Example usage for org.bouncycastle.jce PKCS10CertificationRequest getSignatureAlgorithm

List of usage examples for org.bouncycastle.jce PKCS10CertificationRequest getSignatureAlgorithm

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.jce.*
  5. PKCS10CertificationRequest
  6. getSignatureAlgorithm

Introduction

In this page you can find the example usage for org.bouncycastle.jce PKCS10CertificationRequest getSignatureAlgorithm.

Prototype

public AlgorithmIdentifier getSignatureAlgorithm()

Source Link

Usage

From source file:ca.nrc.cadc.cred.server.actions.DelegationAction.java

License:Open Source License

X509CertificateChain prepareCert(X509CertificateChain signCert) throws InvalidKeyException,
        NoSuchAlgorithmException, NoSuchProviderException, SignatureException, CertificateParsingException,
        CertificateEncodingException, CertificateExpiredException, CertificateNotYetValidException {
    log.debug("prepareCert - START");
    if (!(signCert.getPrivateKey() instanceof RSAKey)) {
        // TODO - Only RSA keys are supported. Generate a proxy cert
        // if this is not the case
        // This should probably be cached somehow
        if (daysValid == Float.MAX_VALUE) {
            daysValid = 30.0f;/*from  w ww  .j a  va  2  s .  co  m*/
        }
    }

    if (daysValid == Float.MAX_VALUE) {
        // return the stored certificate as it is
        log.debug("daysValid = " + daysValid + ", returning bare certificate");
        return signCert;
    } else {
        // return proxy certificate signed with the key of the
        // stored certificate

        try {

            // Add the Bouncy Castle JCE provider. This allows the CSR
            // classes to work. The BC implementation of PKCS#10 depends
            // on the ciphers in the BC provider.
            if (Security.getProvider("BC") == null) {
                Security.addProvider(new BouncyCastleProvider());
            }

            KeyPairGenerator keyPairGenerator = null;
            try {
                keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            } catch (NoSuchAlgorithmException ex) {
                ex.printStackTrace();
                throw new RuntimeException("The JCE doesn't do RSA! Game over.");
            }
            keyPairGenerator.initialize(CertUtil.DEFAULT_KEY_LENGTH);

            // generate the subject
            String subject = signCert.getChain()[0].getSubjectX500Principal().getName(X500Principal.CANONICAL);

            // generated the key pair
            KeyPair keys = keyPairGenerator.generateKeyPair();

            // generate the CSR
            PKCS10CertificationRequest csr = new PKCS10CertificationRequest(
                    CertUtil.DEFAULT_SIGNATURE_ALGORITHM, new X509Name(subject), keys.getPublic(), null,
                    keys.getPrivate(), "BC");
            log.debug("PKCS10CertificationRequest " + csr.getSignatureAlgorithm().toString());

            // sign the CSR
            X509Certificate newCert = CertUtil.generateCertificate(csr, Math.round(daysValid * 24 * 60 * 60),
                    signCert);

            // package and return
            X509Certificate[] certChain = new X509Certificate[signCert.getChain().length + 1];
            certChain[0] = newCert;
            System.arraycopy(signCert.getChain(), 0, certChain, 1, signCert.getChain().length);
            X509CertificateChain result = new X509CertificateChain(certChain, keys.getPrivate());
            result.setPrincipal(signCert.getPrincipal());

            return result;
        } finally {
            profiler.checkpoint("prepareCert");
        }
    }
}