List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:com.trsst.server.Server.java
License:Apache License
/** * Generates a new keystore containing a self-signed certificate. Would * prefer anon SSL ciphers, but this works albeit with scary warnings. * // w w w . j a v a2 s . com * @return a keystore to secure SSL connections. */ private KeyStore getKeyStore() { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair kp = keyPairGenerator.generateKeyPair(); X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder( new X500Name("CN=0.0.0.0, OU=None, O=None, L=None, C=None"), BigInteger.valueOf(new SecureRandom().nextInt()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10)), new X500Name("CN=0.0.0.0, OU=None, O=None, L=None, C=None"), SubjectPublicKeyInfo.getInstance(kp.getPublic().getEncoded())); ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(kp.getPrivate()); Certificate certificate = new JcaX509CertificateConverter().getCertificate(v3CertGen.build(signer)); final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null); // bogus: required to "initialize" keystore keystore.setEntry("jetty", new KeyStore.PrivateKeyEntry(kp.getPrivate(), new Certificate[] { certificate }), new KeyStore.PasswordProtection("ignored".toCharArray())); return keystore; } catch (NoSuchAlgorithmException e) { log.error("Could not generate self-signed certificate: missing provider", e); } catch (OperatorCreationException e) { log.error("Could not generate self-signed certificate", e); } catch (CertificateException e) { log.error("Could not convert certificate to JCE", e); } catch (KeyStoreException e) { log.error("Could not generate keystore", e); } catch (IOException e) { log.error("Could not initialize keystore", e); } return null; }
From source file:com.vmware.admiral.auth.lightwave.pc.X509CertificateHelper.java
License:Open Source License
private X509Certificate generateCertificate(KeyPair keyPair, String dn, String sigAlg) throws OperatorCreationException, CertificateException { ContentSigner sigGen = new JcaContentSignerBuilder(sigAlg).build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());/*from w w w.j av a 2 s. co m*/ X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.admiral.common.util.CertificateUtil.java
License:Open Source License
private static CertChainKeyPair generateCertificateAndSign(String fqdn, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, List<ExtensionHolder> extensions) throws CertificateException, CertIOException, OperatorCreationException { AssertUtil.assertNotNull(issuerCertificate, "issuerCertificate"); AssertUtil.assertNotNull(issuerPrivateKey, "issuerPrivateKey"); // private key that we are creating certificate for KeyPair pair = KeyUtil.generateRSAKeyPair(); PublicKey publicKey = pair.getPublic(); PrivateKey privateKey = convertToSunImpl(pair.getPrivate()); ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(PROVIDER) .build(issuerPrivateKey);/*from w ww . j av a 2s . co m*/ X500Name subjectName = new X500Name("CN=" + fqdn); // serial number of certificate BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); // valid from Date notBefore = generateNotBeforeDate(); // valid to Date notAfter = generateNotAfterDate(notBefore, DEFAULT_VALIDITY); X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerCertificate, serial, notBefore, notAfter, subjectName, publicKey); for (ExtensionHolder extension : extensions) { certBuilder.addExtension(extension.getOID(), extension.isCritical(), extension.getValue()); } X509CertificateHolder certificateHolder = certBuilder.build(signer); X509Certificate certificate = new JcaX509CertificateConverter().setProvider(PROVIDER) .getCertificate(certificateHolder); List<X509Certificate> certificateChain = new ArrayList<>(2); certificateChain.add(certificate); certificateChain.add(issuerCertificate); return new CertChainKeyPair(certificateChain, certificate, privateKey); }
From source file:com.vmware.identity.openidconnect.client.TestUtils.java
License:Open Source License
static X509Certificate generateCertificate(KeyPair keyPair, String dn, String subjectAltName) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//from w ww. ja va2 s . c o m if (subjectAltName != null) { v3CertGen .addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(subjectAltName)) })))); } X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.openidconnect.protocol.TestContext.java
License:Open Source License
public static X509Certificate generateCertificate(KeyPair keyPair, String dn) throws OperatorCreationException, CertificateException { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());/*from w ww . j a va2s . c o m*/ X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.openidconnect.sample.RelyingPartyInstaller.java
License:Open Source License
private X509Certificate generateCertificate(KeyPair keyPair, String dn) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());/*from www . j a v a 2s . co m*/ X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vmware.identity.sts.auth.impl.UserCertAuthenticatorTest.java
License:Open Source License
private static X509Certificate generateCertificate(KeyPair keyPair, String dn) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic());//w w w .jav a 2 s . co m v3CertGen.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(upn)) })))); X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:com.vvote.thirdparty.ximix.util.BLSKeyStore.java
License:Apache License
private X509CertificateHolder createCertificate(String keyID, int sequenceNo, PrivateKey privKey) throws GeneralSecurityException, OperatorCreationException, IOException { String name = "C=AU, O=Ximix Network Node, OU=" + "Util"; //// w w w . jav a2s . c o m // create the certificate - version 3 // X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(new X500Name(name), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)), new X500Name(name), this.fetchPublicKey(keyID)); // we use keyUsage extension to distinguish between signing and encryption keys if (signingKeys.contains(keyID)) { v3CertBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature)); } else { v3CertBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.dataEncipherment)); } v3CertBuilder.addExtension(XimixObjectIdentifiers.ximixShareIdExtension, true, new ASN1Integer(sequenceNo)); return v3CertBuilder.build(new JcaContentSignerBuilder("SHA1withECDSA").setProvider("BC").build(privKey)); }
From source file:com.wandrell.util.ksgen.BouncyCastleKeyStoreFactory.java
License:Open Source License
/** * Returns a signed certificate./* w ww .j av a 2 s.c om*/ * * @param builder * builder to create the certificate * @param key * private key for the certificate * @return a signed certificate * @throws OperatorCreationException * if there was a problem creation a bouncy castle operator * @throws CertificateException * if any of the certificates in the keystore could not be * loaded */ private final X509Certificate getSignedCertificate(final X509v3CertificateBuilder builder, final PrivateKey key) throws OperatorCreationException, CertificateException { final ContentSigner signer; // Content signer final String provider; // Provider final X509Certificate signed; // Signed certificate provider = BouncyCastleProvider.PROVIDER_NAME; signer = new JcaContentSignerBuilder(getSignatureAlgorithm()).setProvider(provider).build(key); signed = new JcaX509CertificateConverter().setProvider(provider).getCertificate(builder.build(signer)); LOGGER.debug("Signed certificate with {} private key {}, using algorithm {}", key.getAlgorithm(), Arrays.asList(key.getEncoded()), key.getFormat()); return signed; }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException { // Create Distinguished Name X500Principal subject = new X500Principal(x500Principal); // Create ContentSigner JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256); ContentSigner signer = csBuilder.build(privateKey); // Create the CSR PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey); // Add SubjectAlternativeNames (SAN) if specified if (sanArray != null) { ExtensionsGenerator extGen = new ExtensionsGenerator(); GeneralNames subjectAltNames = new GeneralNames(sanArray); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); }// w ww. j av a 2s . co m PKCS10CertificationRequest csr = p10Builder.build(signer); // write to openssl PEM format PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded()); StringWriter strWriter; try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) { pemWriter.writeObject(pemObject); } return strWriter.toString(); }