List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
private void generateX509() throws Exception { SecureRandom random = new SecureRandom(); X500Name dnName = new X500Name(Subject); Calendar endValidity = Calendar.getInstance(); endValidity.add(Calendar.YEAR, validityYear); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); X509v3CertificateBuilder gen = new X509v3CertificateBuilder( authorityCertificate == null ? dnName : authorityCertificate.getSubject(), BigIntegers.createRandomInRange(BigInteger.ZERO, BigInteger.valueOf(Long.MAX_VALUE), random), new Date(), endValidity.getTime(), dnName, publicKeyInfo); // Public key ID DigestCalculator digCalc = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); gen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo)); // EKU//from w w w.j a v a 2 s. c o m gen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(EKU)); // Basic constraints (is CA?) if (authorityCertificate == null) { gen.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); } // Key usage gen.addExtension(Extension.keyUsage, true, new KeyUsage(keyUsage)); // Subject Alt names ? // Authority if (authorityCertificate != null) { gen.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(authorityCertificate.getSubjectPublicKeyInfo())); } // Signer ContentSigner signer = new JcaContentSignerBuilder("SHA512WithRSAEncryption") .setProvider(Constants.JCA_PROVIDER).build(authorityKey == null ? privateKey : authorityKey); // Go holder = gen.build(signer); }
From source file:com.eucalyptus.crypto.Pkcs7.java
License:Open Source License
/** * Create PKCS7 signed data with the given options * * @param data The data to sign/*from w ww .ja v a2s. co m*/ * @param key The key to use for signing * @param certificate The certificate to use for signature verification * @param options Signing options * @return The signed data * @throws Exception If an error occurs */ public static byte[] sign(final byte[] data, final PrivateKey key, final X509Certificate certificate, final Set<Option> options) throws Exception { final CMSTypedData msg = new CMSProcessableByteArray(data); final ContentSigner sha1Signer = new JcaContentSignerBuilder( "SHA1with" + certificate.getPublicKey().getAlgorithm()).setProvider(PROVIDER) .setSecureRandom(Crypto.getSecureRandomSupplier().get()).build(key); final CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(PROVIDER).build()).build(sha1Signer, certificate)); if (options.contains(Option.IncludeCertificate)) { final Store certs = new JcaCertStore(Collections.singleton(certificate)); gen.addCertificates(certs); } final CMSSignedData sigData = gen.generate(msg, !options.contains(Option.Detached)); return sigData.getEncoded(); }
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Sign the {@link #setKeysForSigning(AsymmetricKeys)} with itself and put it in certificateHolder. * * @param certificateDetails//from ww w . jav a 2 s . c om * some information to store in the certificate * @return this */ public RSACertificate selfSign(CertificateDetails certificateDetails) { AssertTools.assertNotNull(keysForSigning, "The keysForSigning is not set"); AssertTools.assertNull(certificateHolder, "The certificate already exists"); try { RSAKeyDetails keyDetails = rsaCrypt.retrieveKeyDetails(keysForSigning); PrivateKey privKey = keyDetails.getJcaPrivateKey(); PublicKey publicKey = keyDetails.getJcaPublicKey(); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privKey); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); Date startDate = certificateDetails.getStartDate(); Date endDate = certificateDetails.getEndDate(); BigInteger serial = certificateDetails.getSerial(); // Common Name X500Name issuer = new X500Name("CN=" + certificateDetails.getCommonName()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(issuer, serial, startDate, endDate, issuer, subPubKeyInfo); // Subject Alternative Names (DNS) if (!CollectionsTools.isNullOrEmpty(certificateDetails.getSanDns())) { GeneralName[] altNames = new GeneralName[certificateDetails.getSanDns().size()]; int i = 0; for (String sanDns : certificateDetails.getSanDns()) { altNames[i++] = new GeneralName(GeneralName.dNSName, sanDns); } GeneralNames subjectAltNames = new GeneralNames(altNames); certificateBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); } certificateHolder = certificateBuilder.build(sigGen); return this; } catch (Exception e) { throw new SmallToolsException("Problem signing the key", e); } }
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Sign another public key./*w ww . ja va2 s . c om*/ * * @param publicKeyToSign * the public key to sign * @param certificateDetails * some information to store in the certificate * @return the new certificate */ public RSACertificate signPublicKey(AsymmetricKeys publicKeyToSign, CertificateDetails certificateDetails) { try { PrivateKey privKey = rsaCrypt.retrieveKeyDetails(keysForSigning).getJcaPrivateKey(); PublicKey publicKey = rsaCrypt.retrieveKeyDetails(publicKeyToSign).getJcaPublicKey(); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privKey); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); Date startDate = certificateDetails.getStartDate(); Date endDate = certificateDetails.getEndDate(); BigInteger serial = certificateDetails.getSerial(); X500Name issuer = new X500Name("CN=" + getCommonName()); X500Name subject = new X500Name("CN=" + certificateDetails.getCommonName()); X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(issuer, serial, startDate, endDate, subject, subPubKeyInfo); // Subject Alternative Names (DNS) if (!CollectionsTools.isNullOrEmpty(certificateDetails.getSanDns())) { GeneralName[] altNames = new GeneralName[certificateDetails.getSanDns().size()]; int i = 0; for (String sanDns : certificateDetails.getSanDns()) { altNames[i++] = new GeneralName(GeneralName.dNSName, sanDns); } GeneralNames subjectAltNames = new GeneralNames(altNames); certificateBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); } X509CertificateHolder newCert = certificateBuilder.build(sigGen); return new RSACertificate(newCert, publicKeyToSign); } catch (Exception e) { throw new SmallToolsException("Problem signing the key", e); } }
From source file:com.formkiq.core.service.crypto.KeyGenerator.java
License:Apache License
/** * Get Signer {@link KeyPair}.//w ww . j a v a 2 s .c o m * @param keys {@link KeyPair} * @return {@link ContentSigner} */ private ContentSigner getSigner(final KeyPair keys) { try { return new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(new BouncyCastleProvider()) .build(keys.getPrivate()); } catch (OperatorCreationException e) { throw new RuntimeException(e); } }
From source file:com.formkiq.core.service.generator.pdfbox.PdfEditorServiceImpl.java
License:Apache License
@Override public byte[] sign(final InputStream content) throws IOException { try {/*from www . j a v a 2s. c om*/ KeyPair key = this.propertyStore.getKeyPair(); PrivateKey privKey = key.getPrivate(); Certificate certificate = this.propertyStore.getCertificate(key); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate .getInstance(certificate.getEncoded()); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .build(sha1Signer, new X509CertificateHolder(cert))); CMSProcessableByteArray msg = new CMSProcessableByteArray(IOUtils.toByteArray(content)); CMSSignedData signedData = gen.generate(msg, false); return signedData.getEncoded(); } catch (GeneralSecurityException | CMSException | OperatorCreationException e) { throw new IOException(e); } }
From source file:com.gigaspaces.lrmi.nio.filters.BouncyCastleSelfSignedCertificate.java
License:Open Source License
private KeyStore generateKeyStore(String fqdn, KeyPair keypair, SecureRandom random) throws Exception { PrivateKey key = keypair.getPrivate(); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + fqdn); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic());/*from ww w. j a va2 s . c om*/ String keyStoreType = KeyStore.getDefaultType(); final KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setKeyEntry("key", keypair.getPrivate(), "foo".toCharArray(), new Certificate[] { cert }); return keyStore; }
From source file:com.gitblit.MakeCertificate.java
License:Apache License
public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword) { try {// w w w.j av a 2 s .c o m Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair pair = kpGen.generateKeyPair(); // Generate self-signed certificate X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.OU, Constants.NAME); builder.addRDN(BCStyle.O, Constants.NAME); builder.addRDN(BCStyle.CN, hostname); Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY); Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { FileInputStream fis = new FileInputStream(keystore); store.load(fis, keystorePassword.toCharArray()); fis.close(); } else { store.load(null); } store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert }); FileOutputStream fos = new FileOutputStream(keystore); store.store(fos, keystorePassword.toCharArray()); fos.close(); } catch (Throwable t) { t.printStackTrace(); throw new RuntimeException("Failed to generate self-signed certificate!", t); } }
From source file:com.gitblit.MakeCertificate.java
License:Apache License
public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword, String info) {/* w w w. j a v a2 s . co m*/ try { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024, new SecureRandom()); KeyPair pair = kpGen.generateKeyPair(); // Generate self-signed certificate X500Principal principal = new X500Principal(info); Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY); Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial, notBefore, notAfter, principal, pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); // Save to keystore KeyStore store = KeyStore.getInstance("JKS"); if (keystore.exists()) { FileInputStream fis = new FileInputStream(keystore); store.load(fis, keystorePassword.toCharArray()); fis.close(); } else { store.load(null); } store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert }); FileOutputStream fos = new FileOutputStream(keystore); store.store(fos, keystorePassword.toCharArray()); fos.close(); } catch (Throwable t) { t.printStackTrace(); throw new RuntimeException("Failed to generate self-signed certificate!", t); } }
From source file:com.gitblit.utils.X509Utils.java
License:Apache License
/** * Creates a new SSL certificate signed by the CA private key and stored in * keyStore./*from w w w.j a va2s.c o m*/ * * @param sslMetadata * @param caPrivateKey * @param caCert * @param targetStoreFile * @param x509log */ public static X509Certificate newSSLCertificate(X509Metadata sslMetadata, PrivateKey caPrivateKey, X509Certificate caCert, File targetStoreFile, X509Log x509log) { try { KeyPair pair = newKeyPair(); X500Name webDN = buildDistinguishedName(sslMetadata); X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName()); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerDN, BigInteger.valueOf(System.currentTimeMillis()), sslMetadata.notBefore, sslMetadata.notAfter, webDN, pair.getPublic()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic())); certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey())); // support alternateSubjectNames for SSL certificates List<GeneralName> altNames = new ArrayList<GeneralName>(); if (HttpUtils.isIpAddress(sslMetadata.commonName)) { altNames.add(new GeneralName(GeneralName.iPAddress, sslMetadata.commonName)); } if (altNames.size() > 0) { GeneralNames subjectAltName = new GeneralNames(altNames.toArray(new GeneralName[altNames.size()])); certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName); } ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC) .build(caPrivateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certBuilder.build(caSigner)); cert.checkValidity(new Date()); cert.verify(caCert.getPublicKey()); // Save to keystore KeyStore serverStore = openKeyStore(targetStoreFile, sslMetadata.password); serverStore.setKeyEntry(sslMetadata.commonName, pair.getPrivate(), sslMetadata.password.toCharArray(), new Certificate[] { cert, caCert }); saveKeyStore(targetStoreFile, serverStore, sslMetadata.password); x509log.log(MessageFormat.format("New SSL certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getSubjectDN().getName())); // update serial number in metadata object sslMetadata.serialNumber = cert.getSerialNumber().toString(); return cert; } catch (Throwable t) { throw new RuntimeException("Failed to generate SSL certificate!", t); } }