Search in sources :

Example 16 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project keystore-explorer by kaikramer.

the class X509CertificateGenerator method generateVersion3.

private X509Certificate generateVersion3(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber, X509Extension extensions, Provider provider) throws CryptoException, CertIOException {
    Date notBefore = validityStart == null ? new Date() : validityStart;
    Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;
    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey);
    if (extensions != null) {
        for (String oid : extensions.getCriticalExtensionOIDs()) {
            certBuilder.addExtension(new ASN1ObjectIdentifier(oid), true, getExtensionValue(extensions, oid));
        }
        for (String oid : extensions.getNonCriticalExtensionOIDs()) {
            certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, getExtensionValue(extensions, oid));
        }
    }
    try {
        ContentSigner certSigner = null;
        if (provider == null) {
            certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build(privateKey);
        } else {
            certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider).build(privateKey);
        }
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner));
    } catch (CertificateException | IllegalStateException | OperatorCreationException ex) {
        throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex);
    }
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) CertificateException(java.security.cert.CertificateException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CryptoException(org.kse.crypto.CryptoException) Date(java.util.Date) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 17 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project keystore-explorer by kaikramer.

the class Pkcs10Util method verifyCsr.

/**
 * Verify a PKCS #10 certificate signing request (CSR).
 *
 * @param csr The certificate signing request
 * @return True if successfully verified
 * @throws CryptoException
 * 				If there was a problem verifying the CSR
 */
public static boolean verifyCsr(PKCS10CertificationRequest csr) throws CryptoException {
    try {
        PublicKey pubKey = new JcaPKCS10CertificationRequest(csr).getPublicKey();
        ContentVerifierProvider contentVerifierProvider = new JcaContentVerifierProviderBuilder().setProvider("BC").build(pubKey);
        return csr.isSignatureValid(contentVerifierProvider);
    } catch (InvalidKeyException e) {
        throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e);
    } catch (OperatorCreationException e) {
        throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e);
    } catch (NoSuchAlgorithmException e) {
        throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e);
    } catch (PKCSException e) {
        throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e);
    }
}
Also used : JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder) PublicKey(java.security.PublicKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CryptoException(org.kse.crypto.CryptoException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) PKCSException(org.bouncycastle.pkcs.PKCSException) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Example 18 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project keystore-explorer by kaikramer.

the class Pkcs10Util method generateCsr.

/**
 * Create a PKCS #10 certificate signing request (CSR) using the supplied
 * certificate, private key and signature algorithm.
 *
 * @param cert
 *            The certificate
 * @param privateKey
 *            The private key
 * @param signatureType
 *            Signature
 * @param challenge
 *            Challenge, optional, pass null if not required
 * @param unstructuredName
 *            An optional company name, pass null if not required
 * @param useExtensions
 *            Use extensions from cert for extensionRequest attribute?
 * @throws CryptoException
 *             If there was a problem generating the CSR
 * @return The CSR
 */
public static PKCS10CertificationRequest generateCsr(X509Certificate cert, PrivateKey privateKey, SignatureType signatureType, String challenge, String unstructuredName, boolean useExtensions, Provider provider) throws CryptoException {
    try {
        JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(cert.getSubjectX500Principal(), cert.getPublicKey());
        // add challenge attribute
        if (challenge != null) {
            // PKCS#9 2.0: SHOULD use UTF8String encoding
            csrBuilder.addAttribute(pkcs_9_at_challengePassword, new DERUTF8String(challenge));
        }
        if (unstructuredName != null) {
            csrBuilder.addAttribute(pkcs_9_at_unstructuredName, new DERUTF8String(unstructuredName));
        }
        if (useExtensions) {
            // add extensionRequest attribute with all extensions from the certificate
            Certificate certificate = Certificate.getInstance(cert.getEncoded());
            Extensions extensions = certificate.getTBSCertificate().getExtensions();
            if (extensions != null) {
                csrBuilder.addAttribute(pkcs_9_at_extensionRequest, extensions.toASN1Primitive());
            }
        }
        // fall back to bouncy castle provider if given provider does not support the requested algorithm
        if (provider != null && provider.getService("Signature", signatureType.jce()) == null) {
            provider = new BouncyCastleProvider();
        }
        ContentSigner contentSigner = null;
        if (provider == null) {
            contentSigner = new JcaContentSignerBuilder(signatureType.jce()).build(privateKey);
        } else {
            contentSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider).build(privateKey);
        }
        PKCS10CertificationRequest csr = csrBuilder.build(contentSigner);
        if (!verifyCsr(csr)) {
            throw new CryptoException(res.getString("NoVerifyGenPkcs10Csr.exception.message"));
        }
        return csr;
    } catch (CertificateEncodingException e) {
        throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e);
    } catch (OperatorCreationException e) {
        throw new CryptoException(res.getString("NoGeneratePkcs10Csr.exception.message"), e);
    }
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) CertificateEncodingException(java.security.cert.CertificateEncodingException) Extensions(org.bouncycastle.asn1.x509.Extensions) CryptoException(org.kse.crypto.CryptoException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 19 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project Spark by igniterealtime.

the class MutualAuthenticationSettingsPanel method createSelfSignedCertificate.

private void createSelfSignedCertificate() {
    idControll.setUpData(commonNameField.getText(), organizationUnitField.getText(), organizationField.getText(), countryField.getText(), cityField.getText());
    try {
        KeyPair keyPair = idControll.createKeyPair();
        PemBuilder pemBuilder = new PemHelper().new PemBuilder();
        X509Certificate cert = idControll.createSelfSignedCertificate(keyPair);
        pemBuilder.add(keyPair.getPrivate());
        pemBuilder.add(cert);
        pemBuilder.saveToPemFile(IdentityController.CERT_FILE);
        JOptionPane.showMessageDialog(null, Res.getString("dialog.self.signed.certificate.has.been.created") + IdentityController.SECURITY_DIRECTORY.toString());
    } catch (NoSuchAlgorithmException | NoSuchProviderException | IOException | OperatorCreationException | CertificateException e1) {
        Log.error("Couldn't create Self Signed Certificate", e1);
    }
}
Also used : KeyPair(java.security.KeyPair) PemHelper(org.jivesoftware.sparkimpl.certificates.PemHelper) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) PemBuilder(org.jivesoftware.sparkimpl.certificates.PemHelper.PemBuilder) NoSuchProviderException(java.security.NoSuchProviderException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) X509Certificate(java.security.cert.X509Certificate)

Example 20 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project xipki by xipki.

the class CmpCaClient method getContentVerifierProvider.

// method verifyProtection
public static ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException {
    SdkUtil.requireNonNull("publicKey", publicKey);
    String keyAlg = publicKey.getAlgorithm().toUpperCase();
    DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
    BcContentVerifierProviderBuilder builder;
    if ("RSA".equals(keyAlg)) {
        builder = new BcRSAContentVerifierProviderBuilder(digAlgFinder);
    } else if ("DSA".equals(keyAlg)) {
        builder = new BcDSAContentVerifierProviderBuilder(digAlgFinder);
    } else if ("EC".equals(keyAlg) || "ECDSA".equals(keyAlg)) {
        builder = new BcECContentVerifierProviderBuilder(digAlgFinder);
    } else {
        throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg);
    }
    AsymmetricKeyParameter keyParam;
    if (publicKey instanceof RSAPublicKey) {
        RSAPublicKey rsaKey = (RSAPublicKey) publicKey;
        keyParam = new RSAKeyParameters(false, rsaKey.getModulus(), rsaKey.getPublicExponent());
    } else if (publicKey instanceof ECPublicKey) {
        keyParam = ECUtil.generatePublicKeyParameter(publicKey);
    } else if (publicKey instanceof DSAPublicKey) {
        keyParam = DSAUtil.generatePublicKeyParameter(publicKey);
    } else {
        throw new InvalidKeyException("unknown key " + publicKey.getClass().getName());
    }
    try {
        return builder.build(keyParam);
    } catch (OperatorCreationException ex) {
        throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex);
    }
}
Also used : BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) InvalidKeyException(java.security.InvalidKeyException) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) DSAPublicKey(java.security.interfaces.DSAPublicKey) BcContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcContentVerifierProviderBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BcECContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcECContentVerifierProviderBuilder)

Aggregations

OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)88 IOException (java.io.IOException)51 ContentSigner (org.bouncycastle.operator.ContentSigner)38 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)36 CertificateException (java.security.cert.CertificateException)33 X509Certificate (java.security.cert.X509Certificate)31 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)23 Date (java.util.Date)22 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)19 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)19 CMSException (org.bouncycastle.cms.CMSException)17 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 X500Name (org.bouncycastle.asn1.x500.X500Name)15 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)15 GeneralName (org.bouncycastle.asn1.x509.GeneralName)14 NoSuchProviderException (java.security.NoSuchProviderException)12 CMSSignedData (org.bouncycastle.cms.CMSSignedData)12 GeneralSecurityException (java.security.GeneralSecurityException)11 InvalidKeyException (java.security.InvalidKeyException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)10