Example 16 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project vertx-tcp-eventbus-bridge by vert-x3.
the class SSLKeyPairCerts method generateSelfSignedCert.
// refer to: https://github.com/vert-x3/vertx-config/blob/4.0.0-milestone4/vertx-config-vault/src/test/java/io/vertx/config/vault/utils/Certificates.java#L149
private X509Certificate generateSelfSignedCert(String certSub, KeyPair keyPair) throws Exception {
final X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(new org.bouncycastle.asn1.x500.X500Name(certSub), BigInteger.ONE, new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), new X500Name(certSub), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
certificateBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName, false, subjectAltNames);
final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
final BcContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
final AsymmetricKeyParameter keyp = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
final ContentSigner signer = signerBuilder.build(keyp);
final X509CertificateHolder x509CertificateHolder = certificateBuilder.build(signer);
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
certificate.checkValidity(new Date());
certificate.verify(keyPair.getPublic());
return certificate;
}
Also used :
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder)
Example 17 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project keycloak by keycloak.
the class RSAVerifierTest method generateTestCertificate.
public static X509Certificate generateTestCertificate(String subject, String issuer, KeyPair pair) throws CertificateException, InvalidKeyException, IOException, NoSuchProviderException, OperatorCreationException, SignatureException {
X500Name issuerDN = new X500Name("CN=" + issuer);
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Date notBefore = new Date(System.currentTimeMillis() - 10000);
Date notAfter = new Date(System.currentTimeMillis() + 10000);
X500Name subjectDN = new X500Name("CN=" + subject);
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
X509v1CertificateBuilder builder = new X509v1CertificateBuilder(issuerDN, serialNumber, notBefore, notAfter, subjectDN, subjectPublicKeyInfo);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()));
X509CertificateHolder holder = builder.build(signer);
return new JcaX509CertificateConverter().getCertificate(holder);
}
Also used :
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
BigInteger(java.math.BigInteger)
X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
Date(java.util.Date)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
Example 18 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project airlift by airlift.
the class TestSignatureAlgorithmIdentifier method test.
@Test
public void test() throws Exception {
int verifiedCount = 0;
for (Entry<String, SignatureAlgorithmIdentifier> entry : SignatureAlgorithmIdentifier.getAllSignatureAlgorithmIdentifiers().entrySet()) {
SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = entry.getValue();
assertEquals(signatureAlgorithmIdentifier.getName(), entry.getKey());
AlgorithmIdentifier algorithmIdentifier;
try {
algorithmIdentifier = new DefaultSignatureAlgorithmIdentifierFinder().find(entry.getKey());
} catch (IllegalArgumentException e) {
// Bouncy is missing some algorithms the JVM supports
continue;
}
assertEquals(signatureAlgorithmIdentifier.getOid(), algorithmIdentifier.getAlgorithm().getId());
assertEquals(base16().encode(signatureAlgorithmIdentifier.getEncoded()), base16().encode(algorithmIdentifier.getAlgorithm().getEncoded("DER")));
assertEquals(algorithmIdentifier, algorithmIdentifier);
assertEquals(algorithmIdentifier.hashCode(), algorithmIdentifier.hashCode());
verifiedCount++;
}
assertThat(verifiedCount).as("Algorithm identifiers verified").isGreaterThanOrEqualTo(10);
}
Also used :
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
Test(org.testng.annotations.Test)
Example 19 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project cloudbreak by hortonworks.
the class PkiUtil method selfsign.
private static X509Certificate selfsign(PKCS10CertificationRequest inputCSR, String publicAddress, KeyPair signKey) throws Exception {
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter akp = PrivateKeyFactory.createKey(signKey.getPrivate().getEncoded());
Calendar cal = Calendar.getInstance();
Date currentTime = cal.getTime();
cal.add(Calendar.YEAR, CERT_VALIDITY_YEAR);
Date expiryTime = cal.getTime();
X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(new X500Name(String.format("cn=%s", publicAddress)), new BigInteger("1"), currentTime, expiryTime, inputCSR.getSubject(), inputCSR.getSubjectPublicKeyInfo());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(akp);
X509CertificateHolder holder = myCertificateGenerator.build(sigGen);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
return (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
}
Also used :
Calendar(java.util.Calendar)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
CertificateFactory(java.security.cert.CertificateFactory)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
Example 20 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project platformlayer by platformlayer.
the class Csr method buildCsr.
public static Csr buildCsr(KeyPair keyPair, X500Principal subjectName) {
X500Name subject = BouncyCastleHelpers.toX500Name(subjectName);
SubjectPublicKeyInfo publicKeyInfo = BouncyCastleHelpers.toSubjectPublicKeyInfo(keyPair.getPublic());
PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BcRSAContentSignerBuilder sigBuild = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
ContentSigner signer;
try {
signer = sigBuild.build(BouncyCastleHelpers.toAsymmetricKeyParameter(keyPair.getPrivate()));
} catch (OperatorCreationException e) {
throw new IllegalArgumentException("Error building content signer", e);
}
PKCS10CertificationRequest csrHolder = csrBuilder.build(signer);
return new Csr(csrHolder);
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
Aggregations
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)22
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)19
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)19
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)18
ContentSigner (org.bouncycastle.operator.ContentSigner)17
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)13
X500Name (org.bouncycastle.asn1.x500.X500Name)12
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)11
BigInteger (java.math.BigInteger)10
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)10
AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)10
Date (java.util.Date)9
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)8
X509Certificate (java.security.cert.X509Certificate)7
IOException (java.io.IOException)6
SecureRandom (java.security.SecureRandom)4
EOFException (java.io.EOFException)3
GeneralSecurityException (java.security.GeneralSecurityException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertificateException (java.security.cert.CertificateException)3
