Search in sources :

Example 41 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project signer by demoiselle.

the class CertificateHelper method signCertificate.

private static X509Certificate signCertificate(X509v3CertificateBuilder certificateBuilder, PrivateKey signedWithPrivateKey) throws OperatorCreationException, CertificateException {
    ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER_NAME).build(signedWithPrivateKey);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME).getCertificate(certificateBuilder.build(signer));
    return cert;
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) ContentSigner(org.bouncycastle.operator.ContentSigner) X509Certificate(java.security.cert.X509Certificate)

Example 42 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project signer by demoiselle.

the class CreateCA method main.

// http://stackoverflow.com/questions/18633273/correctly-creating-a-new-certificate-with-an-intermediate-certificate-using-boun
// http://stackoverflow.com/questions/31618568/how-can-i-create-a-ca-root-certificate-with-bouncy-castle
public static void main(String[] args) throws IOException, OperatorCreationException, NoSuchAlgorithmException {
    // ---------------------- CA Creation ----------------------
    // System.out.println("Generating Keys");
    KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
    rsa.initialize(1024);
    KeyPair kp = rsa.generateKeyPair();
    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.YEAR, 100);
    // System.out.println("Getting data");
    byte[] pk = kp.getPublic().getEncoded();
    SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk);
    // System.out.println("Creating cert");
    X509v1CertificateBuilder certGen = new X509v1CertificateBuilder(new X500Name("CN=CA Cert"), BigInteger.ONE, new Date(), cal.getTime(), new X500Name("CN=CA Cert"), bcPk);
    X509CertificateHolder certHolder = certGen.build(new JcaContentSignerBuilder("SHA1withRSA").build(kp.getPrivate()));
    StringBuffer s = new StringBuffer();
    s.append(X509Factory.BEGIN_CERT + "\n");
    s.append(Base64Utils.base64Encode(certHolder.getEncoded()) + "\n");
    s.append(X509Factory.END_CERT);
    saveFile(s.toString().getBytes());
// ---------------------- ISSUER Creation ----------------------
}
Also used : KeyPair(java.security.KeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) Date(java.util.Date)

Example 43 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project vespa by vespa-engine.

the class X509CertificateBuilder method build.

public X509Certificate build() {
    try {
        JcaX509v3CertificateBuilder jcaCertBuilder = new JcaX509v3CertificateBuilder(issuer, BigInteger.valueOf(serialNumber), Date.from(notBefore), Date.from(notAfter), subject, certPublicKey);
        if (basicConstraintsExtension != null) {
            jcaCertBuilder.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            jcaCertBuilder.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        ContentSigner contentSigner = new JcaContentSignerBuilder(signingAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(caPrivateKey);
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProviderHolder.getInstance()).getCertificate(jcaCertBuilder.build(contentSigner));
    } catch (OperatorException | GeneralSecurityException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) GeneralSecurityException(java.security.GeneralSecurityException) ContentSigner(org.bouncycastle.operator.ContentSigner) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) GeneralName(org.bouncycastle.asn1.x509.GeneralName) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) OperatorException(org.bouncycastle.operator.OperatorException)

Example 44 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project drill by apache.

the class SslContextFactoryConfigurator method useAutoGeneratedSelfSignedCertificate.

private void useAutoGeneratedSelfSignedCertificate(SslContextFactory sslContextFactory) throws Exception {
    logger.info("Using generated self-signed SSL settings for web server");
    final SecureRandom random = new SecureRandom();
    // Generate a private-public key pair
    final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(1024, random);
    final KeyPair keyPair = keyPairGenerator.generateKeyPair();
    // Create builder for certificate attributes
    final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, drillbitEndpointAddress);
    final DateTime now = DateTime.now();
    final Date notBefore = now.minusMinutes(1).toDate();
    final Date notAfter = now.plusYears(5).toDate();
    final BigInteger serialNumber = new BigInteger(128, random);
    // Create a certificate valid for 5years from now.
    final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
    nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
    // Sign the certificate using the private key
    final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
    final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
    // Check the validity
    certificate.checkValidity(now.toDate());
    // Make sure the certificate is self-signed.
    certificate.verify(certificate.getPublicKey());
    // Generate a random password for keystore protection
    final String keyStorePasswd = RandomStringUtils.random(20);
    final KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(null, null);
    keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyStorePassword(keyStorePasswd);
}
Also used : KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) KeyStore(java.security.KeyStore) DateTime(org.joda.time.DateTime) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger)

Example 45 with JcaContentSignerBuilder

use of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder in project AndroidAsync by koush.

the class AsyncSSLSocketWrapper method selfSign.

private static Certificate selfSign(KeyPair keyPair, String subjectDN) throws Exception {
    Provider bcProvider = new BouncyCastleProvider();
    Security.addProvider(bcProvider);
    long now = System.currentTimeMillis();
    Date startDate = new Date(now);
    X500Name dnName = new X500Name("CN=" + subjectDN);
    // <-- Using the current timestamp as the certificate serial number
    BigInteger certSerialNumber = new BigInteger(Long.toString(now));
    Calendar calendar = Calendar.getInstance();
    calendar.setTime(startDate);
    // <-- 1 Yr validity
    calendar.add(Calendar.YEAR, 1);
    Date endDate = calendar.getTime();
    // <-- Use appropriate signature algorithm based on your keyPair algorithm.
    String signatureAlgorithm = "SHA256WithRSA";
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate());
    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(dnName, certSerialNumber, startDate, endDate, dnName, keyPair.getPublic());
    // Extensions --------------------------
    // Basic Constraints
    // <-- true for CA, false for EndEntity
    BasicConstraints basicConstraints = new BasicConstraints(true);
    // Basic Constraints is usually marked as critical.
    certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, basicConstraints);
    return new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(certBuilder.build(contentSigner));
}
Also used : JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) ContentSigner(org.bouncycastle.operator.ContentSigner) X500Name(org.bouncycastle.asn1.x500.X500Name) Date(java.util.Date) Provider(java.security.Provider) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Aggregations

JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)133 ContentSigner (org.bouncycastle.operator.ContentSigner)100 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)66 Date (java.util.Date)64 X500Name (org.bouncycastle.asn1.x500.X500Name)63 X509Certificate (java.security.cert.X509Certificate)58 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)56 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)43 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)43 BigInteger (java.math.BigInteger)40 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)39 KeyPair (java.security.KeyPair)33 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)29 KeyPairGenerator (java.security.KeyPairGenerator)25 SecureRandom (java.security.SecureRandom)25 IOException (java.io.IOException)24 KeyStore (java.security.KeyStore)22 CertificateException (java.security.cert.CertificateException)19 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)19 ArrayList (java.util.ArrayList)18