use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.
the class CaClientExample method buildSigner.
protected static ContentSigner buildSigner(PrivateKey signingKey, String hashAlgo) throws OperatorCreationException {
String keyAlgo = signingKey.getAlgorithm();
String sigAlgo;
if ("EC".equalsIgnoreCase(keyAlgo)) {
sigAlgo = hashAlgo + "WITHECDSA";
} else {
sigAlgo = hashAlgo + "WITH" + keyAlgo;
}
return new JcaContentSignerBuilder(sigAlgo).build(signingKey);
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.
the class ScepUtil method generateRequest.
public static PKCS10CertificationRequest generateRequest(PrivateKey privatekey, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name subjectDn, Map<ASN1ObjectIdentifier, ASN1Encodable> attributes) throws OperatorCreationException {
requireNonNull("privatekey", privatekey);
requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo);
requireNonNull("subjectDn", subjectDn);
PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(subjectDn, subjectPublicKeyInfo);
if (attributes != null) {
for (ASN1ObjectIdentifier attrType : attributes.keySet()) {
csrBuilder.addAttribute(attrType, attributes.get(attrType));
}
}
ContentSigner contentSigner = new JcaContentSignerBuilder(getSignatureAlgorithm(privatekey, ScepHashAlgo.SHA1)).build(privatekey);
return csrBuilder.build(contentSigner);
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.
the class ScepServer method issueSubCaCert.
private static Certificate issueSubCaCert(PrivateKey rcaKey, X500Name issuer, SubjectPublicKeyInfo pubKeyInfo, X500Name subject, BigInteger serialNumber, Date startTime) throws CertIOException, OperatorCreationException {
Date notAfter = new Date(startTime.getTime() + CaEmulator.DAY_IN_MS * 3650);
X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(issuer, serialNumber, startTime, notAfter, subject, pubKeyInfo);
X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign);
certGenerator.addExtension(Extension.keyUsage, true, ku);
BasicConstraints bc = new BasicConstraints(0);
certGenerator.addExtension(Extension.basicConstraints, true, bc);
String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(rcaKey, ScepHashAlgo.SHA256);
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(rcaKey);
return certGenerator.build(contentSigner).toASN1Structure();
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.
the class PkiMessage method encode.
public ContentInfo encode(PrivateKey signerKey, String signatureAlgorithm, X509Certificate signerCert, X509Certificate[] signerCertSet, X509Certificate recipientCert, ASN1ObjectIdentifier encAlgId) throws MessageEncodingException {
ScepUtil.requireNonNull("signerKey", signerKey);
ContentSigner signer;
try {
signer = new JcaContentSignerBuilder(signatureAlgorithm).build(signerKey);
} catch (OperatorCreationException ex) {
throw new MessageEncodingException(ex);
}
return encode(signer, signerCert, signerCertSet, recipientCert, encAlgId);
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project certmgr by hdecarne.
the class X509CRLHelper method generateCRL.
/**
* Generate a CRL object.
*
* @param currentCRL The current CRL object in case of an update (may be {@code null}).
* @param lastUpdate The last update timestamp to set.
* @param nextUpdate The next update timestamp to set (may be {@code null}).
* @param revokeEntries The revoked entries.
* @param issuerDN The CRL issuer's DN.
* @param issuerKey The CRL issuer's key pair.
* @param signatureAlgorithm The signature algorithm to use for signing.
* @return The generated CRL object.
* @throws IOException if an error occurs during generation.
*/
public static X509CRL generateCRL(@Nullable X509CRL currentCRL, Date lastUpdate, @Nullable Date nextUpdate, Map<BigInteger, ReasonFlag> revokeEntries, X500Principal issuerDN, KeyPair issuerKey, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CRL generation ''{0}'' started...", issuerDN);
// Initialize CRL builder
JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerDN, lastUpdate);
if (nextUpdate != null) {
crlBuilder.setNextUpdate(nextUpdate);
}
for (Map.Entry<BigInteger, ReasonFlag> revokeEntry : revokeEntries.entrySet()) {
crlBuilder.addCRLEntry(revokeEntry.getKey(), lastUpdate, revokeEntry.getValue().value());
}
X509CRL crl;
try {
// Add extensions
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerKey.getPublic()));
BigInteger nextCRLNumber = getNextCRLNumber(currentCRL);
crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(nextCRLNumber));
// Sign and create CRL object
ContentSigner crlSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(issuerKey.getPrivate());
crl = new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner));
} catch (GeneralSecurityException | OperatorCreationException e) {
throw new CertProviderException(e);
}
LOG.info("CRT generation ''{0}'' done", issuerDN);
return crl;
}
Aggregations