Skip to content

Commit

Permalink
Merge pull request #102 from jtnord/JENKINS-72249
Browse files Browse the repository at this point in the history 
[JENKINS-72249] switch to JcaContentSignerBuilder in order to obtain a ContentSigner
  • Loading branch information
@jtnord
jtnord committed Oct 31, 2023
2 parents 2530358 + 2ea6579 commit 303dc7c
Showing 1 changed file with 4 additions and 27 deletions.
31 changes: 4 additions & 27 deletions src/main/java/org/jenkinsci/main/modules/instance_identity/SelfSignedCertificate.java
View file
Expand Up @@ -3,7 +3,6 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
Expand All @@ -18,21 +17,13 @@
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

final class SelfSignedCertificate {

Expand Down Expand Up @@ -136,23 +127,11 @@ public X509Certificate generate() throws IOException {

ContentSigner signer;
if (keyPair.getPrivate() instanceof RSAPrivateKey) {
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(hashAlg + "withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(
new RSAKeyParameters(true,privateKey.getModulus(), privateKey.getPrivateExponent()));
signer = new JcaContentSignerBuilder(hashAlg + "withRSA").build(keyPair.getPrivate());
} else if (keyPair.getPrivate() instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) keyPair.getPrivate();
AlgorithmIdentifier sigAlgId =
new DefaultSignatureAlgorithmIdentifierFinder().find(hashAlg + "withDSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
signer = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(DSAUtil.generatePrivateKeyParameter(privateKey));
signer = new JcaContentSignerBuilder(hashAlg + "withDSA").build(keyPair.getPrivate());
} else if (keyPair.getPrivate() instanceof ECPrivateKey) {
ECPrivateKey privateKey = (ECPrivateKey)keyPair.getPrivate();
AlgorithmIdentifier sigAlgId =
new DefaultSignatureAlgorithmIdentifierFinder().find(hashAlg + "withECDSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
signer = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(ECUtil.generatePrivateKeyParameter(privateKey));
signer = new JcaContentSignerBuilder(hashAlg + "withECDSA").build(keyPair.getPrivate());

Check warning on line 134 in src/main/java/org/jenkinsci/main/modules/instance_identity/SelfSignedCertificate.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered lines 

Lines 132-134 are not covered by tests
} else {
throw new IOException("Unsupported key type");
}
Expand All @@ -165,8 +144,6 @@ public X509Certificate generate() throws IOException {
throw new IOException("Failed to generate a certificate", e);
} catch (NoSuchAlgorithmException e) {
throw new IOException("Failed to generate a certificate", e);
} catch (InvalidKeyException e) {
throw new IOException("Failed to generate a certificate", e);
}
}
}

0 comments on commit 303dc7c

Please sign in to comment.