List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder build
public ContentSigner build(PrivateKey privateKey) throws OperatorCreationException
From source file:org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAService.java
License:Open Source License
@Override public ExtendedCAServiceResponse extendedService(final CryptoToken cryptoToken, final ExtendedCAServiceRequest request) throws ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException { if (log.isTraceEnabled()) { log.trace(">extendedService"); }/*from ww w . ja va 2s. c o m*/ if (!(request instanceof CmsCAServiceRequest)) { throw new IllegalExtendedCAServiceRequestException(); } if (getStatus() != ExtendedCAServiceInfo.STATUS_ACTIVE) { final String msg = intres.getLocalizedMessage("caservice.notactive", "CMS"); log.error(msg); throw new ExtendedCAServiceNotActiveException(msg); } ExtendedCAServiceResponse returnval = null; final X509Certificate signerCert = (X509Certificate) certificatechain.get(0); final CmsCAServiceRequest serviceReq = (CmsCAServiceRequest) request; // Create the signed data final CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator(); try { byte[] resp = serviceReq.getDoc(); // Add our signer info and sign the message if ((serviceReq.getMode() & CmsCAServiceRequest.MODE_SIGN) != 0) { final List<X509Certificate> x509CertChain = new ArrayList<X509Certificate>(); for (Certificate certificate : certificatechain) { x509CertChain.add((X509Certificate) certificate); } gen1.addCertificates(new CollectionStore(CertTools.convertToX509CertificateHolder(x509CertChain))); JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME); JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder( calculatorProviderBuilder.build()); ASN1ObjectIdentifier oid = AlgorithmTools .getSignAlgOidFromDigestAndKey(CMSSignedGenerator.DIGEST_SHA1, privKey.getAlgorithm()); String signatureAlgorithmName = AlgorithmTools.getAlgorithmNameFromOID(oid); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithmName) .setProvider(BouncyCastleProvider.PROVIDER_NAME); ContentSigner contentSigner = signerBuilder.build(privKey); gen1.addSignerInfoGenerator(builder.build(contentSigner, signerCert)); final CMSTypedData msg = new CMSProcessableByteArray(resp); final CMSSignedData s = gen1.generate(msg, true); resp = s.getEncoded(); } if ((serviceReq.getMode() & CmsCAServiceRequest.MODE_ENCRYPT) != 0) { CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(getCMSCertificate()) .setProvider(BouncyCastleProvider.PROVIDER_NAME)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( PKCSObjectIdentifiers.des_EDE3_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); CMSEnvelopedData ed = edGen.generate(new CMSProcessableByteArray(resp), jceCMSContentEncryptorBuilder.build()); resp = ed.getEncoded(); } if ((serviceReq.getMode() & CmsCAServiceRequest.MODE_DECRYPT) != 0) { final CMSEnvelopedData ed = new CMSEnvelopedData(resp); final RecipientInformationStore recipients = ed.getRecipientInfos(); final X500Name issuer = X500Name .getInstance(getCMSCertificate().getIssuerX500Principal().getEncoded()); final KeyTransRecipientId id = new KeyTransRecipientId(issuer, getCMSCertificate().getSerialNumber()); final RecipientInformation recipient = recipients.get(id); if (recipient != null) { JceKeyTransEnvelopedRecipient rec = new JceKeyTransEnvelopedRecipient(this.privKey); // Provider for decrypting the symmetric key rec.setContentProvider(BouncyCastleProvider.PROVIDER_NAME); rec.setProvider(cryptoToken.getSignProviderName()); // We can use a different provider for decrypting the content, for example of we used a PKCS#11 provider above we could use the BC provider below resp = recipient.getContent(rec); } } returnval = new CmsCAServiceResponse(resp); } catch (CMSException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } catch (IOException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } catch (OperatorCreationException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } catch (CertificateEncodingException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } if (log.isTraceEnabled()) { log.trace("<extendedService"); } return returnval; }
From source file:org.hyperledger.fabric.sdk.security.CryptoPrimitives.java
License:Open Source License
/** * generateCertificationRequest/*from w ww.ja va 2 s .c o m*/ * * @param subject The subject to be added to the certificate * @param pair Public private key pair * @return PKCS10CertificationRequest Certificate Signing Request. * @throws OperatorCreationException */ public PKCS10CertificationRequest generateCertificationRequest(String subject, KeyPair pair) throws OperatorCreationException { PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal("CN=" + subject), pair.getPublic()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withECDSA"); // csBuilder.setProvider("EC"); ContentSigner signer = csBuilder.build(pair.getPrivate()); return p10Builder.build(signer); }
From source file:org.iotivity.cloud.accountserver.resources.account.credprov.cert.GenerateCSR.java
License:Open Source License
/** * @return// www . j ava2 s.c o m * @throws Exception */ public static byte[] generatePKCS10(String commonName, boolean falseKey) throws Exception { ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE); KeyPairGenerator g = KeyPairGenerator.getInstance(KEY_GENERATOR_ALGORITHM, CertificateConstants.SECURITY_PROVIDER); g.initialize(ecSpec, new SecureRandom()); KeyPair pair = g.generateKeyPair(); privateKey = pair.getPrivate(); publicKey = pair.getPublic(); pair = g.generateKeyPair(); privateKey1 = pair.getPrivate(); publicKey1 = pair.getPublic(); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal(commonName), publicKey); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM); ContentSigner signer; if (falseKey) { signer = csBuilder.build(privateKey1); } else { signer = csBuilder.build(privateKey); } PKCS10CertificationRequest csr = p10Builder.build(signer); return csr.getEncoded(); }
From source file:org.italiangrid.voms.asn1.VOMSACGenerator.java
License:Apache License
private ContentSigner getSigner(EnumSet<ACGenerationProperties> properties) { if (signer == null) { JcaContentSignerBuilder builder = new JcaContentSignerBuilder( aaCredential.getCertificate().getSigAlgName()); builder.setProvider(BouncyCastleProvider.PROVIDER_NAME); try {//w w w .j a v a 2 s . c om if (properties.contains(ACGenerationProperties.FAKE_SIGNATURE_BITS)) signer = new RandomContentSigner(aaCredential.getCertificate().getSigAlgName()); else signer = builder.build(aaCredential.getKey()); } catch (OperatorCreationException e) { throw new VOMSError(e.getMessage(), e); } } return signer; }
From source file:org.jruby.ext.openssl.OCSPBasicResponse.java
License:Common Public License
@JRubyMethod(name = "sign", rest = true) public IRubyObject sign(final ThreadContext context, IRubyObject[] args) { Ruby runtime = context.getRuntime(); int flag = 0; IRubyObject additionalCerts = context.nil; IRubyObject flags = context.nil;/* w ww. jav a 2 s . c om*/ IRubyObject digest = context.nil; Digest digestInstance = new Digest(runtime, _Digest(runtime)); List<X509CertificateHolder> addlCerts = new ArrayList<X509CertificateHolder>(); switch (Arity.checkArgumentCount(runtime, args, 2, 5)) { case 3: additionalCerts = args[2]; break; case 4: additionalCerts = args[2]; flags = args[3]; break; case 5: additionalCerts = args[2]; flags = args[3]; digest = args[4]; break; default: break; } if (digest.isNil()) digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") }); if (!flags.isNil()) flag = RubyFixnum.fix2int(flags); if (additionalCerts.isNil()) flag |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS)); X509Cert signer = (X509Cert) args[0]; PKey signerKey = (PKey) args[1]; String keyAlg = signerKey.getAlgorithm(); String digAlg = ((Digest) digest).getShortAlgorithm(); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg); signerBuilder.setProvider("BC"); ContentSigner contentSigner = null; try { contentSigner = signerBuilder.build(signerKey.getPrivateKey()); } catch (OperatorCreationException e) { throw newOCSPError(runtime, e); } BasicOCSPRespBuilder respBuilder = null; try { if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_RESPID_KEY))) != 0) { JcaDigestCalculatorProviderBuilder dcpb = new JcaDigestCalculatorProviderBuilder(); dcpb.setProvider("BC"); DigestCalculatorProvider dcp = dcpb.build(); DigestCalculator calculator = dcp.get(contentSigner.getAlgorithmIdentifier()); respBuilder = new BasicOCSPRespBuilder( SubjectPublicKeyInfo.getInstance(signerKey.getPublicKey().getEncoded()), calculator); } else { respBuilder = new BasicOCSPRespBuilder(new RespID(signer.getSubject().getX500Name())); } } catch (Exception e) { throw newOCSPError(runtime, e); } X509CertificateHolder[] chain = null; try { if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS))) == 0) { addlCerts.add(new X509CertificateHolder(signer.getAuxCert().getEncoded())); if (!additionalCerts.isNil()) { Iterator<java.security.cert.Certificate> rubyAddlCerts = ((RubyArray) additionalCerts) .iterator(); while (rubyAddlCerts.hasNext()) { java.security.cert.Certificate cert = rubyAddlCerts.next(); addlCerts.add(new X509CertificateHolder(cert.getEncoded())); } } chain = addlCerts.toArray(new X509CertificateHolder[addlCerts.size()]); } } catch (Exception e) { throw newOCSPError(runtime, e); } Date producedAt = null; if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOTIME))) == 0) { producedAt = new Date(); } for (OCSPSingleResponse resp : singleResponses) { SingleResp singleResp = new SingleResp(resp.getBCSingleResp()); respBuilder.addResponse(singleResp.getCertID(), singleResp.getCertStatus(), singleResp.getThisUpdate(), singleResp.getNextUpdate(), resp.getBCSingleResp().getSingleExtensions()); } try { Extension[] respExtAry = new Extension[extensions.size()]; Extensions respExtensions = new Extensions(extensions.toArray(respExtAry)); BasicOCSPResp bcBasicOCSPResp = respBuilder.setResponseExtensions(respExtensions).build(contentSigner, chain, producedAt); asn1BCBasicOCSPResp = BasicOCSPResponse.getInstance(bcBasicOCSPResp.getEncoded()); } catch (Exception e) { throw newOCSPError(runtime, e); } return this; }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
@JRubyMethod(name = "sign", rest = true) public IRubyObject sign(final ThreadContext context, IRubyObject[] args) { final Ruby runtime = context.runtime; int flag = 0; IRubyObject additionalCerts = context.nil; IRubyObject flags = context.nil;/* w w w . ja va2 s. c o m*/ IRubyObject digest = context.nil; Digest digestInstance = new Digest(runtime, _Digest(runtime)); IRubyObject nocerts = (RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS); switch (Arity.checkArgumentCount(runtime, args, 2, 5)) { case 3: additionalCerts = args[2]; break; case 4: additionalCerts = args[2]; flags = args[3]; break; case 5: additionalCerts = args[2]; flags = args[3]; digest = args[4]; break; default: break; } if (digest.isNil()) digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") }); if (additionalCerts.isNil()) flag |= RubyFixnum.fix2int(nocerts); if (!flags.isNil()) flag = RubyFixnum.fix2int(flags); X509Cert signer = (X509Cert) args[0]; PKey signerKey = (PKey) args[1]; String keyAlg = signerKey.getAlgorithm(); String digAlg = ((Digest) digest).getShortAlgorithm(); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg); signerBuilder.setProvider("BC"); ContentSigner contentSigner = null; try { contentSigner = signerBuilder.build(signerKey.getPrivateKey()); } catch (OperatorCreationException e) { throw newOCSPError(runtime, e); } OCSPReqBuilder builder = new OCSPReqBuilder(); builder.setRequestorName(signer.getSubject().getX500Name()); for (OCSPCertificateId certId : certificateIds) { builder.addRequest(new CertificateID(certId.getCertID())); } List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>(); if (flag != RubyFixnum.fix2int(nocerts)) { try { certChain.add(new X509CertificateHolder(signer.getAuxCert().getEncoded())); if (!additionalCerts.isNil()) { Iterator<java.security.cert.Certificate> certIt = ((RubyArray) additionalCerts).iterator(); while (certIt.hasNext()) { certChain.add(new X509CertificateHolder(certIt.next().getEncoded())); } } } catch (Exception e) { throw newOCSPError(runtime, e); } } X509CertificateHolder[] chain = new X509CertificateHolder[certChain.size()]; certChain.toArray(chain); try { asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest .getInstance(builder.build(contentSigner, chain).getEncoded()); } catch (Exception e) { throw newOCSPError(runtime, e); } if (nonce != null) { addNonceImpl(); } return this; }
From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java
License:Apache License
protected PKCS10CertificationRequest generateCertificateRequest() throws IOException, OperatorCreationException, NoSuchAlgorithmException { PublicKey publicKey = loadPublicKey(); PrivateKey privateKey = loadPrivateKey(); final X500Name name = createSubjectNameBuilder(); JcaPKCS10CertificationRequestBuilder certReqBuilder = new JcaPKCS10CertificationRequestBuilder(name, publicKey);/*from w w w.j a v a 2 s . c o m*/ List<Extension> extensionList = createExtensions(publicKey, null); Extensions extensions = new Extensions(extensionList.toArray(new Extension[extensionList.size()])); certReqBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); final String signatureAlgorithm = getProperty(PROPERTY_CSR_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(signatureAlgorithm); ContentSigner signer = csBuilder.build(privateKey); return certReqBuilder.build(signer); }
From source file:org.opendaylight.snbi.southplugin.CertificateMgmt.java
License:Open Source License
public static PKCS10CertificationRequest generateCSRRequest(String name, KeyPair pair) throws Exception { X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); // builder.addRDN(BCStyle.C, defaults.get("COUNTRY")); // builder.addRDN(BCStyle.O, defaults.get("ORGANIZATION")); // builder.addRDN(BCStyle.ST, defaults.get("STATE")); // builder.addRDN(BCStyle.T, defaults.get("TITLE")); builder.addRDN(BCStyle.SN, BigInteger.valueOf(System.currentTimeMillis()).toString()); builder.addRDN(BCStyle.CN, name);/*w w w . j av a 2 s.com*/ PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(builder.build(), pair.getPublic()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder( CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()); ContentSigner signer = csBuilder.build(pair.getPrivate()); PKCS10CertificationRequest csr = p10Builder.build(signer); return csr; }
From source file:org.opendaylight.snbi.southplugin.SNBICAInterfaces.java
License:Open Source License
public PKCS10CertificationRequest generateCSRRequest(String... arguments) { X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.CN, arguments[0]); // common name, is the Device ID builder.addRDN(BCStyle.OU, arguments[1]); // organisational unit is the Domain ID builder.addRDN(BCStyle.SN, arguments[2]); // serial number of the SubjectDN not the certificate Serial Number. // other defaults // builder.addRDN(BCStyle.C, CertificateMgmt.defaults.get("COUNTRY")); //builder.addRDN(BCStyle.ST, CertificateMgmt.defaults.get("STATE")); // builder.addRDN(BCStyle.T, CertificateMgmt.defaults.get("TITLE")); //generate key pair KeyPair keyPair = KeyPairMgmt.generateKeyPair(CertManagerConstants.ALGORITHM.RSA); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder( CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()); ContentSigner signer = null;//from ww w .jav a2 s . c om try { signer = csBuilder.build(keyPair.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(builder.build(), keyPair.getPublic()); PKCS10CertificationRequest csr = p10Builder.build(signer); return csr; }
From source file:org.openremote.security.provider.BouncyCastleKeySigner.java
License:Open Source License
/** * Creates a BouncyCastle content signer that we can use to sign the X.509 certificate * information./*from www. j a v a2 s .c om*/ * * @param config * configuration instance containing the signature algorithm and the private * singing key used in signing the public key * * @return * BouncyCastle content signer instance * * @throws SigningException * if building the BouncyCastle content signer instance fails */ private ContentSigner createContentSigner(Configuration config) throws SigningException { // BouncyCastle API to create a content signer for the certificate... JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder( config.getSignatureAlgorithm().toString()); // Explicitly set the security provider as BouncyCastle. The BC provider is dynamically // loaded into the JVM if necessary... contentSignerBuilder.setProvider(SecurityProvider.BC.getProviderInstance()); // Sign the public key... try { return contentSignerBuilder.build(config.getPrivateSigningKey()); } catch (OperatorCreationException exception) { throw new SigningException("Unable to sign the certificate with the given private key : {0}", exception, exception.getMessage()); } }