\r
private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;\r
\r
+ private static final int KEY_LENGTH = 2048;\r
+ \r
+ private static final String KEY_ALGORITHM = "RSA";\r
+ \r
+ private static final String SIGNING_ALGORITHM = "SHA512withRSA";\r
+ \r
public static final boolean unlimitedStrength;\r
\r
private static final Logger logger = LoggerFactory.getLogger(X509Utils.class);\r
* @throws Exception\r
*/\r
private static KeyPair newKeyPair() throws Exception {\r
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC);\r
- kpGen.initialize(2048, new SecureRandom());\r
+ KeyPairGenerator kpGen = KeyPairGenerator.getInstance(KEY_ALGORITHM, BC);\r
+ kpGen.initialize(KEY_LENGTH, new SecureRandom());\r
return kpGen.generateKeyPair();\r
}\r
\r
certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));\r
certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));\r
\r
- ContentSigner caSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption")\r
+ ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM)\r
.setProvider(BC).build(caPrivateKey);\r
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)\r
.getCertificate(certBuilder.build(caSigner));\r
try {\r
KeyPair caPair = newKeyPair();\r
\r
- ContentSigner caSigner = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPair.getPrivate());\r
+ ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPair.getPrivate());\r
\r
// clone metadata\r
X509Metadata caMetadata = metadata.clone(CA_CN, metadata.password);\r
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, new Date());\r
\r
// build and sign CRL with CA private key\r
- ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPrivateKey);\r
+ ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);\r
X509CRLHolder crl = crlBuilder.build(signer);\r
\r
File tmpFile = new File(caRevocationList.getParentFile(), Long.toHexString(System.currentTimeMillis()) + ".tmp");\r
certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);\r
}\r
\r
- ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(caPrivateKey);\r
+ ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);\r
\r
X509Certificate userCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certBuilder.build(signer));\r
PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)pair.getPrivate();\r
projects / gitblit.git / commitdiff