use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project keystore-explorer by kaikramer.
the class DSignCsr method main.
// for quick testing
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider());
UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
java.awt.EventQueue.invokeLater(new Runnable() {
@Override
public void run() {
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
keyGen.initialize(1024);
KeyPair keyPair = keyGen.genKeyPair();
JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("cn=test"), keyPair.getPublic());
PKCS10CertificationRequest csr = csrBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(keyPair.getPrivate()));
DSignCsr dialog = new DSignCsr(new javax.swing.JFrame(), csr, new File(System.getProperty("user.dir"), "test.csr"), keyPair.getPrivate(), KeyPairType.RSA, null, new BouncyCastleProvider());
dialog.addWindowListener(new java.awt.event.WindowAdapter() {
@Override
public void windowClosing(java.awt.event.WindowEvent e) {
System.exit(0);
}
});
dialog.setVisible(true);
} catch (Exception e) {
e.printStackTrace();
}
}
});
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project dcos-commons by mesosphere.
the class TLSArtifactsGenerator method generateCSR.
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator) throws IOException, OperatorCreationException {
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth }));
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic()).addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
return PEMUtils.toPEM(csr);
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method createSelfSignedCertificate.
// TODO Move this to separate athenz module/bundle
private static X509Certificate createSelfSignedCertificate(AthenzIdentity identity) {
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair keyPair = keyGen.genKeyPair();
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN=" + identity.getFullName());
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.ONE, new Date(), Date.from(Instant.now().plus(Duration.ofDays(30))), x500Name, keyPair.getPublic());
return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certificateBuilder.build(contentSigner));
} catch (CertificateException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new RuntimeException(e);
}
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project cas by apereo.
the class DefaultSamlIdPCertificateAndKeyWriter method generateCertificate.
@SuppressWarnings("JavaUtilDate")
private X509Certificate generateCertificate(final KeyPair keypair) throws Exception {
val dn = new X500Name("CN=" + hostname);
val notBefore = new GregorianCalendar();
val notOnOrAfter = new GregorianCalendar();
notOnOrAfter.set(GregorianCalendar.YEAR, notOnOrAfter.get(GregorianCalendar.YEAR) + certificateLifetimeInYears);
val builder = new JcaX509v3CertificateBuilder(dn, new BigInteger(X509_CERT_BITS_SIZE, RandomUtils.getNativeInstance()), notBefore.getTime(), notOnOrAfter.getTime(), dn, keypair.getPublic());
val extUtils = new JcaX509ExtensionUtils();
builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keypair.getPublic()));
builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(buildSubjectAltNames())));
val certHldr = builder.build(new JcaContentSignerBuilder(certificateAlgorithm).build(keypair.getPrivate()));
val cert = new JcaX509CertificateConverter().getCertificate(certHldr);
cert.checkValidity(new Date());
cert.verify(keypair.getPublic());
return cert;
}
use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project wildfly by wildfly.
the class CertificateRevocationListTestBase method prepareCrlFiles.
private static void prepareCrlFiles(X509Certificate intermediateIssuerCertificate, SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey, X509Certificate revoked, File crlFile) throws Exception {
// Used for all CRLs
Calendar calendar = Calendar.getInstance();
Date currentDate = calendar.getTime();
calendar.add(Calendar.YEAR, 1);
Date nextYear = calendar.getTime();
calendar.add(Calendar.YEAR, -1);
calendar.add(Calendar.SECOND, -30);
Date revokeDate = calendar.getTime();
X509v2CRLBuilder caBlankCrlBuilder = new X509v2CRLBuilder(convertSunStyleToBCStyle(intermediateIssuerCertificate.getIssuerDN()), currentDate);
caBlankCrlBuilder.addCRLEntry(revoked.getSerialNumber(), currentDate, CRLReason.unspecified);
X509CRLHolder caBlankCrlHolder = caBlankCrlBuilder.setNextUpdate(nextYear).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(issuerSelfSignedX509CertificateAndSigningKey.getSigningKey()));
PemWriter caBlankCrlOutput = new PemWriter(new OutputStreamWriter(new FileOutputStream(crlFile)));
caBlankCrlOutput.writeObject(new MiscPEMGenerator(caBlankCrlHolder));
caBlankCrlOutput.close();
}
Aggregations