List of usage examples for org.bouncycastle.cms CMSEnvelopedGenerator AES128_CBC
String AES128_CBC
To view the source code for org.bouncycastle.cms CMSEnvelopedGenerator AES128_CBC.
Click Source Link
From source file:org.ejbca.ui.cli.HSMKeyTool.java
License:Open Source License
private boolean doIt(String[] args) throws Exception { final String commandStringNoSharedLib = args[0] + " " + args[1] + " "; final String commandString = commandStringNoSharedLib + getProviderParameterDescription() + " "; // Get and remove optional switches final List<String> argsList = CliTools.getAsModifyableList(args); KeyStore.ProtectionParameter protectionParameter = null; final String password = CliTools.getAndRemoveParameter("-password", argsList); if (password != null) { protectionParameter = new KeyStore.PasswordProtection(password.toCharArray()); }/* w w w .ja va 2 s . c o m*/ args = CliTools.getAsArgs(argsList); if (args[1].toLowerCase().trim().contains(GENERATE_BATCH_SWITCH)) { if (args.length < 6) { System.err.println( commandString + "<name of batch file> " + '[' + '<' + getKeyStoreDescription() + '>' + ']'); generateComment(); System.err.println( "The batch file is a file which specifies alias and key specification for each key to be generated."); System.err .println("Each row is starting with a key alias then the key specification is following."); System.err.println("The specification of the key is done like this: " + KEY_SPEC_DESC); tooFewArguments(args); return true; } if (args[1].toLowerCase().trim().contains(GENERATE_MODULE_SWITCH)) { setModuleProtection(); } String storeId = null; Pkcs11SlotLabelType slotType = null; if (args.length > 6) { storeId = trimStoreId(args[6]); slotType = divineSlotLabelType(args[6]); } else { slotType = Pkcs11SlotLabelType.SUN_FILE; } final KeyStoreContainer store = KeyStoreContainerFactory.getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter, "batch-" + new Date().getTime()); generateBatch(args[5], store); return true; } if (args[1].toLowerCase().trim().contains(GENERATE_SWITCH)) { if (args.length < 6) { System.err.println(commandString + '<' + KEY_SPEC_DESC + "> <key entry name> [<" + getKeyStoreDescription() + ">]"); generateComment(); tooFewArguments(args); } else { if (args[1].toLowerCase().trim().contains(GENERATE_MODULE_SWITCH)) { setModuleProtection(); } final String keyEntryName = args.length > 6 ? args[6] : "myKey"; String storeId = null; Pkcs11SlotLabelType slotType = null; if (args.length > 7) { storeId = trimStoreId(args[7]); slotType = divineSlotLabelType(args[7]); } else { slotType = Pkcs11SlotLabelType.SUN_FILE; } System.err.println("Using Slot Reference Type: " + slotType + '.'); final KeyStoreContainer store = KeyStoreContainerFactory.getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter, "priv-" + keyEntryName); store.generate(args[5], keyEntryName); System.err.println("Created certificate with entry " + keyEntryName + '.'); } return true; } if (args[1].toLowerCase().trim().equals(DELETE_SWITCH)) { if (args.length < 6) { System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " [<key entry name>]"); tooFewArguments(args); } else { String alias = args.length > 6 ? args[6] : null; System.err.println("Deleting certificate with alias " + alias + '.'); String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); KeyStoreContainerFactory .getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter) .delete(alias); } return true; } if (args[1].toLowerCase().trim().equals(CERT_REQ)) { // First we check if we have a switch for "-explicitecc" for explicit ecc parameters used in ICAO epassports. List<String> argsListLocal = CliTools.getAsModifyableList(args); boolean explicitEccParameters = argsListLocal.remove("-explicitecc"); final boolean forAllKeys = argsListLocal.remove("-all"); args = argsListLocal.toArray(new String[argsListLocal.size()]); if (args.length < 6 || (args.length < 7 && !forAllKeys)) { System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " <key entry name> [<CN>] [-explicitecc]"); System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " [-all] [-explicitecc]"); tooFewArguments(args); } else { String storeId = trimStoreId(args[5]); Pkcs11SlotLabelType slotType = divineSlotLabelType(args[5]); final KeyStoreContainer container = KeyStoreContainerFactory.getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter); final List<String> entries; if (forAllKeys) { entries = new LinkedList<String>(); final KeyStore ks = container.getKeyStore(); final Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { final String alias = aliases.nextElement(); if (ks.isKeyEntry(alias)) { entries.add(alias); } } } else { entries = Collections.singletonList(args[6]); } for (String entry : entries) { container.generateCertReq(entry, args.length > 7 ? args[7] : null, explicitEccParameters); } } return true; } if (args[1].toLowerCase().trim().equals(INSTALL_CERT)) { if (args.length < 7) { System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " <certificate chain files in PEM format (one chain per file)>"); tooFewArguments(args); } else { String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); final KeyStoreContainer container = KeyStoreContainerFactory.getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter); boolean failure = false; for (int i = 6; i < args.length; i++) { try { container.installCertificate(args[i]); } catch (Exception ex) { failure = true; log.error("Failed: " + ex.getMessage()); } } if (failure) { throw new Exception("At least one certificate could not be installed"); } } return true; } if (args[1].toLowerCase().trim().equals(INSTALL_TRUSTED_ROOT)) { if (args.length < 7) { System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " <trusted root certificate in PEM format>"); tooFewArguments(args); } else { String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); KeyStoreContainerFactory .getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter) .installTrustedRoot(args[6]); } return true; } if (args[1].toLowerCase().trim().equals(ENCRYPT_SWITCH)) { String symmAlgOid = CMSEnvelopedGenerator.AES128_CBC; if (args.length < 7) { System.err.println("There are two ways of doing the encryption:"); System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " <input file> <output file> <key alias> [optional symm algorithm oid]"); System.err.println(commandStringNoSharedLib + "<input file> <output file> <file with certificate with public key to use> [optional symm algorithm oid]"); System.err.println( "Optional symmetric encryption algorithm OID can be for example 2.16.840.1.101.3.4.1.42 (AES256_CBC) or 1.2.392.200011.61.1.1.1.4 (CAMELLIA256_CBC). Default is to use AES256_CBC."); tooFewArguments(args); } else if (args.length < 9) { Security.addProvider(new BouncyCastleProvider()); if (args.length > 7) { // We have a symmAlg as last parameter symmAlgOid = args[7]; } System.err.println("Using symmetric encryption algorithm: " + symmAlgOid); final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509") .generateCertificate(new BufferedInputStream(new FileInputStream(args[6]))); CMS.encrypt(new FileInputStream(args[2]), new FileOutputStream(args[5]), cert, symmAlgOid); } else { if (args.length > 9) { // We have a symmAlg as last parameter symmAlgOid = args[9]; } System.err.println("Using symmstric encryption algorithm: " + symmAlgOid); String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); KeyStoreContainerFactory .getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter) .encrypt(new FileInputStream(args[6]), new FileOutputStream(args[7]), args[8], symmAlgOid); } return true; } if (args[1].toLowerCase().trim().equals(DECRYPT_SWITCH)) { if (args.length < 9) { System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " <input file> <output file> <key alias>"); tooFewArguments(args); } else { String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); KeyStoreContainerFactory .getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter) .decrypt(new FileInputStream(args[6]), new FileOutputStream(args[7]), args[8]); } return true; } if (args[1].toLowerCase().trim().equals(SIGN_SWITCH)) { if (args.length < 9) { System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " <input file> <output file> <key alias>"); tooFewArguments(args); } else { String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); KeyStoreContainerFactory .getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter) .sign(new FileInputStream(args[6]), new FileOutputStream(args[7]), args[8]); } return true; } if (args[1].toLowerCase().trim().equals(VERIFY_SWITCH)) { final CMS.VerifyResult verifyResult; if (args.length < 7) { System.err.println("There are two ways of doing the encryption:"); System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " <input file> <output file> <key alias>"); System.err.println(commandStringNoSharedLib + "<input file> <output file> <file with certificate with public key to use>"); tooFewArguments(args); return true; } else if (args.length < 9) { Security.addProvider(new BouncyCastleProvider()); final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509") .generateCertificate(new BufferedInputStream(new FileInputStream(args[6]))); verifyResult = CMS.verify(new FileInputStream(args[2]), new FileOutputStream(args[5]), cert); } else { String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); verifyResult = KeyStoreContainerFactory .getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter) .verify(new FileInputStream(args[6]), new FileOutputStream(args[7]), args[8]); } if (verifyResult == null) { System.out.println("Not possible to parse signed file."); System.exit(4); // Not verifying // NOPMD, it's not a JEE app } System.out.println( "The signature of the input " + (verifyResult.isVerifying ? "has been" : "could not be") + " verified. The file was signed on '" + verifyResult.signDate + "'. The public part of the signing key is in a certificate with serial number " + verifyResult.signerId.getSerialNumber() + " issued by '" + verifyResult.signerId.getIssuer() + "'."); if (!verifyResult.isVerifying) { System.exit(4); // Not verifying // NOPMD, it's not a JEE app } return true; } if (args[1].toLowerCase().trim().equals(TEST_SWITCH)) { if (args.length < 6) { System.err.println(commandString + '<' + getKeyStoreDescription() + '>' + " [<# of tests or threads>] [<alias for stress test>] [<type of stress test>]"); System.err.println( " If a file named \"./testData\" exists then the data that is signed, is read from this file."); tooFewArguments(args); } else { String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); KeyStoreContainerTest.test(args[2], args[3], args[4], storeId, slotType, args.length > 6 ? Integer.parseInt(args[6].trim()) : 1, args.length > 7 ? args[7].trim() : null, args.length > 8 ? args[8].trim() : null, protectionParameter); } return true; } if (args[1].toLowerCase().trim().equals(RENAME)) { if (args.length < 8) { System.err.println( commandString + '<' + getKeyStoreDescription() + '>' + " <old key alias> <new key alias>"); tooFewArguments(args); } else { String storeId = null; Pkcs11SlotLabelType slotType = null; storeId = trimStoreId(args[5]); slotType = divineSlotLabelType(args[5]); KeyStoreContainerFactory .getInstance(args[4], args[2], args[3], storeId, slotType, null, protectionParameter) .renameAlias(args[6], args[7]); } return true; } if (args[1].toLowerCase().trim().equals(MOVE_SWITCH)) { if (args.length < 7) { System.err.println(commandString + "<from " + getKeyStoreDescription() + "> <to " + getKeyStoreDescription() + '>'); tooFewArguments(args); } else { String fromId = args[5]; String toId = args[6]; Pkcs11SlotLabelType slotType = null; slotType = divineSlotLabelType(args[5]); System.err.println("Moving entry with alias '" + fromId + "' to alias '" + toId + '.'); KeyStoreContainerBase.move(args[2], args[3], args[4], fromId, toId, slotType, protectionParameter); } return true; } if (doCreateKeyStore() && args[1].toLowerCase().trim().contains(CREATE_KEYSTORE_SWITCH)) { if (args[1].toLowerCase().trim().contains(CREATE_KEYSTORE_MODULE_SWITCH)) { setModuleProtection(); } KeyStoreContainerFactory.getInstance(args[4], args[2], args[3], null, Pkcs11SlotLabelType.SUN_FILE, null, protectionParameter).storeKeyStore(); return true; } return false; }