Package org.bouncycastle.operator.jcajce

Examples of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder

49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
      // Get the capabilities of the SCEP server
      Capabilities caps = client.getCaCapabilities();
 
      // We construct a Bouncy Castle digital signature provider early on,
      // so it can be reused later.
      JcaContentSignerBuilder signerBuilder;
      if (caps.contains(Capability.SHA_1)) {
        signerBuilder = new JcaContentSignerBuilder("SHA1withRSA");
      } else {
        signerBuilder = new JcaContentSignerBuilder("MD5withRSA");
      }
 
      // The following variables are used to represent the SCEP client
      KeyPair idPair = KeyPairGenerator.getInstance("RSA").genKeyPair();
      X500Name issuer = new X500Name("CN=entity");
      BigInteger serial = new BigInteger(16, new SecureRandom());
      Calendar cal = Calendar.getInstance();
      cal.add(Calendar.DATE, -1);
      Date notBefore = cal.getTime();
      cal.add(Calendar.DATE, 2);
      Date notAfter = cal.getTime();
      X500Name subject = issuer;
      PublicKey publicKey = idPair.getPublic();
      JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
          issuer, serial, notBefore, notAfter, subject, publicKey);
      X509CertificateHolder idHolder = certBuilder.build(signerBuilder
          .build(idPair.getPrivate()));
      // Convert Bouncy Castle representation of X509Certificate into
      // something usable
      X509Certificate id = (X509Certificate) CertificateFactory.getInstance(
          "X509").generateCertificate(
          new ByteArrayInputStream(idHolder.getEncoded()));
 
      // The following variables are used to represent the entity being
      // enrolled
      X500Name entityName = new X500Name("CN=entity");
      KeyPair entityPair = KeyPairGenerator.getInstance("RSA").genKeyPair();
      SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo
          .getInstance(entityPair.getPublic().getEncoded());
      // Generate the certificate signing request
      PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(
          entityName, publicKeyInfo);
      // SCEP servers usually require a challenge password
      csrBuilder.addAttribute(
          PKCSObjectIdentifiers.pkcs_9_at_challengePassword,
          new DERPrintableString(new String("password".toCharArray())));
      ContentSigner signer = signerBuilder.build(entityPair.getPrivate());
      PKCS10CertificationRequest csr = csrBuilder.build(signer);
 
      // Send the enrollment request
      EnrollmentResponse response = client
          .enrol(id, idPair.getPrivate(), csr);
View Full Code Here
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
      throws GeneralSecurityException, IOException {
    DERPrintableString cpSet = new DERPrintableString(new String(password));
    SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(pubKey
        .getEncoded());

    JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(
        "SHA1withRSA");
    ContentSigner signer;
    try {
      signer = signerBuilder.build(priKey);
    } catch (OperatorCreationException e) {
      IOException ioe = new IOException();
      ioe.initCause(e);

      throw ioe;
View Full Code Here
39
40
41
42
43
44
45
46
47
48
49
    cal.add(Calendar.DATE, 2);
    final Date notAfter = cal.getTime();

    ContentSigner signer;
    try {
      signer = new JcaContentSignerBuilder(sigAlg(keyPair)).build(keyPair
          .getPrivate());
    } catch (OperatorCreationException e) {
      throw new GeneralSecurityException(e);
    }
    JcaX509v1CertificateBuilder builder = new JcaX509v1CertificateBuilder(
View Full Code Here
400
401
402
403
404
405
406
407
408
409
410
        .build();
      SignerInfoGeneratorBuilder infoGenBuilder = new SignerInfoGeneratorBuilder(
        digestProvider);
      X509CertificateHolder certHolder = new X509CertificateHolder(
        getRecipient().getEncoded());
      ContentSigner contentSigner = new JcaContentSignerBuilder(
        "SHA1withRSA").build(getRecipientKey());
      SignerInfoGenerator infoGen = infoGenBuilder.build(contentSigner,
        certHolder);
      generator.addSignerInfoGenerator(infoGen);
View Full Code Here
234
235
236
237
238
239
240
      throw new MessageEncodingException(e);
    }
  }

  private ContentSigner getContentSigner() throws OperatorCreationException {
    return new JcaContentSignerBuilder(signatureAlgorithm).build(signerKey);
  }
View Full Code Here
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
      for (Identity identity : this.parameters.getIdentities()) {
        PrivateKey privateKey = identity.getPrivateKey();
        Certificate[] chain = identity.getChain();
        Certificate certificate = chain[0];

        JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(signatureType.getAlgorithm());
        if (Conditions.isNotEmpty(this.parameters.getProvider())) {
          contentSignerBuilder.setProvider(this.parameters.getProvider());
        } else {
          contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
        }

        ContentSigner contentSigner = contentSignerBuilder.build(privateKey);

        JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
        digestCalculatorProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
        DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
119
120
  }

  protected CertificateResponse buildV1Certificate(final BouncyCastleCertificateRequest request) throws OperatorCreationException, IOException {
    JcaX509v1CertificateBuilder builder = new JcaX509v1CertificateBuilder(request.getIssuerAsX500Name(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Name(), request.getPublicKey());

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(request.getSignAlgorithm());
    contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
    ContentSigner contentSigner = contentSignerBuilder.build(request.getPrivateKey());

    X509CertificateHolder holder = builder.build(contentSigner);

    X509Certificate certificate = (X509Certificate) Certificates.get(holder.getEncoded());
    PrivateKey privateKey = request.getPrivateKey();
View Full Code Here
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
  protected CertificateResponse buildV3Certificate(final BouncyCastleCertificateRequest request) throws OperatorCreationException, GeneralSecurityException, IOException {
    JcaX509v3CertificateBuilder builder = null;
    ContentSigner contentSigner = null;

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(request.getSignAlgorithm());
    contentSignerBuilder.setProvider(request.getProvider());

    if ((request.getIssuerPrivateKey() != null) && (request.getIssuerCertificate() != null)) {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerCertificate(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Principal(), request.getPublicKey());

      if (request.isCa()) {
        AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(request.getIssuerCertificate().getPublicKey());
        builder.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
      }

      SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(request.getIssuerCertificate().getPublicKey());
      builder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);

      contentSigner = contentSignerBuilder.build(request.getIssuerPrivateKey());
    } else {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerAsX500Name(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Name(), request.getPublicKey());

      SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(request.getPublicKey());
      builder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);

      contentSigner = contentSignerBuilder.build(request.getPrivateKey());
    }

    this.addV3KeyUsage(builder, request);
    this.addV3ExtendedKeyUsage(builder, request);
    this.addV3CertificatePolicies(builder, request);
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
90
91
92
  private void init(final PrivateKey privateKey, final Certificate[] chain) {
    try {
      Certificate certificate = chain[0];

      JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(SignatureType.SHA1_RSA.getAlgorithm());
      contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);

      ContentSigner contentSigner = contentSignerBuilder.build(privateKey);

      JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
      digestCalculatorProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
      DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
View Full Code Here
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
      }

      if (this.v3) {
        JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(this.toX500Name(issuer), serialNumber, notBefore, notAfter, this.toX500Name(subject), keyPair.getPublic());

        JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(signType.getAlgorithm());
        contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
        ContentSigner contentSigner = contentSignerBuilder.build(keyPair.getPrivate());

        if (this.keyUsage.size() > 0) {
          int usage = 0;
          for (KeyUsageType keyUsage : this.keyUsage) {
            usage = usage | this.toKeyUsage(keyUsage);
          }
          org.bouncycastle.asn1.x509.KeyUsage ku = new org.bouncycastle.asn1.x509.KeyUsage(usage);
          builder.addExtension(X509Extension.keyUsage, false, ku);
        }

        if (this.extendedKeyUsage.size() > 0) {
          Vector<DERObject> vector = new Vector<DERObject>();
          for (ExtendedKeyUsageType keyUsageType : this.extendedKeyUsage) {
            KeyPurposeId keyPurposeId = this.toExtendedKeyUsage(keyUsageType);
            if (keyPurposeId != null) {
              vector.add(keyPurposeId);
            }
          }
          if (vector.size() > 0) {
            org.bouncycastle.asn1.x509.ExtendedKeyUsage extendedKeyUsage = new org.bouncycastle.asn1.x509.ExtendedKeyUsage(vector);
            builder.addExtension(X509Extension.extendedKeyUsage, true, extendedKeyUsage);
          } else {
            org.bouncycastle.asn1.x509.ExtendedKeyUsage extendedKeyUsage = new org.bouncycastle.asn1.x509.ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage);
            builder.addExtension(X509Extension.extendedKeyUsage, false, extendedKeyUsage);
          }
        } else {
          org.bouncycastle.asn1.x509.ExtendedKeyUsage extendedKeyUsage = new org.bouncycastle.asn1.x509.ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage);
          builder.addExtension(X509Extension.extendedKeyUsage, false, extendedKeyUsage);
        }

        GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.rfc822Name, subject));
        builder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);

        SubjectKeyIdentifierStructure subjectKeyIdentifierStructure = new SubjectKeyIdentifierStructure(keyPair.getPublic());
        builder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifierStructure);

        X509CertificateHolder holder = builder.build(contentSigner);

        certificate = (X509Certificate) SecurityUtils.getCertificateFromFile(holder.getEncoded(), CertificateType.X509);
        privateKey = keyPair.getPrivate();
      } else {
        JcaX509v1CertificateBuilder builder = new JcaX509v1CertificateBuilder(this.toX500Name(issuer), serialNumber, notBefore, notAfter, this.toX500Name(subject), keyPair.getPublic());

        JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(signType.getAlgorithm());
        contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
        ContentSigner contentSigner = contentSignerBuilder.build(keyPair.getPrivate());

        X509CertificateHolder holder = builder.build(contentSigner);

        certificate = (X509Certificate) SecurityUtils.getCertificateFromFile(holder.getEncoded(), CertificateType.X509);
        privateKey = keyPair.getPrivate();
View Full Code Here
TOP

Related Classes of org.bouncycastle.operator.jcajce.JcaContentSignerBuilder

  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateBuilder
  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCertificateGenerator
  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleCRLGenerator
  • br.net.woodstock.rockframework.security.cert.impl.BouncyCastleOCSPGenerator
  • br.net.woodstock.rockframework.security.sign.impl.BouncyCastlePKCS7Signer
  • br.net.woodstock.rockframework.security.timestamp.impl.BouncyCastleTimeStampServer
  • ca.uhn.hl7v2.hoh.sign.BouncyCastleCmsMessageSigner
  • com.android.builder.signing.SignedJarBuilder
  • com.android.sdklib.internal.build.SignedJarBuilder
  • com.android.signapk.SignApk
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.