/** * Signs the certificate being built by the given builder using the given private key and returns the certificate. * @param privateKey the private key to sign the certificate with. * @param builder the cert builder that contains the certificate data. * @return the signed certificate. * @throws IOException * @throws OperatorCreationException * @throws CertificateException */ private static X509Certificate buildAndSignCertificate( PrivateKey privateKey, X509v3CertificateBuilder builder) throws IOException, OperatorCreationException, CertificateException { BcContentSignerBuilder signerBuilder; if (privateKey.getAlgorithm().contains("RSA")) { // a little hacky way to detect key type, but it works AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find( "SHA256WithRSAEncryption"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm); signerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm); } else { // if not RSA, assume EC AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find( "SHA256withECDSA"); AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm); signerBuilder = new BcECContentSignerBuilder(signatureAlgorithm, digestAlgorithm); } AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(privateKey.getEncoded()); ContentSigner signer = signerBuilder.build(privateKeyParam); return toX509Cert(builder.build(signer)); }
builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid())); } else {
builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.getOid())); } else {
builder = new BcECContentSignerBuilder(new AlgorithmIdentifier(sigOid), buildAlgId(hashAlgo.oid())); } else {