Search in sources :

Example 1 with BcContentSignerBuilder

use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project xipki by xipki.

the class P12KeyGenerator method getContentSigner.

// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key) throws Exception {
    BcContentSignerBuilder builder;
    if (key instanceof RSAPrivateKey) {
        ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
        ASN1ObjectIdentifier sigOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
        builder = new BcRSAContentSignerBuilder(buildAlgId(sigOid), buildAlgId(hashOid));
    } else if (key instanceof DSAPrivateKey) {
        ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
        AlgorithmIdentifier sigId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1);
        builder = new BcDSAContentSignerBuilder(sigId, buildAlgId(hashOid));
    } else if (key instanceof ECPrivateKey) {
        HashAlgo hashAlgo;
        ASN1ObjectIdentifier sigOid;
        int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
        if (keysize > 384) {
            hashAlgo = HashAlgo.SHA512;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
        } else if (keysize > 256) {
            hashAlgo = HashAlgo.SHA384;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
        } else if (keysize > 224) {
            hashAlgo = HashAlgo.SHA224;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA224;
        } else if (keysize > 160) {
            hashAlgo = HashAlgo.SHA256;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
        } else {
            hashAlgo = HashAlgo.SHA1;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
        }
        builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid()));
    } else {
        throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
    }
    return builder.build(KeyUtil.generatePrivateKeyParameter(key));
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) ECPrivateKey(java.security.interfaces.ECPrivateKey) HashAlgo(org.xipki.security.HashAlgo) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) BcDSAContentSignerBuilder(org.bouncycastle.operator.bc.BcDSAContentSignerBuilder) BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 2 with BcContentSignerBuilder

use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project xipki by xipki.

the class SoftTokenContentSignerBuilder method createSigner.

public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism, SecureRandom random) throws XiSecurityException, NoSuchPaddingException {
    ParamUtil.requireNonNull("signatureAlgId", signatureAlgId);
    ParamUtil.requireMin("parallelism", parallelism, 1);
    List<XiContentSigner> signers = new ArrayList<>(parallelism);
    final String provName = "SunJCE";
    if (Security.getProvider(provName) != null) {
        String algoName;
        try {
            algoName = AlgorithmUtil.getSignatureAlgoName(signatureAlgId);
        } catch (NoSuchAlgorithmException ex) {
            throw new XiSecurityException(ex.getMessage());
        }
        try {
            for (int i = 0; i < parallelism; i++) {
                Signature signature = Signature.getInstance(algoName, provName);
                signature.initSign(key);
                if (i == 0) {
                    signature.update(new byte[] { 1, 2, 3, 4 });
                    signature.sign();
                }
                XiContentSigner signer = new SignatureSigner(signatureAlgId, signature, key);
                signers.add(signer);
            }
        } catch (Exception ex) {
            signers.clear();
        }
    }
    if (CollectionUtil.isEmpty(signers)) {
        BcContentSignerBuilder signerBuilder;
        AsymmetricKeyParameter keyparam;
        try {
            if (key instanceof RSAPrivateKey) {
                keyparam = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) key);
                signerBuilder = new RSAContentSignerBuilder(signatureAlgId);
            } else if (key instanceof DSAPrivateKey) {
                keyparam = DSAUtil.generatePrivateKeyParameter(key);
                signerBuilder = new DSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
            } else if (key instanceof ECPrivateKey) {
                keyparam = ECUtil.generatePrivateKeyParameter(key);
                EllipticCurve curve = ((ECPrivateKey) key).getParams().getCurve();
                if (GMUtil.isSm2primev2Curve(curve)) {
                    signerBuilder = new SM2ContentSignerBuilder();
                } else {
                    signerBuilder = new ECDSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
                }
            } else {
                throw new XiSecurityException("unsupported key " + key.getClass().getName());
            }
        } catch (InvalidKeyException ex) {
            throw new XiSecurityException("invalid key", ex);
        } catch (NoSuchAlgorithmException ex) {
            throw new XiSecurityException("no such algorithm", ex);
        }
        for (int i = 0; i < parallelism; i++) {
            if (random != null) {
                signerBuilder.setSecureRandom(random);
            }
            ContentSigner signer;
            try {
                signer = signerBuilder.build(keyparam);
            } catch (OperatorCreationException ex) {
                throw new XiSecurityException("operator creation error", ex);
            }
            signers.add(new XiWrappedContentSigner(signer, true));
        }
    }
    final boolean mac = false;
    ConcurrentContentSigner concurrentSigner;
    try {
        concurrentSigner = new DfltConcurrentContentSigner(mac, signers, key);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    if (certificateChain != null) {
        concurrentSigner.setCertificateChain(certificateChain);
    } else {
        concurrentSigner.setPublicKey(publicKey);
    }
    return concurrentSigner;
}
Also used : ArrayList(java.util.ArrayList) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) XiSecurityException(org.xipki.security.exception.XiSecurityException) XiWrappedContentSigner(org.xipki.security.XiWrappedContentSigner) DfltConcurrentContentSigner(org.xipki.security.DfltConcurrentContentSigner) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) XiContentSigner(org.xipki.security.XiContentSigner) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder) ECPrivateKey(java.security.interfaces.ECPrivateKey) DfltConcurrentContentSigner(org.xipki.security.DfltConcurrentContentSigner) ContentSigner(org.bouncycastle.operator.ContentSigner) XiContentSigner(org.xipki.security.XiContentSigner) XiWrappedContentSigner(org.xipki.security.XiWrappedContentSigner) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) InvalidKeyException(java.security.InvalidKeyException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) XiSecurityException(org.xipki.security.exception.XiSecurityException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchProviderException(java.security.NoSuchProviderException) SignatureSigner(org.xipki.security.SignatureSigner) DfltConcurrentContentSigner(org.xipki.security.DfltConcurrentContentSigner) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) EllipticCurve(java.security.spec.EllipticCurve) Signature(java.security.Signature) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey)

Example 3 with BcContentSignerBuilder

use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project zookeeper by apache.

the class X509TestHelpers method buildAndSignCertificate.

/**
 * Signs the certificate being built by the given builder using the given private key and returns the certificate.
 * @param privateKey the private key to sign the certificate with.
 * @param builder the cert builder that contains the certificate data.
 * @return the signed certificate.
 * @throws IOException
 * @throws OperatorCreationException
 * @throws CertificateException
 */
private static X509Certificate buildAndSignCertificate(PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException {
    BcContentSignerBuilder signerBuilder;
    if (privateKey.getAlgorithm().contains("RSA")) {
        // a little hacky way to detect key type, but it works
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
        signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
    } else {
        // if not RSA, assume EC
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withECDSA");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
        signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
    }
    AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded());
    ContentSigner signer = signerBuilder.build(privateKeyParam);
    return toX509Cert(builder.build(signer));
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) ContentSigner(org.bouncycastle.operator.ContentSigner) BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)

Example 4 with BcContentSignerBuilder

use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project vertx-tcp-eventbus-bridge by vert-x3.

the class SSLKeyPairCerts method generateSelfSignedCert.

// refer to: https://github.com/vert-x3/vertx-config/blob/4.0.0-milestone4/vertx-config-vault/src/test/java/io/vertx/config/vault/utils/Certificates.java#L149
private X509Certificate generateSelfSignedCert(String certSub, KeyPair keyPair) throws Exception {
    final X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(new org.bouncycastle.asn1.x500.X500Name(certSub), BigInteger.ONE, new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), new X500Name(certSub), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
    final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
    certificateBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName, false, subjectAltNames);
    final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
    final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    final BcContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
    final AsymmetricKeyParameter keyp = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
    final ContentSigner signer = signerBuilder.build(keyp);
    final X509CertificateHolder x509CertificateHolder = certificateBuilder.build(signer);
    final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
    certificate.checkValidity(new Date());
    certificate.verify(keyPair.getPublic());
    return certificate;
}
Also used : ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder)

Aggregations

BcContentSignerBuilder (org.bouncycastle.operator.bc.BcContentSignerBuilder)4 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)3 AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)3 ContentSigner (org.bouncycastle.operator.ContentSigner)3 BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)3 DSAPrivateKey (java.security.interfaces.DSAPrivateKey)2 ECPrivateKey (java.security.interfaces.ECPrivateKey)2 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2 DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)2 DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)2 BcECContentSignerBuilder (org.bouncycastle.operator.bc.BcECContentSignerBuilder)2 IOException (java.io.IOException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 Signature (java.security.Signature)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1