Example usage for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder

List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.operator.jcajce.*
  5. JcaContentSignerBuilder
  6. JcaContentSignerBuilder

Introduction

In this page you can find the example usage for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder.

Prototype

public JcaContentSignerBuilder(String signatureAlgorithm)

Source Link

Usage

From source file:org.xdi.oxauth.model.crypto.OxAuthCryptoProvider.java

License:MIT License

public X509Certificate generateV3Certificate(KeyPair keyPair, String issuer, String signatureAlgorithm,
        Long expirationTime) throws CertIOException, OperatorCreationException, CertificateException {
    PrivateKey privateKey = keyPair.getPrivate();
    PublicKey publicKey = keyPair.getPublic();

    // Signers name
    X500Name issuerName = new X500Name(issuer);

    // Subjects name - the same as we are self signed.
    X500Name subjectName = new X500Name(issuer);

    // Serial/*from  ww  w  . j a  v  a  2s  . co  m*/
    BigInteger serial = new BigInteger(256, new SecureRandom());

    // Not before
    Date notBefore = new Date(System.currentTimeMillis() - 10000);
    Date notAfter = new Date(expirationTime);

    // Create the certificate - version 3
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuerName, serial, notBefore,
            notAfter, subjectName, publicKey);

    ASN1EncodableVector purposes = new ASN1EncodableVector();
    purposes.add(KeyPurposeId.id_kp_serverAuth);
    purposes.add(KeyPurposeId.id_kp_clientAuth);
    purposes.add(KeyPurposeId.anyExtendedKeyUsage);

    ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37").intern();
    builder.addExtension(extendedKeyUsage, false, new DERSequence(purposes));

    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).setProvider("BC").build(privateKey);
    X509CertificateHolder holder = builder.build(signer);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder);

    return cert;
}

From source file:org.xipki.pki.scep.message.NextCaMessage.java

License:Open Source License

public ContentInfo encode(final PrivateKey signingKey, final X509Certificate signerCert,
        final X509Certificate[] cmsCertSet) throws MessageEncodingException {
    ParamUtil.requireNonNull("signingKey", signingKey);
    ParamUtil.requireNonNull("signerCert", signerCert);

    try {//from www  .  j av a2  s  .  c o m
        byte[] degenratedSignedDataBytes;
        try {
            CMSSignedDataGenerator degenerateSignedData = new CMSSignedDataGenerator();
            degenerateSignedData.addCertificate(new X509CertificateHolder(caCert.getEncoded()));
            if (raCerts != null && !raCerts.isEmpty()) {
                for (X509Certificate m : raCerts) {
                    degenerateSignedData.addCertificate(new X509CertificateHolder(m.getEncoded()));
                }
            }

            degenratedSignedDataBytes = degenerateSignedData.generate(new CMSAbsentContent()).getEncoded();
        } catch (CertificateEncodingException ex) {
            throw new MessageEncodingException(ex.getMessage(), ex);
        }

        CMSSignedDataGenerator generator = new CMSSignedDataGenerator();

        // I don't known which hash algorithm is supported by the client, use SHA-1
        String signatureAlgo = getSignatureAlgorithm(signingKey, ScepHashAlgoType.SHA1);
        ContentSigner signer = new JcaContentSignerBuilder(signatureAlgo).build(signingKey);

        // signerInfo
        JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(
                new BcDigestCalculatorProvider());

        signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator());

        SignerInfoGenerator signerInfo = signerInfoBuilder.build(signer, signerCert);
        generator.addSignerInfoGenerator(signerInfo);

        CMSTypedData cmsContent = new CMSProcessableByteArray(CMSObjectIdentifiers.signedData,
                degenratedSignedDataBytes);

        // certificateSet
        ScepUtil.addCmsCertSet(generator, cmsCertSet);
        return generator.generate(cmsContent, true).toASN1Structure();
    } catch (CMSException ex) {
        throw new MessageEncodingException(ex);
    } catch (CertificateEncodingException ex) {
        throw new MessageEncodingException(ex);
    } catch (IOException ex) {
        throw new MessageEncodingException(ex);
    } catch (OperatorCreationException ex) {
        throw new MessageEncodingException(ex);
    }
}

From source file:org.xipki.pki.scep.message.PkiMessage.java

License:Open Source License

public ContentInfo encode(final PrivateKey signerKey, final String signatureAlgorithm,
        final X509Certificate signerCert, final X509Certificate[] signerCertSet,
        final X509Certificate recipientCert, final ASN1ObjectIdentifier encAlgId)
        throws MessageEncodingException {
    ParamUtil.requireNonNull("signerKey", signerKey);
    ContentSigner signer;/*  w w w .  j  a  v a  2s  . c om*/
    try {
        signer = new JcaContentSignerBuilder(signatureAlgorithm).build(signerKey);
    } catch (OperatorCreationException ex) {
        throw new MessageEncodingException(ex);
    }
    return encode(signer, signerCert, signerCertSet, recipientCert, encAlgId);
}

From source file:org.xipki.pki.scep.serveremulator.CaEmulator.java

License:Open Source License

public Certificate generateCert(final SubjectPublicKeyInfo pubKeyInfo, final X500Name subjectDn,
        final Date notBefore) throws Exception {
    ParamUtil.requireNonNull("pubKeyInfo", pubKeyInfo);
    ParamUtil.requireNonNull("subjectDn", subjectDn);
    ParamUtil.requireNonNull("notBefore", notBefore);

    Date notAfter = new Date(notBefore.getTime() + 730 * DAY_IN_MS);
    BigInteger tmpSerialNumber = BigInteger.valueOf(serialNumber.getAndAdd(1));
    X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(caSubject, tmpSerialNumber, notBefore,
            notAfter, subjectDn, pubKeyInfo);

    X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.dataEncipherment
            | X509KeyUsage.keyAgreement | X509KeyUsage.keyEncipherment);
    certGenerator.addExtension(Extension.keyUsage, true, ku);
    BasicConstraints bc = new BasicConstraints(false);
    certGenerator.addExtension(Extension.basicConstraints, true, bc);

    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgoType.SHA256);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey);
    Certificate asn1Cert = certGenerator.build(contentSigner).toASN1Structure();

    serialCertMap.put(tmpSerialNumber, asn1Cert);
    reqSubjectCertMap.put(subjectDn, asn1Cert);
    return asn1Cert;
}

From source file:org.xipki.pki.scep.serveremulator.CaEmulator.java

License:Open Source License

public synchronized CertificateList getCrl(final X500Name issuer, final BigInteger serialNumber)
        throws Exception {
    if (crl != null) {
        return crl;
    }/*from ww  w  .j  a  v  a2 s .c  o m*/

    Date thisUpdate = new Date();
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(caSubject, thisUpdate);
    Date nextUpdate = new Date(thisUpdate.getTime() + 30 * DAY_IN_MS);
    crlBuilder.setNextUpdate(nextUpdate);
    Date caStartTime = caCert.getTBSCertificate().getStartDate().getDate();
    Date revocationTime = new Date(caStartTime.getTime() + 1);
    if (revocationTime.after(thisUpdate)) {
        revocationTime = caStartTime;
    }
    crlBuilder.addCRLEntry(BigInteger.valueOf(2), revocationTime, CRLReason.keyCompromise);
    crlBuilder.addExtension(Extension.cRLNumber, false, new ASN1Integer(crlNumber.getAndAdd(1)));

    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(caKey, ScepHashAlgoType.SHA256);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(caKey);
    X509CRLHolder crl = crlBuilder.build(contentSigner);
    return crl.toASN1Structure();
}

From source file:org.xipki.pki.scep.serveremulator.ScepServer.java

License:Open Source License

private static Certificate issueSubCaCert(final PrivateKey rcaKey, final X500Name issuer,
        final SubjectPublicKeyInfo pubKeyInfo, final X500Name subject, final BigInteger serialNumber,
        final Date startTime) throws CertIOException, OperatorCreationException {
    Date notAfter = new Date(startTime.getTime() + CaEmulator.DAY_IN_MS * 3650);
    X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(issuer, serialNumber, startTime,
            notAfter, subject, pubKeyInfo);
    X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign);
    certGenerator.addExtension(Extension.keyUsage, true, ku);
    BasicConstraints bc = new BasicConstraints(0);
    certGenerator.addExtension(Extension.basicConstraints, true, bc);

    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(rcaKey, ScepHashAlgoType.SHA256);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(rcaKey);
    return certGenerator.build(contentSigner).toASN1Structure();
}

From source file:org.xipki.pki.scep.util.ScepUtil.java

License:Open Source License

public static PKCS10CertificationRequest generateRequest(final PrivateKey privatekey,
        final SubjectPublicKeyInfo subjectPublicKeyInfo, final X500Name subjectDn,
        final Map<ASN1ObjectIdentifier, ASN1Encodable> attributes) throws OperatorCreationException {
    ParamUtil.requireNonNull("privatekey", privatekey);
    ParamUtil.requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo);
    ParamUtil.requireNonNull("subjectDn", subjectDn);

    PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(subjectDn,
            subjectPublicKeyInfo);//from  w  w  w  . ja v  a  2s.  co  m

    if (attributes != null) {
        for (ASN1ObjectIdentifier attrType : attributes.keySet()) {
            csrBuilder.addAttribute(attrType, attributes.get(attrType));
        }
    }

    ContentSigner contentSigner = new JcaContentSignerBuilder(
            getSignatureAlgorithm(privatekey, ScepHashAlgoType.SHA1)).build(privatekey);
    return csrBuilder.build(contentSigner);
}

From source file:org.xipki.pki.scep.util.ScepUtil.java

License:Open Source License

public static X509Certificate generateSelfsignedCert(final X500Name subjectDn,
        final SubjectPublicKeyInfo pubKeyInfo, final PrivateKey identityKey) throws CertificateException {
    ParamUtil.requireNonNull("subjectDn", subjectDn);
    ParamUtil.requireNonNull("pubKeyInfo", pubKeyInfo);
    ParamUtil.requireNonNull("identityKey", identityKey);

    Date notBefore = new Date(System.currentTimeMillis() - 5 * MIN_IN_MS);
    Date notAfter = new Date(notBefore.getTime() + 30 * DAY_IN_MS);

    X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(subjectDn, BigInteger.ONE, notBefore,
            notAfter, subjectDn, pubKeyInfo);

    X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.digitalSignature | X509KeyUsage.dataEncipherment
            | X509KeyUsage.keyAgreement | X509KeyUsage.keyEncipherment);
    try {// w w w.j  a  v  a2 s  .  co  m
        certGenerator.addExtension(Extension.keyUsage, true, ku);
    } catch (CertIOException ex) {
        throw new CertificateException("could not generate self-signed certificate: " + ex.getMessage(), ex);
    }

    String sigAlgorithm = ScepUtil.getSignatureAlgorithm(identityKey, ScepHashAlgoType.SHA1);
    ContentSigner contentSigner;
    try {
        contentSigner = new JcaContentSignerBuilder(sigAlgorithm).build(identityKey);
    } catch (OperatorCreationException ex) {
        throw new CertificateException("error while creating signer", ex);
    }

    Certificate asn1Cert = certGenerator.build(contentSigner).toASN1Structure();
    return toX509Cert(asn1Cert);
}

From source file:org.zaproxy.zap.extension.dynssl.SslCertificateUtils.java

License:Apache License

/**
 * Creates a new Root CA certificate and returns private and public key as
 * {@link KeyStore}. The {@link KeyStore#getDefaultType()} is used.
 *
 * @return/*  ww  w . ja v  a  2 s  .c om*/
 * @throws NoSuchAlgorithmException If no providers are found
 * for 'RSA' key pair generator
 * or 'SHA1PRNG' Secure random number generator
 * @throws IllegalStateException in case of errors during assembling {@link KeyStore}
 */
public static final KeyStore createRootCA() throws NoSuchAlgorithmException {
    final Date startDate = Calendar.getInstance().getTime();
    final Date expireDate = new Date(startDate.getTime() + (DEFAULT_VALID_DAYS * 24L * 60L * 60L * 1000L));

    final KeyPairGenerator g = KeyPairGenerator.getInstance("RSA");
    g.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
    final KeyPair keypair = g.genKeyPair();
    final PrivateKey privKey = keypair.getPrivate();
    final PublicKey pubKey = keypair.getPublic();
    Security.addProvider(new BouncyCastleProvider());
    Random rnd = new Random();

    // using the hash code of the user's name and home path, keeps anonymity
    // but also gives user a chance to distinguish between each other
    X500NameBuilder namebld = new X500NameBuilder(BCStyle.INSTANCE);
    namebld.addRDN(BCStyle.CN, "OWASP Zed Attack Proxy Root CA");
    namebld.addRDN(BCStyle.L, Integer.toHexString(System.getProperty("user.name").hashCode())
            + Integer.toHexString(System.getProperty("user.home").hashCode()));
    namebld.addRDN(BCStyle.O, "OWASP Root CA");
    namebld.addRDN(BCStyle.OU, "OWASP ZAP Root CA");
    namebld.addRDN(BCStyle.C, "xx");

    X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(namebld.build(),
            BigInteger.valueOf(rnd.nextInt()), startDate, expireDate, namebld.build(), pubKey);

    KeyStore ks = null;
    try {
        certGen.addExtension(Extension.subjectKeyIdentifier, false,
                new SubjectKeyIdentifier(pubKey.getEncoded()));
        certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        certGen.addExtension(Extension.keyUsage, false,
                new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
                        | KeyUsage.dataEncipherment | KeyUsage.cRLSign));

        KeyPurposeId[] eku = { KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth,
                KeyPurposeId.anyExtendedKeyUsage };
        certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(eku));

        final ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC")
                .build(privKey);
        final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC")
                .getCertificate(certGen.build(sigGen));

        ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(null, null);
        ks.setKeyEntry(SslCertificateService.ZAPROXY_JKS_ALIAS, privKey, SslCertificateService.PASSPHRASE,
                new Certificate[] { cert });
    } catch (final Exception e) {
        throw new IllegalStateException("Errors during assembling root CA.", e);
    }
    return ks;
}

From source file:prototype.AlwaysValidOcspSource.java

License:GNU General Public License

@Override
public OCSPToken getOCSPToken(CertificateToken certificateToken, CertificatePool certificatePool) {
    try {/*  w  ww . ja v  a  2  s.c o  m*/
        final X509Certificate cert = certificateToken.getCertificate();
        final BigInteger serialNumber = cert.getSerialNumber();
        X500Principal issuerX500Principal = certificateToken.getIssuerX500Principal();
        final X509Certificate issuerCert = certificatePool.get(issuerX500Principal).get(0).getCertificate();
        final OCSPReq ocspReq = generateOCSPRequest(issuerCert, serialNumber);

        final DigestCalculator digestCalculator = DSSUtils.getSHA1DigestCalculator();
        final BasicOCSPRespBuilder basicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(issuerCert.getPublicKey(),
                digestCalculator);
        final Extension extension = ocspReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        if (extension != null) {

            basicOCSPRespBuilder.setResponseExtensions(new Extensions(new Extension[] { extension }));
        }
        final Req[] requests = ocspReq.getRequestList();
        for (int ii = 0; ii != requests.length; ii++) {

            final Req req = requests[ii];
            final CertificateID certID = req.getCertID();

            boolean isOK = true;

            if (isOK) {

                basicOCSPRespBuilder.addResponse(certID, CertificateStatus.GOOD, ocspDate, null, null);
            } else {

                Date revocationDate = DSSUtils.getDate(ocspDate, -1);
                basicOCSPRespBuilder.addResponse(certID,
                        new RevokedStatus(revocationDate, CRLReason.privilegeWithdrawn));
            }
        }

        final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC")
                .build(privateKey);

        final X509CertificateHolder[] chain = { new X509CertificateHolder(issuerCert.getEncoded()),
                new X509CertificateHolder(signingCert.getEncoded()) };
        BasicOCSPResp basicResp = basicOCSPRespBuilder.build(contentSigner, chain, ocspDate);
        SingleResp singleResp = basicResp.getResponses()[0];

        final OCSPToken ocspToken = new OCSPToken(basicResp, singleResp, certificatePool);
        certificateToken.setRevocationToken(ocspToken);

        return ocspToken;
    } catch (OCSPException e) {
        throw new DSSException(e);
    } catch (IOException e) {
        throw new DSSException(e);
    } catch (CertificateEncodingException e) {
        throw new DSSException(e);
    } catch (OperatorCreationException e) {
        throw new DSSException(e);
    }
}