Search in sources :

Example 81 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.

the class CaClientExample method buildSigner.

protected static ContentSigner buildSigner(PrivateKey signingKey, String hashAlgo) throws OperatorCreationException {
    String keyAlgo = signingKey.getAlgorithm();
    String sigAlgo;
    if ("EC".equalsIgnoreCase(keyAlgo)) {
        sigAlgo = hashAlgo + "WITHECDSA";
    } else {
        sigAlgo = hashAlgo + "WITH" + keyAlgo;
    }
    return new JcaContentSignerBuilder(sigAlgo).build(signingKey);
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) DERPrintableString(org.bouncycastle.asn1.DERPrintableString)

Example 82 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.

the class ScepUtil method generateRequest.

public static PKCS10CertificationRequest generateRequest(PrivateKey privatekey, SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name subjectDn, Map<ASN1ObjectIdentifier, ASN1Encodable> attributes) throws OperatorCreationException {
    requireNonNull("privatekey", privatekey);
    requireNonNull("subjectPublicKeyInfo", subjectPublicKeyInfo);
    requireNonNull("subjectDn", subjectDn);
    PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(subjectDn, subjectPublicKeyInfo);
    if (attributes != null) {
        for (ASN1ObjectIdentifier attrType : attributes.keySet()) {
            csrBuilder.addAttribute(attrType, attributes.get(attrType));
        }
    }
    ContentSigner contentSigner = new JcaContentSignerBuilder(getSignatureAlgorithm(privatekey, ScepHashAlgo.SHA1)).build(privatekey);
    return csrBuilder.build(contentSigner);
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 83 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.

the class ScepServer method issueSubCaCert.

private static Certificate issueSubCaCert(PrivateKey rcaKey, X500Name issuer, SubjectPublicKeyInfo pubKeyInfo, X500Name subject, BigInteger serialNumber, Date startTime) throws CertIOException, OperatorCreationException {
    Date notAfter = new Date(startTime.getTime() + CaEmulator.DAY_IN_MS * 3650);
    X509v3CertificateBuilder certGenerator = new X509v3CertificateBuilder(issuer, serialNumber, startTime, notAfter, subject, pubKeyInfo);
    X509KeyUsage ku = new X509KeyUsage(X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign);
    certGenerator.addExtension(Extension.keyUsage, true, ku);
    BasicConstraints bc = new BasicConstraints(0);
    certGenerator.addExtension(Extension.basicConstraints, true, bc);
    String signatureAlgorithm = ScepUtil.getSignatureAlgorithm(rcaKey, ScepHashAlgo.SHA256);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(rcaKey);
    return certGenerator.build(contentSigner).toASN1Structure();
}
Also used : X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Date(java.util.Date) X509KeyUsage(org.bouncycastle.jce.X509KeyUsage)

Example 84 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project xipki by xipki.

the class PkiMessage method encode.

public ContentInfo encode(PrivateKey signerKey, String signatureAlgorithm, X509Certificate signerCert, X509Certificate[] signerCertSet, X509Certificate recipientCert, ASN1ObjectIdentifier encAlgId) throws MessageEncodingException {
    ScepUtil.requireNonNull("signerKey", signerKey);
    ContentSigner signer;
    try {
        signer = new JcaContentSignerBuilder(signatureAlgorithm).build(signerKey);
    } catch (OperatorCreationException ex) {
        throw new MessageEncodingException(ex);
    }
    return encode(signer, signerCert, signerCertSet, recipientCert, encAlgId);
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)

Example 85 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project certmgr by hdecarne.

the class X509CRLHelper method generateCRL.

/**
 * Generate a CRL object.
 *
 * @param currentCRL The current CRL object in case of an update (may be {@code null}).
 * @param lastUpdate The last update timestamp to set.
 * @param nextUpdate The next update timestamp to set (may be {@code null}).
 * @param revokeEntries The revoked entries.
 * @param issuerDN The CRL issuer's DN.
 * @param issuerKey The CRL issuer's key pair.
 * @param signatureAlgorithm The signature algorithm to use for signing.
 * @return The generated CRL object.
 * @throws IOException if an error occurs during generation.
 */
public static X509CRL generateCRL(@Nullable X509CRL currentCRL, Date lastUpdate, @Nullable Date nextUpdate, Map<BigInteger, ReasonFlag> revokeEntries, X500Principal issuerDN, KeyPair issuerKey, SignatureAlgorithm signatureAlgorithm) throws IOException {
    LOG.info("CRL generation ''{0}'' started...", issuerDN);
    // Initialize CRL builder
    JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerDN, lastUpdate);
    if (nextUpdate != null) {
        crlBuilder.setNextUpdate(nextUpdate);
    }
    for (Map.Entry<BigInteger, ReasonFlag> revokeEntry : revokeEntries.entrySet()) {
        crlBuilder.addCRLEntry(revokeEntry.getKey(), lastUpdate, revokeEntry.getValue().value());
    }
    X509CRL crl;
    try {
        // Add extensions
        JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
        crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerKey.getPublic()));
        BigInteger nextCRLNumber = getNextCRLNumber(currentCRL);
        crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(nextCRLNumber));
        // Sign and create CRL object
        ContentSigner crlSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(issuerKey.getPrivate());
        crl = new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner));
    } catch (GeneralSecurityException | OperatorCreationException e) {
        throw new CertProviderException(e);
    }
    LOG.info("CRT generation ''{0}'' done", issuerDN);
    return crl;
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509CRL(java.security.cert.X509CRL) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) GeneralSecurityException(java.security.GeneralSecurityException) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder) CertProviderException(de.carne.certmgr.certs.CertProviderException) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) BigInteger(java.math.BigInteger) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) Map(java.util.Map)

Aggregations

JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)133 ContentSigner (org.bouncycastle.operator.ContentSigner)100 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)66 Date (java.util.Date)64 X500Name (org.bouncycastle.asn1.x500.X500Name)63 X509Certificate (java.security.cert.X509Certificate)58 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)56 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)43 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)43 BigInteger (java.math.BigInteger)40 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)39 KeyPair (java.security.KeyPair)33 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)29 KeyPairGenerator (java.security.KeyPairGenerator)25 SecureRandom (java.security.SecureRandom)25 IOException (java.io.IOException)24 KeyStore (java.security.KeyStore)22 CertificateException (java.security.cert.CertificateException)19 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19 ArrayList (java.util.ArrayList)18