Search in sources :

Example 1 with BcECContentSignerBuilder

use of org.bouncycastle.operator.bc.BcECContentSignerBuilder in project xipki by xipki.

the class P12KeyGenerator method getContentSigner.

// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key) throws Exception {
    BcContentSignerBuilder builder;
    if (key instanceof RSAPrivateKey) {
        ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
        ASN1ObjectIdentifier sigOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
        builder = new BcRSAContentSignerBuilder(buildAlgId(sigOid), buildAlgId(hashOid));
    } else if (key instanceof DSAPrivateKey) {
        ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
        AlgorithmIdentifier sigId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1);
        builder = new BcDSAContentSignerBuilder(sigId, buildAlgId(hashOid));
    } else if (key instanceof ECPrivateKey) {
        HashAlgo hashAlgo;
        ASN1ObjectIdentifier sigOid;
        int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
        if (keysize > 384) {
            hashAlgo = HashAlgo.SHA512;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
        } else if (keysize > 256) {
            hashAlgo = HashAlgo.SHA384;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
        } else if (keysize > 224) {
            hashAlgo = HashAlgo.SHA224;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA224;
        } else if (keysize > 160) {
            hashAlgo = HashAlgo.SHA256;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
        } else {
            hashAlgo = HashAlgo.SHA1;
            sigOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
        }
        builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid()));
    } else {
        throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
    }
    return builder.build(KeyUtil.generatePrivateKeyParameter(key));
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) ECPrivateKey(java.security.interfaces.ECPrivateKey) HashAlgo(org.xipki.security.HashAlgo) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) BcDSAContentSignerBuilder(org.bouncycastle.operator.bc.BcDSAContentSignerBuilder) BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 2 with BcECContentSignerBuilder

use of org.bouncycastle.operator.bc.BcECContentSignerBuilder in project zookeeper by apache.

the class X509TestHelpers method buildAndSignCertificate.

/**
 * Signs the certificate being built by the given builder using the given private key and returns the certificate.
 * @param privateKey the private key to sign the certificate with.
 * @param builder the cert builder that contains the certificate data.
 * @return the signed certificate.
 * @throws IOException
 * @throws OperatorCreationException
 * @throws CertificateException
 */
private static X509Certificate buildAndSignCertificate(PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException {
    BcContentSignerBuilder signerBuilder;
    if (privateKey.getAlgorithm().contains("RSA")) {
        // a little hacky way to detect key type, but it works
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
        signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
    } else {
        // if not RSA, assume EC
        AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withECDSA");
        AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
        signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
    }
    AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded());
    ContentSigner signer = signerBuilder.build(privateKeyParam);
    return toX509Cert(builder.build(signer));
}
Also used : BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) ContentSigner(org.bouncycastle.operator.ContentSigner) BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)

Aggregations

AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2 BcContentSignerBuilder (org.bouncycastle.operator.bc.BcContentSignerBuilder)2 BcECContentSignerBuilder (org.bouncycastle.operator.bc.BcECContentSignerBuilder)2 BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)2 DSAPrivateKey (java.security.interfaces.DSAPrivateKey)1 ECPrivateKey (java.security.interfaces.ECPrivateKey)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)1 ContentSigner (org.bouncycastle.operator.ContentSigner)1 DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)1 DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)1 BcDSAContentSignerBuilder (org.bouncycastle.operator.bc.BcDSAContentSignerBuilder)1 HashAlgo (org.xipki.security.HashAlgo)1