List of usage examples for org.bouncycastle.cert X509CertificateHolder toASN1Structure
public Certificate toASN1Structure()
From source file:com.helger.ebinterface.signature.CreateCertHelper.java
License:Apache License
@Nonnull public static X509Certificate signCSR(final PKCS10CertificationRequest inputCSR, final PrivateKey caPrivate, final KeyPair pair, @Nonnull @Nonempty final String sRootCommonName, @Nonnull @Nonempty final String sRootOrganization, @Nonnull @Nonempty final String sRootCountry, final Date notAfter) throws Exception { final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(SIGNING_ALGO); final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); final AsymmetricKeyParameter foo = PrivateKeyFactory.createKey(caPrivate.getEncoded()); final SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()); final X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder( x500(sRootCommonName, sRootOrganization, sRootCountry), new BigInteger(64, SecureRandom.getInstanceStrong()), now(), notAfter, inputCSR.getSubject(), keyInfo);//ww w . j a va 2 s . c om final ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(foo); final X509CertificateHolder holder = myCertificateGenerator.build(sigGen); final org.bouncycastle.asn1.x509.Certificate eeX509CertificateStructure = holder.toASN1Structure(); // Read Certificate try (final InputStream is1 = new NonBlockingByteArrayInputStream(eeX509CertificateStructure.getEncoded(), false)) { final CertificateFactory cf = CertificateFactory.getInstance("X.509", PROVIDER); final X509Certificate theCert = (X509Certificate) cf.generateCertificate(is1); return theCert; } }
From source file:com.predic8.membrane.core.transport.ssl.GeneratingSSLContext.java
License:Apache License
public static X509Certificate sign(String subjectName, X509Certificate caPublic, PrivateKey caPrivate, PublicKey keyPublic) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException, CertificateException { AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter foo = PrivateKeyFactory.createKey(caPrivate.getEncoded()); SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPublic.getEncoded()); org.bouncycastle.asn1.x500.X500Name caName = new JcaX509CertificateHolder(caPublic).getSubject(); X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(caName, new BigInteger("1"), new Date(System.currentTimeMillis() - 30 * 24 * 24 * 60 * 60 * 1000), new Date(System.currentTimeMillis() + 30 * 365 * 24 * 60 * 60 * 1000), new org.bouncycastle.asn1.x500.X500Name(subjectName), keyInfo); ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(foo); X509CertificateHolder holder = myCertificateGenerator.build(sigGen); org.bouncycastle.asn1.x509.Certificate eeX509CertificateStructure = holder.toASN1Structure(); CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); // Read Certificate InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded()); X509Certificate theCert = (X509Certificate) cf.generateCertificate(is1); is1.close();//from w ww. j a v a2 s. c om return theCert; //return null; }
From source file:com.spotify.sshtlsclient.X509CertificateFactory.java
License:Apache License
static Certificate get(final SshAgentContentSigner signer, final Identity identity, final String username) { final UUID uuid = new UUID(); final Calendar calendar = Calendar.getInstance(); final X500Name issuerDN = new X500Name("C=US,O=Spotify,CN=helios-client"); final X500Name subjectDN = new X500NameBuilder().addRDN(BCStyle.UID, username).build(); final SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(ASN1Sequence.getInstance(identity.getPublicKey().getEncoded())); calendar.add(Calendar.HOUR, -HOURS_BEFORE); final Date notBefore = calendar.getTime(); calendar.add(Calendar.HOUR, HOURS_BEFORE + HOURS_AFTER); final Date notAfter = calendar.getTime(); // Reuse the UUID time as a SN final BigInteger serialNumber = BigInteger.valueOf(uuid.getTime()).abs(); final X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjectPublicKeyInfo); try {/*from w ww . j av a 2 s . co m*/ final DigestCalculator digestCalculator = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); final X509ExtensionUtils utils = new X509ExtensionUtils(digestCalculator); builder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(subjectPublicKeyInfo)); builder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(subjectPublicKeyInfo)); builder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false)); final X509CertificateHolder holder = builder.build(signer); return new Certificate(new org.bouncycastle.asn1.x509.Certificate[] { holder.toASN1Structure(), }); } catch (Exception e) { throw Throwables.propagate(e); } }
From source file:dorkbox.util.crypto.CryptoX509.java
License:Apache License
/** * Creates a NEW signature block that contains the pkcs7 (minus content, which is the .SF file) * signature of the .SF file.//from w ww. j a v a2s.c om * * It contains the hash of the data, and the verification signature. */ public static byte[] createSignature(byte[] signatureSourceData, X509CertificateHolder x509CertificateHolder, AsymmetricKeyParameter privateKey) { try { CMSTypedData content = new CMSProcessableByteArray(signatureSourceData); ASN1ObjectIdentifier contentTypeOID = new ASN1ObjectIdentifier(content.getContentType().getId()); ASN1EncodableVector digestAlgs = new ASN1EncodableVector(); ASN1EncodableVector signerInfos = new ASN1EncodableVector(); AlgorithmIdentifier sigAlgId = x509CertificateHolder.getSignatureAlgorithm(); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); // use the bouncy-castle lightweight API to generate a hash of the signature source data (usually the signature file bytes) BcContentSignerBuilder contentSignerBuilder; AlgorithmIdentifier digEncryptionAlgorithm; if (privateKey instanceof ECPrivateKeyParameters) { contentSignerBuilder = new BcECDSAContentSignerBuilder(sigAlgId, digAlgId); digEncryptionAlgorithm = new AlgorithmIdentifier(DSAUtil.dsaOids[0], null); // 1.2.840.10040.4.1 // DSA hashID } else if (privateKey instanceof DSAPrivateKeyParameters) { contentSignerBuilder = new BcDSAContentSignerBuilder(sigAlgId, digAlgId); digEncryptionAlgorithm = new AlgorithmIdentifier(DSAUtil.dsaOids[0], null); // 1.2.840.10040.4.1 // DSA hashID } else if (privateKey instanceof RSAPrivateCrtKeyParameters) { contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId); digEncryptionAlgorithm = new AlgorithmIdentifier(RSAUtil.rsaOids[0], null); // 1.2.840.113549.1.1.1 // RSA hashID } else { throw new RuntimeException("Invalid signature type. Only ECDSA, DSA, RSA supported."); } ContentSigner hashSigner = contentSignerBuilder.build(privateKey); OutputStream outputStream = hashSigner.getOutputStream(); outputStream.write(signatureSourceData, 0, signatureSourceData.length); outputStream.flush(); byte[] sigBytes = hashSigner.getSignature(); SignerIdentifier sigId = new SignerIdentifier( new IssuerAndSerialNumber(x509CertificateHolder.toASN1Structure())); SignerInfo inf = new SignerInfo(sigId, digAlgId, null, digEncryptionAlgorithm, new DEROctetString(sigBytes), (ASN1Set) null); digestAlgs.add(inf.getDigestAlgorithm()); signerInfos.add(inf); ASN1EncodableVector certs = new ASN1EncodableVector(); certs.add(x509CertificateHolder.toASN1Structure()); ContentInfo encInfo = new ContentInfo(contentTypeOID, null); SignedData sd = new SignedData(new DERSet(digestAlgs), encInfo, new BERSet(certs), null, new DERSet(signerInfos)); ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, sd); CMSSignedData cmsSignedData2 = new CMSSignedData(content, contentInfo); return cmsSignedData2.getEncoded(); } catch (Throwable t) { logger.error("Error signing data.", t); throw new RuntimeException("Error trying to sign data. " + t.getMessage()); } }
From source file:eu.europa.ec.markt.dss.DSSASN1Utils.java
License:Open Source License
/** * This method return {@code X509Certificate} representing {@code X509CertificateHolder}. The {@code CertificateParsingException} is transformed in {@code * DSSException}.//www . j a v a 2 s.c o m * * @param certificateHolder {@code X509CertificateHolder} * @return {@code X509Certificate}. * @throws DSSException */ public static X509Certificate getCertificate(final X509CertificateHolder certificateHolder) throws DSSException { try { final X509Certificate certificate = new X509CertificateObject(certificateHolder.toASN1Structure()); return certificate; } catch (CertificateParsingException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
public static X509Certificate getCertificate(final X509CertificateHolder x509CertificateHolder) { try {/*from ww w . j av a 2s .c om*/ final Certificate certificate = x509CertificateHolder.toASN1Structure(); final X509CertificateObject x509CertificateObject = new X509CertificateObject(certificate); return x509CertificateObject; } catch (CertificateParsingException e) { throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.validation.cades.CAdESCertificateSource.java
License:Open Source License
@Override @SuppressWarnings("unchecked") public List<X509Certificate> getCertificates() { List<X509Certificate> list = new ArrayList<X509Certificate>(); try {//from w ww . j a va 2s . co m if (!onlyExtended) { LOG.fine(cmsSignedData.getCertificates().getMatches(null).size() + " certificate in collection"); for (X509CertificateHolder ch : (Collection<X509CertificateHolder>) cmsSignedData.getCertificates() .getMatches(null)) { X509Certificate c = new X509CertificateObject(ch.toASN1Structure()); LOG.fine("Certificate for subject " + c.getSubjectX500Principal()); if (!list.contains(c)) { list.add(c); } } } // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = cmsSignedData.getSignerInfos().get(signerId); if (si != null && si.getUnsignedAttributes() != null && si.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_ets_certValues) != null) { DERSequence seq = (DERSequence) si.getUnsignedAttributes() .get(PKCSObjectIdentifiers.id_aa_ets_certValues).getAttrValues().getObjectAt(0); for (int i = 0; i < seq.size(); i++) { X509CertificateStructure cs = X509CertificateStructure.getInstance(seq.getObjectAt(i)); X509Certificate c = new X509CertificateObject(cs); if (!list.contains(c)) { list.add(c); } } } } catch (CertificateParsingException e) { throw new RuntimeException(e); } catch (StoreException e) { throw new RuntimeException(e); } return list; }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static CertificateToken getCertificate(final X509CertificateHolder x509CertificateHolder) { try {/*w w w. jav a 2 s . c om*/ final Certificate certificate = x509CertificateHolder.toASN1Structure(); final X509CertificateObject x509CertificateObject = new X509CertificateObject(certificate); return new CertificateToken(x509CertificateObject); } catch (CertificateParsingException e) { throw new DSSException(e); } }
From source file:org.apache.accumulo.test.util.CertUtils.java
License:Apache License
private X509CertificateObject generateCert(String keyName, KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException { Calendar startDate = Calendar.getInstance(); Calendar endDate = Calendar.getInstance(); endDate.add(Calendar.YEAR, 100); BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis())); X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE)); JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic()); JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic())); certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority)); certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey)); if (isCertAuthority) { certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign)); }/*w w w .j av a 2s. c om*/ X509CertificateHolder cert = certGen .build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey)); return new X509CertificateObject(cert.toASN1Structure()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
private byte[] createInitializationRespons1(byte[] senderNonce, byte[] transactionId) throws CMPException, CertificateEncodingException, OperatorCreationException, PKICMPMessageException, IOException { X509CertificateHolder x509CertificateHolder = new JcaX509CertificateHolder(pki.getTestUser3Cert()); // Body// w w w . jav a 2s. c om CertResponse certResponse = new CertResponse(new ASN1Integer(0), new PKIStatusInfo(PKIStatus.granted), new CertifiedKeyPair( new CertOrEncCert(new CMPCertificate(x509CertificateHolder.toASN1Structure()))), null); CertResponse[] certResponses = new CertResponse[1]; certResponses[0] = certResponse; PKIBody pkiBody = new PKIBody(PKIBody.TYPE_INIT_REP, new CertRepMessage(pkiKeyStoreCA.getCMPCertificateChain(), certResponses)); return createProtectedPKIMessage(senderNonce, transactionId, pkiBody); }