Search in sources :

Example 91 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project accumulo by apache.

the class CertUtils method generateCert.

private Certificate generateCert(KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException {
    Calendar startDate = Calendar.getInstance();
    Calendar endDate = Calendar.getInstance();
    endDate.add(Calendar.YEAR, 100);
    BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
    X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
    certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
    certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
    certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
    if (isCertAuthority) {
        certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
    }
    X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
    return new JcaX509CertificateConverter().getCertificate(cert);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) Calendar(java.util.Calendar) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 92 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project photon-model by vmware.

the class CertificateUtil method generateCertificateAndSign.

private static CertChainKeyPair generateCertificateAndSign(String fqdn, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, List<ExtensionHolder> extensions) throws CertificateException, CertIOException, OperatorCreationException {
    AssertUtil.assertNotNull(issuerCertificate, "issuerCertificate");
    AssertUtil.assertNotNull(issuerPrivateKey, "issuerPrivateKey");
    // private key that we are creating certificate for
    KeyPair pair = KeyUtil.generateRSAKeyPair();
    PublicKey publicKey = pair.getPublic();
    PrivateKey privateKey = convertToSunImpl(pair.getPrivate());
    ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(PROVIDER).build(issuerPrivateKey);
    X500Name subjectName = new X500Name("CN=" + fqdn);
    // serial number of certificate
    BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
    // valid from
    Date notBefore = generateNotBeforeDate();
    // valid to
    Date notAfter = generateNotAfterDate(notBefore, DEFAULT_VALIDITY);
    X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerCertificate, serial, notBefore, notAfter, subjectName, publicKey);
    for (ExtensionHolder extension : extensions) {
        certBuilder.addExtension(extension.getOID(), extension.isCritical(), extension.getValue());
    }
    X509CertificateHolder certificateHolder = certBuilder.build(signer);
    X509Certificate certificate = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certificateHolder);
    List<X509Certificate> certificateChain = new ArrayList<>(2);
    certificateChain.add(certificate);
    certificateChain.add(issuerCertificate);
    return new CertChainKeyPair(certificateChain, certificate, privateKey);
}
Also used : KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) ArrayList(java.util.ArrayList) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger)

Example 93 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project candlepin by candlepin.

the class X509CRLStreamWriter method createContentSigner.

protected ContentSigner createContentSigner(AlgorithmIdentifier signingAlg, PrivateKey key) throws OperatorCreationException {
    String algorithm = new DefaultAlgorithmNameFinder().getAlgorithmName(signingAlg);
    JcaContentSignerBuilder builder = new JcaContentSignerBuilder(algorithm).setProvider(BC_PROVIDER);
    return builder.build(key);
}
Also used : DefaultAlgorithmNameFinder(org.bouncycastle.operator.DefaultAlgorithmNameFinder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) DERBitString(org.bouncycastle.asn1.DERBitString) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1BitString(org.bouncycastle.asn1.ASN1BitString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 94 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project candlepin by candlepin.

the class X509CRLEntryStreamTest method setUp.

@Before
public void setUp() throws Exception {
    URL url = X509CRLEntryStreamTest.class.getClassLoader().getResource("crl.der");
    derFile = new File(url.getFile());
    url = X509CRLEntryStreamTest.class.getClassLoader().getResource("crl.pem");
    pemFile = new File(url.getFile());
    issuer = new X500Name("CN=Test Issuer");
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
    generator.initialize(2048);
    keyPair = generator.generateKeyPair();
    signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC_PROVIDER).build(keyPair.getPrivate());
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyPairGenerator(java.security.KeyPairGenerator) File(java.io.File) URL(java.net.URL) Before(org.junit.Before)

Example 95 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project keystore-explorer by kaikramer.

the class X509CertificateGenerator method generateVersion1.

private X509Certificate generateVersion1(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber) throws CryptoException {
    Date notBefore = validityStart == null ? new Date() : validityStart;
    Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;
    JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey);
    try {
        ContentSigner certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build(privateKey);
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner));
    } catch (CertificateException | IllegalStateException | OperatorCreationException ex) {
        throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex);
    }
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) ContentSigner(org.bouncycastle.operator.ContentSigner) CertificateException(java.security.cert.CertificateException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CryptoException(org.kse.crypto.CryptoException) Date(java.util.Date) JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)

Aggregations

JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)133 ContentSigner (org.bouncycastle.operator.ContentSigner)100 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)66 Date (java.util.Date)64 X500Name (org.bouncycastle.asn1.x500.X500Name)63 X509Certificate (java.security.cert.X509Certificate)58 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)56 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)43 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)43 BigInteger (java.math.BigInteger)40 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)39 KeyPair (java.security.KeyPair)33 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)29 KeyPairGenerator (java.security.KeyPairGenerator)25 SecureRandom (java.security.SecureRandom)25 IOException (java.io.IOException)24 KeyStore (java.security.KeyStore)22 CertificateException (java.security.cert.CertificateException)19 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19 ArrayList (java.util.ArrayList)18