本文整理汇总了Java中org.bouncycastle.operator.ContentSigner类的典型用法代码示例。如果您正苦于以下问题:Java ContentSigner类的具体用法?Java ContentSigner怎么用?Java ContentSigner使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
ContentSigner类属于org.bouncycastle.operator包,在下文中一共展示了ContentSigner类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generate
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
public X509Certificate generate(String dn, KeyPair keyPair) throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
if (subjectAltName != null)
v3CertGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例2: generateP7B
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
public CMSSignedData generateP7B(X509CertificateHolder caCertificate, PrivateKey caPrivateKey) {
try {
List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
certChain.add(caCertificate);
Store certs = new JcaCertStore(certChain);
CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caPrivateKey);
cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build())
.build(sha1Signer, caCertificate));
cmsSignedDataGenerator.addCertificates(certs);
CMSTypedData chainMessage = new CMSProcessableByteArray("chain".getBytes());
CMSSignedData sigData = cmsSignedDataGenerator.generate(chainMessage, false);
return sigData;
} catch(Exception e) {
throw new RuntimeException("Error while generating certificate chain: " + e.getMessage(), e);
}
}
示例3: generateSignatureBlock
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
private static byte[] generateSignatureBlock(
SignerConfig signerConfig, byte[] signatureFileBytes)
throws InvalidKeyException, CertificateEncodingException, SignatureException {
JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
X509Certificate signerCert = signerConfig.certificates.get(0);
String jcaSignatureAlgorithm =
getJcaSignatureAlgorithm(
signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
try {
ContentSigner signer =
new JcaContentSignerBuilder(jcaSignatureAlgorithm)
.build(signerConfig.privateKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(
new SignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().build(),
SignerInfoSignatureAlgorithmFinder.INSTANCE)
.setDirectSignature(true)
.build(signer, new JcaX509CertificateHolder(signerCert)));
gen.addCertificates(certs);
CMSSignedData sigData =
gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
ByteArrayOutputStream out = new ByteArrayOutputStream();
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
return out.toByteArray();
} catch (OperatorCreationException | CMSException | IOException e) {
throw new SignatureException("Failed to generate signature", e);
}
}
示例4: build
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
/**
* Build a protected PKI message which has MAC based integrity protection.
*
* @param signer the ContentSigner to be used to calculate the signature.
* @return the resulting protected PKI message.
* @throws CMPException if the protection signature cannot be calculated.
*/
public ProtectedPKIMessage build(ContentSigner signer)
throws CMPException
{
finaliseHeader(signer.getAlgorithmIdentifier());
PKIHeader header = hdrBuilder.build();
try
{
DERBitString protection = new DERBitString(calculateSignature(signer, header, body));
return finaliseMessage(header, protection);
}
catch (IOException e)
{
throw new CMPException("unable to encode signature input: " + e.getMessage(), e);
}
}
示例5: SignerInfoGenerator
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
SignerInfoGenerator(
SignerIdentifier signerIdentifier,
ContentSigner signer,
DigestCalculatorProvider digesterProvider,
CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder,
CMSAttributeTableGenerator sAttrGen,
CMSAttributeTableGenerator unsAttrGen)
throws OperatorCreationException
{
this.signerIdentifier = signerIdentifier;
this.signer = signer;
if (digesterProvider != null)
{
this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier()));
}
else
{
this.digester = null;
}
this.sAttrGen = sAttrGen;
this.unsAttrGen = unsAttrGen;
this.sigEncAlgFinder = sigEncAlgFinder;
}
示例6: createGenerator
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
private SignerInfoGenerator createGenerator(ContentSigner contentSigner, SignerIdentifier sigId)
throws OperatorCreationException
{
if (directSignature)
{
return new SignerInfoGenerator(sigId, contentSigner, digestProvider, sigEncAlgFinder, true);
}
if (signedGen != null || unsignedGen != null)
{
if (signedGen == null)
{
signedGen = new DefaultSignedAttributeTableGenerator();
}
return new SignerInfoGenerator(sigId, contentSigner, digestProvider, sigEncAlgFinder, signedGen, unsignedGen);
}
return new SignerInfoGenerator(sigId, contentSigner, digestProvider, sigEncAlgFinder);
}
示例7: addSelfSignedCertificate
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
public void addSelfSignedCertificate(String certificateAlias, String dn, String password) {
try {
KeyPair keys = generateKeyPair();
Calendar start = Calendar.getInstance();
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR, 1);
X500Name name = new X500Name(dn);
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name, BigInteger.ONE,
start.getTime(), expiry.getTime(), name, SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()));
ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(keys.getPrivate());
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keys.getPrivate(), new Certificate[]{ cert });
keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
} catch (GeneralSecurityException | OperatorCreationException ex) {
throw new RuntimeException("Unable to generate self-signed certificate", ex);
}
}
示例8: generateCertificate
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
private X509Certificate generateCertificate(KeyPair keyPair) throws DeltaClientException {
try {
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Date startDate = DateTimeUtil.getCurrentDate();
Date expiryDate = DateTimeUtil.addDays(startDate, DAYS_CERTIFICATE_VALID);
X500Name issuer = new X500Name(ISSUER);
X500Name subject = new X500Name(SUBJECT);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
issuer, serialNumber, startDate, expiryDate, subject,
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = builder.build(keyPair.getPrivate());
byte[] certBytes = certBuilder.build(signer).getEncoded();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
} catch (Exception e) {
LOG.error(e.getMessage());
throw new DeltaClientException("Error generating certificate", e);
}
}
示例9: generateCertificate
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws CertificateException thrown if a security error or an IO error occurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair,
int days, String algorithm)
throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例10: generateCertificate
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
/**
* Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
* @throws CertificateException thrown if a security error or an IO error occurred.
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair,
int days, String algorithm)
throws CertificateException {
try {
Security.addProvider(new BouncyCastleProvider());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded());
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
X500Name name = new X500Name(dn);
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000L);
BigInteger sn = new BigInteger(64, new SecureRandom());
X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(name, sn, from, to, name, subPubKeyInfo);
X509CertificateHolder certificateHolder = v1CertGen.build(sigGen);
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
} catch (CertificateException ce) {
throw ce;
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例11: makeV1Certificate
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
public static X509CertificateHolder makeV1Certificate(AsymmetricCipherKeyPair subKP, String _subDN, AsymmetricCipherKeyPair issKP, String _issDN)
throws IOException, OperatorCreationException
{
RSAKeyParameters lwPubKey = (RSAKeyParameters)subKP.getPublic();
X509v1CertificateBuilder v1CertGen = new X509v1CertificateBuilder(
new X500Name(_issDN),
allocateSerialNumber(),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
new X500Name(_subDN),
new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent()))
);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build((AsymmetricKeyParameter)issKP.getPrivate());
return v1CertGen.build(sigGen);
}
示例12: makeCertificate
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
public static X509CertificateHolder makeCertificate(AsymmetricCipherKeyPair subKP, String _subDN, AsymmetricCipherKeyPair issKP, String _issDN, boolean _ca)
throws IOException, OperatorCreationException
{
RSAKeyParameters lwPubKey = (RSAKeyParameters)subKP.getPublic();
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
new X500Name(_issDN),
allocateSerialNumber(),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
new X500Name(_subDN),
new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent()))
);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build((AsymmetricKeyParameter)issKP.getPrivate());
v3CertGen.addExtension(
X509Extension.basicConstraints,
false,
new BasicConstraints(_ca));
return v3CertGen.build(sigGen);
}
示例13: buildCertificateRequest
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
@Override
public String buildCertificateRequest() {
try {
CompanyInfo companyInfo = wsaaDao.loadActiveCompanyInfo();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PEMKeyPair pemPrivateKey = fromPem(companyInfo.getPrivateKey());
PrivateKey privateKey = converter.getPrivateKey(pemPrivateKey
.getPrivateKeyInfo());
PEMKeyPair pemPublicKey = fromPem(companyInfo.getPrivateKey());
PublicKey publicKey = converter.getPublicKey(pemPublicKey
.getPublicKeyInfo());
X500Principal subject = new X500Principal(companyInfo.buildSource());
ContentSigner signGen = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
.build(privateKey);
PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey).build(signGen);
return toPem(csr);
} catch (IOException | OperatorCreationException e) {
throw Throwables.propagate(e);
}
}
示例14: addKeyPair
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
public void addKeyPair(String alias, char[] privateKeyPassword, String commonName, String unit, String organization, String location, String state, String country, String emailAdress) throws OperatorCreationException, CertificateException, KeyStoreException, NoSuchAlgorithmException, FileNotFoundException
{
//generating random KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//generating certificate for KeyPair
X500Name issuer = new X500Name("CN="+commonName+",OU="+unit+",O="+organization+",L="+location+",ST="+state+",C="+country+",EmailAddress="+emailAdress);
BigInteger serial = BigInteger.valueOf(1);
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
//generate certificate
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 20), subject, pubKey);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate());
X509CertificateHolder certHolder = generator.build(sigGen);
X509Certificate cert = new JcaX509CertificateConverter().getCertificate( certHolder );
//add certificate
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, new Certificate[] {cert});
}
示例15: writeCertificationRequest
import org.bouncycastle.operator.ContentSigner; //导入依赖的package包/类
public void writeCertificationRequest(String alias, char[] privateKeyPassword, Writer dest) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, OperatorCreationException, IOException
{
//reading information from self-signed certificate
X509Certificate cert = (X509Certificate)keystore.getCertificate(alias);
KeyPair keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey)keystore.getKey(alias, privateKeyPassword));
Principal principal = cert.getSubjectDN();
//generate certification request
X500Name x500Name = new X500Name(principal.toString());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
x500Name, keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
//write certification request
String csrString = csrToString(csr);
dest.write(csrString);
}