AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
public X509Certificate generate(String dn, KeyPair keyPair) throws CertificateException { try { Security.addProvider(new BouncyCastleProvider()); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam); X500Name name = new X500Name(dn); Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000L); BigInteger sn = new BigInteger(64, new SecureRandom()); X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo); if (subjectAltName != null) v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName); X509CertificateHolder certificateHolder = v3CertGen.build(sigGen); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder); } catch (CertificateException ce) { throw ce; } catch (Exception e) { throw new CertificateException(e); } } }
/** * Signs the certificate being built by the given builder using the given private key and returns the certificate. * @param privateKey the private key to sign the certificate with. * @param builder the cert builder that contains the certificate data. * @return the signed certificate. * @throws IOException * @throws OperatorCreationException * @throws CertificateException */ private static X509Certificate buildAndSignCertificate( PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException { BcContentSignerBuilder signerBuilder; if (privateKey.getAlgorithm().contains("RSA")) { // a little hacky way to detect key type, but it works AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find( "SHA256WithRSAEncryption"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm); signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm); } else { // if not RSA, assume EC AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find( "SHA256withECDSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm); signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm); } AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded()); ContentSigner signer = signerBuilder.build(privateKeyParam); return toX509Cert(builder.build(signer)); }
@Override public PrivateKeyParameters fromKey(PrivateKey privateKey) { try { BcPrivateKeyParameters key = new BcPrivateKeyParameters(PrivateKeyFactory.createKey(privateKey.getEncoded())); String keyType = checkKeyType(key); if (keyType != null) { throw new IllegalArgumentException(String.format(ALGORITHM_ERROR, keyType, PRIVATE, privateKey.getAlgorithm())); } return key; } catch (IOException e) { throw new IllegalArgumentException("Invalid private key: " + privateKey.getClass().getName()); } }
@Override public PrivateKeyParameters fromKey(PrivateKey privateKey) { try { BcPrivateKeyParameters key = new BcPrivateKeyParameters(PrivateKeyFactory.createKey(privateKey.getEncoded())); String keyType = checkKeyType(key); if (keyType != null) { throw new IllegalArgumentException(String.format(ALGORITHM_ERROR, keyType, PRIVATE, privateKey.getAlgorithm())); } return key; } catch (IOException e) { throw new IllegalArgumentException("Invalid private key: " + privateKey.getClass().getName()); } }
@Override public PrivateKeyParameters fromPKCS8(byte[] encoded) throws IOException { BcPrivateKeyParameters key = new BcPrivateKeyParameters(PrivateKeyFactory.createKey(encoded)); String keyType = checkKeyType(key); if (keyType != null) { throw new IllegalArgumentException(String.format(CLASS_ERROR, keyType, PRIVATE, key.getParameters().getClass().getName())); } return key; }
@Override public PrivateKeyParameters fromPKCS8(byte[] encoded) throws IOException { BcPrivateKeyParameters key = new BcPrivateKeyParameters(PrivateKeyFactory.createKey(encoded)); String keyType = checkKeyType(key); if (keyType != null) { throw new IllegalArgumentException(String.format(CLASS_ERROR, keyType, PRIVATE, key.getParameters().getClass().getName())); } return key; }
/** * Convenience method to obtain the private portion of the key. * * @return an AsymmetricKeyParameter that can be used for signing. */ public AsymmetricKeyParameter getPrivate() throws IOException{ if (this.kpr == null) return null; if (this.kpr.getPrivateKeyInfo() == null) return null; return PrivateKeyFactory.createKey(this.kpr.getPrivateKeyInfo()); }
/** * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding. * * @param privateKeyInfoData the PrivateKeyInfo encoding * @return a suitable private key parameter * @throws IOException on an error decoding the key */ public static AsymmetricKeyParameter createKey(byte[] privateKeyInfoData) throws IOException { return createKey(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(privateKeyInfoData))); }
/** * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding. * * @param privateKeyInfoData the PrivateKeyInfo encoding * @return a suitable private key parameter * @throws IOException on an error decoding the key */ public static AsymmetricKeyParameter createKey(byte[] privateKeyInfoData) throws IOException { return createKey(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(privateKeyInfoData))); }
/** * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding read from a * stream. * * @param inStr the stream to read the PrivateKeyInfo encoding from * @return a suitable private key parameter * @throws IOException on an error decoding the key */ public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException { return createKey(PrivateKeyInfo.getInstance(new ASN1InputStream(inStr).readObject())); }
/** * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding read from a * stream. * * @param inStr the stream to read the PrivateKeyInfo encoding from * @return a suitable private key parameter * @throws IOException on an error decoding the key */ public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException { return createKey(PrivateKeyInfo.getInstance(new ASN1InputStream(inStr).readObject())); }
@Override protected AsymmetricKeyParameter decodeASN1(final byte[] encoded) { try { return PrivateKeyFactory.createKey(new ASN1InputStream(encoded).readObject().getEncoded()); } catch (IOException e) { throw new EncodingException("ASN.1 decoding error", e); } } }
private PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception{ X500Name subject=new X500Name(dn); PublicKey pubKey=kp.getPublic(); PrivateKey privKey=kp.getPrivate(); AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded()); SubjectPublicKeyInfo publicKeyInfo=SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam); PKCS10CertificationRequestBuilder builder=new PKCS10CertificationRequestBuilder(subject, publicKeyInfo); AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA); BcRSAContentSignerBuilder signerBuilder=new BcRSAContentSignerBuilder( signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1)); AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded()); ContentSigner signer=signerBuilder.build(pkParam); return builder.build(signer); } }
static AsymmetricKeyParameter loadPrivateKeyResource(String resource) throws IOException { PemObject pem = loadPemResource(resource); if (pem.getType().endsWith("RSA PRIVATE KEY")) { RSAPrivateKey rsa = RSAPrivateKey.getInstance(pem.getContent()); return new RSAPrivateCrtKeyParameters(rsa.getModulus(), rsa.getPublicExponent(), rsa.getPrivateExponent(), rsa.getPrime1(), rsa.getPrime2(), rsa.getExponent1(), rsa.getExponent2(), rsa.getCoefficient()); } if (pem.getType().endsWith("PRIVATE KEY")) { return PrivateKeyFactory.createKey(pem.getContent()); } throw new IllegalArgumentException("'resource' doesn't specify a valid private key"); }
private PSSSigner pssSha384(boolean forSigning, byte[] key) { try { byte[] salt = new byte[SHA384_OUT_LEN]; new SecureRandom().nextBytes(salt); // RSA-PSS, SHA-384, MGF1(SHA-384), 48 byte salt length, 0xBC trailer PSSSigner pss = new PSSSigner(new RSABlindedEngine(), new SHA384Digest(), new SHA384Digest(), SHA384_OUT_LEN, (byte)0xBC); if (forSigning) { pss.init(true, PrivateKeyFactory.createKey(key)); } else { pss.init(false, PublicKeyFactory.createKey(key)); } return pss; } catch (IOException e) { throw new CryptoProviderException("IOException", e); } }
static AsymmetricKeyParameter loadPrivateKeyResource(String resource) throws IOException { PemObject pem = loadPemResource(resource); if (pem.getType().endsWith("RSA PRIVATE KEY")) { RSAPrivateKey rsa = RSAPrivateKey.getInstance(pem.getContent()); return new RSAPrivateCrtKeyParameters(rsa.getModulus(), rsa.getPublicExponent(), rsa.getPrivateExponent(), rsa.getPrime1(), rsa.getPrime2(), rsa.getExponent1(), rsa.getExponent2(), rsa.getCoefficient()); } if (pem.getType().endsWith("PRIVATE KEY")) { return PrivateKeyFactory.createKey(pem.getContent()); } throw new IllegalArgumentException( "'resource' doesn't specify a valid private key"); }
private static ContentSigner newSigner(PrivateKey privateKey, String algo) { try { AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algo); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); } catch (OperatorCreationException | IOException e) { throw new RuntimeException(e); } }
static AsymmetricKeyParameter loadPrivateKeyResource(String resource) throws IOException { PemObject pem = loadPemResource(resource); if (pem.getType().endsWith("RSA PRIVATE KEY")) { RSAPrivateKey rsa = RSAPrivateKey.getInstance(pem.getContent()); return new RSAPrivateCrtKeyParameters(rsa.getModulus(), rsa.getPublicExponent(), rsa.getPrivateExponent(), rsa.getPrime1(), rsa.getPrime2(), rsa.getExponent1(), rsa.getExponent2(), rsa.getCoefficient()); } if (pem.getType().endsWith("PRIVATE KEY")) { return PrivateKeyFactory.createKey(pem.getContent()); } throw new IllegalArgumentException( "'resource' doesn't specify a valid private key"); }
private ContentSigner createContentSigner(final KeyPair keyPair) throws Exception { final AlgorithmIdentifier signatureAlgorithmId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA"); final AlgorithmIdentifier digestAlgorithmId = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithmId); final byte[] encoded = keyPair.getPrivate().getEncoded(); final AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(encoded); return new BcRSAContentSignerBuilder(signatureAlgorithmId, digestAlgorithmId).build(privateKey); }