Example 1 with BcECContentSignerBuilder
use of org.bouncycastle.operator.bc.BcECContentSignerBuilder in project xipki by xipki.
the class P12KeyGenerator method getContentSigner.
// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key) throws Exception {
BcContentSignerBuilder builder;
if (key instanceof RSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
ASN1ObjectIdentifier sigOid = PKCSObjectIdentifiers.sha1WithRSAEncryption;
builder = new BcRSAContentSignerBuilder(buildAlgId(sigOid), buildAlgId(hashOid));
} else if (key instanceof DSAPrivateKey) {
ASN1ObjectIdentifier hashOid = X509ObjectIdentifiers.id_SHA1;
AlgorithmIdentifier sigId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1);
builder = new BcDSAContentSignerBuilder(sigId, buildAlgId(hashOid));
} else if (key instanceof ECPrivateKey) {
HashAlgo hashAlgo;
ASN1ObjectIdentifier sigOid;
int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
if (keysize > 384) {
hashAlgo = HashAlgo.SHA512;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA512;
} else if (keysize > 256) {
hashAlgo = HashAlgo.SHA384;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA384;
} else if (keysize > 224) {
hashAlgo = HashAlgo.SHA224;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA224;
} else if (keysize > 160) {
hashAlgo = HashAlgo.SHA256;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA256;
} else {
hashAlgo = HashAlgo.SHA1;
sigOid = X9ObjectIdentifiers.ecdsa_with_SHA1;
}
builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid()));
} else {
throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
}
return builder.build(KeyUtil.generatePrivateKeyParameter(key));
}
Also used :
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
HashAlgo(org.xipki.security.HashAlgo)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
BcDSAContentSignerBuilder(org.bouncycastle.operator.bc.BcDSAContentSignerBuilder)
BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder)
BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Example 2 with BcECContentSignerBuilder
use of org.bouncycastle.operator.bc.BcECContentSignerBuilder in project zookeeper by apache.
the class X509TestHelpers method buildAndSignCertificate.
/**
* Signs the certificate being built by the given builder using the given private key and returns the certificate.
* @param privateKey the private key to sign the certificate with.
* @param builder the cert builder that contains the certificate data.
* @return the signed certificate.
* @throws IOException
* @throws OperatorCreationException
* @throws CertificateException
*/
private static X509Certificate buildAndSignCertificate(PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException {
BcContentSignerBuilder signerBuilder;
if (privateKey.getAlgorithm().contains("RSA")) {
// a little hacky way to detect key type, but it works
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
} else {
// if not RSA, assume EC
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withECDSA");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm);
}
AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded());
ContentSigner signer = signerBuilder.build(privateKeyParam);
return toX509Cert(builder.build(signer));
}
Also used :
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
ContentSigner(org.bouncycastle.operator.ContentSigner)
BcECContentSignerBuilder(org.bouncycastle.operator.bc.BcECContentSignerBuilder)
BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
Aggregations
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2
BcContentSignerBuilder (org.bouncycastle.operator.bc.BcContentSignerBuilder)2
BcECContentSignerBuilder (org.bouncycastle.operator.bc.BcECContentSignerBuilder)2
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)2
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)1
ECPrivateKey (java.security.interfaces.ECPrivateKey)1
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1
AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)1
ContentSigner (org.bouncycastle.operator.ContentSigner)1
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)1
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)1
BcDSAContentSignerBuilder (org.bouncycastle.operator.bc.BcDSAContentSignerBuilder)1
HashAlgo (org.xipki.security.HashAlgo)1
