List of usage examples for org.bouncycastle.jce PKCS10CertificationRequest getSignatureAlgorithm
public AlgorithmIdentifier getSignatureAlgorithm()
From source file:ca.nrc.cadc.cred.server.actions.DelegationAction.java
License:Open Source License
X509CertificateChain prepareCert(X509CertificateChain signCert) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, CertificateParsingException, CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException { log.debug("prepareCert - START"); if (!(signCert.getPrivateKey() instanceof RSAKey)) { // TODO - Only RSA keys are supported. Generate a proxy cert // if this is not the case // This should probably be cached somehow if (daysValid == Float.MAX_VALUE) { daysValid = 30.0f;/*from w ww .j a va 2 s . co m*/ } } if (daysValid == Float.MAX_VALUE) { // return the stored certificate as it is log.debug("daysValid = " + daysValid + ", returning bare certificate"); return signCert; } else { // return proxy certificate signed with the key of the // stored certificate try { // Add the Bouncy Castle JCE provider. This allows the CSR // classes to work. The BC implementation of PKCS#10 depends // on the ciphers in the BC provider. if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } KeyPairGenerator keyPairGenerator = null; try { keyPairGenerator = KeyPairGenerator.getInstance("RSA"); } catch (NoSuchAlgorithmException ex) { ex.printStackTrace(); throw new RuntimeException("The JCE doesn't do RSA! Game over."); } keyPairGenerator.initialize(CertUtil.DEFAULT_KEY_LENGTH); // generate the subject String subject = signCert.getChain()[0].getSubjectX500Principal().getName(X500Principal.CANONICAL); // generated the key pair KeyPair keys = keyPairGenerator.generateKeyPair(); // generate the CSR PKCS10CertificationRequest csr = new PKCS10CertificationRequest( CertUtil.DEFAULT_SIGNATURE_ALGORITHM, new X509Name(subject), keys.getPublic(), null, keys.getPrivate(), "BC"); log.debug("PKCS10CertificationRequest " + csr.getSignatureAlgorithm().toString()); // sign the CSR X509Certificate newCert = CertUtil.generateCertificate(csr, Math.round(daysValid * 24 * 60 * 60), signCert); // package and return X509Certificate[] certChain = new X509Certificate[signCert.getChain().length + 1]; certChain[0] = newCert; System.arraycopy(signCert.getChain(), 0, certChain, 1, signCert.getChain().length); X509CertificateChain result = new X509CertificateChain(certChain, keys.getPrivate()); result.setPrincipal(signCert.getPrincipal()); return result; } finally { profiler.checkpoint("prepareCert"); } } }