List of usage examples for java.security Provider getClass
@HotSpotIntrinsicCandidate public final native Class<?> getClass();
From source file:at.tfr.securefs.Configuration.java
@PostConstruct public void init() { if (log.isDebugEnabled()) { for (Provider p : Security.getProviders()) { try { log.debug("Provider: " + p.getClass() + ", Name=" + p.getName() + ", Info=" + p.getInfo()); final Set<Service> services = p.getServices(); if (services == null) { log.debug("Provider has no services: " + p); } else { for (Service s : services) { log.debug("Service: " + s.getClassName() + ", " + s.getAlgorithm() + ", "); }//from w w w. j ava2s. c om } } catch (Throwable t) { log.info("cannot print info: Provider=" + p + " : " + t, t); } } } loadSecureFsProperties(true); keyAlgorithm = secConfig.getString(SECUREFS_SERVER_PFX + KEY_ALGORITHM, keyAlgorithm); log.info("KeyAlgorithm = " + keyAlgorithm); keyStrength = secConfig.getInt(SECUREFS_SERVER_PFX + KEY_STRENGTH, keyStrength); log.info("KeyStrength = " + keyStrength); iterationCount = secConfig.getInt(SECUREFS_SERVER_PFX + ITERATION_COUNT, iterationCount); log.info("IterationCount = " + iterationCount); cipherAlgorithm = secConfig.getString(SECUREFS_SERVER_PFX + CIPHER_ALGORITHM, cipherAlgorithm); log.info("CipherAlgorithm = " + cipherAlgorithm); paddingCipherAlgorithm = secConfig.getString(SECUREFS_SERVER_PFX + PADDING_CIPHER_ALGORITHM, paddingCipherAlgorithm); log.info("PaddingCipherAlgorithm = " + paddingCipherAlgorithm); salt = secConfig.getString(SECUREFS_SERVER_PFX + SALT, salt); log.info("Salt = " + salt); cacheName = secConfig.getString(SECUREFS_SERVER_PFX + CACHE_NAME, cacheName); log.info("CacheName = " + cacheName); restrictedToBasePath = secConfig.getBoolean(SECUREFS_SERVER_PFX + RESTRICTED_TO_BASE_PATH, restrictedToBasePath); log.info("RestrictedToBasePath = " + restrictedToBasePath); preProcessing = secConfig.getBoolean(SECUREFS_SERVER_PFX + PRE_PROCESSING, preProcessing); log.info("PreProcessing = " + preProcessing); test = secConfig.getBoolean(SECUREFS_SERVER_PFX + TEST, test); log.info("Test = " + test); try { String basePathProp = secConfig.getString(SECUREFS_SERVER_PFX + BASE_PATH); if (StringUtils.isNotBlank(basePathProp)) { basePath = Paths.get(basePathProp); } else { basePath = Files.createTempDirectory(SECUREFS); } log.info("BasePath = " + basePath); revokedKeysPath = basePath.resolve(REVOKED_KEYS); } catch (Exception e) { log.warn("cannot open BasePath", e); } try { String tmpPathProp = secConfig.getString(SECUREFS_SERVER_PFX + TMP_PATH); String jbossTmpPathProp = System.getProperty(JBOSS_SERVER_TEMP_DIR); if (StringUtils.isNotBlank(tmpPathProp)) { tmpPath = Paths.get(tmpPathProp); } else if (StringUtils.isNotBlank(jbossTmpPathProp)) { tmpPath = Files.createDirectories(Paths.get(jbossTmpPathProp, SECUREFS)); } else { tmpPath = Files.createTempDirectory(SECUREFS); } log.info("TmpPath = " + tmpPath); } catch (Exception e) { log.warn("cannot open TmpPath", e); } try { schemaPath = Paths.get(secConfig.getString(SECUREFS_SERVER_PFX + SCHEMA_PATH, "/tmp")); log.info("SchemaPath = " + schemaPath); } catch (Exception e) { log.warn("cannot open SchemaPath", e); } try { log.info("ServiceModules : names=" + getServiceModules()); getModuleConfigurations().stream().peek((m) -> log.info("\t" + m)); } catch (Exception e) { log.warn("cannot read ServiceModules", e); } }
From source file:org.cesecore.keys.token.PKCS11CryptoToken.java
private KeyStore createKeyStore(final char[] authCode) throws NoSuchAlgorithmException, CertificateException, UnsupportedEncodingException, IOException, KeyStoreException { final PasswordProtection pwp = new PasswordProtection(authCode); Provider provider = this.p11slot.getProvider(); final KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", provider, pwp); final KeyStore keyStore = builder.getKeyStore(); log.debug("Loading key from slot '" + this.sSlotLabel + "' using pin."); // See ECA-1395 for an explanation of this special handling for the IAIK provider. // If the application uses several instances of the IAIKPkcs11 provider, it has two options to get an initialized key store. First, it can get // the initialized key store directly from the provider instance. This looks like this // KeyStore tokenKeyStore = pkcs11Provider_.getTokenManager().getKeyStore(); // where pkcs11Provider_ is the instance of the IAIKPkcs11 provider. Second, the application can instantiate the key store as usual and then // initialize it. For initialization, the application must provide the name of the instance that this key store shall operate with. Just // instantiating the key store is not enough, and if the application calls tokenKeyStore.load(null, null), it always(!) binds the key store to // the first instance of the IAIKPkcs11 provider. This is the case, because there is no means for the KeyStoreSPI class to get the instance of // the provider that was used to instantiate it. This means, it does not help to provide the provider name and calling // KeyStore.getInstance("PKCS11KeyStore", providerName), the call to the load(InputStream, char[]) method with appropriate arguments is // required nevertheless. The correct usage will look like this // KeyStore cardKeyStore = KeyStore.getInstance("PKCS11KeyStore"); // String providerName = pkcs11Provider_.getName(); // ByteArrayInputStream providerNameInpustStream = // new ByteArrayInputStream(providerName.getBytes("UTF-8")); // cardKeyStore.load(providerNameInpustStream, null); // The password parameter of the load method (this is the second parameter, which is null here) will be used if provided (i.e. if it is not // null). If it is null, the default login manager will use the configured method for prompting the PIN on demand. If the application just // provides the instance number as a string instead of the complete provider name, the key store will also accept it. if (provider.getClass().getName().equals(Pkcs11SlotLabel.IAIK_PKCS11_CLASS)) { keyStore.load(new ByteArrayInputStream(getSignProviderName().getBytes("UTF-8")), authCode); } else {/* ww w . jav a 2s. c o m*/ // For the Sun provider this works fine to initialize the provider using previously provided protection parameters. keyStore.load(null, null); } try { pwp.destroy(); } catch (DestroyFailedException e) { // Log but otherwise ignore log.info("Detroy failed: ", e); } return keyStore; }
From source file:org.cesecore.keys.util.KeyStoreTools.java
private void generateEC(final String name, final String keyEntryName) throws InvalidAlgorithmParameterException { if (log.isTraceEnabled()) { log.trace(">generate EC: curve name " + name + ", keyEntryName " + keyEntryName); }//from ww w.jav a2 s . c om // Generate the EC Keypair KeyPairGenerator kpg; try { kpg = KeyPairGenerator.getInstance("EC", this.providerName); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Algorithm " + "EC" + "was not recognized.", e); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not found as a provider.", e); } try { Provider prov = Security.getProvider(this.providerName); if (StringUtils.contains(prov.getClass().getName(), "iaik")) { throw new InvalidAlgorithmParameterException("IAIK ECC key generation not implemented."); /* ECDSAPrivateKey privateKeyTemplate = new ECDSAPrivateKey(); privateKeyTemplate.getSign().setBooleanValue(Boolean.TRUE); privateKeyTemplate.getToken().setBooleanValue(Boolean.FALSE); ECDSAPublicKey publicKeyTemplate = new ECDSAPublicKey(); publicKeyTemplate.getVerify().setBooleanValue(Boolean.TRUE); publicKeyTemplate.getToken().setBooleanValue(Boolean.FALSE); ObjectID eccCurveObjectID = new ObjectID(objectID); publicKeyTemplate.getEcdsaParams().setByteArrayValue(DerCoder.encode(eccCurveObjectID)); PKCS11KeyPairGenerationSpec keyPairGenerationSpec = new PKCS11KeyPairGenerationSpec(tokenManager, publicKeyTemplate, privateKeyTemplate, PKCS11Spec.USE_READ_WRITE_SESSION, PKCS11Spec.USE_USER_SESSION); keyPairGenerator.initialize(keyPairGenerationSpec); */ } else { ECGenParameterSpec ecSpec = new ECGenParameterSpec(name); if (StringUtils.equals(name, "implicitlyCA")) { log.debug("Generating implicitlyCA encoded ECDSA key pair"); // If the keySpec is null, we have "implicitlyCA" defined EC parameters // The parameters were already installed when we installed the provider // We just make sure that ecSpec == null here ecSpec = null; } kpg.initialize(ecSpec); } } catch (InvalidAlgorithmParameterException e) { log.debug("EC name " + name + " not supported."); throw e; } generateKeyPair(kpg, keyEntryName, "SHA1withECDSA"); if (log.isTraceEnabled()) { log.trace("<generate: curve name " + name + ", keyEntryName " + keyEntryName); } }
From source file:org.ejbca.util.keystore.KeyStoreContainerBase.java
/** * @see org.ejbca.util.keystore.KeyStoreContainer#generate(java.lang.String, java.lang.String) *///from w w w .ja va 2 s .c o m private byte[] generateEC(final String name, final String keyEntryName) throws Exception { if (log.isTraceEnabled()) { log.trace(">generate EC: curve name " + name + ", keyEntryName " + keyEntryName); } // Generate the EC Keypair final KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", this.providerName); try { Provider prov = Security.getProvider(this.providerName); if (StringUtils.contains(prov.getClass().getName(), "iaik")) { throw new InvalidAlgorithmParameterException("IAIK ECC key generation not implemented."); /* ECDSAPrivateKey privateKeyTemplate = new ECDSAPrivateKey(); privateKeyTemplate.getSign().setBooleanValue(Boolean.TRUE); privateKeyTemplate.getToken().setBooleanValue(Boolean.FALSE); ECDSAPublicKey publicKeyTemplate = new ECDSAPublicKey(); publicKeyTemplate.getVerify().setBooleanValue(Boolean.TRUE); publicKeyTemplate.getToken().setBooleanValue(Boolean.FALSE); ObjectID eccCurveObjectID = new ObjectID(objectID); publicKeyTemplate.getEcdsaParams().setByteArrayValue(DerCoder.encode(eccCurveObjectID)); PKCS11KeyPairGenerationSpec keyPairGenerationSpec = new PKCS11KeyPairGenerationSpec(tokenManager, publicKeyTemplate, privateKeyTemplate, PKCS11Spec.USE_READ_WRITE_SESSION, PKCS11Spec.USE_USER_SESSION); keyPairGenerator.initialize(keyPairGenerationSpec); */ } else { kpg.initialize(new ECGenParameterSpec(name)); } } catch (InvalidAlgorithmParameterException e) { log.debug("EC name " + name + " not supported."); throw e; } final byte result[] = generate(kpg, keyEntryName, "SHA1withECDSA"); if (log.isTraceEnabled()) { log.trace("<generate: curve name " + name + ", keyEntryName " + keyEntryName); } return result; }
From source file:org.mule.providers.ldap.LdapSASLConnector.java
protected void doInitialise() throws InitialisationException { // if (isForceJDK14()) // {// w w w . ja v a2 s . co m // logger.debug("forcing JDK 1.4 SASL mode"); Security.addProvider(new com.novell.sasl.client.SaslProvider()); // } /* * else { Provider sunSASL = Security.getProvider("SunSASL"); * * if (sunSASL != null) { logger .debug("SunSASL implementation (JDK >= * 1.5) detected. Use it."); try { Sasl.setSaslClientFactory(new * SaslBridgeClientFactory()); } catch (RuntimeException e) { * logger.warn(e.toString()); } } else { logger .debug("No SunSASL * implementation (JDK >= 1.5 detected. Fall back to JDK 1.4 mode"); * Security.addProvider(new com.novell.sasl.client.SaslProvider()); } } */ if (logger.isDebugEnabled()) { Provider[] ps = Security.getProviders(); for (int i = 0; i < ps.length; i++) { Provider provider = ps[i]; logger.debug(provider.getClass() + "/" + provider.getName() + "/" + provider.getVersion() + "/" + provider.getInfo()); } } if (MECHANISM_DIGEST_EXTERNAL.equals(mechanism)) { try { if (trustAll) { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, trustAll ? TrustAllCertsManager.getTrustAllCertsManager() : null, null); // certificate_unknown ssf = new LDAPJSSESecureSocketFactory(context.getSocketFactory()); } else { if (StringUtils.isEmpty(trustStore)) { throw new InitialisationException(new IllegalArgumentException( "Either trustAll value must be true or the trustStore parameter must be set"), this); } File trustStoreFile = new File(trustStore); if (!trustStoreFile.exists() || !trustStoreFile.canRead()) { throw new InitialisationException(new IllegalArgumentException("truststore file " + trustStoreFile.getAbsolutePath() + " do not exist or is not readable"), this); } System.setProperty("javax.net.ssl.trustStore", trustStore); logger.debug("truststore set to " + trustStoreFile.getAbsolutePath()); ssf = new LDAPJSSESecureSocketFactory(); } // pix path // ssf = new LDAPJSSESecureSocketFactory((SSLSocketFactory) // SSLSocketFactory.getDefault()); // TODO SSL<->TLS (TLS maybe require startTLS() call on lc // ssf = new LDAPJSSEStartTLSFactory(); } catch (KeyManagementException e) { throw new InitialisationException(e, this); } catch (NoSuchAlgorithmException e) { throw new InitialisationException(e, this); } } super.doInitialise(); }