List of usage examples for org.bouncycastle.jcajce.provider.config ConfigurableProvider setParameter
void setParameter(String parameterName, Object parameter);
From source file:cybervillains.ca.KeyStoreManager.java
License:Open Source License
@SuppressWarnings("unchecked") public KeyStoreManager(File root, String certificateRevocationList) { this.root = root; this.certificateRevocationList = certificateRevocationList; ConfigurableProvider bcProv = new BouncyCastleProvider(); DHParameterSpec dhSpec = new DHParameterSpec( new BigInteger("f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f95" + "74c0b3d0782675159578ebad4594fe67107108180b449167123e84c28161" + "3b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bf" + "a213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665" + "e807b552564014c3bfecf492a", 16), new BigInteger("fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31" + "e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813" + "b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf" + "83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b6" + "1d72aeff22203199dd14801c7", 16), 512);// w w w .j av a2 s. c o m bcProv.setParameter(ConfigurableProvider.DH_DEFAULT_PARAMS, dhSpec); Security.insertProviderAt((Provider) bcProv, 2); SecureRandom _sr = new SecureRandom(); try { _rsaKpg = KeyPairGenerator.getInstance(RSA_KEYGEN_ALGO); _dsaKpg = KeyPairGenerator.getInstance(DSA_KEYGEN_ALGO); } catch (Throwable t) { throw new Error(t); } try { File privKeys = new File(root, KEYMAP_SER_FILE); if (!privKeys.exists()) { _rememberedPrivateKeys = new HashMap<PublicKey, PrivateKey>(); } else { ObjectInputStream in = new ObjectInputStream(new FileInputStream(privKeys)); // Deserialize the object _rememberedPrivateKeys = (HashMap<PublicKey, PrivateKey>) in.readObject(); in.close(); } File pubKeys = new File(root, PUB_KEYMAP_SER_FILE); if (!pubKeys.exists()) { _mappedPublicKeys = new HashMap<PublicKey, PublicKey>(); } else { ObjectInputStream in = new ObjectInputStream(new FileInputStream(pubKeys)); // Deserialize the object _mappedPublicKeys = (HashMap<PublicKey, PublicKey>) in.readObject(); in.close(); } } catch (FileNotFoundException e) { // check for file exists, won't happen. e.printStackTrace(); } catch (IOException e) { // we could correct, but this probably indicates a corruption // of the serialized file that we want to know about; likely // synchronization problems during serialization. e.printStackTrace(); throw new Error(e); } catch (ClassNotFoundException e) { // serious problem. e.printStackTrace(); throw new Error(e); } BigInteger p = new BigInteger("fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" + "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" + "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" + "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7", 16); BigInteger q = new BigInteger("9760508f15230bccb292b982a2eb840bf0581cf5", 16); BigInteger g = new BigInteger("f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" + "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" + "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" + "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a", 16); DSAParameterSpec dsaParameterSpec = new DSAParameterSpec(p, q, g); _rsaKpg.initialize(1024, _sr); try { _dsaKpg.initialize(dsaParameterSpec, _sr); } catch (InvalidAlgorithmParameterException e) { e.printStackTrace(); _dsaKpg.initialize(1024, _sr); } try { _ks = KeyStore.getInstance("JKS"); reloadKeystore(); } catch (FileNotFoundException fnfe) { try { createKeystore(); } catch (Exception e) { throw new Error(e); } } catch (Exception e) { throw new Error(e); } try { File file = new File(root, CERTMAP_SER_FILE); if (!file.exists()) { _certMap = new HashMap<String, String>(); } else { ObjectInputStream in = new ObjectInputStream(new FileInputStream(file)); // Deserialize the object _certMap = (HashMap<String, String>) in.readObject(); in.close(); } } catch (FileNotFoundException e) { // won't happen, check file.exists() e.printStackTrace(); } catch (IOException e) { // corrupted file, we want to know. e.printStackTrace(); throw new Error(e); } catch (ClassNotFoundException e) { // something very wrong, exit e.printStackTrace(); throw new Error(e); } try { File file = new File(root, SUBJMAP_SER_FILE); if (!file.exists()) { _subjectMap = new HashMap<String, String>(); } else { ObjectInputStream in = new ObjectInputStream(new FileInputStream(file)); // Deserialize the object _subjectMap = (HashMap<String, String>) in.readObject(); in.close(); } } catch (FileNotFoundException e) { // won't happen, check file.exists() e.printStackTrace(); } catch (IOException e) { // corrupted file, we want to know. e.printStackTrace(); throw new Error(e); } catch (ClassNotFoundException e) { // something very wrong, exit e.printStackTrace(); throw new Error(e); } }
From source file:org.cesecore.util.CryptoProviderTools.java
License:Open Source License
@SuppressWarnings("unchecked") public static synchronized void installBCProvider() { // A flag that ensures that we install the parameters for implcitlyCA only when we have installed a new provider boolean installImplicitlyCA = false; if (Security.addProvider(new BouncyCastleProvider()) < 0) { // If already installed, remove so we can handle redeploy // Nope, we ignore re-deploy on this level, because it can happen // that the BC-provider is uninstalled, in just the second another // thread tries to use the provider, and then that request will fail. if (CesecoreConfiguration.isDevelopmentProviderInstallation()) { removeBCProvider();/*from w w w .j a v a 2 s. co m*/ if (Security.addProvider(new BouncyCastleProvider()) < 0) { log.error("Cannot even install BC provider again!"); } else { installImplicitlyCA = true; } } } else { installImplicitlyCA = true; } // Also install the CVC provider try { Security.addProvider(new CVCProvider()); } catch (Exception e) { log.info("CVC provider can not be installed, CVC certificate will not work: ", e); } if (installImplicitlyCA) { // Install EC parameters for implicitlyCA encoding of EC keys, we have default curve parameters if no new ones have been given. // The parameters are only used if implicitlyCA is used for generating keys, or verifying certs final ECCurve curve = new ECCurve.Fp(new BigInteger(IMPLICITLYCA_Q), // q new BigInteger(IMPLICITLYCA_A, 16), // a new BigInteger(IMPLICITLYCA_B, 16)); // b final org.bouncycastle.jce.spec.ECParameterSpec implicitSpec = new org.bouncycastle.jce.spec.ECParameterSpec( curve, curve.decodePoint(Hex.decode(IMPLICITLYCA_G)), // G new BigInteger(IMPLICITLYCA_N)); // n final ConfigurableProvider config = (ConfigurableProvider) Security.getProvider("BC"); if (config != null) { config.setParameter(ConfigurableProvider.EC_IMPLICITLY_CA, implicitSpec); } else { log.error("Can not get ConfigurableProvider, implicitlyCA EC parameters NOT set!"); } } // 2007-05-25 // Finally we must configure SERIALNUMBER behavior in BC >=1.36 to be the same // as the behavior in BC 1.35, it changed from SN to SERIALNUMBER in BC 1.36 // We must be backwards compatible X509Name.DefaultSymbols.put(X509Name.SN, "SN"); // We hard specify the system security provider in a few cases (see SYSTEM_SECURITY_PROVIDER). // If the SUN provider does not exist, we will always use BC. final Provider p = Security.getProvider(SYSTEM_SECURITY_PROVIDER); if (p == null) { log.debug("SUN security provider does not exist, using BC as system default provider."); SYSTEM_SECURITY_PROVIDER = "BC"; } }