use of org.bouncycastle.operator.bc.BcECContentSignerBuilder in project xipki by xipki.
the class P12KeyGenerator method getContentSigner.
// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key) throws Exception {
BcContentSignerBuilder builder;
if (key instanceof RSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
ASN1ObjectIdentifier sigOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
builder = new BcRSAContentSignerBuilder(buildAlgId(sigOid), buildAlgId(hashOid));
} else if (key instanceof DSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
AlgorithmIdentifier sigId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1);
builder = new BcDSAContentSignerBuilder(sigId, buildAlgId(hashOid));
} else if (key instanceof ECPrivateKey) {
HashAlgo hashAlgo;
ASN1ObjectIdentifier sigOid;
int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
if (keysize > 384) {
hashAlgo = HashAlgo.SHA512;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
} else if (keysize > 256) {
hashAlgo = HashAlgo.SHA384;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
} else if (keysize > 224) {
hashAlgo = HashAlgo.SHA224;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA224;
} else if (keysize > 160) {
hashAlgo = HashAlgo.SHA256;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
} else {
hashAlgo = HashAlgo.SHA1;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
}
builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid()));
} else {
throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
}
return builder.build(KeyUtil.generatePrivateKeyParameter(key));
}
use of org.bouncycastle.operator.bc.BcECContentSignerBuilder in project zookeeper by apache.
the class X509TestHelpers method buildAndSignCertificate.
/**
* Signs the certificate being built by the given builder using the given private key and returns the certificate.
* @param privateKey the private key to sign the certificate with.
* @param builder the cert builder that contains the certificate data.
* @return the signed certificate.
* @throws IOException
* @throws OperatorCreationException
* @throws CertificateException
*/
private static X509Certificate buildAndSignCertificate(PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException {
BcContentSignerBuilder signerBuilder;
if (privateKey.getAlgorithm().contains("RSA")) {
// a little hacky way to detect key type, but it works
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
} else {
// if not RSA, assume EC
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withECDSA");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
}
AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded());
ContentSigner signer = signerBuilder.build(privateKeyParam);
return toX509Cert(builder.build(signer));
}
Aggregations