Example usage for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder

Introduction

In this page you can find the example usage for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder.

Prototype

public JcaContentSignerBuilder(String signatureAlgorithm) 

Source Link

Usage

From source file:net.solarnetwork.node.setup.test.DefaultSetupServiceTest.java

License:Open Source License

@Test
public void handleRenewCertificateInstruction() throws Exception {
    SetupIdentityInfo info = new SetupIdentityInfo(1L, TEST_CONF_VALUE, "localhost", 80, false, TEST_PW_VALUE);
    expect(setupIdentityDao.getSetupIdentityInfo()).andReturn(info).atLeastOnce();
    replayAll();/*from   w  w  w .j  a v  a2s  .c o  m*/
    keystoreService.saveCACertificate(CA_CERT);
    keystoreService.generateNodeSelfSignedCertificate(TEST_DN);
    String csr = keystoreService.generateNodePKCS10CertificateRequestString();

    X509Certificate originalCert;

    PemReader pemReader = new PemReader(new StringReader(csr));
    try {
        PemObject pem = pemReader.readPemObject();
        PKCS10CertificationRequest req = new PKCS10CertificationRequest(pem.getContent());
        originalCert = PKITestUtils.sign(req, CA_CERT, CA_KEY_PAIR.getPrivate());
        String signedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { originalCert });
        keystoreService.saveNodeSignedCertificate(signedPem);

        log.debug("Saved signed node certificate {}:\n{}", originalCert.getSerialNumber(), signedPem);

        assertThat("Generated CSR", csr, notNullValue());
    } finally {
        pemReader.close();
    }

    // now let's renew!
    KeyStore keyStore = loadKeyStore();
    PrivateKey nodeKey = (PrivateKey) keyStore.getKey("node", TEST_PW_VALUE.toCharArray());
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
    ContentSigner signer = signerBuilder.build(nodeKey);
    PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(
            JcaX500NameUtil.getSubject(originalCert),
            SubjectPublicKeyInfo.getInstance(originalCert.getPublicKey().getEncoded()));
    X509Certificate renewedCert = PKITestUtils.sign(builder.build(signer), CA_CERT, CA_KEY_PAIR.getPrivate());
    String renewedSignedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { renewedCert });

    BasicInstruction instr = new BasicInstruction(DefaultSetupService.INSTRUCTION_TOPIC_RENEW_CERTIFICATE,
            new Date(), "123", "456", new BasicInstructionStatus(456L, InstructionState.Received, new Date()));
    for (int i = 0; i < renewedSignedPem.length(); i += 256) {
        int end = i + (i + 256 < renewedSignedPem.length() ? 256 : renewedSignedPem.length() - i);
        instr.addParameter(DefaultSetupService.INSTRUCTION_PARAM_CERTIFICATE,
                renewedSignedPem.substring(i, end));
    }

    InstructionState state = service.processInstruction(instr);
    assertThat("Instruction state", state, equalTo(InstructionState.Completed));

    X509Certificate nodeCert = keystoreService.getNodeCertificate();
    assertThat("Node cert is now renewed cert", nodeCert, equalTo(renewedCert));
}

---

From source file:net.solarnetwork.node.setup.test.PKITestUtils.java

License:Open Source License

public static X509Certificate generateNewCACert(PublicKey publicKey, String subject, X509Certificate issuer,
        PrivateKey issuerKey, String caDN) throws Exception {
    final X500Name issuerDn = (issuer == null ? new X500Name(subject) : JcaX500NameUtil.getSubject(issuer));
    final X500Name subjectDn = new X500Name(subject);
    final BigInteger serial = getNextSerialNumber();
    final Date notBefore = new Date();
    final Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60L * 60L);
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerDn, serial, notBefore, notAfter,
            subjectDn, publicKey);/*from  ww  w  .  ja v  a  2s  .com*/

    // add "CA" extension
    BasicConstraints basicConstraints;
    if (issuer == null) {
        basicConstraints = new BasicConstraints(true);
    } else {
        int issuerPathLength = issuer.getBasicConstraints();
        basicConstraints = new BasicConstraints(issuerPathLength - 1);
    }
    builder.addExtension(X509Extension.basicConstraints, true, basicConstraints);

    // add subjectKeyIdentifier
    JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
    SubjectKeyIdentifier ski = utils.createSubjectKeyIdentifier(publicKey);
    builder.addExtension(X509Extension.subjectKeyIdentifier, false, ski);

    // add authorityKeyIdentifier
    GeneralNames issuerName = new GeneralNames(new GeneralName(GeneralName.directoryName, caDN));
    AuthorityKeyIdentifier aki = utils.createAuthorityKeyIdentifier(publicKey);
    aki = new AuthorityKeyIdentifier(aki.getKeyIdentifier(), issuerName, serial);
    builder.addExtension(X509Extension.authorityKeyIdentifier, false, aki);

    // add keyUsage
    X509KeyUsage keyUsage = new X509KeyUsage(X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature
            | X509KeyUsage.keyCertSign | X509KeyUsage.nonRepudiation);
    builder.addExtension(X509Extension.keyUsage, true, keyUsage);

    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
    ContentSigner signer = signerBuilder.build(issuerKey);

    X509CertificateHolder holder = builder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    return converter.getCertificate(holder);
}

---

From source file:net.solarnetwork.node.setup.test.PKITestUtils.java

License:Open Source License

public static X509Certificate sign(PKCS10CertificationRequest csr, X509Certificate issuer,
        PrivateKey issuerPrivateKey)
        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException,
        IOException, OperatorCreationException, CertificateException, java.security.cert.CertificateException {

    final BigInteger serial = getNextSerialNumber();
    final Date notBefore = new Date();
    final Date notAfter = new Date(System.currentTimeMillis() + 24L * 60L * 60L * 1000L);

    X500Name issuerName = JcaX500NameUtil.getSubject(issuer);
    X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(issuerName, serial,
            notBefore, notAfter, csr.getSubject(), csr.getSubjectPublicKeyInfo());

    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
    ContentSigner signer = signerBuilder.build(issuerPrivateKey);
    X509CertificateHolder holder = myCertificateGenerator.build(signer);

    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    return converter.getCertificate(holder);
}

---

From source file:net.solarnetwork.pki.bc.BCCertificateService.java

License:Open Source License

@Override
public X509Certificate generateCertificate(String dn, PublicKey publicKey, PrivateKey privateKey) {
    X500Principal issuer = new X500Principal(dn);
    Date now = new Date();
    Date expire = new Date(now.getTime() + (1000L * 60L * 60L * 24L * certificateExpireDays));
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer,
            new BigInteger(String.valueOf(counter.incrementAndGet())), now, expire, issuer, publicKey);
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
    ContentSigner signer;//from w  w  w  .  j  a  va2 s .  c  o  m
    try {
        signer = signerBuilder.build(privateKey);
    } catch (OperatorCreationException e) {
        throw new CertificateException("Error signing certificate", e);
    }
    X509CertificateHolder holder = builder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    try {
        return converter.getCertificate(holder);
    } catch (java.security.cert.CertificateException e) {
        throw new CertificateException("Error creating certificate", e);
    }
}

---

From source file:net.solarnetwork.pki.bc.BCCertificateService.java

License:Open Source License

@Override
public X509Certificate generateCertificationAuthorityCertificate(String dn, PublicKey publicKey,
        PrivateKey privateKey) {/*from w w  w  . jav a2  s . co  m*/
    X500Principal issuer = new X500Principal(dn);
    Date now = new Date();
    Date expire = new Date(now.getTime() + (1000L * 60L * 60L * 24L * authorityExpireDays));
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, new BigInteger("0"), now,
            expire, issuer, publicKey);
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
    DefaultDigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
    ContentSigner signer;
    try {
        DigestCalculatorProvider digestCalcProvider = new JcaDigestCalculatorProviderBuilder()
                .setProvider(new BouncyCastleProvider()).build();
        JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(
                digestCalcProvider.get(digestAlgFinder.find("SHA-256")));
        builder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
        builder.addExtension(X509Extension.subjectKeyIdentifier, false,
                extUtils.createSubjectKeyIdentifier(publicKey));
        builder.addExtension(X509Extension.keyUsage, true, new KeyUsage(
                KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyCertSign | KeyUsage.cRLSign));
        builder.addExtension(X509Extension.authorityKeyIdentifier, false,
                extUtils.createAuthorityKeyIdentifier(publicKey));

        signer = signerBuilder.build(privateKey);
    } catch (OperatorCreationException e) {
        log.error("Error generating CA certificate [{}]", dn, e);
        throw new CertificateException("Error signing CA certificate", e);
    } catch (CertIOException e) {
        log.error("Error generating CA certificate [{}]", dn, e);
        throw new CertificateException("Error signing CA certificate", e);
    }
    X509CertificateHolder holder = builder.build(signer);
    JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
    try {
        return converter.getCertificate(holder);
    } catch (java.security.cert.CertificateException e) {
        throw new CertificateException("Error creating certificate", e);
    }
}

---

From source file:net.solarnetwork.pki.bc.BCCertificateService.java

License:Open Source License

@Override
public X509Certificate signCertificate(String csrPEM, X509Certificate caCert, PrivateKey privateKey)
        throws CertificateException {
    if (!csrPEM.matches("(?is)^\\s*-----BEGIN.*")) {
        // let's throw in the guards
        csrPEM = "-----BEGIN CERTIFICATE REQUEST-----\n" + csrPEM + "\n-----END CERTIFICATE REQUEST-----\n";
    }//w ww.ja v  a2  s  .c  o  m
    PemReader reader = null;
    try {
        reader = new PemReader(new StringReader(csrPEM));
        PemObject pemObj = reader.readPemObject();
        log.debug("Parsed PEM type {}", pemObj.getType());
        PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pemObj.getContent());

        Date now = new Date();
        Date expire = new Date(now.getTime() + (1000L * 60L * 60L * 24L * certificateExpireDays));
        X509v3CertificateBuilder builder = new X509v3CertificateBuilder(JcaX500NameUtil.getIssuer(caCert),
                new BigInteger(String.valueOf(counter.incrementAndGet())), now, expire, csr.getSubject(),
                csr.getSubjectPublicKeyInfo());

        JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
        ContentSigner signer;
        DefaultDigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
        try {
            DigestCalculatorProvider digestCalcProvider = new JcaDigestCalculatorProviderBuilder()
                    .setProvider(new BouncyCastleProvider()).build();
            JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(
                    digestCalcProvider.get(digestAlgFinder.find("SHA-256")));
            builder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
            builder.addExtension(X509Extension.subjectKeyIdentifier, false,
                    extUtils.createSubjectKeyIdentifier(csr.getSubjectPublicKeyInfo()));
            builder.addExtension(X509Extension.authorityKeyIdentifier, false,
                    extUtils.createAuthorityKeyIdentifier(caCert));

            signer = signerBuilder.build(privateKey);
        } catch (OperatorException e) {
            log.error("Error signing CSR {}", csr.getSubject(), e);
            throw new CertificateException("Error signing CSR" + csr.getSubject() + ": " + e.getMessage());
        } catch (CertificateEncodingException e) {
            log.error("Error signing CSR {}", csr.getSubject().toString(), e);
            throw new CertificateException("Error signing CSR" + csr.getSubject() + ": " + e.getMessage());
        }

        X509CertificateHolder holder = builder.build(signer);
        JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
        try {
            return converter.getCertificate(holder);
        } catch (java.security.cert.CertificateException e) {
            throw new CertificateException("Error creating certificate", e);
        }
    } catch (IOException e) {
        throw new CertificateException("Error signing CSR", e);
    } finally {
        if (reader != null) {
            try {
                reader.close();
            } catch (IOException e2) {
                log.warn("IOException closing PemReader", e2);
            }
        }
    }
}

---

From source file:net.solarnetwork.pki.bc.BCCertificateService.java

License:Open Source License

@Override
public String generatePKCS10CertificateRequestString(X509Certificate cert, PrivateKey privateKey)
        throws CertificateException {
    X509CertificateHolder holder;//from   www .  j a  v  a 2 s . co  m
    try {
        holder = new JcaX509CertificateHolder(cert);
    } catch (CertificateEncodingException e) {
        throw new CertificateException("Error creating CSR", e);
    }
    PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(holder.getSubject(),
            holder.getSubjectPublicKeyInfo());
    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
    ContentSigner signer;
    try {
        signer = signerBuilder.build(privateKey);
    } catch (OperatorCreationException e) {
        throw new CertificateException("Error signing certificate request", e);
    }
    PKCS10CertificationRequest csr = builder.build(signer);
    StringWriter writer = new StringWriter();
    PemWriter pemWriter = new PemWriter(writer);
    try {
        pemWriter.writeObject(new PemObject("CERTIFICATE REQUEST", csr.getEncoded()));
    } catch (IOException e) {
        throw new CertificateException("Error signing certificate", e);
    } finally {
        try {
            pemWriter.flush();
            pemWriter.close();
            writer.close();
        } catch (IOException e) {
            // ignore this
        }
    }
    return writer.toString();
}

---

From source file:net.weta.components.communication.security.JavaKeystoreTest.java

License:EUPL

/**
 * @param keystore//from  ww w.j a v a  2s .co  m
 * @param alias
 * @throws Exception
 */
public static void generateKeyInKeyStore(File keystore, String alias) throws Exception {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    char[] password = "password".toCharArray();
    if (keystore.exists()) {
        ks.load(new FileInputStream(keystore), password);
    } else {
        ks.load(null, password);
    }

    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
    keyGen.initialize(1024, random);
    KeyPair pair = keyGen.generateKeyPair();

    // Generate self-signed certificate
    X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
    builder.addRDN(BCStyle.OU, "OU");
    builder.addRDN(BCStyle.O, "O");
    builder.addRDN(BCStyle.CN, "cn");

    Date notBefore = new Date(System.currentTimeMillis() - 360000 * 24);
    Date notAfter = new Date(System.currentTimeMillis() + 10 * 360000 * 365);
    BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());

    X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore,
            notAfter, builder.build(), pair.getPublic());
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC)
            .build(pair.getPrivate());
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
            .getCertificate(certGen.build(sigGen));

    PrivateKeyEntry entry = new PrivateKeyEntry(pair.getPrivate(),
            new java.security.cert.Certificate[] { cert });
    ks.setEntry(alias, entry, new KeyStore.PasswordProtection("password".toCharArray()));

    // Store away the keystore.
    FileOutputStream fos = new FileOutputStream(keystore.getAbsolutePath());
    ks.store(fos, password);
    fos.close();
}

---

From source file:no.difi.oxalis.as2.util.SMimeBC.java

License:EUPL

public static byte[] createSignature(byte[] digest, SMimeDigestMethod digestMethod, PrivateKey privateKey,
        X509Certificate certificate) throws OxalisSecurityException {
    try {/*from www . j  a va2 s  . c o  m*/
        ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
        signedAttributes.add(new Attribute(CMSAttributes.contentType, new DERSet(digestMethod.getOid())));
        signedAttributes
                .add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digest))));
        signedAttributes.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))));

        AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
        signedAttributesTable.toASN1EncodableVector();
        DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(
                signedAttributesTable);

        /* Build the SignerInfo generator builder, that will build the generator... that will generate the SignerInformation... */
        SignerInfoGeneratorBuilder signerInfoBuilder = new SignerInfoGeneratorBuilder(
                new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME)
                        .build());
        signerInfoBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
        CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
        JcaContentSignerBuilder contentSigner = new JcaContentSignerBuilder(digestMethod.getMethod())
                .setProvider(BouncyCastleProvider.PROVIDER_NAME);

        generator.addSignerInfoGenerator(signerInfoBuilder.build(contentSigner.build(privateKey),
                new X509CertificateHolder(certificate.getEncoded())));
        generator.addCertificates(new JcaCertStore(Collections.singletonList(certificate)));

        return generator.generate(new CMSAbsentContent()).getEncoded();
    } catch (CMSException | IOException | CertificateEncodingException | OperatorCreationException e) {
        throw new OxalisSecurityException(e.getMessage(), e);
    }
}

---

From source file:nu.yona.server.subscriptions.rest.AppleMobileConfigSigner.java

License:Mozilla Public License

private ContentSigner createContentSigner() {
    try {//  w w w.  j  ava2s . com
        return new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signerKey);
    } catch (OperatorCreationException e) {
        throw YonaException.unexpected(e);
    }

}

---

• «
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• »