本文整理汇总了Java中org.bouncycastle.operator.jcajce.JcaContentSignerBuilder类的典型用法代码示例。如果您正苦于以下问题:Java JcaContentSignerBuilder类的具体用法?Java JcaContentSignerBuilder怎么用?Java JcaContentSignerBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
JcaContentSignerBuilder类属于org.bouncycastle.operator.jcajce包,在下文中一共展示了JcaContentSignerBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateP7B
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public CMSSignedData generateP7B(X509CertificateHolder caCertificate, PrivateKey caPrivateKey) {
try {
List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
certChain.add(caCertificate);
Store certs = new JcaCertStore(certChain);
CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caPrivateKey);
cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build())
.build(sha1Signer, caCertificate));
cmsSignedDataGenerator.addCertificates(certs);
CMSTypedData chainMessage = new CMSProcessableByteArray("chain".getBytes());
CMSSignedData sigData = cmsSignedDataGenerator.generate(chainMessage, false);
return sigData;
} catch(Exception e) {
throw new RuntimeException("Error while generating certificate chain: " + e.getMessage(), e);
}
}
示例2: generateSignatureBlock
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static byte[] generateSignatureBlock(
SignerConfig signerConfig, byte[] signatureFileBytes)
throws InvalidKeyException, CertificateEncodingException, SignatureException {
JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
X509Certificate signerCert = signerConfig.certificates.get(0);
String jcaSignatureAlgorithm =
getJcaSignatureAlgorithm(
signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
try {
ContentSigner signer =
new JcaContentSignerBuilder(jcaSignatureAlgorithm)
.build(signerConfig.privateKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(
new SignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().build(),
SignerInfoSignatureAlgorithmFinder.INSTANCE)
.setDirectSignature(true)
.build(signer, new JcaX509CertificateHolder(signerCert)));
gen.addCertificates(certs);
CMSSignedData sigData =
gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
ByteArrayOutputStream out = new ByteArrayOutputStream();
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
return out.toByteArray();
} catch (OperatorCreationException | CMSException | IOException e) {
throw new SignatureException("Failed to generate signature", e);
}
}
示例3: createSigningRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
/**
* Creates and returns the content of a new singing request for the specified certificate. Signing
* requests are required by Certificate Authorities as part of their signing process. The signing request
* contains information about the certificate issuer, subject DN, subject alternative names and public key.
* Private keys are not included. After the Certificate Authority verified and signed the certificate a new
* certificate is going to be returned.
*
* @param cert the certificate to create a signing request.
* @param privKey the private key of the certificate.
* @return the content of a new singing request for the specified certificate.
*/
public static String createSigningRequest(X509Certificate cert, PrivateKey privKey) throws OperatorCreationException, IOException {
JcaPKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( //
cert.getSubjectX500Principal(), //
cert.getPublicKey() //
);
String signatureAlgorithm = "SHA256WITH" + cert.getPublicKey().getAlgorithm();
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privKey);
PKCS10CertificationRequest csr = csrBuilder.build(signer);
StringWriter string = new StringWriter();
PemWriter pemWriter = new PemWriter(string);
PemObjectGenerator objGen = new MiscPEMGenerator(csr);
pemWriter.writeObject(objGen);
pemWriter.close();
return string.toString();
}
示例4: addSelfSignedCertificate
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public void addSelfSignedCertificate(String certificateAlias, String dn, String password) {
try {
KeyPair keys = generateKeyPair();
Calendar start = Calendar.getInstance();
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR, 1);
X500Name name = new X500Name(dn);
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name, BigInteger.ONE,
start.getTime(), expiry.getTime(), name, SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()));
ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(keys.getPrivate());
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keys.getPrivate(), new Certificate[]{ cert });
keystore.setEntry(certificateAlias, entry, new PasswordProtection(password.toCharArray()));
} catch (GeneralSecurityException | OperatorCreationException ex) {
throw new RuntimeException("Unable to generate self-signed certificate", ex);
}
}
示例5: generateCertificate
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private X509Certificate generateCertificate(KeyPair keyPair) throws DeltaClientException {
try {
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Date startDate = DateTimeUtil.getCurrentDate();
Date expiryDate = DateTimeUtil.addDays(startDate, DAYS_CERTIFICATE_VALID);
X500Name issuer = new X500Name(ISSUER);
X500Name subject = new X500Name(SUBJECT);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
issuer, serialNumber, startDate, expiryDate, subject,
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = builder.build(keyPair.getPrivate());
byte[] certBytes = certBuilder.build(signer).getEncoded();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
} catch (Exception e) {
LOG.error(e.getMessage());
throw new DeltaClientException("Error generating certificate", e);
}
}
示例6: generateCrl
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private X509CRL generateCrl(X509Certificate ca, PrivateKey caPrivateKey, X509Certificate... revoked) throws Exception {
X509v2CRLBuilder builder = new X509v2CRLBuilder(
new X500Name(ca.getSubjectDN().getName()),
new Date()
);
for (X509Certificate certificate : revoked) {
builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.privilegeWithdrawn);
}
JcaContentSignerBuilder contentSignerBuilder =
new JcaContentSignerBuilder("SHA256WithRSAEncryption");
contentSignerBuilder.setProvider("BC");
X509CRLHolder crlHolder = builder.build(contentSignerBuilder.build(caPrivateKey));
JcaX509CRLConverter converter = new JcaX509CRLConverter();
converter.setProvider("BC");
return converter.getCRL(crlHolder);
}
示例7: addKeyPair
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public void addKeyPair(String alias, char[] privateKeyPassword, String commonName, String unit, String organization, String location, String state, String country, String emailAdress) throws OperatorCreationException, CertificateException, KeyStoreException, NoSuchAlgorithmException, FileNotFoundException
{
//generating random KeyPair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//generating certificate for KeyPair
X500Name issuer = new X500Name("CN="+commonName+",OU="+unit+",O="+organization+",L="+location+",ST="+state+",C="+country+",EmailAddress="+emailAdress);
BigInteger serial = BigInteger.valueOf(1);
X500Name subject = issuer;
PublicKey pubKey = keyPair.getPublic();
//generate certificate
X509v3CertificateBuilder generator = new JcaX509v3CertificateBuilder(issuer, serial, new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 365 * 20), subject, pubKey);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate());
X509CertificateHolder certHolder = generator.build(sigGen);
X509Certificate cert = new JcaX509CertificateConverter().getCertificate( certHolder );
//add certificate
keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, new Certificate[] {cert});
}
示例8: writeCertificationRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
public void writeCertificationRequest(String alias, char[] privateKeyPassword, Writer dest) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, OperatorCreationException, IOException
{
//reading information from self-signed certificate
X509Certificate cert = (X509Certificate)keystore.getCertificate(alias);
KeyPair keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey)keystore.getKey(alias, privateKeyPassword));
Principal principal = cert.getSubjectDN();
//generate certification request
X500Name x500Name = new X500Name(principal.toString());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
x500Name, keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
//write certification request
String csrString = csrToString(csr);
dest.write(csrString);
}
示例9: generateCSR
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static byte[] generateCSR(KeyPair keyPair, CertificateNamesGenerator certificateNamesGenerator)
throws IOException, OperatorCreationException {
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature));
extensionsGenerator.addExtension(Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(
new KeyPurposeId[] {
KeyPurposeId.id_kp_clientAuth,
KeyPurposeId.id_kp_serverAuth
}
));
extensionsGenerator.addExtension(Extension.subjectAlternativeName, true, certificateNamesGenerator.getSANs());
PKCS10CertificationRequest csr =
new JcaPKCS10CertificationRequestBuilder(certificateNamesGenerator.getSubject(), keyPair.getPublic())
.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate())
.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
return PEMUtils.toPEM(csr);
}
示例10: constructCert
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
@Test
public void constructCert() throws Exception {
Security.addProvider(new BouncyCastleProvider());
((Logger)LoggerFactory.getLogger(CertificateGenerator.class)).setLevel(Level.DEBUG);
File file = new File("/tmp/dm-agent.jks");//Files.createTempFile("dm-agent", ".jks");
KeyPair keypair = createKeypair();
JcaX509v3CertificateBuilder cb = createRootCert(keypair);
ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keypair.getPrivate());
X509CertificateHolder rootCert = cb.build(signer);
KeystoreConfig cert = CertificateGenerator.constructCert(rootCert,
keypair.getPrivate(),
file,
ImmutableSet.of("test1", "test2"));
assertNotNull(cert);
}
示例11: generateSignatureBlock
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
X509Certificate signerCert = signerConfig.certificates.get(0);
String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
try {
ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer,
new JcaX509CertificateHolder(signerCert)));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
ByteArrayOutputStream out = new ByteArrayOutputStream();
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
return out.toByteArray();
} catch (OperatorCreationException | CMSException | IOException e) {
throw new SignatureException("Failed to generate signature", e);
}
}
示例12: createSelfSignedCertificate
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity)
throws OperatorCreationException, CertIOException, CertificateException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ identity.getFullName());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certificateBuilder.build(contentSigner));
}
示例13: createSelfSignedCertificate
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, ConfigserverConfig config)
throws IOException, CertificateException, OperatorCreationException {
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ config.loadBalancerAddress());
Instant now = Instant.now();
Date notBefore = Date.from(now);
Date notAfter = Date.from(now.plus(Duration.ofDays(30)));
GeneralNames generalNames = new GeneralNames(
config.zookeeperserver().stream()
.map(server -> new GeneralName(GeneralName.dNSName, server.hostname()))
.toArray(GeneralName[]::new));
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic()
)
.addExtension(Extension.basicConstraints, true, new BasicConstraints(true))
.addExtension(Extension.subjectAlternativeName, false, generalNames);
return new JcaX509CertificateConverter()
.setProvider(provider)
.getCertificate(certificateBuilder.build(contentSigner));
}
示例14: createSelfSignedCertificate
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
private static X509Certificate createSelfSignedCertificate(AthenzIdentity identity) {
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair keyPair = keyGen.genKeyPair();
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
X500Name x500Name = new X500Name("CN="+ identity.getFullName());
X509v3CertificateBuilder certificateBuilder =
new JcaX509v3CertificateBuilder(
x500Name, BigInteger.ONE, new Date(), Date.from(Instant.now().plus(Duration.ofDays(30))),
x500Name, keyPair.getPublic());
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certificateBuilder.build(contentSigner));
} catch (CertificateException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new RuntimeException(e);
}
}
示例15: buildCertificateRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入依赖的package包/类
@Override
public String buildCertificateRequest() {
try {
CompanyInfo companyInfo = wsaaDao.loadActiveCompanyInfo();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PEMKeyPair pemPrivateKey = fromPem(companyInfo.getPrivateKey());
PrivateKey privateKey = converter.getPrivateKey(pemPrivateKey
.getPrivateKeyInfo());
PEMKeyPair pemPublicKey = fromPem(companyInfo.getPrivateKey());
PublicKey publicKey = converter.getPublicKey(pemPublicKey
.getPublicKeyInfo());
X500Principal subject = new X500Principal(companyInfo.buildSource());
ContentSigner signGen = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
.build(privateKey);
PKCS10CertificationRequest csr = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey).build(signGen);
return toPem(csr);
} catch (IOException | OperatorCreationException e) {
throw Throwables.propagate(e);
}
}