List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:org.jscep.server.ScepServlet.java
License:Open Source License
private void doGetNextCaCert(final HttpServletRequest req, final HttpServletResponse res) throws Exception { res.setHeader("Content-Type", "application/x-x509-next-ca-cert"); List<X509Certificate> certs = getNextCaCertificate(req.getParameter(MSG_PARAM)); if (certs.size() == 0) { res.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, "GetNextCACert Not Supported"); } else {/* www .j a v a2s . co m*/ CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); JcaCertStore store; try { store = new JcaCertStore(certs); } catch (CertificateEncodingException e) { IOException ioe = new IOException(); ioe.initCause(e); throw ioe; } generator.addCertificates(store); DigestCalculatorProvider digestProvider = new JcaDigestCalculatorProviderBuilder().build(); SignerInfoGeneratorBuilder infoGenBuilder = new SignerInfoGeneratorBuilder(digestProvider); X509CertificateHolder certHolder = new X509CertificateHolder(getRecipient().getEncoded()); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").build(getRecipientKey()); SignerInfoGenerator infoGen = infoGenBuilder.build(contentSigner, certHolder); generator.addSignerInfoGenerator(infoGen); CMSSignedData degenerateSd = generator.generate(new CMSAbsentContent()); byte[] bytes = degenerateSd.getEncoded(); res.getOutputStream().write(bytes); res.getOutputStream().close(); } }
From source file:org.keycloak.common.util.CertificateUtils.java
License:Apache License
/** * Generates version 3 {@link java.security.cert.X509Certificate}. * * @param keyPair the key pair/*from w w w . j a va 2 s . c o m*/ * @param caPrivateKey the CA private key * @param caCert the CA certificate * @param subject the subject name * * @return the x509 certificate * * @throws Exception the exception */ public static X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey caPrivateKey, X509Certificate caCert, String subject) throws Exception { try { X500Name subjectDN = new X500Name("CN=" + subject); // Serial Number SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); BigInteger serialNumber = BigInteger.valueOf(Math.abs(random.nextInt())); // Validity Date notBefore = new Date(System.currentTimeMillis()); Date notAfter = new Date(System.currentTimeMillis() + (((1000L * 60 * 60 * 24 * 30)) * 12) * 3); // SubjectPublicKeyInfo SubjectPublicKeyInfo subjPubKeyInfo = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(keyPair.getPublic().getEncoded())); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder( new X500Name(caCert.getSubjectDN().getName()), serialNumber, notBefore, notAfter, subjectDN, subjPubKeyInfo); DigestCalculator digCalc = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); // Subject Key Identifier certGen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(subjPubKeyInfo)); // Authority Key Identifier certGen.addExtension(Extension.authorityKeyIdentifier, false, x509ExtensionUtils.createAuthorityKeyIdentifier(subjPubKeyInfo)); // Key Usage certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); // Extended Key Usage KeyPurposeId[] EKU = new KeyPurposeId[2]; EKU[0] = KeyPurposeId.id_kp_emailProtection; EKU[1] = KeyPurposeId.id_kp_serverAuth; certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU)); // Basic Constraints certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); // Content Signer ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC") .build(caPrivateKey); // Certificate return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen)); } catch (Exception e) { throw new RuntimeException("Error creating X509v3Certificate.", e); } }
From source file:org.kse.crypto.x509.X509CertificateGenerator.java
License:Open Source License
private X509Certificate generateVersion1(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber) throws CryptoException { Date notBefore = validityStart == null ? new Date() : validityStart; Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;/* ww w . j a v a 2s . c om*/ JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); try { ContentSigner certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC") .build(privateKey); return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certBuilder.build(certSigner)); } catch (CertificateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (IllegalStateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:org.kse.crypto.x509.X509CertificateGenerator.java
License:Open Source License
private X509Certificate generateVersion3(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber, X509Extension extensions, Provider provider) throws CryptoException, CertIOException { Date notBefore = validityStart == null ? new Date() : validityStart; Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;//from w w w. ja v a2s . c o m JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey); if (extensions != null) { for (String oid : extensions.getCriticalExtensionOIDs()) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), true, getExtensionValue(extensions, oid)); } for (String oid : extensions.getNonCriticalExtensionOIDs()) { certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, getExtensionValue(extensions, oid)); } } try { ContentSigner certSigner = null; if (provider == null) { certSigner = new JcaContentSignerBuilder(signatureType.jce()).build(privateKey); } else { certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider) .build(privateKey); } return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certBuilder.build(certSigner)); } catch (CertificateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (IllegalStateException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } catch (OperatorCreationException ex) { throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex); } }
From source file:org.kse.gui.dialogs.DViewPem.java
License:Open Source License
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName()); java.awt.EventQueue.invokeLater(new Runnable() { @Override/*from ww w . ja va2s .c om*/ public void run() { try { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); KeyPair keyPair = keyGen.genKeyPair(); JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name("cn=test"), keyPair.getPublic()); PKCS10CertificationRequest csr = csrBuilder.build(new JcaContentSignerBuilder("SHA256withRSA") .setProvider("BC").build(keyPair.getPrivate())); DViewPem dialog = new DViewPem(new javax.swing.JFrame(), "Title", csr); dialog.addWindowListener(new java.awt.event.WindowAdapter() { @Override public void windowClosing(java.awt.event.WindowEvent e) { System.exit(0); } }); dialog.setVisible(true); } catch (Exception e) { e.printStackTrace(); } } }); }
From source file:org.metaeffekt.dcc.agent.AuthenticationKeyGenerator.java
License:Apache License
private X509Certificate generateCertificate(KeyPair key, String certificateCN, Date begin, Date end) throws GeneralSecurityException, IOException, OperatorException { final X500NameBuilder nameBuilder = new X500NameBuilder(); nameBuilder.addRDN(BCStyle.CN, certificateCN); final X500Name name = nameBuilder.build(); final JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(name, new BigInteger(String.valueOf(random.nextInt())), begin, end, name, key.getPublic()); certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(key.getPublic())); final X509CertificateHolder certificateHolder = certBuilder .build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(key.getPrivate())); final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateHolder); return certificate; }
From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java
License:Apache License
private X509Certificate generateCertificate() throws GeneralSecurityException, IOException, OperatorException { String issuerComponentName = getIssuerComponentName(); // determine signer; per default issuer is signer (issuer can be subject --> self-signed) String signerComponentName = getSignerComponentName(issuerComponentName); if (signerComponentName.equals(componentName)) { // self-signed certs is not our goal if (BOOLEAN_STRING_FALSE.equals(getProperty(PROPERTY_CERT_SELFSIGNED, BOOLEAN_STRING_FALSE))) { return null; }/* ww w. ja v a 2s .co m*/ } PublicKey publicKey = loadPublicKey(); final Calendar begin = getValidityPeriodBegin(); final Calendar end = getValidityPeriodEnd(begin); final X500Name name = createSubjectNameBuilder(); final BigInteger serialNo = new BigInteger(String.valueOf(random.nextInt())); JcaX509v3CertificateBuilder certBuilder = null; X509Certificate issuerCertificate = null; if (issuerComponentName.equals(componentName)) { // check whether this and the issuer are the same and user the already constructed name if (issuerComponentName.equals(componentName)) { certBuilder = new JcaX509v3CertificateBuilder(name, serialNo, begin.getTime(), end.getTime(), name, publicKey); } } else { // lookup the certificate of the referenced issuer File issuerDir = new File(componentBaseDir, issuerComponentName); File issuerCert = new File(issuerDir, FILENAME_CERT); if (issuerCert.exists()) { issuerCertificate = (X509Certificate) KeyUtils.loadCertificate(issuerCert.getPath()); certBuilder = new JcaX509v3CertificateBuilder(issuerCertificate, serialNo, begin.getTime(), end.getTime(), name, publicKey); } } if (certBuilder == null) { // issuer cert was not found. Potentially it was not yet created return null; } List<Extension> extensions = createExtensions(publicKey, issuerCertificate); for (Extension extension : extensions) { certBuilder.addExtension(extension); } // load the private key of the signer (signer may be issuer, may be self) PrivateKey signerPrivateKey = null; File signerDir = new File(componentBaseDir, signerComponentName); File signerPrivateKeyFile = new File(signerDir, FILENAME_PRIVATE_KEY); if (signerPrivateKeyFile.exists()) { signerPrivateKey = KeyUtils.loadKey(signerPrivateKeyFile.getPath()); } else { // when we cannot access the signer we cannot provide a certificate return null; } final String signatureAlgorithm = getProperty(PROPERTY_CERT_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM); final X509CertificateHolder certificateHolder = certBuilder .build(new JcaContentSignerBuilder(signatureAlgorithm).build(signerPrivateKey)); return new JcaX509CertificateConverter().getCertificate(certificateHolder); }
From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java
License:Apache License
protected PKCS10CertificationRequest generateCertificateRequest() throws IOException, OperatorCreationException, NoSuchAlgorithmException { PublicKey publicKey = loadPublicKey(); PrivateKey privateKey = loadPrivateKey(); final X500Name name = createSubjectNameBuilder(); JcaPKCS10CertificationRequestBuilder certReqBuilder = new JcaPKCS10CertificationRequestBuilder(name, publicKey);//from w w w .ja va2 s . c o m List<Extension> extensionList = createExtensions(publicKey, null); Extensions extensions = new Extensions(extensionList.toArray(new Extension[extensionList.size()])); certReqBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions); final String signatureAlgorithm = getProperty(PROPERTY_CSR_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(signatureAlgorithm); ContentSigner signer = csBuilder.build(privateKey); return certReqBuilder.build(signer); }
From source file:org.moxie.proxy.MakeCertificate.java
License:Apache License
public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword) { try {/*from w ww .jav a2s .c o m*/ Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair pair = kpGen.generateKeyPair(); // Generate self-signed certificate X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.OU, Constants.getName()); builder.addRDN(BCStyle.O, Constants.getName()); builder.addRDN(BCStyle.CN, hostname); Date notBefore = new Date(System.currentTimeMillis() - ONEDAY); Date notAfter = new Date(System.currentTimeMillis() + 10 * ONEYEAR); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { FileInputStream fis = new FileInputStream(keystore); store.load(fis, keystorePassword.toCharArray()); fis.close(); } else { store.load(null); } store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert }); FileOutputStream fos = new FileOutputStream(keystore); store.store(fos, keystorePassword.toCharArray()); fos.close(); } catch (Throwable t) { t.printStackTrace(); throw new RuntimeException("Failed to generate self-signed certificate!", t); } }
From source file:org.moxie.proxy.MakeCertificate.java
License:Apache License
public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword, String info) {//from w ww. j av a 2s . c o m try { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair pair = kpGen.generateKeyPair(); // Generate self-signed certificate X500Principal principal = new X500Principal(info); Date notBefore = new Date(System.currentTimeMillis() - ONEDAY); Date notAfter = new Date(System.currentTimeMillis() + 10 * ONEYEAR); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial, notBefore, notAfter, principal, pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { FileInputStream fis = new FileInputStream(keystore); store.load(fis, keystorePassword.toCharArray()); fis.close(); } else { store.load(null); } store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert }); FileOutputStream fos = new FileOutputStream(keystore); store.store(fos, keystorePassword.toCharArray()); fos.close(); } catch (Throwable t) { t.printStackTrace(); throw new RuntimeException("Failed to generate self-signed certificate!", t); } }