List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:com.helger.ebinterface.signature.CreateCertHelper.java
License:Apache License
@Nonnull public static PKCS10CertificationRequest createCSR(final X509Certificate cert, final KeyPair keyPair) throws Exception { final Principal principal = cert.getSubjectDN(); // generate certification request final X500Name x500Name = new X500Name(principal.toString()); final PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(x500Name, keyPair.getPublic());/*from ww w .j a v a 2s .c o m*/ final JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(SIGNING_ALGO); final ContentSigner signer = csBuilder.build(keyPair.getPrivate()); return p10Builder.build(signer); }
From source file:com.helger.security.keystore.KeyStoreHelperTest.java
License:Apache License
private static X509Certificate _createX509V1Certificate(final KeyPair aKeyPair) throws Exception { // generate the certificate final PublicKey aPublicKey = aKeyPair.getPublic(); final PrivateKey aPrivateKey = aKeyPair.getPrivate(); final ContentSigner aContentSigner = new JcaContentSignerBuilder("SHA256WithRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(aPrivateKey); final X509CertificateHolder aCertHolder = new JcaX509v1CertificateBuilder( new X500Principal("CN=Test Certificate"), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), new X500Principal("CN=Test Certificate"), aPublicKey).build(aContentSigner); // Convert to JCA X509Certificate return new JcaX509CertificateConverter().getCertificate(aCertHolder); }
From source file:com.helger.xmldsig.XMLDSigCreatorTest.java
License:Apache License
/** * Create a new dummy certificate based on the passed key pair * * @param kp//from w ww . j av a 2 s .c om * KeyPair to use. May not be <code>null</code>. * @return A {@link X509Certificate} for further usage */ @Nonnull private X509Certificate _createCert(@Nonnull final KeyPair kp) throws Exception { final PublicKey aPublicKey = kp.getPublic(); final PrivateKey aPrivateKey = kp.getPrivate(); final ContentSigner aContentSigner = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(PBCProvider.getProvider()).build(aPrivateKey); // Form yesterday final Date aStartDate = new Date(System.currentTimeMillis() - 24 * CGlobal.MILLISECONDS_PER_HOUR); // For one year from now final Date aEndDate = new Date(System.currentTimeMillis() + 365 * 24 * CGlobal.MILLISECONDS_PER_HOUR); final X509v1CertificateBuilder aCertBuilder = new JcaX509v1CertificateBuilder( new X500Principal("CN=TestIssuer"), BigInteger.ONE, aStartDate, aEndDate, new X500Principal("CN=TestSubject"), aPublicKey); final X509CertificateHolder aCertHolder = aCertBuilder.build(aContentSigner); // Convert to JCA X509Certificate return new JcaX509CertificateConverter().setProvider(PBCProvider.getProvider()).getCertificate(aCertHolder); }
From source file:com.hypersocket.certs.X509CertificateUtils.java
License:Open Source License
public static X509Certificate generateSelfSignedCertificate(String cn, String ou, String o, String l, String s, String c, KeyPair pair, String signatureType) { try {/*from w w w.j a v a2 s . c om*/ // Generate self-signed certificate X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.OU, ou); builder.addRDN(BCStyle.O, o); builder.addRDN(BCStyle.L, l); builder.addRDN(BCStyle.ST, s); builder.addRDN(BCStyle.CN, cn); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)); BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic()); ContentSigner sigGen = new JcaContentSignerBuilder(signatureType).setProvider(BC) .build(pair.getPrivate()); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certGen.build(sigGen)); cert.checkValidity(new Date()); cert.verify(cert.getPublicKey()); return cert; } catch (Throwable t) { throw new RuntimeException("Failed to generate self-signed certificate!", t); } }
From source file:com.hypersocket.certs.X509CertificateUtils.java
License:Open Source License
public static byte[] generatePKCS10(PrivateKey privateKey, PublicKey publicKey, String CN, String OU, String O, String L, String S, String C) throws Exception { JcaContentSignerBuilder csb = new JcaContentSignerBuilder("SHA1withRSA"); ContentSigner cs = csb.build(privateKey); X500Principal principal = new X500Principal( "CN=" + CN + ", OU=" + OU + ", O=" + O + ", L=" + L + ", S=" + S + ", C=" + C); PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(principal, publicKey); PKCS10CertificationRequest req = builder.build(cs); ByteArrayOutputStream bout = new ByteArrayOutputStream(); JcaPEMWriter p = null;/* w ww. j a va 2 s. c o m*/ try { p = new JcaPEMWriter(new OutputStreamWriter(bout)); p.writeObject(req); } finally { if (p != null) p.close(); } return bout.toByteArray(); }
From source file:com.infinities.keystone4j.utils.Cms.java
License:Apache License
private String cmsSignData(String data, String signingCertFileName, String signingKeyFile, String outform) throws CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertStoreException { if (Strings.isNullOrEmpty(outform)) { outform = PKI_ASN1_FORM;/*from w ww .j ava2 s . com*/ } Security.addProvider(new BouncyCastleProvider()); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); logger.debug("signingCertFile: {}, caFile:{}", new Object[] { signingCertFileName, signingKeyFile }); X509Certificate signercert = generateCertificate(signingCertFileName); // X509Certificate cacert = generateCertificate(caFileName); PrivateKey key = generatePrivateKey(signingKeyFile); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(key); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, signercert)); List<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(signercert); Store certs = new JcaCertStore(certList); gen.addCertificates(certs); CMSProcessableByteArray b = new CMSProcessableByteArray(data.getBytes()); CMSSignedData signed = gen.generate(b, true); String signedContent = new String(DERtoPEM(signed.getContentInfo().getDEREncoded(), "CMS")); return signedContent; }
From source file:com.ipseorama.webapp.baddtls.CertHolder.java
License:Open Source License
private void mkSelfSignedCert() throws Exception { //Security.addProvider(PROVIDER); SecureRandom random = new SecureRandom(); KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA"); kpGen.initialize(1024, random);//from w w w. j av a2s.co m KeyPair keypair = kpGen.generateKeyPair(); PrivateKey key = keypair.getPrivate(); Date notBefore = new Date(System.currentTimeMillis() - 10000); Date notAfter = new Date(System.currentTimeMillis() + 100000); // Prepare the information required for generating an X.509 certificate. X500Name owner = new X500Name("CN=" + "evil@baddtls.com"); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), notBefore, notAfter, owner, keypair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(key); X509CertificateHolder certHolder = builder.build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder); cert.verify(keypair.getPublic()); org.bouncycastle.asn1.x509.Certificate carry[] = new org.bouncycastle.asn1.x509.Certificate[1]; carry[0] = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()); _cert = new Certificate(carry); }
From source file:com.itdhq.poc.ocrsign.CreateSignatureBase.java
License:Apache License
/** * SignatureInterface implementation.// w w w . j a v a 2s. co m * * This method will be called from inside of the pdfbox and create the PKCS #7 signature. * The given InputStream contains the bytes that are given by the byte range. * * This method is for internal use only. <-- TODO this method should be private * * Use your favorite cryptographic library to implement PKCS #7 signature creation. */ @Override public byte[] sign(InputStream content) throws IOException { try { List<Certificate> certList = new ArrayList<Certificate>(); certList.add(certificate); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate .getInstance(ASN1Primitive.fromByteArray(certificate.getEncoded())); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey); // FIXME /*gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, new X509CertificateHolder(cert))); gen.addCertificates(certs); CMSProcessableInputStream msg = new CMSProcessableInputStream(content); CMSSignedData signedData = gen.generate(msg, false); if (tsaClient != null) { signedData = signTimeStamps(signedData); } return signedData.getEncoded();*/ return new byte[0]; } catch (GeneralSecurityException e) { throw new IOException(e); } /*catch (CMSException e) { throw new IOException(e); } catch (TSPException e) { throw new IOException(e); }*/ catch (OperatorCreationException e) { throw new IOException(e); } }
From source file:com.jadyounan.PKCS7Signer.java
public byte[] sign(String storeLocation, String storePasswd, byte[] dataToSign) throws Exception { KeyStore clientStore = getKeystore(storeLocation, storePasswd); if (clientStore == null) { return null; }/*w w w.java 2s .co m*/ Enumeration aliases = clientStore.aliases(); String alias = ""; while (aliases.hasMoreElements()) { alias = (String) aliases.nextElement(); if (clientStore.isKeyEntry(alias)) { break; } } CMSTypedData msg = new CMSProcessableByteArray(dataToSign); // Data to sign X509CertificateHolder x509Certificate = getCert(clientStore, alias); List certList = new ArrayList(); certList.add(x509Certificate); // Adding the X509 Certificate Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); // Initializing the the BC's Signer ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(getPrivateKey(clientStore, alias, storePasswd)); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, x509Certificate)); // adding the certificate gen.addCertificates(certs); // Getting the signed data CMSSignedData sigData = gen.generate(msg, false); return sigData.getEncoded(); }
From source file:com.leon.utils.sign.v2.SignApk.java
License:Apache License
/** Sign data and write the digital signature to 'out'. */ private static void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey, int minSdkVersion, OutputStream out) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException { ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(1); certList.add(publicKey);//from w ww . j av a 2 s . c o m JcaCertStore certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner signer = new JcaContentSignerBuilder(getSignatureAlgorithm(publicKey, minSdkVersion)) .build(privateKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .setDirectSignature(true).build(signer, publicKey)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(data, false); try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) { DEROutputStream dos = new DEROutputStream(out); dos.writeObject(asn1.readObject()); } }