trying to sign data. " + t.getMessage());
|
throw new RuntimeException("Error trying to sign data. " + t.getMessage());
|
||||||
|
Loading…
Reference in New Issue
Block a user