use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project accumulo by apache.
the class CertUtils method generateCert.
private Certificate generateCert(KeyPair kp, boolean isCertAuthority, PublicKey signerPublicKey, PrivateKey signerPrivateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException {
Calendar startDate = Calendar.getInstance();
Calendar endDate = Calendar.getInstance();
endDate.add(Calendar.YEAR, 100);
BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber, startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
if (isCertAuthority) {
certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
}
X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
return new JcaX509CertificateConverter().getCertificate(cert);
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project photon-model by vmware.
the class CertificateUtil method generateCertificateAndSign.
private static CertChainKeyPair generateCertificateAndSign(String fqdn, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, List<ExtensionHolder> extensions) throws CertificateException, CertIOException, OperatorCreationException {
AssertUtil.assertNotNull(issuerCertificate, "issuerCertificate");
AssertUtil.assertNotNull(issuerPrivateKey, "issuerPrivateKey");
// private key that we are creating certificate for
KeyPair pair = KeyUtil.generateRSAKeyPair();
PublicKey publicKey = pair.getPublic();
PrivateKey privateKey = convertToSunImpl(pair.getPrivate());
ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(PROVIDER).build(issuerPrivateKey);
X500Name subjectName = new X500Name("CN=" + fqdn);
// serial number of certificate
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
// valid from
Date notBefore = generateNotBeforeDate();
// valid to
Date notAfter = generateNotAfterDate(notBefore, DEFAULT_VALIDITY);
X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerCertificate, serial, notBefore, notAfter, subjectName, publicKey);
for (ExtensionHolder extension : extensions) {
certBuilder.addExtension(extension.getOID(), extension.isCritical(), extension.getValue());
}
X509CertificateHolder certificateHolder = certBuilder.build(signer);
X509Certificate certificate = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certificateHolder);
List<X509Certificate> certificateChain = new ArrayList<>(2);
certificateChain.add(certificate);
certificateChain.add(issuerCertificate);
return new CertChainKeyPair(certificateChain, certificate, privateKey);
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project candlepin by candlepin.
the class X509CRLStreamWriter method createContentSigner.
protected ContentSigner createContentSigner(AlgorithmIdentifier signingAlg, PrivateKey key) throws OperatorCreationException {
String algorithm = new DefaultAlgorithmNameFinder().getAlgorithmName(signingAlg);
JcaContentSignerBuilder builder = new JcaContentSignerBuilder(algorithm).setProvider(BC_PROVIDER);
return builder.build(key);
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project candlepin by candlepin.
the class X509CRLEntryStreamTest method setUp.
@Before
public void setUp() throws Exception {
URL url = X509CRLEntryStreamTest.class.getClassLoader().getResource("crl.der");
derFile = new File(url.getFile());
url = X509CRLEntryStreamTest.class.getClassLoader().getResource("crl.pem");
pemFile = new File(url.getFile());
issuer = new X500Name("CN=Test Issuer");
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
keyPair = generator.generateKeyPair();
signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC_PROVIDER).build(keyPair.getPrivate());
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project keystore-explorer by kaikramer.
the class X509CertificateGenerator method generateVersion1.
private X509Certificate generateVersion1(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber) throws CryptoException {
Date notBefore = validityStart == null ? new Date() : validityStart;
Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;
JcaX509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey);
try {
ContentSigner certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build(privateKey);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner));
} catch (CertificateException | IllegalStateException | OperatorCreationException ex) {
throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex);
}
}
Aggregations