Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conversion of package appverifier > readercertgen to Kotlin #397

Merged
merged 2 commits into from
Oct 30, 2023
Merged

Conversion of package appverifier > readercertgen to Kotlin #397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0546c20
Conversion of package appverifier > readercertgen to Kotlin
keesgeluk Oct 27, 2023
147fadd
Changes after feedback from Jovche
keesgeluk Oct 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 0 additions & 113 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/CertificateGenerator.java
View file
Open in desktop

This file was deleted.

102 changes: 102 additions & 0 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/CertificateGenerator.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
package com.android.mdl.appreader.readercertgen

import org.bouncycastle.asn1.ASN1ObjectIdentifier
import org.bouncycastle.asn1.x500.X500Name
import org.bouncycastle.asn1.x509.BasicConstraints
import org.bouncycastle.asn1.x509.ExtendedKeyUsage
import org.bouncycastle.asn1.x509.Extension
import org.bouncycastle.asn1.x509.GeneralName
import org.bouncycastle.asn1.x509.GeneralNames
import org.bouncycastle.asn1.x509.KeyPurposeId
import org.bouncycastle.asn1.x509.KeyUsage
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier
import org.bouncycastle.cert.CertIOException
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder
import org.bouncycastle.operator.OperatorCreationException
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
import java.io.IOException
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import java.util.Optional

object CertificateGenerator {
private const val CRITICAL = true
private const val NOT_CRITICAL = false
@JvmStatic
@Throws(CertIOException::class, CertificateException::class, OperatorCreationException::class)
fun generateCertificate(
data: DataMaterial,
certMaterial: CertificateMaterial,
keyMaterial: KeyMaterial
): X509Certificate {
val issuerCert: Optional<X509Certificate> = keyMaterial.issuerCertificate
val subjectDN = X500Name(data.subjectDN)
// doesn't work, get's reordered
// issuerCert.isPresent() ? new X500Name(issuerCert.get().getSubjectX500Principal().getName()) : subjectDN;
val issuerDN = X500Name(data.issuerDN)
val contentSigner =
JcaContentSignerBuilder(keyMaterial.signingAlgorithm).build(keyMaterial.signingKey)
val certBuilder = JcaX509v3CertificateBuilder(
issuerDN,
certMaterial.serialNumber,
certMaterial.startDate, certMaterial.endDate,
subjectDN,
keyMaterial.publicKey
)


// Extensions --------------------------
val jcaX509ExtensionUtils = JcaX509ExtensionUtils()
if (issuerCert.isPresent) {
try {
// adds 3 more fields, not present in other cert
// AuthorityKeyIdentifier authorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(issuerCert.get());
val authorityKeyIdentifier =
jcaX509ExtensionUtils.createAuthorityKeyIdentifier(issuerCert.get().publicKey)
certBuilder.addExtension(
Extension.authorityKeyIdentifier,
NOT_CRITICAL,
authorityKeyIdentifier
)
} catch (e: IOException) { // CertificateEncodingException |
throw RuntimeException(e)
}
}
val subjectKeyIdentifier: SubjectKeyIdentifier =
jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyMaterial.publicKey)
certBuilder.addExtension(Extension.subjectKeyIdentifier, NOT_CRITICAL, subjectKeyIdentifier)
val keyUsage = KeyUsage(certMaterial.keyUsage)
certBuilder.addExtension(Extension.keyUsage, CRITICAL, keyUsage)

// IssuerAlternativeName
val issuerAlternativeName: Optional<String> = data.issuerAlternativeName
if (issuerAlternativeName.isPresent) {
val issuerAltName = GeneralNames(
GeneralName(
GeneralName.uniformResourceIdentifier,
issuerAlternativeName.get()
)
)
certBuilder.addExtension(Extension.issuerAlternativeName, NOT_CRITICAL, issuerAltName)
}

// Basic Constraints
val pathLengthConstraint: Int = certMaterial.pathLengthConstraint
if (pathLengthConstraint != CertificateMaterial.PATHLENGTH_NOT_A_CA) {
// TODO doesn't work for certificate chains != 2 in size
val basicConstraints = BasicConstraints(pathLengthConstraint)
certBuilder.addExtension(Extension.basicConstraints, CRITICAL, basicConstraints)
}
val extendedKeyUsage: Optional<String> = certMaterial.extendedKeyUsage
if (extendedKeyUsage.isPresent) {
val keyPurpose = KeyPurposeId.getInstance(ASN1ObjectIdentifier(extendedKeyUsage.get()))
val extKeyUsage = ExtendedKeyUsage(arrayOf(keyPurpose))
certBuilder.addExtension(Extension.extendedKeyUsage, CRITICAL, extKeyUsage)
}

// DEBUG setProvider(bcProvider) removed before getCertificate
return JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner))
}
}
21 changes: 0 additions & 21 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/CertificateMaterial.java
View file
Open in desktop

This file was deleted.

18 changes: 18 additions & 0 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/CertificateMaterial.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package com.android.mdl.appreader.readercertgen

import java.math.BigInteger
import java.util.Date
import java.util.Optional

data class CertificateMaterial(
val serialNumber: BigInteger,
val startDate: Date,
val endDate: Date,
val keyUsage: Int,
val extendedKeyUsage: Optional<String>,
val pathLengthConstraint: Int
) {
companion object {
const val PATHLENGTH_NOT_A_CA = -1
}
}
12 changes: 0 additions & 12 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/DataMaterial.java
View file
Open in desktop

This file was deleted.

9 changes: 9 additions & 0 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/DataMaterial.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
package com.android.mdl.appreader.readercertgen

import java.util.Optional

data class DataMaterial(
val subjectDN: String,
val issuerDN: String,
val issuerAlternativeName: Optional<String>
)
24 changes: 0 additions & 24 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/EncodingUtil.java
View file
Open in desktop

This file was deleted.

17 changes: 17 additions & 0 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/EncodingUtil.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package com.android.mdl.appreader.readercertgen

import java.text.ParseException
import java.text.SimpleDateFormat
import java.util.Date
import java.util.Locale

object EncodingUtil {
private val SHORT_ISO_DATEFORMAT = SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH)
fun parseShortISODate(date: String): Date {
return try {
SHORT_ISO_DATEFORMAT.parse(date)!!
} catch (e: ParseException) {
throw RuntimeException(e)
}
}
}
17 changes: 0 additions & 17 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/KeyMaterial.java
View file
Open in desktop

This file was deleted.

13 changes: 13 additions & 0 deletions appverifier/src/main/java/com/android/mdl/appreader/readercertgen/KeyMaterial.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package com.android.mdl.appreader.readercertgen

import java.security.PrivateKey
import java.security.PublicKey
import java.security.cert.X509Certificate
import java.util.Optional

data class KeyMaterial(
val publicKey: PublicKey,
val signingAlgorithm: String,
val issuerCertificate: Optional<X509Certificate>,
val signingKey: PrivateKey
)
Loading
Loading