Examples of org.apache.geronimo.crypto.asn1.DERSequence

• org.apache.geronimo.crypto.asn1.DERBitString

     * @return a Map with Subject, public-key and challenge
     */
    public static Map processSPKAC(String spkac) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, Exception {
        Map map = new HashMap();
        byte[]data = Base64.decode(spkac);
        ASN1InputStream ais = new ASN1InputStream(new ByteArrayInputStream(data));
        DERSequence spkacSeq = (DERSequence)ais.readObject();

        // SPKAC = SEQ {PKAC, SIGN-ALG, SIGN}
        // Get PKAC and obtain PK and C
        DERSequence pkacSeq = (DERSequence)spkacSeq.getObjectAt(0);
        DERObject pk = (DERObject)pkacSeq.getObjectAt(0);

    private String generateCSR(X509Certificate cert, PrivateKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, KeyStoreException, IOException {
        String sigalg = cert.getSigAlgName();
        X509Name subject;
        try{
            ASN1InputStream ais = new ASN1InputStream(cert.getEncoded());
            X509CertificateStructure x509Struct = new X509CertificateStructure((ASN1Sequence)ais.readObject());
            ais.close();
            subject = x509Struct.getSubject();
        } catch(CertificateEncodingException e) {
            log.warn(e.toString()+" while retrieving subject from certificate to create CSR.  Using subjectDN instead.");
            subject = new X509Name(cert.getSubjectDN().toString());
        }

        else if("SHA1withRSA".equalsIgnoreCase(algorithm))
            algId = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);
        else
            throw new CertificationAuthorityException("Signature algorithm "+algorithm+" is not supported.");

        ASN1InputStream ais = new ASN1InputStream(subPubKey.getEncoded());
        DERObject subPubkeyDerObj = ais.readObject();
        SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(subPubkeyDerObj);

        // Create certificate generator and initialize fields
        // Certificate version is v3
        V3TBSCertificateGenerator v3certGen = new V3TBSCertificateGenerator();

        } catch(CertificateEncodingException e) {
            log.warn(e.toString()+" while retrieving subject from certificate to create CSR.  Using subjectDN instead.");
            subject = new X509Name(cert.getSubjectDN().toString());
        }
        PublicKey publicKey = cert.getPublicKey();
        ASN1Set attributes = null;

        PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
                subject, publicKey, attributes, signingKey);

        if (!csr.verify()) {

        } catch(CertificateEncodingException e) {
            log.warn(e.toString()+" while retrieving subject from certificate to create CSR.  Using subjectDN instead.");
            subject = new X509Name(cert.getSubjectDN().toString());
        }
        PublicKey publicKey = cert.getPublicKey();
        ASN1Set attributes = null;

        PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
                subject, publicKey, attributes, signingKey);

        if (!csr.verify()) {

            throws Exception {

        String sigalg = cert.getSigAlgName();
        X509Name subject = new X509Name(cert.getSubjectDN().toString());
        PublicKey publicKey = cert.getPublicKey();
        ASN1Set attributes = null;

        PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
                subject, publicKey, attributes, signingKey);

        if (!csr.verify()) {

        } catch(CertificateEncodingException e) {
            log.warn(e.toString()+" while retrieving subject from certificate to create CSR.  Using subjectDN instead.");
            subject = new X509Name(cert.getSubjectDN().toString());
        }
        PublicKey publicKey = cert.getPublicKey();
        ASN1Set attributes = null;

        PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
                subject, publicKey, attributes, signingKey);

        if (!csr.verify()) {

        // Get SIGN-ALG
        DERSequence signAlg = (DERSequence) spkacSeq.getObjectAt(1);
        DERObject alg0 = (DERObject)signAlg.getObjectAt(0);

        // Get SIGN
        DERBitString sign = (DERBitString) spkacSeq.getObjectAt(2);
        byte[] signature = sign.getBytes();

        // Verify the signature on SPKAC
        String signAlgString = PKCSObjectIdentifiers.md5WithRSAEncryption.equals(alg0) ? "MD5withRSA" :
                               PKCSObjectIdentifiers.md2WithRSAEncryption.equals(alg0) ? "MD2withRSA" :
                               PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(alg0) ? "SHA1withRSA" : null;

        // Get SIGN-ALG
        DERSequence signAlg = (DERSequence) spkacSeq.getObjectAt(1);
        DERObject alg0 = (DERObject)signAlg.getObjectAt(0);

        // Get SIGN
        DERBitString sign = (DERBitString) spkacSeq.getObjectAt(2);
        byte[] signature = sign.getBytes();

        // Verify the signature on SPKAC
        String signAlgString = PKCSObjectIdentifiers.md5WithRSAEncryption.equals(alg0) ? "MD5withRSA" :
                               PKCSObjectIdentifiers.md2WithRSAEncryption.equals(alg0) ? "MD2withRSA" :
                               PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(alg0) ? "SHA1withRSA" : null;

        // Get SIGN-ALG
        DERSequence signAlg = (DERSequence) spkacSeq.getObjectAt(1);
        DERObject alg0 = (DERObject)signAlg.getObjectAt(0);

        // Get SIGN
        DERBitString sign = (DERBitString) spkacSeq.getObjectAt(2);
        byte[] signature = sign.getBytes();

        // Verify the signature on SPKAC
        String signAlgString = PKCSObjectIdentifiers.md5WithRSAEncryption.equals(alg0) ? "MD5withRSA" :
                               PKCSObjectIdentifiers.md2WithRSAEncryption.equals(alg0) ? "MD2withRSA" :
                               PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(alg0) ? "SHA1withRSA" : null;