List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter setProvider
public JcaX509CertificateConverter setProvider(String providerName)
From source file:beta01.SimpleGenCert.java
private X509Certificate toX509Certificate(X509CertificateHolder holder) throws CertificateException { JcaX509CertificateConverter conv = new JcaX509CertificateConverter(); conv.setProvider("BC"); X509Certificate cert = conv.getCertificate(holder); return cert;/* w ww . j a v a 2 s . c om*/ }
From source file:com.amazonaws.services.iot.demo.danbo.rpi.SslUtil.java
License:Open Source License
public static SSLSocketFactory getSslSocketFactory(final String caCrtFile, final String crtFile, final String keyFile, final String password) throws InvalidPathException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, Exception { Security.addProvider(new BouncyCastleProvider()); // load CA certificate PEMParser parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509CertificateHolder caCert = (X509CertificateHolder) parser.readObject(); parser.close();// www. ja va 2 s. c o m // load client certificate parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))))); X509CertificateHolder cert = (X509CertificateHolder) parser.readObject(); parser.close(); // load client private key parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile))))); Object obj = parser.readObject(); KeyPair key = null; JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); if (obj instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray()); converter = new JcaPEMKeyConverter().setProvider("BC"); key = converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(decProv)); } else { key = converter.getKeyPair((PEMKeyPair) obj); } parser.close(); JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter(); certConverter.setProvider("BC"); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", certConverter.getCertificate(caCert)); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // Client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", certConverter.getCertificate(cert)); ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[] { certConverter.getCertificate(cert) }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password.toCharArray()); // Finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:com.liferay.sync.util.SyncUtil.java
License:Open Source License
public static void enableLanSync(long companyId) throws Exception { String lanServerUuid = PrefsPropsUtil.getString(companyId, SyncConstants.SYNC_LAN_SERVER_UUID); if (Validator.isNotNull(lanServerUuid)) { return;// w w w. jav a 2 s .c o m } lanServerUuid = PortalUUIDUtil.generate(); X500Name x500Name = new X500Name("CN=" + lanServerUuid); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); X509v3CertificateBuilder x509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), new Date(System.currentTimeMillis() - Time.YEAR), new Date(System.currentTimeMillis() + Time.YEAR * 1000), x500Name, keyPair.getPublic()); PrivateKey privateKey = keyPair.getPrivate(); JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption"); JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter(); jcaX509CertificateConverter.setProvider(_provider); X509Certificate x509Certificate = jcaX509CertificateConverter .getCertificate(x509v3CertificateBuilder.build(jcaContentSignerBuilder.build(privateKey))); x509Certificate.verify(keyPair.getPublic()); PortletPreferences portletPreferences = PrefsPropsUtil.getPreferences(companyId); portletPreferences.setValue(SyncConstants.SYNC_LAN_CERTIFICATE, Base64.encode(x509Certificate.getEncoded())); portletPreferences.setValue(SyncConstants.SYNC_LAN_KEY, Base64.encode(privateKey.getEncoded())); portletPreferences.setValue(SyncConstants.SYNC_LAN_SERVER_UUID, lanServerUuid); portletPreferences.store(); }
From source file:mitm.common.security.certificate.impl.StandardX509CertificateBuilder.java
License:Open Source License
private X509Certificate getCertificate(X509CertificateHolder holder) throws CertificateException { JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); converter.setProvider(certificateProvider); return converter.getCertificate(holder); }
From source file:mitm.common.security.cms.AbstractCMSSignedDataAdapterImpl.java
License:Open Source License
@Override public List<X509Certificate> getCertificates(String provider) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException { List<X509Certificate> certificates = new LinkedList<X509Certificate>(); Store store = getCertificateStore(); if (store != null) { Collection<?> holders = store.getMatches(null); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); converter.setProvider(provider); for (Object holder : holders) { if (holder instanceof X509CertificateHolder) { try { certificates.add(converter.getCertificate((X509CertificateHolder) holder)); } catch (CertificateException e) { if (logger.isDebugEnabled()) { logger.warn("Certificate is not valid.", e); } else { logger.warn("Certificate is not valid."); }// w w w .ja v a 2 s . co m } } else { logger.warn("object not an X509CertificateHolder"); } } } return certificates; }
From source file:net.markenwerk.utils.mail.smime.SmimeUtil.java
License:Open Source License
private static X509Certificate getCertificate(@SuppressWarnings("rawtypes") Store certificates, SignerId signerId) throws CertificateException { @SuppressWarnings({ "unchecked" }) X509CertificateHolder certificateHolder = (X509CertificateHolder) certificates.getMatches(signerId) .iterator().next();/* w ww. j av a2s .c o m*/ JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter(); certificateConverter.setProvider(BouncyCastleProvider.PROVIDER_NAME); return certificateConverter.getCertificate(certificateHolder); }
From source file:org.apache.poi.poifs.crypt.dsig.services.TSPTimeStampService.java
License:Apache License
@SuppressWarnings("unchecked") public byte[] timeStamp(byte[] data, RevocationData revocationData) throws Exception { // digest the message MessageDigest messageDigest = CryptoFunctions.getMessageDigest(signatureConfig.getTspDigestAlgo()); byte[] digest = messageDigest.digest(data); // generate the TSP request BigInteger nonce = new BigInteger(128, new SecureRandom()); TimeStampRequestGenerator requestGenerator = new TimeStampRequestGenerator(); requestGenerator.setCertReq(true);/*from w w w . j a va 2 s . c om*/ String requestPolicy = signatureConfig.getTspRequestPolicy(); if (requestPolicy != null) { requestGenerator.setReqPolicy(new ASN1ObjectIdentifier(requestPolicy)); } ASN1ObjectIdentifier digestAlgoOid = mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo()); TimeStampRequest request = requestGenerator.generate(digestAlgoOid, digest, nonce); byte[] encodedRequest = request.getEncoded(); // create the HTTP POST request Proxy proxy = Proxy.NO_PROXY; if (signatureConfig.getProxyUrl() != null) { URL proxyUrl = new URL(signatureConfig.getProxyUrl()); String host = proxyUrl.getHost(); int port = proxyUrl.getPort(); proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(host, (port == -1 ? 80 : port))); } HttpURLConnection huc = (HttpURLConnection) new URL(signatureConfig.getTspUrl()).openConnection(proxy); if (signatureConfig.getTspUser() != null) { String userPassword = signatureConfig.getTspUser() + ":" + signatureConfig.getTspPass(); String encoding = DatatypeConverter .printBase64Binary(userPassword.getBytes(Charset.forName("iso-8859-1"))); huc.setRequestProperty("Authorization", "Basic " + encoding); } huc.setRequestMethod("POST"); huc.setConnectTimeout(20000); huc.setReadTimeout(20000); huc.setDoOutput(true); // also sets method to POST. huc.setRequestProperty("User-Agent", signatureConfig.getUserAgent()); huc.setRequestProperty("Content-Type", signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : "application/timestamp-query"); // "; charset=ISO-8859-1"); OutputStream hucOut = huc.getOutputStream(); hucOut.write(encodedRequest); // invoke TSP service huc.connect(); int statusCode = huc.getResponseCode(); if (statusCode != 200) { LOG.log(POILogger.ERROR, "Error contacting TSP server ", signatureConfig.getTspUrl()); throw new IOException("Error contacting TSP server " + signatureConfig.getTspUrl()); } // HTTP input validation String contentType = huc.getHeaderField("Content-Type"); if (null == contentType) { throw new RuntimeException("missing Content-Type header"); } ByteArrayOutputStream bos = new ByteArrayOutputStream(); IOUtils.copy(huc.getInputStream(), bos); LOG.log(POILogger.DEBUG, "response content: ", bos.toString()); if (!contentType.startsWith(signatureConfig.isTspOldProtocol() ? "application/timestamp-response" : "application/timestamp-reply")) { throw new RuntimeException("invalid Content-Type: " + contentType); } if (bos.size() == 0) { throw new RuntimeException("Content-Length is zero"); } // TSP response parsing and validation TimeStampResponse timeStampResponse = new TimeStampResponse(bos.toByteArray()); timeStampResponse.validate(request); if (0 != timeStampResponse.getStatus()) { LOG.log(POILogger.DEBUG, "status: " + timeStampResponse.getStatus()); LOG.log(POILogger.DEBUG, "status string: " + timeStampResponse.getStatusString()); PKIFailureInfo failInfo = timeStampResponse.getFailInfo(); if (null != failInfo) { LOG.log(POILogger.DEBUG, "fail info int value: " + failInfo.intValue()); if (/*PKIFailureInfo.unacceptedPolicy*/(1 << 8) == failInfo.intValue()) { LOG.log(POILogger.DEBUG, "unaccepted policy"); } } throw new RuntimeException("timestamp response status != 0: " + timeStampResponse.getStatus()); } TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken(); SignerId signerId = timeStampToken.getSID(); BigInteger signerCertSerialNumber = signerId.getSerialNumber(); X500Name signerCertIssuer = signerId.getIssuer(); LOG.log(POILogger.DEBUG, "signer cert serial number: " + signerCertSerialNumber); LOG.log(POILogger.DEBUG, "signer cert issuer: " + signerCertIssuer); // TSP signer certificates retrieval Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null); X509CertificateHolder signerCert = null; Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>(); for (X509CertificateHolder certificate : certificates) { if (signerCertIssuer.equals(certificate.getIssuer()) && signerCertSerialNumber.equals(certificate.getSerialNumber())) { signerCert = certificate; } certificateMap.put(certificate.getSubject(), certificate); } // TSP signer cert path building if (signerCert == null) { throw new RuntimeException("TSP response token has no signer certificate"); } List<X509Certificate> tspCertificateChain = new ArrayList<X509Certificate>(); JcaX509CertificateConverter x509converter = new JcaX509CertificateConverter(); x509converter.setProvider("BC"); X509CertificateHolder certificate = signerCert; do { LOG.log(POILogger.DEBUG, "adding to certificate chain: " + certificate.getSubject()); tspCertificateChain.add(x509converter.getCertificate(certificate)); if (certificate.getSubject().equals(certificate.getIssuer())) { break; } certificate = certificateMap.get(certificate.getIssuer()); } while (null != certificate); // verify TSP signer signature X509CertificateHolder holder = new X509CertificateHolder(tspCertificateChain.get(0).getEncoded()); DefaultCMSSignatureAlgorithmNameGenerator nameGen = new DefaultCMSSignatureAlgorithmNameGenerator(); DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder(); DefaultDigestAlgorithmIdentifierFinder hashAlgoFinder = new DefaultDigestAlgorithmIdentifierFinder(); BcDigestCalculatorProvider calculator = new BcDigestCalculatorProvider(); BcRSASignerInfoVerifierBuilder verifierBuilder = new BcRSASignerInfoVerifierBuilder(nameGen, sigAlgoFinder, hashAlgoFinder, calculator); SignerInformationVerifier verifier = verifierBuilder.build(holder); timeStampToken.validate(verifier); // verify TSP signer certificate if (signatureConfig.getTspValidator() != null) { signatureConfig.getTspValidator().validate(tspCertificateChain, revocationData); } LOG.log(POILogger.DEBUG, "time-stamp token time: " + timeStampToken.getTimeStampInfo().getGenTime()); byte[] timestamp = timeStampToken.getEncoded(); return timestamp; }
From source file:org.hyperledger.fabric.sdk.security.certgen.TLSCertificateBuilder.java
License:Open Source License
private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String san) throws Exception { X509v3CertificateBuilder certBuilder = createCertBuilder(keyPair); // Basic constraints BasicConstraints constraints = new BasicConstraints(false); certBuilder.addExtension(Extension.basicConstraints, true, constraints.getEncoded()); // Key usage// www . j a v a 2 s .c o m KeyUsage usage = new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature); certBuilder.addExtension(Extension.keyUsage, false, usage.getEncoded()); // Extended key usage certBuilder.addExtension(Extension.extendedKeyUsage, false, certType.keyUsage().getEncoded()); if (san != null) { addSAN(certBuilder, san); } ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate()); X509CertificateHolder holder = certBuilder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); converter.setProvider(new BouncyCastleProvider()); return converter.getCertificate(holder); }
From source file:org.openremote.security.provider.BouncyCastleKeySigner.java
License:Open Source License
/** * Sign a public key with a given (BouncyCastle) signer and create the corresponding * X.509 certificate.// w w w .j a v a 2 s . c om * * @param builder * BouncyCastle X.509 version 3 certificate builder instance * * @param signer * BouncyCastle content signer configured with a signature hash algorithm and * a private key for signing * * @return * a X.509 certificate * * @throws SigningException * if signing the public key fails */ private X509Certificate signPublicKey(X509v3CertificateBuilder builder, ContentSigner signer) throws SigningException { // Construct the certificate structure and sign with the given BC content signer... X509CertificateHolder certHolder = builder.build(signer); // Convert the BC X.509 certificate holder structure into Java Crypto Architecture // javax.security.cert.X509Certificate instance... JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter(); certConverter.setProvider(SecurityProvider.BC.getProviderInstance()); try { return certConverter.getCertificate(certHolder); } catch (CertificateEncodingException exception) { // should only happen if the code for certificate creation is using illegal values... throw new SigningException("Implementation Error -- Cannot create certificate : {0}", exception, exception.getMessage()); } catch (CertificateException exception) { // If certificate conversion from BouncyCastle X.509 to JCA X.509 certificate fails... throw new SigningException("Certification conversion error : {0}", exception, exception.getMessage()); } }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorNegativeTests.java
License:Open Source License
@Test(description = "This test case tests the behaviour when certificate exception occurs when verifying", expectedExceptions = KeystoreException.class) public void negativeTestGenerateCertificateFromCSR3() throws Exception { CertificateGenerator generator = new CertificateGenerator(); //Prepare mock objects JcaX509CertificateConverter mock = Mockito.mock(JcaX509CertificateConverter.class); Mockito.when(mock.setProvider(Matchers.eq(CertificateManagementConstants.PROVIDER))).thenReturn(mock); Mockito.when(mock.getCertificate(Matchers.any(X509CertificateHolder.class))) .thenThrow(new CertificateException()); PowerMockito.whenNew(JcaX509CertificateConverter.class).withAnyArguments().thenReturn(mock); //prepare input parameters CSRGenerator csrGeneration = new CSRGenerator(); KeyStoreReader keyStoreReader = new KeyStoreReader(); KeyPair keyPair = csrGeneration.generateKeyPair("RSA", 1024); byte[] csrData = csrGeneration.generateCSR("SHA256WithRSA", keyPair); PKCS10CertificationRequest certificationRequest; PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); certificationRequest = new PKCS10CertificationRequest(csrData); generator.generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); }