List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static OCSPResp createOcspResp(X509Certificate certificate, boolean revoked, X509Certificate issuerCertificate, X509Certificate ocspResponderCertificate, PrivateKey ocspResponderPrivateKey, String signatureAlgorithm, List<X509Certificate> ocspResponderCertificateChain) throws Exception { // request/* w ww . ja va 2s . co m*/ OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCertificate), certificate.getSerialNumber()); ocspReqBuilder.addRequest(certId); OCSPReq ocspReq = ocspReqBuilder.build(); BasicOCSPRespBuilder basicOCSPRespBuilder = new JcaBasicOCSPRespBuilder( ocspResponderCertificate.getPublicKey(), digCalcProv.get(CertificateID.HASH_SHA1)); // request processing Req[] requestList = ocspReq.getRequestList(); for (Req ocspRequest : requestList) { CertificateID certificateID = ocspRequest.getCertID(); CertificateStatus certificateStatus; if (revoked) { certificateStatus = new RevokedStatus(new Date(), CRLReason.unspecified); } else { certificateStatus = CertificateStatus.GOOD; } basicOCSPRespBuilder.addResponse(certificateID, certificateStatus); } // basic response generation X509CertificateHolder[] chain; if (ocspResponderCertificateChain.isEmpty()) { chain = null; } else { chain = new X509CertificateHolder[ocspResponderCertificateChain.size()]; for (int idx = 0; idx < chain.length; idx++) { chain[idx] = new X509CertificateHolder(ocspResponderCertificateChain.get(idx).getEncoded()); } } ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").build(ocspResponderPrivateKey); BasicOCSPResp basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date()); // response generation OCSPRespBuilder ocspRespBuilder = new OCSPRespBuilder(); OCSPResp ocspResp = ocspRespBuilder.build(OCSPRespBuilder.SUCCESSFUL, basicOCSPResp); return ocspResp; }
From source file:beta01.CertSigningRequest.java
private void genaretKeyPairDsa() throws Exception { String signatureAlg = "SHA1withDSA"; KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "BC"); kpg.initialize(2048);//w w w.jav a2 s .c om KeyPair kp = kpg.genKeyPair(); X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); x500NameBuilder.addRDN(BCStyle.C, "ID"); x500NameBuilder.addRDN(BCStyle.CN, "Pizaini"); //x500NameBuilder.addRDN(BCStyle.O, "Institut Pertanian Bogor"); X500Name subject = x500NameBuilder.build(); PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic()); try { PKCS10CertificationRequest request = requestBuilder .build(new JcaContentSignerBuilder(signatureAlg).setProvider("BC").build(kp.getPrivate())); //verify signature if (request.isSignatureValid( new JcaContentVerifierProviderBuilder().setProvider("BC").build(kp.getPublic()))) { System.out.println(signatureAlg + ": PKCS#10 request verified."); //CSR Output ByteArrayOutputStream baos = new ByteArrayOutputStream(); //PemWriter pemWrtb = new PemWriter(new OutputStreamWriter(baos)); JcaPEMWriter jcaPem = new JcaPEMWriter(new OutputStreamWriter(baos)); jcaPem.writeObject(request); jcaPem.close(); try { File file = new File("D:\\CSR_" + kpg.getAlgorithm() + ".p10"); FileOutputStream fos = new FileOutputStream(file); baos.close(); fos.write(baos.toByteArray()); fos.flush(); fos.close(); } catch (IOException ex) { } //store Private Key p8 try { File file = new File("D:\\PrivateKey_" + kpg.getAlgorithm() + ".p8"); FileOutputStream fos = new FileOutputStream(file); fos.write(kp.getPrivate().getEncoded()); fos.flush(); fos.close(); System.out.println("Privated key stored as " + kp.getPrivate().getFormat()); } catch (IOException ex) { } //p12 /*KeyStore pkcs12 = KeyStore.getInstance("PKCS12", "BC"); pkcs12.load(null, null); //pkcs12.setCertificateEntry("r2oot", holderRoot); pkcs12.setKeyEntry("PIZAINI_ECDSA", kp.getPrivate(), null, null); char[] password = "pass".toCharArray(); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); pkcs12.store(bOut, password); ASN1InputStream asnInput = new ASN1InputStream(bOut.toByteArray()); bOut.reset(); DEROutputStream derOut = new DEROutputStream(bOut); derOut.writeObject(asnInput.readObject()); byte[] derFormat = bOut.toByteArray(); try{ File file = new File("D:\\Pizaini_ECDSA_Private.p12"); FileOutputStream fos = new FileOutputStream(file); bOut.close(); fos.write(derFormat); fos.flush(); fos.close(); }catch(IOException ex){ }*/ } else { System.out.println(signatureAlg + ": Failed verify check."); } } catch (OperatorCreationException | PKCSException ex) { } }
From source file:beta01.CreateCertByCsr.java
public CreateCertByCsr() throws Exception { //read p12//w w w. j ava 2s .co m KeyStore pkcs12Store = KeyStore.getInstance("PKCS12", "BC"); pkcs12Store.load(new FileInputStream("D:\\rootPrivateKey.p12"), "pass".toCharArray()); //read root key pair and certificate PrivateKey privateKey = null; PublicKey publicKey = null; X509Certificate rootCert = null; for (Enumeration en = pkcs12Store.aliases(); en.hasMoreElements();) { String alias = (String) en.nextElement(); if (pkcs12Store.isCertificateEntry(alias)) { rootCert = (X509Certificate) pkcs12Store.getCertificate(alias); Certificate cert = pkcs12Store.getCertificate(alias); publicKey = cert.getPublicKey(); } else if (pkcs12Store.isKeyEntry(alias)) { privateKey = (PrivateKey) pkcs12Store.getKey(alias, "pass".toCharArray()); } } //read CSR String fileName = "CSR_DSA"; FileReader fileReader = new FileReader("D:\\" + fileName + ".p10"); PemReader pemReader = new PemReader(fileReader); PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pemReader.readPemObject().getContent()); //create certf JcaX509CertificateHolder holder = new JcaX509CertificateHolder(rootCert); X509v3CertificateBuilder certBuilder; certBuilder = new X509v3CertificateBuilder(holder.getSubject(), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 7 * 24 * 60 * 60 * 1000), csr.getSubject(), csr.getSubjectPublicKeyInfo()); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); SignatureAlgorithmIdentifierFinder algFinder = new DefaultSignatureAlgorithmIdentifierFinder(); AlgorithmIdentifier sigAlg = algFinder.find("SHA512withRSA"); AlgorithmIdentifier digAlg = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlg); //RSAPrivateKey rsa = (RSAPrivateKey) privateKey; //AsymmetricCipherKeyPair ss =new AsymmetricCipherKeyPair // RSAKeyParameters rsaP = new RSAPrivateCrtKeyParameters(rsa.getModulus(), rsa.getPublicExponent(), // rsa.getPrivateExponent(), rsa., BigInteger.ONE, BigInteger.ONE, BigInteger.ONE, BigInteger.ONE); //ContentSigner signer = new BcRSAContentSignerBuilder(sigAlg, digAlg).build((AsymmetricKeyParameter) privateKey); // AsymmetricCipherKeyPair sd = new AsymmetricCipherKeyPair(null, null) ContentSigner signer = new JcaContentSignerBuilder("SHA512withRSA").setProvider("BC").build(privateKey); X509CertificateHolder holder2 = certBuilder.build(signer); new SimpleGenCert().converToPem(holder2, fileName); }
From source file:CAModulePackage.CertificateHelper.java
/** * This method generates a new X.509 Identity Certificate. * This should only really be used for generating a new certificate * for a part of this system (CA's Cert/AA's Cert). For a client, we would * have them generate and send over a Certificate Signing Request. * @param subjectKey - The soon-to-be-holder's Public Key * @param issuerKey - The singing entity's Private Key * @param issuer - Common Name of the signing entity * @param subject - Common Name of the subject (soon-to-be-holder) * @return - New X.509 Identity Certificate. * @throws OperatorCreationException /*from ww w . jav a 2 s . c o m*/ */ public static X509CertificateHolder generateCertificate(PublicKey subjectKey, PrivateKey issuerKey, String issuer, String subject) throws OperatorCreationException { //So I am unable to verify that the certificate is valid on my Mac, but the one's //generated by Amanda's app are also "untrusted" through terminal ssl... Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); //Chose to use the JcaBuilder because they use the public key not the PublicKeyInfo... //Although, looking at the specs, it doesn't look like the default publickeyinfo is too bad to make... //TODO: Consider switching to the normal certBuidler. JcaX509v3CertificateBuilder b = new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, new X500Name(subject), //I believe this field is incorrect TODO:Revise. subjectKey); X509CertificateHolder cert = b .build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerKey)); return cert; }
From source file:CAModulePackage.CertificateHelper.java
/** * Generate a new X.509 Certificate based on the input Certificate Signing * Request./*ww w . j a v a2 s . c om*/ * This is the primary method that should be used for granting a user * credentials on this system. * @param csr - Input Certificate Signing Request * @param issuer - Name of the Issuing Entity * @param issuerPriv - Private Key of the Issuing Entity. * @return X.509 Identity Certificate authenticating the user to this system */ public static X509CertificateHolder signCSR(PKCS10CertificationRequest csr, String issuer, PrivateKey issuerPriv) { Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); PublicKey pub = null; try { pub = KeyFactory.getInstance("RSA") .generatePublic(new X509EncodedKeySpec(csr.getSubjectPublicKeyInfo().getEncoded())); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(new X500Name(issuer), BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate, csr.getSubject(), pub); X509CertificateHolder newCert = null; try { newCert = builder.build( new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(issuerPriv)); } catch (OperatorCreationException e) { e.printStackTrace(); } return newCert; }
From source file:cdm.api.windows.util.CertificateSigningService.java
License:Open Source License
public static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest, PrivateKey privateKey, X509Certificate caCert) throws Exception { try {// w w w . j a v a 2s . co m X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(caCert, BigInteger.valueOf(new SecureRandom().nextInt(Integer.MAX_VALUE)), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=abimaran"), jcaRequest.getPublicKey()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey); X509Certificate theCert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateBuilder.build(signer)); LOGGER.info("Signed Certificate CN : " + theCert.getSubjectDN().getName()); LOGGER.info("Signed CSR's public key : " + theCert.getPublicKey()); return theCert; } catch (Exception e) { throw new Exception("Error in signing the certificate", e); } }
From source file:cn.ieclipse.pde.signer.util.BcpSigner.java
License:Apache License
/** Sign data and write the digital signature to 'out'. */ private static void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey, OutputStream out)//from www. j a v a 2s . co m throws IOException, CertificateEncodingException, OperatorCreationException, CMSException { ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(1); certList.add(publicKey); JcaCertStore certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(sBouncyCastleProvider) .build(privateKey); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(sBouncyCastleProvider).build()) .setDirectSignature(true).build(sha1Signer, publicKey)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(data, false); ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded()); DEROutputStream dos = new DEROutputStream(out); dos.writeObject(asn1.readObject()); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImpl.java
License:Apache License
private ContentSigner contentSigner(final PrivateKey privateKey) { try {/*ww w . j a v a 2 s. co m*/ return new JcaContentSignerBuilder(SHA512withRSA.name()).setProvider(BOUNCY_CASTLE) .setSecureRandom(strongSecureRandom()).build(privateKey); } catch (final OperatorCreationException ex) { throw new CertificateServiceException(ex); } }
From source file:com.aaasec.sigserv.cscommon.EntityKeyStore.java
License:EUPL
public X509Certificate generateV1Certificate(KeyPair pair) throws OperatorCreationException, IOException, CertificateException, KeyStoreException { BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Calendar startTime = Calendar.getInstance(); startTime.setTime(new Date()); startTime.add(Calendar.HOUR, -2); Calendar expiryTime = Calendar.getInstance(); expiryTime.setTime(new Date()); expiryTime.add(Calendar.YEAR, 10); Date notBefore = startTime.getTime(); Date notAfter = expiryTime.getTime(); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();/*from www . ja v a 2 s . c o m*/ // set the CA cert as trusted root X509Certificate[] chain = new X509Certificate[] { generateCertificate }; addToKeyStore(pair, chain, ROOT); String certStr = generateCertificate.toString(); return generateCertificate; }
From source file:com.aaasec.sigserv.cssigapp.KeyStoreFactory.java
License:EUPL
public X509Certificate generateV1Certificate(String subject, char[] ksPass, KeyStore keyStore) throws OperatorCreationException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { KeyPair pair = generateKeyPair(); BigInteger certSerial = BigInteger.valueOf(System.currentTimeMillis()); X500Name issuerDN = new X500Name("CN=" + subject); X500Name subjectDN = new X500Name("CN=" + subject); Date notBefore = new Date(System.currentTimeMillis() - 10000); Date notAfter = new Date(System.currentTimeMillis() + 10000); PublicKey pubKey = (pair.getPublic()); X509v1CertificateBuilder certGen = new JcaX509v1CertificateBuilder(issuerDN, certSerial, notBefore, notAfter, subjectDN, pubKey); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").build(pair.getPrivate()); byte[] encoded = certGen.build(signer).getEncoded(); CertificateFactory fact = CertificateFactory.getInstance("X.509"); InputStream is = new ByteArrayInputStream(encoded); X509Certificate generateCertificate = (X509Certificate) fact.generateCertificate(is); is.close();// w w w. j a va2 s.co m // set the CA cert as trusted root X509Certificate[] chain = new X509Certificate[] { generateCertificate }; addToKeyStore(pair, chain, K_NAME, keyStore, ksPass); String certStr = generateCertificate.toString(); return generateCertificate; }