use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project certmgr by hdecarne.
the class PKCS10CertificateRequest method generateCSR.
/**
* Generate a CSR object.
*
* @param dn The CSR's Distinguished Name (DN).
* @param key The CSR's key pair
* @param extensions The CRT's extension objects.
* @param signatureAlgorithm The signature algorithm to use.
* @return The generated CSR object.
* @throws IOException if an error occurs during generation.
*/
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key, List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
LOG.info("CSR generation ''{0}'' started...", dn);
// Initialize CSR builder
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
// Add custom extension objects
ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
for (X509ExtensionData extensionData : extensions) {
extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(), extensionData.encode());
}
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
PKCS10CertificateRequest csr;
try {
// Sign CSR
ContentSigner csrSigner;
csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
csr = fromPKCS10(csrBuilder.build(csrSigner));
} catch (OperatorCreationException e) {
throw new CertProviderException(e);
}
LOG.info("CSR generation ''{0}'' done", dn);
return csr;
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project vespa by vespa-engine.
the class AthenzIdentityVerifierTest method createSelfSignedCertificate.
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity) throws OperatorCreationException, CertIOException, CertificateException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN=" + identity.getFullName());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()).addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificateBuilder.build(contentSigner));
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project vespa by vespa-engine.
the class Pkcs10CsrBuilder method build.
public Pkcs10Csr build() {
try {
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
ExtensionsGenerator extGen = new ExtensionsGenerator();
if (basicConstraintsExtension != null) {
extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
}
if (!subjectAlternativeNames.isEmpty()) {
GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
}
requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
return new Pkcs10Csr(requestBuilder.build(contentSigner));
} catch (OperatorCreationException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project groovity by disney.
the class TestKeyUtils method generateCertificate.
public Certificate generateCertificate(KeyPair keyPair) throws Exception {
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name("CN=Some authority, OU=DATG, O=Disney, C=US"), new BigInteger(64, new SecureRandom()), // yesterday
new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000), // 10 years
new Date(System.currentTimeMillis() + 10 * 365 * 24 * 60 * 60 * 1000), new X500Name("DN=mySubject"), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = builder.build(keyPair.getPrivate());
byte[] certBytes = certBuilder.build(signer).getEncoded();
Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certBytes));
return cert;
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project groovity by disney.
the class TestHttpSignature method generateCertificate.
public X509Certificate generateCertificate(KeyPair keyPair) throws Exception {
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name("CN=localhost"), new BigInteger(64, new SecureRandom()), // yesterday
new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000), // 10 years
new Date(System.currentTimeMillis() + 10 * 365 * 24 * 60 * 60 * 1000), new X500Name("CN=localhost"), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = builder.build(keyPair.getPrivate());
byte[] certBytes = certBuilder.build(signer).getEncoded();
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certBytes));
}
Aggregations