List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:org.conscrypt.java.security.TestKeyStore.java
License:Apache License
private static OCSPResp generateOCSPResponse(PrivateKeyEntry server, PrivateKeyEntry issuer, CertificateStatus status) throws CertificateException { try {/*w w w . j a v a 2s . com*/ X509Certificate serverCertJca = (X509Certificate) server.getCertificate(); X509Certificate caCertJca = (X509Certificate) issuer.getCertificate(); X509CertificateHolder caCert = new JcaX509CertificateHolder(caCertJca); DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider(); BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder( SubjectPublicKeyInfo.getInstance(caCertJca.getPublicKey().getEncoded()), digCalcProv.get(CertificateID.HASH_SHA1)); CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), caCert, serverCertJca.getSerialNumber()); basicBuilder.addResponse(certId, status); BasicOCSPResp resp = basicBuilder.build( new JcaContentSignerBuilder("SHA256withRSA").build(issuer.getPrivateKey()), null, new Date()); OCSPRespBuilder builder = new OCSPRespBuilder(); return builder.build(OCSPRespBuilder.SUCCESSFUL, resp); } catch (Exception e) { throw new CertificateException("cannot generate OCSP response", e); } }
From source file:org.cryptable.pki.communication.PKICMPMessages.java
License:Open Source License
private byte[] createProtectedPKIMessage(PKIBody pkiBody) throws CMPException, OperatorCreationException, IOException, CertificateEncodingException, PKICMPMessageException { senderNonce = new byte[64]; pkiKeyStore.getSecureRandom().nextBytes(senderNonce); if (transactionId == null) { transactionId = new byte[64]; pkiKeyStore.getSecureRandom().nextBytes(transactionId); }// w w w . ja v a 2s . c o m ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSAEncryption") .setProvider(pkiKeyStore.getProvider()).build(pkiKeyStore.getSenderPrivateKey()); ProtectedPKIMessage message = new ProtectedPKIMessageBuilder( new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStore.getSenderCertificate())), new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStore.getRecipientCertificate()))) .setMessageTime(new Date()).setSenderNonce(senderNonce).setTransactionID(transactionId) .addCMPCertificate( new X509CertificateHolder(pkiKeyStore.getSenderCertificate().getEncoded())) .setBody(pkiBody).build(signer); return message.toASN1Structure().getEncoded(); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
private byte[] createProtectedPKIMessage(byte[] senderNonce, byte[] transactionId, PKIBody pkiBody) throws CMPException, OperatorCreationException, IOException, CertificateEncodingException, PKICMPMessageException {/*from ww w . ja va 2 s .c o m*/ byte[] recipientNonce = new byte[64]; pkiKeyStoreCA.getSecureRandom().nextBytes(recipientNonce); ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSAEncryption") .setProvider(pkiKeyStoreCA.getProvider()).build(pkiKeyStoreCA.getSenderPrivateKey()); ProtectedPKIMessage message = new ProtectedPKIMessageBuilder( new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStoreCA.getSenderCertificate())), new GeneralName(JcaX500NameUtil.getSubject(pkiKeyStoreCA.getRecipientCertificate()))) .setMessageTime(new Date()).setSenderNonce(recipientNonce).setRecipNonce(senderNonce) .setTransactionID(transactionId) .addCMPCertificate( new X509CertificateHolder(pkiKeyStoreCA.getSenderCertificate().getEncoded())) .setBody(pkiBody).build(signer); return message.toASN1Structure().getEncoded(); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate the CA's certificate/*from w ww .j a v a 2 s .c o m*/ * @throws OperatorCreationException * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createMasterCert(PublicKey pubKey, PrivateKey privKey) throws OperatorCreationException, NoSuchAlgorithmException, CertificateException, CertIOException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=Class 0 CA"), // Serial Number BigInteger.valueOf(1), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=Class 0 CA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(pubKey)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); BasicConstraints extBasicConstraints = new BasicConstraints(1); v3CertBuilder.addExtension(X509Extension.basicConstraints, true, extBasicConstraints); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate an intermediate certificate signed by our CA * @throws OperatorCreationException //from w w w . jav a2s. c o m * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createIntermediateCert(PublicKey pubKey, PrivateKey caPrivKey, X509Certificate caCert) throws OperatorCreationException, CertIOException, NoSuchAlgorithmException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(caPrivKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getSubject(caCert), // Serial Number BigInteger.valueOf(2), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=Class 0 SubCA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(caCert)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); v3CertBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(0)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a certificate signed by our CA's intermediate certficate * @throws OperatorCreationException //from www .jav a2s . c o m * @throws NoSuchAlgorithmException * @throws CertIOException * @throws CertificateException */ private static Certificate createRACert(PublicKey pubKey, PrivateKey caPrivKey, X509Certificate caCert) throws OperatorCreationException, CertIOException, NoSuchAlgorithmException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(caPrivKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getSubject(caCert), // Serial Number BigInteger.valueOf(2), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name("C=BE, O=Cryptable, OU=PKI Devision, CN=RA"), // Public key of the certificate pubKey); v3CertBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (new JcaX509ExtensionUtils()).createAuthorityKeyIdentifier(caCert)); v3CertBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (new JcaX509ExtensionUtils()).createSubjectKeyIdentifier(pubKey)); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a certificate signed by our CA's intermediate certficate * @throws OperatorCreationException/* w w w . j av a 2 s .c om*/ * @throws CertificateException */ private static Certificate createSelfSignedCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name new X500Name(distinguishedNmae), // Serial Number BigInteger.valueOf(new Random(100).nextLong()), // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a certificate signed by our CA's intermediate certficate * @throws OperatorCreationException/*from w ww. jav a 2s . c o m*/ * @throws CertificateException */ private static Certificate createCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey, X509Certificate caCert, BigInteger serNum) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getIssuer(caCert), // Serial Number serNum, // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate an expired certificate signed by our CA's intermediate certficate * @throws OperatorCreationException/*ww w. java 2s .c o m*/ * @throws CertificateException */ private static Certificate createExpiredCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey, X509Certificate caCert, BigInteger serNum) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getIssuer(caCert), // Serial Number serNum, // Not Before new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), // Not After new Date(System.currentTimeMillis() - (1000L * 60 * 60 * 24)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }
From source file:org.cryptable.pki.util.GeneratePKI.java
License:Open Source License
/** * we generate a not yet valid certificate signed by our CA's intermediate certficate * @throws OperatorCreationException/*from w ww .ja v a 2 s. c o m*/ * @throws CertificateException */ private static Certificate createNotYetValidCert(String distinguishedNmae, PublicKey pubKey, PrivateKey privKey, X509Certificate caCert, BigInteger serNum) throws OperatorCreationException, CertificateException { // Signer of the certificate ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(privKey); // Builder of the certificate X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( // signers name JcaX500NameUtil.getIssuer(caCert), // Serial Number serNum, // Not Before new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24), // Not After new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), // subjects name - the same as we are self signed. new X500Name(distinguishedNmae), // Public key of the certificate pubKey); return new JcaX509CertificateConverter().setProvider(BC).getCertificate(v3CertBuilder.build(sigGen)); }