List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:de.r2soft.empires.framework.security.CertificateUtil.java
License:Open Source License
public void generateCertificate(String username) throws OperatorCreationException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeySpecException, CertificateException, InvalidKeyException, SignatureException { X500Name name = new X500Name(username); // Generate RSA key pair /**/*from w w w . j a v a 2s . c o m*/ * Auto corrected changes. Do they break it? Please take a look at it :) */ AsymmetricCipherKeyPair keyPair = generateKeypair(); PublicKey publicKey = generatePublicKey((AsymmetricKeyParameter) keyPair.getPublic()); PrivateKey privateKey = generatePrivateKey(keyPair.getPrivate(), keyPair.getPublic()); // Generate usage time and serial number Date notBefore = TimeUtil.getTimeNow(); Date notAfter = TimeUtil.getTimeThen(CERTIFICATE_VALIDITY, 0, 0, 0); BigInteger serial = BigInteger.valueOf(TimeUtil.getTimeNow().getTime()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(name, serial, notBefore, notAfter, name, publicKey); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); // Verify success of creation cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); }
From source file:de.rub.nds.tlsattacker.tlsserver.KeyStoreGenerator.java
License:Apache License
private static X509Certificate signCertificate(String algorithm, X509v3CertificateBuilder builder, PrivateKey privateKey) throws OperatorCreationException, CertificateException { ContentSigner signer = new JcaContentSignerBuilder(algorithm).build(privateKey); return new JcaX509CertificateConverter().getCertificate(builder.build(signer)); }
From source file:dk.itst.oiosaml.security.SecurityHelper.java
License:Mozilla Public License
public static X509Certificate generateCertificate(Credential credential, String entityId) throws Exception { X500Name issuer = new X500Name("o=keymanager, ou=oiosaml-sp"); BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); Date notBefore = new Date(); Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L * 24L * 365L * 10L); X500Name subject = new X500Name("cn=" + entityId + ", ou=oiosaml-sp"); ByteArrayInputStream bIn = new ByteArrayInputStream(credential.getPublicKey().getEncoded()); SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(bIn).readObject()); X509v3CertificateBuilder gen = new X509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKeyInfo);//from w ww . j av a 2s . c om gen.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(credential.getPublicKey())); gen.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(credential.getPublicKey())); ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(credential.getPrivateKey()); X509CertificateHolder certificateHolder = gen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateHolder); return x509Certificate; }
From source file:dk.itst.oiosaml.sp.IntegrationTests.java
License:Mozilla Public License
private File generateCRL(X509Certificate cert) throws CRLException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, OperatorCreationException { X500Name issuer = new X500Name("CN=ca"); Date thisUpdate = new Date(); X509v2CRLBuilder gen = new X509v2CRLBuilder(issuer, thisUpdate); gen.setNextUpdate(new Date(System.currentTimeMillis() + 60000)); if (cert != null) { gen.addCRLEntry(cert.getSerialNumber(), new Date(System.currentTimeMillis() - 1000), CRLReason.keyCompromise); }/*ww w. j av a2 s .c o m*/ ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(credential.getPrivateKey()); X509CRLHolder crl = gen.build(sigGen); final File crlFile = File.createTempFile("test", "test"); crlFile.deleteOnExit(); FileOutputStream fos = new FileOutputStream(crlFile); IOUtils.write(crl.getEncoded(), fos); fos.close(); return crlFile; }
From source file:edu.vt.alerts.android.library.tasks.RegistrationTask.java
License:Apache License
private PKCS10CertificationRequest generateCSR(KeyPair keyPair) throws Exception { JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name("CN=edu.vt.alerts.mobile.android"), keyPair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder(CSR_SIGNER_ALGORITHM).setProvider(CSR_SIGNER_PROVIDER) .build(keyPair.getPrivate()); return builder.build(signer); }
From source file:ee.ria.xroad.common.util.CryptoUtils.java
License:Open Source License
/** * Creates a new content signer with specified algorithm and private key. * @param algorithm the algorithm//from w ww.j a v a2 s . c om * @param key the private key * @return a new content signer instance * @throws OperatorCreationException if the content signer cannot be created */ public static ContentSigner createContentSigner(String algorithm, PrivateKey key) throws OperatorCreationException { return new JcaContentSignerBuilder(algorithm).build(key); }
From source file:ee.ria.xroad.common.util.FISubjectClientIdDecoderTest.java
License:Open Source License
private X509Certificate generateSelfSignedCertificate(String dn, KeyPair pair) throws OperatorCreationException, CertificateException { ContentSigner signer = new JcaContentSignerBuilder(CryptoUtils.SHA256WITHRSA_ID).build(pair.getPrivate()); X500Name name = new X500Name(dn); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(name, BigInteger.ONE, new Date(), new Date(), name, pair.getPublic()); return new JcaX509CertificateConverter().getCertificate(builder.build(signer)); }
From source file:esteidhacker.FakeEstEIDCA.java
License:Open Source License
private X509Certificate makeRootCert(KeyPair kp) throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException { // Load real root certificate X509CertificateHolder real = getRealCert("/resources/sk-root.pem"); // Use values from real certificate // TODO/FIXME: GeneralizedTime instead of UTCTime for root JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(), kp.getPublic()); @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions verbatim for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); }/*from w ww . jav a 2 s . co m*/ // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate()); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(cert); }
From source file:esteidhacker.FakeEstEIDCA.java
License:Open Source License
private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root) throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException, IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException { // Load current root certificate X509CertificateHolder real = getRealCert("/resources/sk-esteid.pem"); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(), esteid.getPublic());/* w w w . ja va2 s . c o m*/ // Basic constraints @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = real.getExtensionOIDs(); // Copy all extensions for (ASN1ObjectIdentifier extoid : list) { Extension ext = real.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real); } // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate()); X509CertificateHolder cert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(cert); }
From source file:esteidhacker.FakeEstEIDCA.java
License:Open Source License
public X509Certificate cloneUserCertificate(RSAPublicKey pubkey, X509Certificate cert) throws OperatorCreationException, CertificateException, IOException { X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded()); // Clone everything JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(holder.getIssuer(), cert.getSerialNumber(), cert.getNotBefore(), cert.getNotAfter(), holder.getSubject(), pubkey); @SuppressWarnings("unchecked") List<ASN1ObjectIdentifier> list = holder.getExtensionOIDs(); // Copy all extensions for (ASN1ObjectIdentifier extoid : list) { Extension ext = holder.getExtension(extoid); builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), holder); }//from w w w. j a v a 2 s .c o m // Generate cert ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey); X509CertificateHolder newcert = builder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(newcert); }