List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:com.liferay.sync.util.SyncUtil.java
License:Open Source License
public static void enableLanSync(long companyId) throws Exception { String lanServerUuid = PrefsPropsUtil.getString(companyId, SyncConstants.SYNC_LAN_SERVER_UUID); if (Validator.isNotNull(lanServerUuid)) { return;/*from ww w.j a v a 2 s . com*/ } lanServerUuid = PortalUUIDUtil.generate(); X500Name x500Name = new X500Name("CN=" + lanServerUuid); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); X509v3CertificateBuilder x509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), new Date(System.currentTimeMillis() - Time.YEAR), new Date(System.currentTimeMillis() + Time.YEAR * 1000), x500Name, keyPair.getPublic()); PrivateKey privateKey = keyPair.getPrivate(); JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption"); JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); jcaX509CertificateConverter.setProvider(_provider); X509Certificate x509Certificate = jcaX509CertificateConverter .getCertificate(x509v3CertificateBuilder.build(jcaContentSignerBuilder.build(privateKey))); x509Certificate.verify(keyPair.getPublic()); PortletPreferences portletPreferences = PrefsPropsUtil.getPreferences(companyId); portletPreferences.setValue(SyncConstants.SYNC_LAN_CERTIFICATE, Base64.encode(x509Certificate.getEncoded())); portletPreferences.setValue(SyncConstants.SYNC_LAN_KEY, Base64.encode(privateKey.getEncoded())); portletPreferences.setValue(SyncConstants.SYNC_LAN_SERVER_UUID, lanServerUuid); portletPreferences.store(); }
From source file:com.linkedin.mitm.services.AbstractX509CertificateService.java
License:Open Source License
protected X509Certificate createCertificate(PrivateKey privateKey, X509v3CertificateBuilder x509v3CertificateBuilder) throws OperatorCreationException, CertificateException { ContentSigner contentSigner = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(privateKey); X509Certificate x509Certificate = new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(x509v3CertificateBuilder.build(contentSigner)); return x509Certificate; }
From source file:com.miguelpazo.signature.test.SignDataTest.java
public String signDataWithPfx(String data, File certPfx, String pass, File dataSignedFile) throws Exception { KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream(certPfx), pass.toCharArray()); String alias = (String) ks.aliases().nextElement(); PrivateKey key = (PrivateKey) ks.getKey(alias, pass.toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); Signature signature = Signature.getInstance("SHA1WithRSA", "BC"); signature.initSign(key);/* w w w. java 2 s .c om*/ // signature.update(Base64.encode(data.getBytes())); signature.update(data.getBytes()); //Build CMS X509Certificate cert = (X509Certificate) ks.getCertificate(alias); List certList = new ArrayList(); CMSTypedData msg = new CMSProcessableByteArray(signature.sign()); certList.add(cert); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(key); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, cert)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(msg, false); byte[] dataSigned = Base64.encode(sigData.getEncoded()); String envelopedData = new String(dataSigned); certUtil.exportToFile(envelopedData, dataSignedFile); byte[] b = (byte[]) sigData.getSignedContent().getContent(); String dataEncrypt = new String(Base64.encode(b)); System.out.println("content => " + dataEncrypt); PublicKey pubKey = cert.getPublicKey(); String dataFinal = certUtil.decryptData(pubKey, dataEncrypt); System.out.println(dataEncrypt); // System.out.println(dataFinal); return envelopedData; }
From source file:com.mirth.connect.server.controllers.DefaultConfigurationController.java
License:Open Source License
/** * Checks for an existing certificate to use for secure communication between the server and * client. If no certficate exists, this will generate a new one. * /*from w w w . ja v a 2s. c om*/ */ private void generateDefaultCertificate(Provider provider, KeyStore keyStore, char[] keyPassword) throws Exception { final String certificateAlias = "mirthconnect"; if (!keyStore.containsAlias(certificateAlias)) { // Common CA and SSL cert attributes Date startDate = new Date(); // time from which certificate is valid Date expiryDate = DateUtils.addYears(startDate, 50); // time after which certificate is not valid KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", provider); keyPairGenerator.initialize(2048); KeyPair caKeyPair = keyPairGenerator.generateKeyPair(); logger.debug("generated new key pair for CA cert using provider: " + provider.getName()); // Generate CA cert X500Name caSubjectName = new X500Name("CN=Mirth Connect Certificate Authority"); SubjectPublicKeyInfo caSubjectKey = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(caKeyPair.getPublic().getEncoded())); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(caSubjectName, BigInteger.ONE, startDate, expiryDate, caSubjectName, caSubjectKey); certBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.basicConstraints, true, new BasicConstraints(0)); ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider(provider) .build(caKeyPair.getPrivate()); Certificate caCert = new JcaX509CertificateConverter().setProvider(provider) .getCertificate(certBuilder.build(sigGen)); // Generate SSL cert KeyPair sslKeyPair = keyPairGenerator.generateKeyPair(); logger.debug("generated new key pair for SSL cert using provider: " + provider.getName()); X500Name sslSubjectName = new X500Name("CN=mirth-connect"); SubjectPublicKeyInfo sslSubjectKey = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(sslKeyPair.getPublic().getEncoded())); X509v3CertificateBuilder sslCertBuilder = new X509v3CertificateBuilder(caSubjectName, new BigInteger(50, new SecureRandom()), startDate, expiryDate, sslSubjectName, sslSubjectKey); sslCertBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(caCert.getEncoded())); sslCertBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(sslKeyPair.getPublic().getEncoded())); sigGen = new JcaContentSignerBuilder("SHA256withRSA").setProvider(provider) .build(caKeyPair.getPrivate()); Certificate sslCert = new JcaX509CertificateConverter().setProvider(provider) .getCertificate(sslCertBuilder.build(sigGen)); logger.debug("generated new certificate with serial number: " + ((X509Certificate) sslCert).getSerialNumber()); // add the generated SSL cert to the keystore using the key password keyStore.setKeyEntry(certificateAlias, sslKeyPair.getPrivate(), keyPassword, new Certificate[] { sslCert }); } else { logger.debug("found certificate in keystore"); } }
From source file:com.msopentech.thali.utilities.universal.ThaliCryptoUtilities.java
License:Open Source License
/** * Creates a PKCS12 keystore and puts into it the submitted public/private key pair under the submitted * Key Alias using the submitted passphrase to 'secure' the file. * * Right now we only generate large RSA keys because I'm paranoid that the curves used in * Elliptic Curve crypto may have been designed by folks for whom security was not the paramount * concern. Once this issue is put to rest I would expect to switch to Elliptic Curve because * it is considered (with appropriate curves) to be more secure and is certainly faster. * @param keyPair//from www. j a v a 2 s . c om * @param keyAlias * @param passphrase * @return */ public static KeyStore CreatePKCS12KeyStoreWithPublicPrivateKeyPair(KeyPair keyPair, String keyAlias, char[] passphrase) { try { byte[] publicKeyAsByteArray = keyPair.getPublic().getEncoded(); // Generate a cert for the public key Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date( System.currentTimeMillis() + (ExpirationPeriodForCertsInDays * 24L * 60L * 60L * 1000L)); // Thali security is based on keys NOT on cert values. That is we are not trying to bind a name (like a DNS // address) to a key. The key IS the identity. But the X509 standard requires names so we stick something // in. X500Name x500Name = new X500Name(X500Name); SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(publicKeyAsByteArray)); // Note that by not specify .setProvider("BC") we are using the default provider, this is because bouncy castle as // previously mentioned is installed on Android but is a challenge for the applet so I'll just use the default for now. ContentSigner contentSigner = new JcaContentSignerBuilder(SignerAlgorithm).build(keyPair.getPrivate()); X509v1CertificateBuilder x509v1CertificateBuilder = new X509v1CertificateBuilder(x500Name, BigInteger.ONE, startDate, endDate, x500Name, subjectPublicKeyInfo); X509CertificateHolder x509CertificateHolder = x509v1CertificateBuilder.build(contentSigner); JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); X509Certificate x509Certificate = jcaX509CertificateConverter.getCertificate(x509CertificateHolder); // Store the private key and the cert in the keystore KeyStore.PrivateKeyEntry privateKeyEntry = new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] { x509Certificate }); KeyStore keyStore = KeyStore.getInstance(PrivateKeyHolderFormat); // Keystore has to be initialized before being used keyStore.load(null, null); keyStore.setEntry(keyAlias, privateKeyEntry, new KeyStore.PasswordProtection(passphrase)); return keyStore; } catch (Exception e) { throw new RuntimeException(e.getMessage(), e); } }
From source file:com.orange.atk.sign.apk.SignedJarBuilder.java
License:Apache License
/** Write the certificate file with a digital signature. */ private void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException { ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(publicKey);/* ww w . ja v a2s .co m*/ JcaCertStore certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()) .build(privateKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .setDirectSignature(true).build(sha1Signer, publicKey)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(data, false); ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded()); DEROutputStream dos = new DEROutputStream(mOutputJar); dos.writeObject(asn1.readObject()); dos.flush(); dos.close(); asn1.close(); }
From source file:com.rcn.service.CertificateService.java
License:Open Source License
public String generateCert(String certName, String password, int validDays, Optional<String> caPem, String caPassword, boolean generateCaCert, Optional<String> pkc10Request) { try {/*from w w w.j av a 2 s .com*/ Optional<Tuple<KeyPair, X509Certificate>> caTuple = caPem.map(c -> fromPem(c, caPassword)); Optional<KeyPair> ca = caTuple.map(a -> a.getX()); Optional<KeyPair> optKeyPair = Optional.ofNullable(pkc10Request.isPresent() ? null : generateKey()); PublicKey publicKey = pkc10Request.map(this::fromPkcs10).orElseGet(() -> optKeyPair.get().getPublic()); Date now = new Date(); Calendar tenYears = Calendar.getInstance(); tenYears.add(Calendar.DATE, validDays); X500Principal x500Principal = new X500Principal(certName); BigInteger serial = rndBigInt(new BigInteger("8180385048")); //max value for SN X500Principal issuer = caTuple.map(a -> a.getY().getSubjectX500Principal()) .orElseGet(() -> x500Principal); JcaX509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(issuer, serial, now, new Date(tenYears.getTimeInMillis()), x500Principal, publicKey); v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(getSubjectPublicKeyInfo(publicKey))); ca.ifPresent(caKey -> v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(getSubjectPublicKeyInfo(caKey.getPublic())))); if (generateCaCert) { addCaExtension(v3CertGen); } else { addRegularExtension(Optional.empty(), v3CertGen); } KeyPair caKey = ca.orElseGet( () -> optKeyPair.orElseThrow(() -> new SecurityException("no private key for self-sign cert"))); X509Certificate certificate = new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(v3CertGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caKey.getPrivate()))); String certPem = toPem(certificate, Optional.empty()); String keyPem = optKeyPair .map(k -> toPem(k, Optional.ofNullable(password.length() > 0 ? password : null))).orElse(""); return String.format("%s%s", certPem, keyPem); } catch (Exception e) { throw new SecurityException(e); } }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createMasterCert(KeystoreConfig.Entry en, Keys keys) throws Exception { String label = en.getLabel() + "_CA"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);//from w w w . ja va 2 s . c om ContentSigner signer = new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV) .build(keys.caPrivate); X509CertificateHolder holder = new JcaX509v3CertificateBuilder(subject.build(), BigInteger.valueOf(1), en.getValidFrom(), en.getValidTo(), subject.build(), keys.caPublic).build(signer); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(keys.caPublic); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); return cert; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createIntermediateCert(KeystoreConfig.Entry en, Keys keys, X509Certificate caCert) throws Exception { String label = en.getLabel() + "_INTERMEDIATE"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);//from w w w . j a va2 s .c om X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(caCert, BigInteger.valueOf(2), en.getValidFrom(), en.getValidTo(), subject.build(), keys.intPublic); JcaX509ExtensionUtils eu = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, eu.createSubjectKeyIdentifier(keys.intPublic)); builder.addExtension(Extension.authorityKeyIdentifier, false, eu.createAuthorityKeyIdentifier(caCert)); builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0)); X509CertificateHolder holder = builder .build(new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV).build(keys.caPrivate)); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(caCert.getPublicKey()); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); return cert; }
From source file:com.redhat.akashche.keystoregen.KeystoreGenerator.java
License:Apache License
private Certificate createCert(KeystoreConfig.Entry en, Keys keys) throws Exception { X500NameBuilder issuer = new X500NameBuilder(); issuer.addRDN(BCStyle.C, en.getX500_C()); issuer.addRDN(BCStyle.O, en.getX500_O()); issuer.addRDN(BCStyle.OU, en.getX500_OU()); issuer.addRDN(BCStyle.CN, en.getLabel() + "_INTERMEDIATE"); String label = en.getLabel() + "_CERT"; X500NameBuilder subject = new X500NameBuilder(); subject.addRDN(BCStyle.C, en.getX500_C()); subject.addRDN(BCStyle.O, en.getX500_O()); subject.addRDN(BCStyle.OU, en.getX500_OU()); subject.addRDN(BCStyle.CN, label);// ww w .j a va 2 s . com X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer.build(), BigInteger.valueOf(3), en.getValidFrom(), en.getValidTo(), subject.build(), keys.certPublic); JcaX509ExtensionUtils eu = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, eu.createSubjectKeyIdentifier(keys.certPublic)); builder.addExtension(Extension.authorityKeyIdentifier, false, eu.createAuthorityKeyIdentifier(keys.caPublic)); X509CertificateHolder holder = builder .build(new JcaContentSignerBuilder(en.getAlgorithm()).setProvider(BCPROV).build(keys.caPrivate)); X509Certificate cert = new JcaX509CertificateConverter().setProvider(BCPROV).getCertificate(holder); cert.checkValidity(new Date()); cert.verify(keys.caPublic); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(label)); bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, eu.createSubjectKeyIdentifier(keys.certPublic)); return cert; }