AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder() .find(sigAlgId);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
public X509Certificate generate(String dn, KeyPair keyPair) throws CertificateException { try { Security.addProvider(new BouncyCastleProvider()); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam); X500Name name = new X500Name(dn); Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000L); BigInteger sn = new BigInteger(64, new SecureRandom()); X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo); if (subjectAltName != null) v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName); X509CertificateHolder certificateHolder = v3CertGen.build(sigGen); return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder); } catch (CertificateException ce) { throw ce; } catch (Exception e) { throw new CertificateException(e); } } }
DefaultCMSSignatureAlgorithmNameGenerator nameGen = new DefaultCMSSignatureAlgorithmNameGenerator(); DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder(); DefaultDigestAlgorithmIdentifierFinder hashAlgoFinder = new DefaultDigestAlgorithmIdentifierFinder(); BcDigestCalculatorProvider calculator = new BcDigestCalculatorProvider(); BcRSASignerInfoVerifierBuilder verifierBuilder = new BcRSASignerInfoVerifierBuilder(nameGen, sigAlgoFinder, hashAlgoFinder, calculator);
/** * Signs the certificate being built by the given builder using the given private key and returns the certificate. * @param privateKey the private key to sign the certificate with. * @param builder the cert builder that contains the certificate data. * @return the signed certificate. * @throws IOException * @throws OperatorCreationException * @throws CertificateException */ private static X509Certificate buildAndSignCertificate( PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException { BcContentSignerBuilder signerBuilder; if (privateKey.getAlgorithm().contains("RSA")) { // a little hacky way to detect key type, but it works AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find( "SHA256WithRSAEncryption"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm); signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm); } else { // if not RSA, assume EC AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find( "SHA256withECDSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm); signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm); } AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded()); ContentSigner signer = signerBuilder.build(privateKeyParam); return toX509Cert(builder.build(signer)); }
ContentVerifierProvider contentVerifierProvider = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build(lwPubKey); if (!certHolder.isSignatureValid(contentVerifierProvider)) { System.err.println("signature invalid"); }
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(keyParam); SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo(signatureAlgorithm, pair.getPublic().getEncoded());
TimeStampToken token = new TimeStampToken(new CMSSignedData(response)); InputStream in = new FileInputStream("tsp.cer"); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) factory.generateCertificate(in); //RSA Signature processing with BC X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier siv = new BcRSASignerInfoVerifierBuilder(new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(holder); //Signature processing with JCA and other provider //X509CertificateHolder holderJca = new JcaX509CertificateHolder(cert); //SignerInformationVerifier sivJca = new JcaSimpleSignerInfoVerifierBuilder().setProvider("anotherprovider").build(holderJca); token.validate(siv);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); String digestAlgOID = digAlgId.getAlgorithm().getId(); MessageDigest.getInstance(digestAlgOID);
public static AlgorithmIdentifier findDigestAlgorithmIdentifier(String algoName) { DefaultDigestAlgorithmIdentifierFinder digFinder = new DefaultDigestAlgorithmIdentifierFinder(); return digFinder.find(findSignatureAlgorithmIdentifier(algoName)); } }
JcaPKCS10CertificationRequest pkcs10 = new JcaPKCS10CertificationRequest(csrBytes); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( issuer, generateSerialId(), new Date(), until, subject, pkcs10.getPublicKey() ); X509CertificateHolder holder = builder.build(getContentSigner(privateKey, type)); X509Certificate cert = getCertificate(holder); ... ContentSigner getContentSigner(PrivateKey privateKey) { AsymmetricKeyParameter keyParameter = PrivateKeyFactory.createKey(privateKey.getEncoded()); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WITHRSA"); // or what you want AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); return new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParameter); }
private boolean verifyACSignature(VOMSAttribute attributes, X509Certificate cert) { try { X509CertificateHolder certHolder = new JcaX509CertificateHolder(cert); ContentVerifierProvider cvp = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build(certHolder); return attributes.getVOMSAC().isSignatureValid(cvp); } catch (Exception e) { throw new VOMSError("Error verifying AC signature: " + e.getMessage(), e); } } }
public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException { String principal = "CN=" + Utils.getCertificateCommonName() + ", O=" + Utils.getCertificateOrganization(); AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(Extension.keyUsage, true, keyUsage); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer); return csr; }
private static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair) throws IOException, OperatorCreationException { String principal = "CN=company1, OU=company1, O=company1, C=GB"; AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name( principal), keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer); return csr; }
String principal = "CN=company1, OU=company1, O=company1, C=GB"; AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()); AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WITHRSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"); ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name( principal), pair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true)); extensionsGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate()); csr = csrBuilder.build(signer);
private DERSequence createSequence() { ASN1Object nonceComponents[] = new ASN1Object[2]; nonceComponents[0] = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-256"); nonceComponents[1] = new DEROctetString(DSSUtils.digest(DigestAlgorithm.SHA256, this.signature)); return new DERSequence(nonceComponents); }
X509Certificate signingCertificate = getSigningCertificate(); //The chain of certificates that issued your signing certificate and so on Collection<X509Certificate;> certificateChain = getCertificateChain(); PrivateKey pk = getPrivateKey(); byte[] message = "SomeMessage".getBytes(); CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); certificateChain.add(signingCertificate); generator.addCertificates(new CollectionStore(certificateChain)); JcaDigestCalculatorProviderBuilder jcaDigestProvider = new JcaDigestCalculatorProviderBuilder(); jcaDigestProvider.setProvider(new BouncyCastleProvider()); JcaSignerInfoGeneratorBuilder singerInfoGenerator = new JcaSignerInfoGeneratorBuilder(jcaDigestProvider.build()); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(pk.getEncoded()); ContentSigner cs = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyParam); SignerInfoGenerator sig = singerInfoGenerator.build(cs, signingCertificate); generator.addSignerInfoGenerator(sig); CMSSignedData data = generator.generate(new CMSProcessableByteArray(message), true);
/** * Creates the content signer for generation of Version 1 {@link java.security.cert.X509Certificate}. * * @param privateKey the private key * * @return the content signer */ public static ContentSigner createSigner(PrivateKey privateKey) { try { AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); } catch (Exception e) { throw new RuntimeException("Could not create content signer.", e); } } }
private static ContentSigner newSigner(PrivateKey privateKey, String algo) { try { AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algo); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); } catch (OperatorCreationException | IOException e) { throw new RuntimeException(e); } }
private ContentSigner createContentSigner(final KeyPair keyPair) throws Exception { final AlgorithmIdentifier signatureAlgorithmId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA"); final AlgorithmIdentifier digestAlgorithmId = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithmId); final byte[] encoded = keyPair.getPrivate().getEncoded(); final AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(encoded); return new BcRSAContentSignerBuilder(signatureAlgorithmId, digestAlgorithmId).build(privateKey); }