List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:org.icgc.dcc.storage.client.ssl.ClientKeyTool.java
License:Open Source License
@SneakyThrows private Certificate createCertificate(KeyPair keyPair) { LocalDate today = LocalDate.now(); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(sr.nextInt(Integer.MAX_VALUE)), today.minusDays(1).toDate(), today.plusYears(3).toDate(), x500Name, keyPair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder(SHA256_WITH_RSA_ENCRYPTION).setProvider(BC) .build(keyPair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); return cert;//w ww . ja va 2 s. com }
From source file:org.iotivity.cloud.accountserver.resources.account.credprov.cert.GenerateCSR.java
License:Open Source License
/** * @return/* ww w . j a v a2s . c om*/ * @throws Exception */ public static byte[] generatePKCS10(String commonName, boolean falseKey) throws Exception { ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE); KeyPairGenerator g = KeyPairGenerator.getInstance(KEY_GENERATOR_ALGORITHM, CertificateConstants.SECURITY_PROVIDER); g.initialize(ecSpec, new SecureRandom()); KeyPair pair = g.generateKeyPair(); privateKey = pair.getPrivate(); publicKey = pair.getPublic(); pair = g.generateKeyPair(); privateKey1 = pair.getPrivate(); publicKey1 = pair.getPublic(); PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal(commonName), publicKey); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM); ContentSigner signer; if (falseKey) { signer = csBuilder.build(privateKey1); } else { signer = csBuilder.build(privateKey); } PKCS10CertificationRequest csr = p10Builder.build(signer); return csr.getEncoded(); }
From source file:org.italiangrid.voms.asn1.VOMSACGenerator.java
License:Apache License
private ContentSigner getSigner(EnumSet<ACGenerationProperties> properties) { if (signer == null) { JcaContentSignerBuilder builder = new JcaContentSignerBuilder( aaCredential.getCertificate().getSigAlgName()); builder.setProvider(BouncyCastleProvider.PROVIDER_NAME); try {//from w w w . j ava 2 s.co m if (properties.contains(ACGenerationProperties.FAKE_SIGNATURE_BITS)) signer = new RandomContentSigner(aaCredential.getCertificate().getSigAlgName()); else signer = builder.build(aaCredential.getKey()); } catch (OperatorCreationException e) { throw new VOMSError(e.getMessage(), e); } } return signer; }
From source file:org.jenkinsci.remoting.engine.HandlerLoopbackLoadStress.java
License:Open Source License
public HandlerLoopbackLoadStress(Config config) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException, KeyManagementException, OperatorCreationException { this.config = config; KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(2048); // maximum supported by JVM with export restrictions keyPair = gen.generateKeyPair();//from www .j a v a 2 s . c o m Date now = new Date(); Date firstDate = new Date(now.getTime() + TimeUnit.DAYS.toMillis(10)); Date lastDate = new Date(now.getTime() + TimeUnit.DAYS.toMillis(-10)); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(keyPair.getPublic().getEncoded()); X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); X500Name subject = nameBuilder.addRDN(BCStyle.CN, getClass().getSimpleName()).addRDN(BCStyle.C, "US") .build(); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(subject, BigInteger.ONE, firstDate, lastDate, subject, subjectPublicKeyInfo); JcaX509ExtensionUtils instance = new JcaX509ExtensionUtils(); certGen.addExtension(X509Extension.subjectKeyIdentifier, false, instance.createSubjectKeyIdentifier(subjectPublicKeyInfo)); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BOUNCY_CASTLE_PROVIDER) .build(keyPair.getPrivate()); certificate = new JcaX509CertificateConverter().setProvider(BOUNCY_CASTLE_PROVIDER) .getCertificate(certGen.build(signer)); char[] password = "password".toCharArray(); KeyStore store = KeyStore.getInstance("jks"); store.load(null, password); store.setKeyEntry("alias", keyPair.getPrivate(), password, new Certificate[] { certificate }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(store, password); context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), new TrustManager[] { new BlindTrustX509ExtendedTrustManager() }, null); mainHub = IOHub.create(executorService); // on windows there is a bug whereby you cannot mix ServerSockets and Sockets on the same selector acceptorHub = File.pathSeparatorChar == 59 ? IOHub.create(executorService) : mainHub; legacyHub = new NioChannelHub(executorService); executorService.submit(legacyHub); serverSocketChannel = ServerSocketChannel.open(); JnlpProtocolHandler handler = null; for (JnlpProtocolHandler h : new JnlpProtocolHandlerFactory(executorService).withNioChannelHub(legacyHub) .withIOHub(mainHub).withSSLContext(context).withPreferNonBlockingIO(!config.bio) .withClientDatabase(new JnlpClientDatabase() { @Override public boolean exists(String clientName) { return true; } @Override public String getSecretOf(@Nonnull String clientName) { return secretFor(clientName); } }).withSSLClientAuthRequired(false).handlers()) { if (config.name.equals(h.getName())) { handler = h; break; } } if (handler == null) { throw new RuntimeException("Unknown handler: " + config.name); } this.handler = handler; acceptor = new Acceptor(serverSocketChannel); runtimeMXBean = ManagementFactory.getRuntimeMXBean(); operatingSystemMXBean = ManagementFactory.getOperatingSystemMXBean(); _getProcessCpuTime = _getProcessCpuTime(operatingSystemMXBean); garbageCollectorMXBeans = new ArrayList<GarbageCollectorMXBean>( ManagementFactory.getGarbageCollectorMXBeans()); Collections.sort(garbageCollectorMXBeans, new Comparator<GarbageCollectorMXBean>() { @Override public int compare(GarbageCollectorMXBean o1, GarbageCollectorMXBean o2) { return o1.getName().compareTo(o2.getName()); } }); stats = new Stats(); }
From source file:org.jenkinsci.remoting.protocol.cert.X509CertificateRule.java
License:Open Source License
@Override public Statement apply(final Statement base, final Description description) { Skip skip = description.getAnnotation(Skip.class); if (skip != null && (skip.value().length == 0 || Arrays.asList(skip.value()).contains(id))) { return base; }//from w w w .ja v a 2s.c om return new Statement() { @Override public void evaluate() throws Throwable { Date now = new Date(); Date firstDate = new Date(now.getTime() + startDateOffsetMillis); Date lastDate = new Date(now.getTime() + endDateOffsetMillis); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(subjectKey.getPublic().getEncoded()); X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); if (id != null) { nameBuilder.addRDN(BCStyle.CN, id); } X500Name subject = nameBuilder.addRDN(BCStyle.CN, description.getDisplayName()) .addRDN(BCStyle.C, "US").build(); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(subject, BigInteger.ONE, firstDate, lastDate, subject, subjectPublicKeyInfo); JcaX509ExtensionUtils instance = new JcaX509ExtensionUtils(); certGen.addExtension(X509Extension.subjectKeyIdentifier, false, instance.createSubjectKeyIdentifier(subjectPublicKeyInfo)); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BOUNCY_CASTLE_PROVIDER).build(X509CertificateRule.this.signerKey.getPrivate()); certificate = new JcaX509CertificateConverter().setProvider(BOUNCY_CASTLE_PROVIDER) .getCertificate(certGen.build(signer)); try { base.evaluate(); } finally { certificate = null; } } }; }
From source file:org.jenkinsci.remoting.protocol.ProtocolStackLoopbackLoadStress.java
License:Open Source License
public ProtocolStackLoopbackLoadStress(boolean nio, boolean ssl) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException, KeyManagementException, OperatorCreationException { KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(2048); // maximum supported by JVM with export restrictions keyPair = gen.generateKeyPair();//w w w . ja v a 2s.co m Date now = new Date(); Date firstDate = new Date(now.getTime() + TimeUnit.DAYS.toMillis(10)); Date lastDate = new Date(now.getTime() + TimeUnit.DAYS.toMillis(-10)); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(keyPair.getPublic().getEncoded()); X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); X500Name subject = nameBuilder.addRDN(BCStyle.CN, getClass().getSimpleName()).addRDN(BCStyle.C, "US") .build(); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(subject, BigInteger.ONE, firstDate, lastDate, subject, subjectPublicKeyInfo); JcaX509ExtensionUtils instance = new JcaX509ExtensionUtils(); certGen.addExtension(X509Extension.subjectKeyIdentifier, false, instance.createSubjectKeyIdentifier(subjectPublicKeyInfo)); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BOUNCY_CASTLE_PROVIDER) .build(keyPair.getPrivate()); certificate = new JcaX509CertificateConverter().setProvider(BOUNCY_CASTLE_PROVIDER) .getCertificate(certGen.build(signer)); char[] password = "password".toCharArray(); KeyStore store = KeyStore.getInstance("jks"); store.load(null, password); store.setKeyEntry("alias", keyPair.getPrivate(), password, new Certificate[] { certificate }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(store, password); context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), new TrustManager[] { new PublicKeyMatchingX509ExtendedTrustManager(keyPair.getPublic()) }, null); hub = IOHub.create(executorService); serverSocketChannel = ServerSocketChannel.open(); acceptor = new Acceptor(serverSocketChannel, nio, ssl); }
From source file:org.jnotary.crypto.Signer.java
License:Open Source License
public byte[] sign(UserKeyStore myStorage, byte[] content, Parameters parameters) throws Exception { CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder(algorithm).setProvider("BC") .build(myStorage.getPrivateKey()); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, myStorage.getUserCertificate())); if (parameters.isAddSignerSertificate()) gen.addCertificates(myStorage.getCertStore()); CMSTypedData msg = new CMSProcessableByteArray(content); CMSSignedData sigData = gen.generate(msg, !parameters.isDetached()); return sigData.getEncoded(); }
From source file:org.jruby.ext.openssl.OCSPBasicResponse.java
License:Common Public License
@JRubyMethod(name = "sign", rest = true) public IRubyObject sign(final ThreadContext context, IRubyObject[] args) { Ruby runtime = context.getRuntime(); int flag = 0; IRubyObject additionalCerts = context.nil; IRubyObject flags = context.nil;/*from w w w. j a v a2s . c o m*/ IRubyObject digest = context.nil; Digest digestInstance = new Digest(runtime, _Digest(runtime)); List<X509CertificateHolder> addlCerts = new ArrayList<X509CertificateHolder>(); switch (Arity.checkArgumentCount(runtime, args, 2, 5)) { case 3: additionalCerts = args[2]; break; case 4: additionalCerts = args[2]; flags = args[3]; break; case 5: additionalCerts = args[2]; flags = args[3]; digest = args[4]; break; default: break; } if (digest.isNil()) digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") }); if (!flags.isNil()) flag = RubyFixnum.fix2int(flags); if (additionalCerts.isNil()) flag |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS)); X509Cert signer = (X509Cert) args[0]; PKey signerKey = (PKey) args[1]; String keyAlg = signerKey.getAlgorithm(); String digAlg = ((Digest) digest).getShortAlgorithm(); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg); signerBuilder.setProvider("BC"); ContentSigner contentSigner = null; try { contentSigner = signerBuilder.build(signerKey.getPrivateKey()); } catch (OperatorCreationException e) { throw newOCSPError(runtime, e); } BasicOCSPRespBuilder respBuilder = null; try { if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_RESPID_KEY))) != 0) { JcaDigestCalculatorProviderBuilder dcpb = new JcaDigestCalculatorProviderBuilder(); dcpb.setProvider("BC"); DigestCalculatorProvider dcp = dcpb.build(); DigestCalculator calculator = dcp.get(contentSigner.getAlgorithmIdentifier()); respBuilder = new BasicOCSPRespBuilder( SubjectPublicKeyInfo.getInstance(signerKey.getPublicKey().getEncoded()), calculator); } else { respBuilder = new BasicOCSPRespBuilder(new RespID(signer.getSubject().getX500Name())); } } catch (Exception e) { throw newOCSPError(runtime, e); } X509CertificateHolder[] chain = null; try { if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS))) == 0) { addlCerts.add(new X509CertificateHolder(signer.getAuxCert().getEncoded())); if (!additionalCerts.isNil()) { Iterator<java.security.cert.Certificate> rubyAddlCerts = ((RubyArray) additionalCerts) .iterator(); while (rubyAddlCerts.hasNext()) { java.security.cert.Certificate cert = rubyAddlCerts.next(); addlCerts.add(new X509CertificateHolder(cert.getEncoded())); } } chain = addlCerts.toArray(new X509CertificateHolder[addlCerts.size()]); } } catch (Exception e) { throw newOCSPError(runtime, e); } Date producedAt = null; if ((flag & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOTIME))) == 0) { producedAt = new Date(); } for (OCSPSingleResponse resp : singleResponses) { SingleResp singleResp = new SingleResp(resp.getBCSingleResp()); respBuilder.addResponse(singleResp.getCertID(), singleResp.getCertStatus(), singleResp.getThisUpdate(), singleResp.getNextUpdate(), resp.getBCSingleResp().getSingleExtensions()); } try { Extension[] respExtAry = new Extension[extensions.size()]; Extensions respExtensions = new Extensions(extensions.toArray(respExtAry)); BasicOCSPResp bcBasicOCSPResp = respBuilder.setResponseExtensions(respExtensions).build(contentSigner, chain, producedAt); asn1BCBasicOCSPResp = BasicOCSPResponse.getInstance(bcBasicOCSPResp.getEncoded()); } catch (Exception e) { throw newOCSPError(runtime, e); } return this; }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
@JRubyMethod(name = "sign", rest = true) public IRubyObject sign(final ThreadContext context, IRubyObject[] args) { final Ruby runtime = context.runtime; int flag = 0; IRubyObject additionalCerts = context.nil; IRubyObject flags = context.nil;//from www . j a va2s . c om IRubyObject digest = context.nil; Digest digestInstance = new Digest(runtime, _Digest(runtime)); IRubyObject nocerts = (RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCERTS); switch (Arity.checkArgumentCount(runtime, args, 2, 5)) { case 3: additionalCerts = args[2]; break; case 4: additionalCerts = args[2]; flags = args[3]; break; case 5: additionalCerts = args[2]; flags = args[3]; digest = args[4]; break; default: break; } if (digest.isNil()) digest = digestInstance.initialize(context, new IRubyObject[] { RubyString.newString(runtime, "SHA1") }); if (additionalCerts.isNil()) flag |= RubyFixnum.fix2int(nocerts); if (!flags.isNil()) flag = RubyFixnum.fix2int(flags); X509Cert signer = (X509Cert) args[0]; PKey signerKey = (PKey) args[1]; String keyAlg = signerKey.getAlgorithm(); String digAlg = ((Digest) digest).getShortAlgorithm(); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(digAlg + "with" + keyAlg); signerBuilder.setProvider("BC"); ContentSigner contentSigner = null; try { contentSigner = signerBuilder.build(signerKey.getPrivateKey()); } catch (OperatorCreationException e) { throw newOCSPError(runtime, e); } OCSPReqBuilder builder = new OCSPReqBuilder(); builder.setRequestorName(signer.getSubject().getX500Name()); for (OCSPCertificateId certId : certificateIds) { builder.addRequest(new CertificateID(certId.getCertID())); } List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>(); if (flag != RubyFixnum.fix2int(nocerts)) { try { certChain.add(new X509CertificateHolder(signer.getAuxCert().getEncoded())); if (!additionalCerts.isNil()) { Iterator<java.security.cert.Certificate> certIt = ((RubyArray) additionalCerts).iterator(); while (certIt.hasNext()) { certChain.add(new X509CertificateHolder(certIt.next().getEncoded())); } } } catch (Exception e) { throw newOCSPError(runtime, e); } } X509CertificateHolder[] chain = new X509CertificateHolder[certChain.size()]; certChain.toArray(chain); try { asn1bcReq = org.bouncycastle.asn1.ocsp.OCSPRequest .getInstance(builder.build(contentSigner, chain).getEncoded()); } catch (Exception e) { throw newOCSPError(runtime, e); } if (nonce != null) { addNonceImpl(); } return this; }
From source file:org.jscep.message.PkiMessageEncoder.java
License:Open Source License
private ContentSigner getContentSigner() throws OperatorCreationException { return new JcaContentSignerBuilder(signatureAlgorithm).build(signerKey); }