Example usage for org.bouncycastle.jcajce.provider.config ConfigurableProvider EC_IMPLICITLY_CA

List of usage examples for org.bouncycastle.jcajce.provider.config ConfigurableProvider EC_IMPLICITLY_CA

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.jcajce.provider.config.*
  5. ConfigurableProvider
  6. EC_IMPLICITLY_CA

Introduction

In this page you can find the example usage for org.bouncycastle.jcajce.provider.config ConfigurableProvider EC_IMPLICITLY_CA.

Prototype

String EC_IMPLICITLY_CA

To view the source code for org.bouncycastle.jcajce.provider.config ConfigurableProvider EC_IMPLICITLY_CA.

Click Source Link

Document

Elliptic Curve CA parameters - VM wide version

Usage

From source file:org.cesecore.util.CryptoProviderTools.java

License:Open Source License

@SuppressWarnings("unchecked")
public static synchronized void installBCProvider() {

    // A flag that ensures that we install the parameters for implcitlyCA only when we have installed a new provider
    boolean installImplicitlyCA = false;
    if (Security.addProvider(new BouncyCastleProvider()) < 0) {
        // If already installed, remove so we can handle redeploy
        // Nope, we ignore re-deploy on this level, because it can happen
        // that the BC-provider is uninstalled, in just the second another
        // thread tries to use the provider, and then that request will fail.
        if (CesecoreConfiguration.isDevelopmentProviderInstallation()) {
            removeBCProvider();//from  w ww .j a  v a  2  s. c o  m
            if (Security.addProvider(new BouncyCastleProvider()) < 0) {
                log.error("Cannot even install BC provider again!");
            } else {
                installImplicitlyCA = true;
            }
        }
    } else {
        installImplicitlyCA = true;
    }

    // Also install the CVC provider
    try {
        Security.addProvider(new CVCProvider());
    } catch (Exception e) {
        log.info("CVC provider can not be installed, CVC certificate will not work: ", e);
    }

    if (installImplicitlyCA) {
        // Install EC parameters for implicitlyCA encoding of EC keys, we have default curve parameters if no new ones have been given.
        // The parameters are only used if implicitlyCA is used for generating keys, or verifying certs
        final ECCurve curve = new ECCurve.Fp(new BigInteger(IMPLICITLYCA_Q), // q
                new BigInteger(IMPLICITLYCA_A, 16), // a
                new BigInteger(IMPLICITLYCA_B, 16)); // b
        final org.bouncycastle.jce.spec.ECParameterSpec implicitSpec = new org.bouncycastle.jce.spec.ECParameterSpec(
                curve, curve.decodePoint(Hex.decode(IMPLICITLYCA_G)), // G
                new BigInteger(IMPLICITLYCA_N)); // n
        final ConfigurableProvider config = (ConfigurableProvider) Security.getProvider("BC");
        if (config != null) {
            config.setParameter(ConfigurableProvider.EC_IMPLICITLY_CA, implicitSpec);
        } else {
            log.error("Can not get ConfigurableProvider, implicitlyCA EC parameters NOT set!");
        }
    }

    // 2007-05-25
    // Finally we must configure SERIALNUMBER behavior in BC >=1.36 to be the same
    // as the behavior in BC 1.35, it changed from SN to SERIALNUMBER in BC 1.36
    // We must be backwards compatible
    X509Name.DefaultSymbols.put(X509Name.SN, "SN");

    // We hard specify the system security provider in a few cases (see SYSTEM_SECURITY_PROVIDER). 
    // If the SUN provider does not exist, we will always use BC.
    final Provider p = Security.getProvider(SYSTEM_SECURITY_PROVIDER);
    if (p == null) {
        log.debug("SUN security provider does not exist, using BC as system default provider.");
        SYSTEM_SECURITY_PROVIDER = "BC";
    }

}