本文整理汇总了Java中org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build方法的典型用法代码示例。如果您正苦于以下问题:Java JcaContentSignerBuilder.build方法的具体用法?Java JcaContentSignerBuilder.build怎么用?Java JcaContentSignerBuilder.build使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
的用法示例。
在下文中一共展示了JcaContentSignerBuilder.build方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: generateCertificate
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private X509Certificate generateCertificate(KeyPair keyPair) throws DeltaClientException {
try {
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Date startDate = DateTimeUtil.getCurrentDate();
Date expiryDate = DateTimeUtil.addDays(startDate, DAYS_CERTIFICATE_VALID);
X500Name issuer = new X500Name(ISSUER);
X500Name subject = new X500Name(SUBJECT);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(
issuer, serialNumber, startDate, expiryDate, subject,
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = builder.build(keyPair.getPrivate());
byte[] certBytes = certBuilder.build(signer).getEncoded();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
} catch (Exception e) {
LOG.error(e.getMessage());
throw new DeltaClientException("Error generating certificate", e);
}
}
示例2: writeCertificationRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
public void writeCertificationRequest(String alias, char[] privateKeyPassword, Writer dest) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, OperatorCreationException, IOException
{
//reading information from self-signed certificate
X509Certificate cert = (X509Certificate)keystore.getCertificate(alias);
KeyPair keyPair = new KeyPair(cert.getPublicKey(), (PrivateKey)keystore.getKey(alias, privateKeyPassword));
Principal principal = cert.getSubjectDN();
//generate certification request
X500Name x500Name = new X500Name(principal.toString());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
x500Name, keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
//write certification request
String csrString = csrToString(csr);
dest.write(csrString);
}
示例3: generateCSR
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
public PKCS10CertificationRequest generateCSR(User user, KeyPair key) throws OperatorCreationException {
X500Name x500User = new X500NameBuilder()
.addRDN(BCStyle.C, user.getCountryName())
.addRDN(BCStyle.ST, user.getProvinceName())
.addRDN(BCStyle.L, user.getLocalityName())
.addRDN(BCStyle.O, user.getOrganizationName())
.addRDN(BCStyle.OU, user.getOrganizationUnitName())
.addRDN(BCStyle.CN, user.getCommonName())
.addRDN(BCStyle.EmailAddress, user.getEmailAddress())
.build();
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
x500User, key.getPublic());
user.setPrivateKey(key.getPrivate().getEncoded());
JcaContentSignerBuilder csBuilder= new JcaContentSignerBuilder("SHA512WithRSAEncryption");
ContentSigner signer = csBuilder.build(key.getPrivate());
return p10Builder.build(signer);
}
示例4: generateCA
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
protected void generateCA() throws NoSuchProviderException, NoSuchAlgorithmException, IOException, OperatorCreationException {
KeyPair pair = generateKey();
LocalDateTime startDate = LocalDate.now().atStartOfDay();
X509v3CertificateBuilder builder= new X509v3CertificateBuilder(
new X500Name("CN=ca"),
new BigInteger("0"),
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),
new X500Name("CN=ca"),
SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()));
JcaContentSignerBuilder csBuilder= new JcaContentSignerBuilder("SHA512WithRSAEncryption");
ContentSigner signer = csBuilder.build(pair.getPrivate());
X509CertificateHolder holder = builder.build(signer);
try (PemWriter writer = new PemWriter(new FileWriter(pemPath.toFile()))) {
writer.writeObject(new PemObject("CERTIFICATE", holder.toASN1Structure().getEncoded()));
}
try (PemWriter writer = new PemWriter(new FileWriter(keyPath.toFile()))) {
writer.writeObject(new PemObject("PRIVATE KEY", pair.getPrivate().getEncoded()));
}
}
示例5: generateCSR
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
public static PKCS10CertificationRequest generateCSR(String[] commonNames, KeyPair pair) throws OperatorCreationException, IOException {
X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
namebuilder.addRDN(BCStyle.CN, commonNames[0]);
List<GeneralName> subjectAltNames = new ArrayList<>(commonNames.length);
for (String cn:commonNames)
subjectAltNames.add(new GeneralName(GeneralName.dNSName, cn));
GeneralNames subjectAltName = new GeneralNames(subjectAltNames.toArray(new GeneralName[0]));
ExtensionsGenerator extGen = new ExtensionsGenerator();
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltName.toASN1Primitive());
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), pair.getPublic());
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
PKCS10CertificationRequest request = p10Builder.build(signer);
return request;
}
示例6: generateCertSignRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
/**
* This method creates the PKCS10 Certificate Sign Request which is to be sent to the SCEP Server using the
* generated PublicKey of the client. The certificate parameters used here are the ones from the AgentManager
* which are the values read from the configurations file.
*
* @return the PKCS10CertificationRequest object created using the client specific configs and the generated
* PublicKey
* @throws AgentCoreOperationException if an error occurs when creating a content signer to sign the CSR.
*/
private PKCS10CertificationRequest generateCertSignRequest() throws AgentCoreOperationException {
// Build the CN for the cert we are requesting.
X500NameBuilder nameBld = new X500NameBuilder(BCStyle.INSTANCE);
nameBld.addRDN(BCStyle.CN, AgentManager.getInstance().getAgentConfigs().getDeviceName());
nameBld.addRDN(BCStyle.O, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
nameBld.addRDN(BCStyle.OU, AgentManager.getInstance().getAgentConfigs().getDeviceOwner());
nameBld.addRDN(BCStyle.UNIQUE_IDENTIFIER, AgentManager.getInstance().getAgentConfigs().getDeviceId());
X500Name principal = nameBld.build();
JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(SIGNATURE_ALG).setProvider(PROVIDER);
ContentSigner contentSigner;
try {
contentSigner = contentSignerBuilder.build(this.privateKey);
} catch (OperatorCreationException e) {
String errorMsg = "Could not create content signer with private key.";
log.error(errorMsg);
throw new AgentCoreOperationException(errorMsg, e);
}
// Generate the certificate signing request (csr = PKCS10)
PKCS10CertificationRequestBuilder reqBuilder = new JcaPKCS10CertificationRequestBuilder(principal,
this.publicKey);
return reqBuilder.build(contentSigner);
}
示例7: generateTestCertificate
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
public static X509Certificate generateTestCertificate(KeyPair pair) throws CertificateException, OperatorCreationException {
final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
final X500Name cn = nameBuilder.addRDN(BCStyle.CN, "Test Certificate").build();
final byte[] encoded = pair.getPublic().getEncoded();
final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encoded));
final X509v1CertificateBuilder certBuilder = new X509v1CertificateBuilder(
cn,
BigInteger.valueOf(System.currentTimeMillis()),
new Date(System.currentTimeMillis() - 10000),
new Date(System.currentTimeMillis() + 10000),
cn,
subjectPublicKeyInfo
);
final JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
final ContentSigner contentSigner = contentSignerBuilder.build(pair.getPrivate());
final X509CertificateHolder certificateHolder = certBuilder.build(contentSigner);
return new JcaX509CertificateConverter().setProvider( "BC" ).getCertificate(certificateHolder);
}
示例8: getCertificateRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private static PKCS10CertificationRequest getCertificateRequest(PublicKey publicKey, PrivateKey privateKey, String subject, Attribute extensions) {
try {
KeyPair keyPair = new KeyPair(publicKey, privateKey);
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(subject), keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("sha256WithRSA");
requestBuilder.addAttribute(extensions.getAttrType(), extensions.getAttrValues());
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
return requestBuilder.build(signer);
} catch (OperatorCreationException e) {
e.printStackTrace();
return null;
}
}
示例9: generateX509CSR
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey,
String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException {
// Create Distinguished Name
X500Principal subject = new X500Principal(x500Principal);
// Create ContentSigner
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256);
ContentSigner signer = csBuilder.build(privateKey);
// Create the CSR
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey);
// Add SubjectAlternativeNames (SAN) if specified
if (sanArray != null) {
ExtensionsGenerator extGen = new ExtensionsGenerator();
GeneralNames subjectAltNames = new GeneralNames(sanArray);
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
PKCS10CertificationRequest csr = p10Builder.build(signer);
// write to openssl PEM format
PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
StringWriter strWriter;
try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) {
pemWriter.writeObject(pemObject);
}
return strWriter.toString();
}
示例10: sign
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
/**
* Signs the completed CSR.
*
* @param keypair
* {@link KeyPair} to sign the CSR with
*/
public void sign(KeyPair keypair) throws IOException {
Objects.requireNonNull(keypair, "keypair");
if (namelist.isEmpty()) {
throw new IllegalStateException("No domain was set");
}
try {
GeneralName[] gns = new GeneralName[namelist.size()];
for (int ix = 0; ix < namelist.size(); ix++) {
gns[ix] = new GeneralName(GeneralName.dNSName, namelist.get(ix));
}
GeneralNames subjectAltName = new GeneralNames(gns);
PKCS10CertificationRequestBuilder p10Builder =
new JcaPKCS10CertificationRequestBuilder(namebuilder.build(), keypair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, subjectAltName);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
PrivateKey pk = keypair.getPrivate();
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(
pk instanceof ECKey ? EC_SIGNATURE_ALG : SIGNATURE_ALG);
ContentSigner signer = csBuilder.build(pk);
csr = p10Builder.build(signer);
} catch (OperatorCreationException ex) {
throw new IOException("Could not generate CSR", ex);
}
}
示例11: generateCSR
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
public byte[] generateCSR(X500Name name) throws OperatorCreationException, IOException {
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(name, this.publicKey);
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(this.privateKey);
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr.getEncoded();
}
示例12: buildOCSPRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private byte[] buildOCSPRequest(final CertificateToken signCert, final CertificateToken issuerCert, Extension nonceExtension) throws
DSSException {
try {
logger.debug("Building OCSP request");
final CertificateID certId = DSSRevocationUtils.getOCSPCertificateID(signCert, issuerCert);
final OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder();
ocspReqBuilder.addRequest(certId);
ocspReqBuilder.setRequestExtensions(new Extensions(nonceExtension));
if (configuration.hasToBeOCSPRequestSigned()) {
logger.info("Using signed OCSP request");
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA1withRSA");
if (!configuration.isOCSPSigningConfigurationAvailable()) {
throw new ConfigurationException("Configuration needed for OCSP request signing is not complete.");
}
DSSPrivateKeyEntry keyEntry = getOCSPAccessCertificatePrivateKey();
PrivateKey privateKey = ((KSPrivateKeyEntry) keyEntry).getPrivateKey();
X509Certificate ocspSignerCert = keyEntry.getCertificate().getCertificate();
ContentSigner contentSigner = signerBuilder.build(privateKey);
X509CertificateHolder[] chain = {new X509CertificateHolder(ocspSignerCert.getEncoded())};
GeneralName generalName = new GeneralName(new JcaX509CertificateHolder(ocspSignerCert).getSubject());
ocspReqBuilder.setRequestorName(generalName);
return ocspReqBuilder.build(contentSigner, chain).getEncoded();
}
return ocspReqBuilder.build().getEncoded();
} catch (Exception e) {
throw new DSSException(e);
}
}
示例13: generateCsr
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
private static PKCS10CertificationRequest generateCsr(KeyPair identity, String publicAddress) throws Exception {
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
new X500Principal(String.format("cn=%s", publicAddress)), identity.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(identity.getPrivate());
return p10Builder.build(signer);
}
示例14: toSignerInfoGenerator
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
SignerInfoGenerator toSignerInfoGenerator(
SecureRandom random,
Provider sigProvider,
boolean addDefaultAttributes)
throws IOException, CertificateEncodingException, CMSException, OperatorCreationException, NoSuchAlgorithmException
{
String digestName = CMSSignedHelper.INSTANCE.getDigestAlgName(digestOID);
String signatureName = digestName + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(encOID);
JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
if (addDefaultAttributes)
{
builder.setSignedAttributeGenerator(sAttr);
}
builder.setDirectSignature(!addDefaultAttributes);
builder.setUnsignedAttributeGenerator(unsAttr);
JcaContentSignerBuilder signerBuilder;
try
{
signerBuilder = new JcaContentSignerBuilder(signatureName).setSecureRandom(random);
}
catch (IllegalArgumentException e)
{
throw new NoSuchAlgorithmException(e.getMessage());
}
if (sigProvider != null)
{
signerBuilder.setProvider(sigProvider);
}
ContentSigner contentSigner = signerBuilder.build(key);
if (signerIdentifier instanceof X509Certificate)
{
return builder.build(contentSigner, (X509Certificate)signerIdentifier);
}
else
{
return builder.build(contentSigner, (byte[])signerIdentifier);
}
}
示例15: generateCertificationRequest
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; //导入方法依赖的package包/类
/**
* generateCertificationRequest
*
* @param subject The subject to be added to the certificate
* @param pair Public private key pair
* @return PKCS10CertificationRequest Certificate Signing Request.
* @throws OperatorCreationException
*/
public String generateCertificationRequest(String subject, KeyPair pair)
throws InvalidArgumentException {
try {
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
new X500Principal("CN=" + subject), pair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withECDSA");
if (null != SECURITY_PROVIDER) {
csBuilder.setProvider(SECURITY_PROVIDER);
}
ContentSigner signer = csBuilder.build(pair.getPrivate());
return certificationRequestToPEM(p10Builder.build(signer));
} catch (Exception e) {
logger.error(e);
throw new InvalidArgumentException(e);
}
}