throw new CertificateEncodingException("Error during creation of self-signed Certificate: " + ioe.getMessage(), ioe);
public static JcaPKCS10CertificationRequest generateCertificationRequest(String requestedDn, String domainAlternativeNames, KeyPair keyPair, String signingAlgorithm) throws OperatorCreationException { JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(requestedDn), keyPair.getPublic()); // add Subject Alternative Name(s) try { jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, createDomainAlternativeNamesExtensions(domainAlternativeNames, requestedDn)); } catch (IOException e) { throw new OperatorCreationException("Error while adding " + domainAlternativeNames + " as Subject Alternative Name.", e); } JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(signingAlgorithm); return new JcaPKCS10CertificationRequest(jcaPKCS10CertificationRequestBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate()))); }
public static byte[] sign(Certificate cert,KeyPair pair) { ContentSigner signGen = null; X509CertificateHolder certHolder = new X509CertificateHolder(cert); try { signGen = new JcaContentSignerBuilder(CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()).setProvider(CertManagerConstants.BC).build(pair.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); try { gen.addSignerInfoGenerator( new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider()) .build(signGen,certHolder)); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } return certHolder.getSignature(); }
).build(rootPair.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); return null;
private static boolean verifySignature(BasicOCSPResp basicOcspResponse, X509Certificate cert) { try { ContentVerifierProvider contentVerifier = new JcaContentVerifierProviderBuilder() .setProvider("BC").build(cert.getPublicKey()); return basicOcspResponse.isSignatureValid(contentVerifier); } catch (OperatorCreationException e) { logger.log(Level.FINE, "Unable to construct OCSP content signature verifier\n{0}", e.getMessage()); } catch (OCSPException e) { logger.log(Level.FINE, "Unable to validate OCSP response signature\n{0}", e.getMessage()); } return false; }
protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isSM2SigAlg(sigAlgId)) { throw new OperatorCreationException("the given algorithm is not a valid EC signature " + "algorithm '" + sigAlgId.getAlgorithm().getId() + "'"); } return new SM2Signer(); }
public PKCS10CertificationRequest generateCSRRequest(String... arguments) { X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE); builder.addRDN(BCStyle.CN, arguments[0]); // common name, is the Device ID builder.addRDN(BCStyle.OU, arguments[1]); // organisational unit is the Domain ID builder.addRDN(BCStyle.SN, arguments[2]); // serial number of the SubjectDN not the certificate Serial Number. // other defaults // builder.addRDN(BCStyle.C, CertificateMgmt.defaults.get("COUNTRY")); //builder.addRDN(BCStyle.ST, CertificateMgmt.defaults.get("STATE")); // builder.addRDN(BCStyle.T, CertificateMgmt.defaults.get("TITLE")); //generate key pair KeyPair keyPair = KeyPairMgmt .generateKeyPair(CertManagerConstants.ALGORITHM.RSA); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()); ContentSigner signer = null; try { signer = csBuilder.build(keyPair.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( builder.build(), keyPair.getPublic()); PKCS10CertificationRequest csr = p10Builder.build(signer); return csr; }
@Override public ContentVerifierProvider getContentVerifierProvider(final PublicKey publicKey) throws InvalidKeyException { ParamUtil.requireNonNull("publicKey", publicKey); String keyAlg = publicKey.getAlgorithm().toUpperCase(); BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg); if (builder == null) { if ("RSA".equals(keyAlg)) { builder = new XipkiRSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER); } else if ("DSA".equals(keyAlg)) { builder = new BcDSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER); } else if ("EC".equals(keyAlg) || "ECDSA".equals(keyAlg)) { builder = new XipkiECContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER); } else { throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg); } VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder); } AsymmetricKeyParameter keyParam = KeyUtil.generatePublicKeyParameter(publicKey); try { return builder.build(keyParam); } catch (OperatorCreationException ex) { throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex); } }
protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isRSASigAlgId(sigAlgId)) { throw new OperatorCreationException("the given algorithm is not a valid RSA signature " + "algirthm '" + sigAlgId.getAlgorithm().getId() + "'"); } if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { Digest dig = digestProvider.get(digAlgId); return new RSADigestSigner(dig); } try { return SignerUtil.createPSSRSASigner(sigAlgId); } catch (XiSecurityException ex) { throw new OperatorCreationException(ex.getMessage(), ex); } }
@Override public ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException { Args.notNull(publicKey, "publicKey"); String keyAlg = publicKey.getAlgorithm().toUpperCase(); BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg); if (builder == null) { if ("RSA".equals(keyAlg)) { builder = new XiRSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER); } else if ("DSA".equals(keyAlg)) { builder = new BcDSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER); } else if ("EC".equals(keyAlg) || "ECDSA".equals(keyAlg)) { builder = new XiECContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER); } else { throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg); } VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder); } AsymmetricKeyParameter keyParam = KeyUtil.generatePublicKeyParameter(publicKey); try { return builder.build(keyParam); } catch (OperatorCreationException ex) { throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex); } }
protected Signer createSigner(final AlgorithmIdentifier sigAlgId, final AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isRSASigAlgId(sigAlgId)) { throw new OperatorCreationException( "the given algorithm is not a valid RSA signature algirthm '" + sigAlgId.getAlgorithm().getId() + "'"); } if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { Digest dig = digestProvider.get(digAlgId); return new RSADigestSigner(dig); } try { return SignerUtil.createPSSRSASigner(sigAlgId); } catch (XiSecurityException ex) { throw new OperatorCreationException(ex.getMessage(), ex); } }
public ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException { ScepUtil.requireNonNull("publicKey", publicKey); String keyAlg = publicKey.getAlgorithm().toUpperCase(); if ("EC".equals(keyAlg)) { keyAlg = "ECDSA"; } BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg); if (builder == null) { if ("RSA".equals(keyAlg)) { builder = new BcRSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER); } else if ("DSA".equals(keyAlg)) { builder = new BcDSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER); } else if ("ECDSA".equals(keyAlg)) { builder = new BcECContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER); } else { throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg); } VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder); } AsymmetricKeyParameter keyParam = generatePublicKeyParameter(publicKey); try { return builder.build(keyParam); } catch (OperatorCreationException ex) { throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex); } }
protected Signer createSigner(final AlgorithmIdentifier sigAlgId, final AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isDSASigAlg(sigAlgId)) { throw new OperatorCreationException( "the given algorithm is not a valid DSA signature algirthm '" + sigAlgId.getAlgorithm().getId() + "'"); } Digest dig = digestProvider.get(digAlgId); DSASigner dsaSigner = new DSASigner(); return plain ? new DSAPlainDigestSigner(dsaSigner, dig) : new DSADigestSigner(dsaSigner, dig); }
} catch (OperatorCreationException ex) { throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex);
protected Signer createSigner(final AlgorithmIdentifier sigAlgId, final AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isECSigAlg(sigAlgId)) { throw new OperatorCreationException( "the given algorithm is not a valid EC signature algorithm '" + sigAlgId.getAlgorithm().getId() + "'"); } Digest dig = digestProvider.get(digAlgId); ECDSASigner dsaSigner = new ECDSASigner(); return plain ? new DSAPlainDigestSigner(dsaSigner, dig) : new DSADigestSigner(dsaSigner, dig); }
@Override public boolean isSignedBy(final CertificateToken issuerToken) { if (this.issuerToken != null) { return this.issuerToken.equals(issuerToken); } try { signatureInvalidityReason = ""; JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder(); jcaContentVerifierProviderBuilder.setProvider("BC"); final PublicKey publicKey = issuerToken.getCertificate().getPublicKey(); ContentVerifierProvider contentVerifierProvider = jcaContentVerifierProviderBuilder.build(publicKey); signatureValid = basicOCSPResp.isSignatureValid(contentVerifierProvider); if (signatureValid) { this.issuerToken = issuerToken; } issuerX500Principal = issuerToken.getSubjectX500Principal(); } catch (OCSPException e) { signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage(); signatureValid = false; } catch (OperatorCreationException e) { signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage(); signatureValid = false; } return signatureValid; }
protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isDSASigAlg(sigAlgId)) { throw new OperatorCreationException("the given algorithm is not a valid DSA signature " + "algirthm '" + sigAlgId.getAlgorithm().getId() + "'"); } Digest dig = digestProvider.get(digAlgId); DSASigner dsaSigner = new DSASigner(); return plain ? new DSAPlainDigestSigner(dsaSigner, dig) : new DSADigestSigner(dsaSigner, dig); }
throw new IOException(e.getMessage(), e); } catch (PKCSException | InvalidKeySpecException e) { LOGGER.log(Level.WARNING, "Could not read PEM encrypted information", e);
protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isECSigAlg(sigAlgId)) { throw new OperatorCreationException("the given algorithm is not a valid EC signature " + "algorithm '" + sigAlgId.getAlgorithm().getId() + "'"); } Digest dig = digestProvider.get(digAlgId); ECDSASigner dsaSigner = new ECDSASigner(); return plain ? new DSAPlainDigestSigner(dsaSigner, dig) : new DSADigestSigner(dsaSigner, dig); }
PrivateKeyCryptor(final char[] password) throws P11TokenException { ParamUtil.requireNonNull("password", password); JcePKCSPBEOutputEncryptorBuilder eb = new JcePKCSPBEOutputEncryptorBuilder(ALGO); eb.setProvider("BC"); eb.setIterationCount(ITERATION_COUNT); try { encryptor = eb.build(password); } catch (OperatorCreationException ex) { throw new P11TokenException(ex.getMessage(), ex); } JcePKCSPBEInputDecryptorProviderBuilder db = new JcePKCSPBEInputDecryptorProviderBuilder(); decryptorProvider = db.build(password); }