Examples with DefaultDigestAlgorithmIdentifierFinder org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder used on opensource projects

Example 16 with DefaultDigestAlgorithmIdentifierFinder

use of org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder in project zookeeper by apache.

the class X509TestHelpers method buildAndSignCertificate.

/**
 * Signs the certificate being built by the given builder using the given private key and returns the certificate.
 * @param privateKey the private key to sign the certificate with.
 * @param builder the cert builder that contains the certificate data.
 * @return the signed certificate.
 * @throws IOException
 * @throws OperatorCreationException
 * @throws CertificateException
 */
private static X509Certificate buildAndSignCertificate(PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException {
    BcContentSignerBuilder signerBuilder;
    if (privateKey.getAlgorithm().contains("RSA")) {
        // a little hacky way to detect key type, but it works
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
        signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
    } else {
        // if not RSA, assume EC
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withECDSA");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
        signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
    }
    AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded());
    ContentSigner signer = signerBuilder.build(privateKeyParam);
    return toX509Cert(builder.build(signer));
}

Example 17 with DefaultDigestAlgorithmIdentifierFinder

use of org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder in project vertx-tcp-eventbus-bridge by vert-x3.

the class SSLKeyPairCerts method generateSelfSignedCert.

// refer to: https://github.com/vert-x3/vertx-config/blob/4.0.0-milestone4/vertx-config-vault/src/test/java/io/vertx/config/vault/utils/Certificates.java#L149
private X509Certificate generateSelfSignedCert(String certSub, KeyPair keyPair) throws Exception {
    final X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(new org.bouncycastle.asn1.x500.X500Name(certSub), BigInteger.ONE, new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), new X500Name(certSub), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
    certificateBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName, false, subjectAltNames);
    final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
    final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    final BcContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
    final AsymmetricKeyParameter keyp = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
    final ContentSigner signer = signerBuilder.build(keyp);
    final X509CertificateHolder x509CertificateHolder = certificateBuilder.build(signer);
    final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
    certificate.checkValidity(new Date());
    certificate.verify(keyPair.getPublic());
    return certificate;
}

Example 18 with DefaultDigestAlgorithmIdentifierFinder

use of org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder in project keycloak by keycloak.

the class RSAVerifierTest method generateTestCertificate.

public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws CertificateException, InvalidKeyException, IOException, NoSuchProviderException, OperatorCreationException, SignatureException {
    X500Name issuerDN = new X500Name("CN=" + issuer);
    BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
    Date notBefore = new Date(System.currentTimeMillis() - 10000);
    Date notAfter = new Date(System.currentTimeMillis() + 10000);
    X500Name subjectDN = new X500Name("CN=" + subject);
    SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
    X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjectPublicKeyInfo);
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()));
    X509CertificateHolder holder = builder.build(signer);
    return new JcaX509CertificateConverter().getCertificate(holder);
}

Example 19 with DefaultDigestAlgorithmIdentifierFinder

use of org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder in project cloudbreak by hortonworks.

the class PkiUtil method selfsign.

private static X509Certificate selfsign(PKCS10CertificationRequest inputCSR, String publicAddress, KeyPair signKey) throws Exception {
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    AsymmetricKeyParameter akp = PrivateKeyFactory.createKey(signKey.getPrivate().getEncoded());
    Calendar cal = Calendar.getInstance();
    Date currentTime = cal.getTime();
    cal.add(Calendar.YEAR, CERT_VALIDITY_YEAR);
    Date expiryTime = cal.getTime();
    X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(new X500Name(String.format("cn=%s", publicAddress)), new BigInteger("1"), currentTime, expiryTime, inputCSR.getSubject(), inputCSR.getSubjectPublicKeyInfo());
    ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(akp);
    X509CertificateHolder holder = myCertificateGenerator.build(sigGen);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    return (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
}

Example 20 with DefaultDigestAlgorithmIdentifierFinder

use of org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder in project platformlayer by platformlayer.

the class Csr method buildCsr.

public static Csr buildCsr(KeyPair keyPair, X500Principal subjectName) {
    X500Name subject = BouncyCastleHelpers.toX500Name(subjectName);
    SubjectPublicKeyInfo publicKeyInfo = BouncyCastleHelpers.toSubjectPublicKeyInfo(keyPair.getPublic());
    PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    BcRSAContentSignerBuilder sigBuild = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
    ContentSigner signer;
    try {
        signer = sigBuild.build(BouncyCastleHelpers.toAsymmetricKeyParameter(keyPair.getPrivate()));
    } catch (OperatorCreationException e) {
        throw new IllegalArgumentException("Error building content signer", e);
    }
    PKCS10CertificationRequest csrHolder = csrBuilder.build(signer);
    return new Csr(csrHolder);
}