use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project xipki by xipki.
the class P12KeyGenerator method getContentSigner.
// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key) throws Exception {
BcContentSignerBuilder builder;
if (key instanceof RSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
ASN1ObjectIdentifier sigOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
builder = new BcRSAContentSignerBuilder(buildAlgId(sigOid), buildAlgId(hashOid));
} else if (key instanceof DSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
AlgorithmIdentifier sigId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1);
builder = new BcDSAContentSignerBuilder(sigId, buildAlgId(hashOid));
} else if (key instanceof ECPrivateKey) {
HashAlgo hashAlgo;
ASN1ObjectIdentifier sigOid;
int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
if (keysize > 384) {
hashAlgo = HashAlgo.SHA512;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
} else if (keysize > 256) {
hashAlgo = HashAlgo.SHA384;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
} else if (keysize > 224) {
hashAlgo = HashAlgo.SHA224;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA224;
} else if (keysize > 160) {
hashAlgo = HashAlgo.SHA256;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
} else {
hashAlgo = HashAlgo.SHA1;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
}
builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid()));
} else {
throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
}
return builder.build(KeyUtil.generatePrivateKeyParameter(key));
}
use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project xipki by xipki.
the class SoftTokenContentSignerBuilder method createSigner.
public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism, SecureRandom random) throws XiSecurityException, NoSuchPaddingException {
ParamUtil.requireNonNull("signatureAlgId", signatureAlgId);
ParamUtil.requireMin("parallelism", parallelism, 1);
List<XiContentSigner> signers = new ArrayList<>(parallelism);
final String provName = "SunJCE";
if (Security.getProvider(provName) != null) {
String algoName;
try {
algoName = AlgorithmUtil.getSignatureAlgoName(signatureAlgId);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage());
}
try {
for (int i = 0; i < parallelism; i++) {
Signature signature = Signature.getInstance(algoName, provName);
signature.initSign(key);
if (i == 0) {
signature.update(new byte[] { 1, 2, 3, 4 });
signature.sign();
}
XiContentSigner signer = new SignatureSigner(signatureAlgId, signature, key);
signers.add(signer);
}
} catch (Exception ex) {
signers.clear();
}
}
if (CollectionUtil.isEmpty(signers)) {
BcContentSignerBuilder signerBuilder;
AsymmetricKeyParameter keyparam;
try {
if (key instanceof RSAPrivateKey) {
keyparam = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) key);
signerBuilder = new RSAContentSignerBuilder(signatureAlgId);
} else if (key instanceof DSAPrivateKey) {
keyparam = DSAUtil.generatePrivateKeyParameter(key);
signerBuilder = new DSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
} else if (key instanceof ECPrivateKey) {
keyparam = ECUtil.generatePrivateKeyParameter(key);
EllipticCurve curve = ((ECPrivateKey) key).getParams().getCurve();
if (GMUtil.isSm2primev2Curve(curve)) {
signerBuilder = new SM2ContentSignerBuilder();
} else {
signerBuilder = new ECDSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
}
} else {
throw new XiSecurityException("unsupported key " + key.getClass().getName());
}
} catch (InvalidKeyException ex) {
throw new XiSecurityException("invalid key", ex);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException("no such algorithm", ex);
}
for (int i = 0; i < parallelism; i++) {
if (random != null) {
signerBuilder.setSecureRandom(random);
}
ContentSigner signer;
try {
signer = signerBuilder.build(keyparam);
} catch (OperatorCreationException ex) {
throw new XiSecurityException("operator creation error", ex);
}
signers.add(new XiWrappedContentSigner(signer, true));
}
}
final boolean mac = false;
ConcurrentContentSigner concurrentSigner;
try {
concurrentSigner = new DfltConcurrentContentSigner(mac, signers, key);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
if (certificateChain != null) {
concurrentSigner.setCertificateChain(certificateChain);
} else {
concurrentSigner.setPublicKey(publicKey);
}
return concurrentSigner;
}
use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project zookeeper by apache.
the class X509TestHelpers method buildAndSignCertificate.
/**
* Signs the certificate being built by the given builder using the given private key and returns the certificate.
* @param privateKey the private key to sign the certificate with.
* @param builder the cert builder that contains the certificate data.
* @return the signed certificate.
* @throws IOException
* @throws OperatorCreationException
* @throws CertificateException
*/
private static X509Certificate buildAndSignCertificate(PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException {
BcContentSignerBuilder signerBuilder;
if (privateKey.getAlgorithm().contains("RSA")) {
// a little hacky way to detect key type, but it works
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
} else {
// if not RSA, assume EC
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withECDSA");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
}
AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded());
ContentSigner signer = signerBuilder.build(privateKeyParam);
return toX509Cert(builder.build(signer));
}
use of org.bouncycastle.operator.bc.BcContentSignerBuilder in project vertx-tcp-eventbus-bridge by vert-x3.
the class SSLKeyPairCerts method generateSelfSignedCert.
// refer to: https://github.com/vert-x3/vertx-config/blob/4.0.0-milestone4/vertx-config-vault/src/test/java/io/vertx/config/vault/utils/Certificates.java#L149
private X509Certificate generateSelfSignedCert(String certSub, KeyPair keyPair) throws Exception {
final X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(new org.bouncycastle.asn1.x500.X500Name(certSub), BigInteger.ONE, new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), new X500Name(certSub), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
certificateBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName, false, subjectAltNames);
final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
final BcContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
final AsymmetricKeyParameter keyp = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
final ContentSigner signer = signerBuilder.build(keyp);
final X509CertificateHolder x509CertificateHolder = certificateBuilder.build(signer);
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
certificate.checkValidity(new Date());
certificate.verify(keyPair.getPublic());
return certificate;
}
Aggregations