当前位置: 首页>>代码示例>>Java>>正文


Java JcaContentSignerBuilder类代码示例

本文整理汇总了Java中org.bouncycastle.operator.jcajce.JcaContentSignerBuilder的典型用法代码示例。如果您正苦于以下问题:Java JcaContentSignerBuilder类的具体用法?Java JcaContentSignerBuilder怎么用?Java JcaContentSignerBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


JcaContentSignerBuilder类属于org.bouncycastle.operator.jcajce包,在下文中一共展示了JcaContentSignerBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: generateP7B

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public CMSSignedData generateP7B(X509CertificateHolder caCertificate, PrivateKey caPrivateKey) {
	try {
		List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
		certChain.add(caCertificate);

		Store certs = new JcaCertStore(certChain);

		CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
		ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caPrivateKey);

		cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
				new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build())
		.build(sha1Signer, caCertificate));
		cmsSignedDataGenerator.addCertificates(certs);

		CMSTypedData chainMessage = new CMSProcessableByteArray("chain".getBytes());
		CMSSignedData sigData = cmsSignedDataGenerator.generate(chainMessage, false);

		return sigData;
		
	} catch(Exception e) {
		throw new RuntimeException("Error while generating certificate chain: " + e.getMessage(), e);
	}
}
 
开发者ID:fabiusks,项目名称:cert-services,代码行数:25,代码来源:P7BService.java

示例2: generateSignatureBlock

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static byte[] generateSignatureBlock(
        SignerConfig signerConfig, byte[] signatureFileBytes)
                throws InvalidKeyException, CertificateEncodingException, SignatureException {
    JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
    X509Certificate signerCert = signerConfig.certificates.get(0);
    String jcaSignatureAlgorithm =
            getJcaSignatureAlgorithm(
                    signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
    try {
        ContentSigner signer =
                new JcaContentSignerBuilder(jcaSignatureAlgorithm)
                .build(signerConfig.privateKey);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        gen.addSignerInfoGenerator(
                new SignerInfoGeneratorBuilder(
                        new JcaDigestCalculatorProviderBuilder().build(),
                        SignerInfoSignatureAlgorithmFinder.INSTANCE)
                        .setDirectSignature(true)
                        .build(signer, new JcaX509CertificateHolder(signerCert)));
        gen.addCertificates(certs);

        CMSSignedData sigData =
                gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);

        ByteArrayOutputStream out = new ByteArrayOutputStream();
        try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
            DEROutputStream dos = new DEROutputStream(out);
            dos.writeObject(asn1.readObject());
        }
        return out.toByteArray();
    } catch (OperatorCreationException | CMSException | IOException e) {
        throw new SignatureException("Failed to generate signature", e);
    }
}
 
开发者ID:Meituan-Dianping,项目名称:walle,代码行数:35,代码来源:V1SchemeSigner.java

示例3: createSigningRequest

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
/**
 * Creates and returns the content of a new singing request for the specified certificate. Signing
 * requests are required by Certificate Authorities as part of their signing process. The signing request
 * contains information about the certificate issuer, subject DN, subject alternative names and public key.
 * Private keys are not included. After the Certificate Authority verified and signed the certificate a new
 * certificate is going to be returned.
 *
 * @param cert the certificate to create a signing request.
 * @param privKey the private key of the certificate.
 * @return the content of a new singing request for the specified certificate.
 */
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException {

    JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( //
            cert.getSubjectX500Principal(), //
            cert.getPublicKey() //
            );

    String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();

    ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
    PKCS10CertificationRequest csr = csrBuilder.build(signer);

    StringWriter string = new StringWriter();
    PemWriter pemWriter = new PemWriter(string);

    PemObjectGenerator objGen = new MiscPEMGenerator(csr);
    pemWriter.writeObject(objGen);
    pemWriter.close();

    return string.toString();
}
 
开发者ID:igniterealtime,项目名称:Openfire,代码行数:33,代码来源:CertificateManager.java

示例4: addSelfSignedCertificate

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public void addSelfSignedCertificate(String certificateAlias, String dn, String password) {
	try {
		KeyPair keys = generateKeyPair();

		Calendar start = Calendar.getInstance();
		Calendar expiry = Calendar.getInstance();
		expiry.add(Calendar.YEAR, 1);
		X500Name name = new X500Name(dn);
		X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name, BigInteger.ONE,
				start.getTime(), expiry.getTime(), name, SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()));
		ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(keys.getPrivate());
		X509CertificateHolder holder = certificateBuilder.build(signer);
		Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);

		Entry entry = new PrivateKeyEntry(keys.getPrivate(), new Certificate[]{ cert });
		keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
	} catch (GeneralSecurityException | OperatorCreationException ex) {
		throw new RuntimeException("Unable to generate self-signed certificate", ex);
	}
}
 
开发者ID:xtf-cz,项目名称:xtf,代码行数:21,代码来源:XTFKeyStore.java

示例5: generateCertificate

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private X509Certificate generateCertificate(KeyPair keyPair) throws DeltaClientException {
    try {
        BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
        Date startDate = DateTimeUtil.getCurrentDate();
        Date expiryDate = DateTimeUtil.addDays(startDate, DAYS_CERTIFICATE_VALID);
        X500Name issuer = new X500Name(ISSUER);
        X500Name subject = new X500Name(SUBJECT);

        X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
                issuer, serialNumber, startDate, expiryDate, subject,
                SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
        ContentSigner signer = builder.build(keyPair.getPrivate());


        byte[] certBytes = certBuilder.build(signer).getEncoded();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
    } catch (Exception e) {
        LOG.error(e.getMessage());
        throw new DeltaClientException("Error generating certificate", e);
    }
}
 
开发者ID:Covata,项目名称:delta-sdk-java,代码行数:24,代码来源:DeltaKeyStore.java

示例6: generateCrl

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception {
    X509v2CRLBuilder builder = new X509v2CRLBuilder(
        new X500Name(ca.getSubjectDN().getName()),
        new Date()
    );

    for (X509Certificate certificate : revoked) {
        builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn);
    }

    JcaContentSignerBuilder contentSignerBuilder =
        new JcaContentSignerBuilder("SHA256WithRSAEncryption");

    contentSignerBuilder.setProvider("BC");

    X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey));

    JcaX509CRLConverter converter = new JcaX509CRLConverter();

    converter.setProvider("BC");

    return converter.getCRL(crlHolder);
}
 
开发者ID:eclipse,项目名称:milo,代码行数:24,代码来源:CertificateValidationUtilTest.java

示例7: addKeyPair

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public void addKeyPair(String alias, char[] privateKeyPassword, String commonName, String unit, String organization, String location, String state, String country, String emailAdress) throws OperatorCreationException, CertificateException, KeyStoreException, NoSuchAlgorithmException, FileNotFoundException
{
	//generating random KeyPair
	KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
	keyPairGenerator.initialize(2048);
	KeyPair keyPair = keyPairGenerator.generateKeyPair();
	
	//generating certificate for KeyPair
	X500Name issuer = new X500Name("CN="+commonName+",OU="+unit+",O="+organization+",L="+location+",ST="+state+",C="+country+",EmailAddress="+emailAdress);
    BigInteger serial = BigInteger.valueOf(1);
    X500Name subject = issuer;
    PublicKey pubKey = keyPair.getPublic();

    //generate certificate
    X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, new Date(System.currentTimeMillis()),
            new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 20), subject, pubKey);
    
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate());
    X509CertificateHolder certHolder = generator.build(sigGen);
    X509Certificate cert = new JcaX509CertificateConverter().getCertificate( certHolder );
    
    //add certificate
	keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, new Certificate[] {cert});
}
 
开发者ID:aktin,项目名称:ca,代码行数:25,代码来源:CertificateManager.java

示例8: writeCertificationRequest

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public void writeCertificationRequest(String alias, char[] privateKeyPassword, Writer dest) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, OperatorCreationException, IOException
{
	//reading information from self-signed certificate
	X509Certificate cert = (X509Certificate)keystore.getCertificate(alias);
	KeyPair keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey)keystore.getKey(alias, privateKeyPassword));
	Principal principal = cert.getSubjectDN();
	
	//generate certification request
	X500Name x500Name = new X500Name(principal.toString());
	PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
		    x500Name, keyPair.getPublic());
	JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
	ContentSigner signer = csBuilder.build(keyPair.getPrivate());
	PKCS10CertificationRequest csr = p10Builder.build(signer);
	
	//write certification request
	String csrString = csrToString(csr);
	dest.write(csrString);
}
 
开发者ID:aktin,项目名称:ca,代码行数:20,代码来源:CertificateManager.java

示例9: generateCSR

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
        throws IOException, OperatorCreationException {
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
    extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
            new ExtendedKeyUsage(
                    new KeyPurposeId[] {
                            KeyPurposeId.id_kp_clientAuth,
                            KeyPurposeId.id_kp_serverAuth
                    }
            ));
    extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());

    PKCS10CertificationRequest csr =
            new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
            .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
            .build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
    return PEMUtils.toPEM(csr);
}
 
开发者ID:mesosphere,项目名称:dcos-commons,代码行数:20,代码来源:TLSArtifactsGenerator.java

示例10: constructCert

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
@Test
public void constructCert() throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    ((Logger)LoggerFactory.getLogger(CertificateGenerator.class)).setLevel(Level.DEBUG);
    File file = new File("/tmp/dm-agent.jks");//Files.createTempFile("dm-agent", ".jks");

    KeyPair keypair = createKeypair();
    JcaX509v3CertificateBuilder cb = createRootCert(keypair);
    ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keypair.getPrivate());
    X509CertificateHolder rootCert = cb.build(signer);
    KeystoreConfig cert = CertificateGenerator.constructCert(rootCert,
      keypair.getPrivate(),
      file,
      ImmutableSet.of("test1", "test2"));
    assertNotNull(cert);
}
 
开发者ID:codeabovelab,项目名称:haven-platform,代码行数:17,代码来源:CertificateGeneratorTest.java

示例11: generateSignatureBlock

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
	JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
	X509Certificate signerCert = signerConfig.certificates.get(0);
	String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
	try {
		ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
		CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
		gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer,
				new JcaX509CertificateHolder(signerCert)));
		gen.addCertificates(certs);

		CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);

		ByteArrayOutputStream out = new ByteArrayOutputStream();
		try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
			DEROutputStream dos = new DEROutputStream(out);
			dos.writeObject(asn1.readObject());
		}
		return out.toByteArray();
	} catch (OperatorCreationException | CMSException | IOException e) {
		throw new SignatureException("Failed to generate signature", e);
	}
}
 
开发者ID:abutun,项目名称:apk-verifier,代码行数:24,代码来源:V1SchemeSigner.java

示例12: createSelfSignedCertificate

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
        throws OperatorCreationException, CertIOException, CertificateException {
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    X500Name x500Name = new X500Name("CN="+ identity.getFullName());
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(Duration.ofDays(30)));

    X509v3CertificateBuilder certificateBuilder =
            new JcaX509v3CertificateBuilder(
                    x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
            )
                    .addExtension(Extension.basicConstraints, true, new BasicConstraints(true));

    return new JcaX509CertificateConverter()
            .setProvider(new BouncyCastleProvider())
            .getCertificate(certificateBuilder.build(contentSigner));

}
 
开发者ID:vespa-engine,项目名称:vespa,代码行数:20,代码来源:AthenzIdentityVerifierTest.java

示例13: createSelfSignedCertificate

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, ConfigserverConfig config)
        throws IOException, CertificateException, OperatorCreationException {
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
    X500Name x500Name = new X500Name("CN="+ config.loadBalancerAddress());
    Instant now = Instant.now();
    Date notBefore = Date.from(now);
    Date notAfter = Date.from(now.plus(Duration.ofDays(30)));

    GeneralNames generalNames = new GeneralNames(
            config.zookeeperserver().stream()
                    .map(server -> new GeneralName(GeneralName.dNSName, server.hostname()))
                    .toArray(GeneralName[]::new));

    X509v3CertificateBuilder certificateBuilder =
            new JcaX509v3CertificateBuilder(
                    x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
            )
                    .addExtension(Extension.basicConstraints, true, new BasicConstraints(true))
                    .addExtension(Extension.subjectAlternativeName, false, generalNames);

    return new JcaX509CertificateConverter()
            .setProvider(provider)
            .getCertificate(certificateBuilder.build(contentSigner));
}
 
开发者ID:vespa-engine,项目名称:vespa,代码行数:25,代码来源:AthenzSslTrustStoreConfigurator.java

示例14: createSelfSignedCertificate

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(AthenzIdentity identity) {
    try {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        keyGen.initialize(512);
        KeyPair keyPair = keyGen.genKeyPair();
        ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
        X500Name x500Name = new X500Name("CN="+ identity.getFullName());
        X509v3CertificateBuilder certificateBuilder =
                new JcaX509v3CertificateBuilder(
                        x500Name, BigInteger.ONE, new Date(), Date.from(Instant.now().plus(Duration.ofDays(30))),
                        x500Name, keyPair.getPublic());
        return new JcaX509CertificateConverter()
                .setProvider(new BouncyCastleProvider())
                .getCertificate(certificateBuilder.build(contentSigner));
    } catch (CertificateException | NoSuchAlgorithmException | OperatorCreationException e) {
        throw new RuntimeException(e);
    }
}
 
开发者ID:vespa-engine,项目名称:vespa,代码行数:19,代码来源:AthenzPrincipalFilterTest.java

示例15: buildCertificateRequest

import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
@Override
public String buildCertificateRequest() {
	try {
		CompanyInfo companyInfo = wsaaDao.loadActiveCompanyInfo();

		JcaPEMKeyConverter converter = new JcaPEMKeyConverter();

		PEMKeyPair pemPrivateKey = fromPem(companyInfo.getPrivateKey());
		PrivateKey privateKey = converter.getPrivateKey(pemPrivateKey
				.getPrivateKeyInfo());
		PEMKeyPair pemPublicKey = fromPem(companyInfo.getPrivateKey());
		PublicKey publicKey = converter.getPublicKey(pemPublicKey
				.getPublicKeyInfo());

		X500Principal subject = new X500Principal(companyInfo.buildSource());
		ContentSigner signGen = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
				.build(privateKey);

		PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(
				subject, publicKey).build(signGen);

		return toPem(csr);
	} catch (IOException | OperatorCreationException e) {
		throw Throwables.propagate(e);
	}
}
 
开发者ID:NibiruOS,项目名称:afip,代码行数:27,代码来源:BouncyCastleWsaaManager.java


注:本文中的org.bouncycastle.operator.jcajce.JcaContentSignerBuilder类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。