List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:org.apache.zookeeper.server.quorum.QuorumSSLTest.java
License:Apache License
@Before public void setup() throws Exception { quorumX509Util = new QuorumX509Util(); ClientBase.setupTestEnv();// w w w .ja v a 2 s.c o m tmpDir = createTmpDir().getAbsolutePath(); clientPortQp1 = PortAssignment.unique(); clientPortQp2 = PortAssignment.unique(); clientPortQp3 = PortAssignment.unique(); validKeystorePath = tmpDir + "/valid.jks"; truststorePath = tmpDir + "/truststore.jks"; quorumConfiguration = generateQuorumConfiguration(); Security.addProvider(new BouncyCastleProvider()); certStartTime = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(certStartTime); cal.add(Calendar.YEAR, 1); certEndTime = cal.getTime(); rootKeyPair = createKeyPair(); contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(rootKeyPair.getPrivate()); rootCertificate = createSelfSignedCertifcate(rootKeyPair); // Write the truststore KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, PASSWORD); trustStore.setCertificateEntry(rootCertificate.getSubjectDN().toString(), rootCertificate); FileOutputStream outputStream = new FileOutputStream(truststorePath); trustStore.store(outputStream, PASSWORD); outputStream.flush(); outputStream.close(); defaultKeyPair = createKeyPair(); X509Certificate validCertificate = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(), HOSTNAME, "127.0.0.1", null, null); writeKeystore(validCertificate, defaultKeyPair, validKeystorePath); setSSLSystemProperties(); }
From source file:org.apache.zookeeper.server.quorum.QuorumSSLTest.java
License:Apache License
public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey, String hostname, String ipAddress, String crlPath, Integer ocspPort) throws Exception { X509CertificateHolder holder = new JcaX509CertificateHolder(caCert); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey); List<GeneralName> generalNames = new ArrayList<>(); if (hostname != null) { generalNames.add(new GeneralName(GeneralName.dNSName, hostname)); }/*from w w w . j a v a 2 s .c o m*/ if (ipAddress != null) { generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress)); } SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory .createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic().getEncoded())); X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils(); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()), certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic()) .addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(holder)) .addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(entityKeyInfo)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(false)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); if (!generalNames.isEmpty()) { certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(generalNames.toArray(new GeneralName[] {}))); } if (crlPath != null) { DistributionPointName distPointOne = new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, "file://" + crlPath))); certificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[] { new DistributionPoint(distPointOne, null, null) })); } if (ocspPort != null) { certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess( X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort))); } return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(signer)); }
From source file:org.atteo.moonshine.webserver.crypto.Crypto.java
License:Apache License
public static void createSelfSignedCertificate(File keystore, String alias, String keystorePassword) { try {/*from w w w . ja v a2 s.co m*/ Provider bouncyCastleProvider = new BouncyCastleProvider(); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", bouncyCastleProvider); keyPairGenerator.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); // Generate self-signed certificate X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, "localhost"); X500Name name = nameBuilder.build(); Date notBefore = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date notAfter = new Date(System.currentTimeMillis() + 10 * 365 * 24 * 60 * 60 * 1000); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(name, serial, notBefore, notAfter, name, keyPair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption") .setProvider(bouncyCastleProvider).build(keyPair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { try (FileInputStream fis = new FileInputStream(keystore)) { store.load(fis, keystorePassword.toCharArray()); } } else { store.load(null); } store.setKeyEntry(alias, keyPair.getPrivate(), keystorePassword.toCharArray(), new Certificate[] { cert }); try (FileOutputStream fos = new FileOutputStream(keystore)) { store.store(fos, keystorePassword.toCharArray()); } } catch (NoSuchAlgorithmException | OperatorCreationException | CertificateException | InvalidKeyException | NoSuchProviderException | SignatureException | KeyStoreException | IOException e) { throw new RuntimeException(e); } }
From source file:org.bitrepository.protocol.security.BasicMessageSigner.java
License:Open Source License
/** * Sets the privateKeyEntry member and initializes the objects that's needed for signing messages. * @param privateKeyEntry the PrivatKeyEntry holding the private key and certificate needed for creating a signature. *//* w w w.jav a 2 s.co m*/ public void setPrivateKeyEntry(PrivateKeyEntry privateKeyEntry) { if (privateKeyEntry == null) { return; } this.privateKeyEntry = privateKeyEntry; try { sha512Signer = new JcaContentSignerBuilder(SecurityModuleConstants.SignatureType) .setProvider(SecurityModuleConstants.BC).build(privateKeyEntry.getPrivateKey()); builder = new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(SecurityModuleConstants.BC).build()); builder.setDirectSignature(true); } catch (OperatorCreationException e) { throw new RuntimeException(e.getMessage(), e); } }
From source file:org.candlepin.CRLBenchmark.java
License:Open Source License
@Setup(Level.Trial) public void buildMassiveCRL() throws Exception { X500Name issuer = new X500Name("CN=Test Issuer"); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(2048);//from ww w. ja va 2 s .c o m KeyPair keyPair = generator.generateKeyPair(); Provider bc = new BouncyCastleProvider(); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(bc) .build(keyPair.getPrivate()); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); /* With a CRL number of 127, incrementing it should cause the number of bytes in the length * portion of the TLV to increase by one.*/ crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); for (int i = 0; i < 2000000; i++) { crlBuilder.addCRLEntry(new BigInteger(String.valueOf(i)), new Date(), CRLReason.unspecified); } X509CRLHolder holder = crlBuilder.build(signer); X509CRL crl = new JcaX509CRLConverter().setProvider(bc).getCRL(holder); crlFile = File.createTempFile("crl", ".der"); System.out.println("\nWrote test crl to " + crlFile.getAbsolutePath()); FileUtils.writeByteArrayToFile(crlFile, crl.getEncoded()); }
From source file:org.candlepin.CRLWriteBenchmark.java
License:Open Source License
@Setup(Level.Trial) public void buildMassiveCRL() throws Exception { issuer = new X500Name("CN=Test Issuer"); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(2048);/*from w w w . jav a 2 s . com*/ KeyPair keyPair = generator.generateKeyPair(); bc = new BouncyCastleProvider(); signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(bc).build(keyPair.getPrivate()); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); /* With a CRL number of 127, incrementing it should cause the number of bytes in the length * portion of the TLV to increase by one.*/ crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); for (int i = 0; i < 2000000; i++) { crlBuilder.addCRLEntry(new BigInteger(String.valueOf(i)), new Date(), CRLReason.unspecified); } X509CRLHolder holder = crlBuilder.build(signer); X509CRL crl = new JcaX509CRLConverter().setProvider(bc).getCRL(holder); crlFile = File.createTempFile("crl", ".der"); System.out.println("\nWrote test crl to " + crlFile.getAbsolutePath()); FileUtils.writeByteArrayToFile(crlFile, crl.getEncoded()); }
From source file:org.candlepin.util.X509CRLEntryStreamTest.java
License:Open Source License
@Before public void setUp() throws Exception { URL url = X509CRLEntryStreamTest.class.getClassLoader().getResource("crl.der"); derFile = new File(url.getFile()); url = X509CRLEntryStreamTest.class.getClassLoader().getResource("crl.pem"); pemFile = new File(url.getFile()); issuer = new X500Name("CN=Test Issuer"); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(2048);/* ww w . j a va2 s . c om*/ keyPair = generator.generateKeyPair(); signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(keyPair.getPrivate()); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
License:Open Source License
@Before public void setUp() throws Exception { issuer = new X500Name("CN=Test Issuer"); generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(2048);// w w w . j av a 2 s.c om keyPair = generator.generateKeyPair(); signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(keyPair.getPrivate()); outfile = new File(folder.getRoot(), "new.crl"); Security.addProvider(BC); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
License:Open Source License
@Test public void testSignatureKeyChange() throws Exception { KeyPair differentKeyPair = generator.generateKeyPair(); ContentSigner otherSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(differentKeyPair.getPrivate()); X509v2CRLBuilder crlBuilder = createCRLBuilder(); X509CRLHolder holder = crlBuilder.build(otherSigner); File crlToChange = writeCRL(holder); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); stream.preScan(crlToChange).lock();//from w ww . j a v a2s.c om OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); // No SignatureException should be thrown readCRL(); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
License:Open Source License
@Test public void testSha1Signature() throws Exception { X509v2CRLBuilder crlBuilder = createCRLBuilder(); String signingAlg = "SHA1WithRSAEncryption"; ContentSigner sha1Signer = new JcaContentSignerBuilder(signingAlg).setProvider(BC) .build(keyPair.getPrivate()); X509CRLHolder holder = crlBuilder.build(sha1Signer); File crlToChange = writeCRL(holder); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); stream.add(new BigInteger("9000"), new Date(), 0); stream.preScan(crlToChange).lock();/*from w w w. j av a 2 s.co m*/ OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); expected.add(new BigInteger("9000")); assertEquals(expected, discoveredSerials); }