List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:se.tillvaxtverket.tsltrust.webservice.daemon.ca.CertificationAuthority.java
License:Open Source License
public AaaCertificate createCertificate(AaaCertificate orgCert, BigInteger certSerial, AaaCertificate issuerCert, String algorithm, List<Extension> extensions) { AaaCertificate cert = null;//from w w w. java 2s . co m // create a new certificate try { CertRequestModel reqModel = new CertRequestModel(); reqModel.setIssuerDN(issuerCert.getSubject()); reqModel.setPublicKey(orgCert.getCert().getPublicKey()); reqModel.setSerialNumber(certSerial); reqModel.setSubjectDN(orgCert.getSubject()); reqModel.setNotBefore(orgCert.getNotBefore()); if (issuerCert.getNotAfter().after(orgCert.getNotAfter())) { reqModel.setNotAfter(orgCert.getNotAfter()); } else { reqModel.setNotAfter(issuerCert.getNotAfter()); } // Add AKI X509ExtensionUtils extUtil = CertUtils.getX509ExtensionUtils(); AuthorityKeyIdentifier aki = extUtil.createAuthorityKeyIdentifier(issuerCert); extensions.add(new Extension(Extension.authorityKeyIdentifier, false, aki.getEncoded("DER"))); DistributionPoint dp = new DistributionPoint( new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, crlDpUrl))), null, null); CRLDistPoint cdp = new CRLDistPoint(new DistributionPoint[] { dp }); extensions.add(new Extension(Extension.cRLDistributionPoints, false, cdp.getEncoded("DER"))); reqModel.setExtensionList(extensions); reqModel.setSigner( new JcaContentSignerBuilder(algorithm).build((PrivateKey) key_store.getKey(ROOT, KS_PASSWORD))); cert = new AaaCertificate(reqModel); } catch (Exception ex) { cert = null; LOG.warning("Error creating the certificate: " + ex.getMessage()); } return cert; }
From source file:se.tillvaxtverket.tsltrust.webservice.daemon.ca.RootCAFactory.java
License:Open Source License
private static AaaCertificate createRootCertificate(X500Name subjectIssuer, PublicKey publicKey, PrivateKey privateKey, String algorithm, List<Extension> extensions) throws OperatorCreationException, IOException, CertificateException { CertRequestModel reqMod = new CertRequestModel(); reqMod.setSubjectDN(subjectIssuer);/*w w w .j a v a2 s. c om*/ reqMod.setIssuerDN(subjectIssuer); reqMod.setSerialNumber(BigInteger.ONE); reqMod.setPublicKey(publicKey); //Add Signer ContentSigner rooSigner = new JcaContentSignerBuilder(algorithm).build(privateKey); reqMod.setSigner(rooSigner); // ensure that EE certs are in the validity period of CA certs GregorianCalendar notBefore = new GregorianCalendar(); GregorianCalendar notAfter = new GregorianCalendar(); notBefore.add(Calendar.YEAR, -2); notAfter.add(Calendar.YEAR, 5); reqMod.setNotBefore(notBefore.getTime()); reqMod.setNotAfter(notAfter.getTime()); X509ExtensionUtils extUtil = CertUtils.getX509ExtensionUtils(); SubjectKeyIdentifier ski = extUtil.createSubjectKeyIdentifier(CertUtils.getPublicKeyInfo(publicKey)); extensions.add(new Extension(Extension.subjectKeyIdentifier, false, ski.getEncoded("DER"))); reqMod.setExtensionList(extensions); AaaCertificate cert = new AaaCertificate(reqMod); return cert; }
From source file:test.integ.be.fedict.commons.eid.client.CMSTest.java
License:Open Source License
@Test public void testCMSSignature() throws Exception { Security.addProvider(new BeIDProvider()); Security.addProvider(new BouncyCastleProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);//ww w.j av a 2 s . c o m PrivateKey privateKey = (PrivateKey) keyStore.getKey("Authentication", null); X509Certificate certificate = (X509Certificate) keyStore.getCertificate("Authentication"); CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes()); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").build(privateKey); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, certificate)); CMSSignedData sigData = gen.generate(msg, false); }
From source file:Utils.Certificate.java
public static X509Certificate generateCertForCAroot(KeyPair pair) { // Generate self-signed certificate X509Certificate cert = null;//from w w w .j ava2 s.co m Security.addProvider(new BouncyCastleProvider()); String subject = "CAroot"; KeyPair keyPair = pair; String issuerName = "CAroot"; BigInteger serialNumber = BigInteger.ONE; Calendar cal = Calendar.getInstance(); Date notBefore = cal.getTime(); cal.add(Calendar.YEAR, 1); Date notAfter = cal.getTime(); JcaX509v3CertificateBuilder builder; X500Name subjectFormated = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, subject).build(); X500Name issuerFormated = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, issuerName).build(); builder = new JcaX509v3CertificateBuilder(issuerFormated, serialNumber, notBefore, notAfter, subjectFormated, keyPair.getPublic()); try { ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(keyPair.getPrivate()); builder.addExtension(org.bouncycastle.asn1.x509.X509Extension.basicConstraints, true, new BasicConstraints(1)); SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils() .createSubjectKeyIdentifier(keyPair.getPublic()); builder.addExtension(org.bouncycastle.asn1.x509.X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier); KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign); builder.addExtension(org.bouncycastle.asn1.x509.X509Extension.keyUsage, true, keyUsage); ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage); builder.addExtension(org.bouncycastle.asn1.x509.X509Extension.extendedKeyUsage, false, extendedKeyUsage); X509CertificateHolder holder = builder.build(contentSigner); cert = (X509Certificate) java.security.cert.CertificateFactory.getInstance("X.509") .generateCertificate(new ByteArrayInputStream(holder.getEncoded())); } catch (Exception ex) { System.err.println("erreur generation certificat auto sing CAroot :" + ex); } return cert; }
From source file:Utils.CSRbuilder.java
public static PKCS10CertificationRequest createCSR(KeyPair keys, String login) { PKCS10CertificationRequestBuilder csrgen = null; ContentSigner contentSigner = null;/*from w ww. j a v a2 s.c om*/ try { Security.addProvider(new BouncyCastleProvider()); X500Name subjectName = new X500Name("cn=" + login); SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()); csrgen = new PKCS10CertificationRequestBuilder(subjectName, keyInfo); contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(keys.getPrivate());//Un peu trange qu'on utilise notre cl prive return csrgen.build(contentSigner); } catch (Exception ex) { System.err.println("Probeleme de creartion csr: " + ex); } return csrgen.build(contentSigner); }