use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project felix by apache.
the class DPSigner method calculateSignatureBlock.
private byte[] calculateSignatureBlock(PrivateKey privKey, X509Certificate cert, byte[] sfRawBytes) throws Exception {
String signatureAlgorithm = getSignatureAlgorithm(privKey);
DigestCalculatorProvider digestCalculatorProvider = new JcaDigestCalculatorProviderBuilder().build();
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digestCalculatorProvider).build(signer, cert));
gen.addCertificates(new JcaCertStore(Arrays.asList(cert)));
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(sfRawBytes));
return sigData.getEncoded();
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project Spark by igniterealtime.
the class IdentityController method createCSR.
/**
* Creates Certificate Signing Request.
*
* @throws IOException
* @throws OperatorCreationException
*/
public PKCS10CertificationRequest createCSR(KeyPair keyPair) throws IOException, OperatorCreationException {
X500Principal principal = new X500Principal(createX500NameString());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
return csr;
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project Spark by igniterealtime.
the class IdentityController method createSelfSignedCertificate.
public X509Certificate createSelfSignedCertificate(KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, CertIOException, OperatorCreationException, CertificateException {
long serial = System.currentTimeMillis();
SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
X500Name name = new X500Name(createX500NameString());
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(name, BigInteger.valueOf(serial), new Date(System.currentTimeMillis() - 1000000000), new Date(System.currentTimeMillis() + 1000000000), name, keyInfo);
certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
certBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
X509CertificateHolder certHolder = certBuilder.build(signer);
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
return cert;
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project drill by axbaretto.
the class WebServer method createHttpsConnector.
/**
* Create an HTTPS connector for given jetty server instance. If the admin has specified keystore/truststore settings
* they will be used else a self-signed certificate is generated and used.
*
* @return Initialized {@link ServerConnector} for HTTPS connections.
* @throws Exception
*/
private ServerConnector createHttpsConnector(int port, int acceptors, int selectors) throws Exception {
logger.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
SSLConfig ssl = new SSLConfigBuilder().config(config).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
if (ssl.isSslValid()) {
logger.info("Using configured SSL settings for web server");
sslContextFactory.setKeyStorePath(ssl.getKeyStorePath());
sslContextFactory.setKeyStorePassword(ssl.getKeyStorePassword());
sslContextFactory.setKeyManagerPassword(ssl.getKeyPassword());
if (ssl.hasTrustStorePath()) {
sslContextFactory.setTrustStorePath(ssl.getTrustStorePath());
if (ssl.hasTrustStorePassword()) {
sslContextFactory.setTrustStorePassword(ssl.getTrustStorePassword());
}
}
} else {
logger.info("Using generated self-signed SSL settings for web server");
final SecureRandom random = new SecureRandom();
// Generate a private-public key pair
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, random);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final DateTime now = DateTime.now();
// Create builder for certificate attributes
final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, workManager.getContext().getEndpoint().getAddress());
final Date notBefore = now.minusMinutes(1).toDate();
final Date notAfter = now.plusYears(5).toDate();
final BigInteger serialNumber = new BigInteger(128, random);
// Create a certificate valid for 5years from now.
final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
// Sign the certificate using the private key
final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
// Check the validity
certificate.checkValidity(now.toDate());
// Make sure the certificate is self-signed.
certificate.verify(certificate.getPublicKey());
// Generate a random password for keystore protection
final String keyStorePasswd = RandomStringUtils.random(20);
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePasswd);
}
final HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(embeddedJetty, null, null, null, acceptors, selectors, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
return sslConnector;
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.
the class CmpCaClient method buildSigner.
// method send
private ContentSigner buildSigner(PrivateKey signingKey) throws OperatorCreationException {
String keyAlgo = signingKey.getAlgorithm();
String sigAlgo;
if ("EC".equalsIgnoreCase(keyAlgo)) {
sigAlgo = hashAlgo + "WITHECDSA";
} else {
sigAlgo = hashAlgo + "WITH" + keyAlgo;
}
return new JcaContentSignerBuilder(sigAlgo).build(signingKey);
}
Aggregations