List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME
String PROVIDER_NAME
To view the source code for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME.
Click Source Link
From source file:org.apache.kerby.pkix.EnvelopedDataEngineTest.java
License:Apache License
@Before public void setUp() throws Exception { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); }//from w ww .j a va 2s .c o m //getCaFromFile( "/tmp/testCa.p12", "password", "Test CA" ); getCaFromFactory(); }
From source file:org.apache.nifi.registry.security.util.CertificateUtils.java
License:Apache License
/** * Generates a self-signed {@link X509Certificate} suitable for use as a Certificate Authority. * * @param keyPair the {@link KeyPair} to generate the {@link X509Certificate} for * @param dn the distinguished name to user for the {@link X509Certificate} * @param signingAlgorithm the signing algorithm to use for the {@link X509Certificate} * @param certificateDurationDays the duration in days for which the {@link X509Certificate} should be valid * @return a self-signed {@link X509Certificate} suitable for use as a Certificate Authority * @throws CertificateException if there is an generating the new certificate *///from ww w. j ava 2s . c o m public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair, String dn, String signingAlgorithm, int certificateDurationDays) throws CertificateException { try { ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); Date startDate = new Date(); Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(certificateDurationDays)); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(reverseX500Name(new X500Name(dn)), getUniqueSerialNumber(), startDate, endDate, reverseX500Name(new X500Name(dn)), subPubKeyInfo); // Set certificate extensions // (1) digitalSignature extension certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation | KeyUsage.cRLSign | KeyUsage.keyCertSign)); certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true)); certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic())); certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic())); // (2) extendedKeyUsage extension certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage( new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth })); // Sign the certificate X509CertificateHolder certificateHolder = certBuilder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(certificateHolder); } catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) { throw new CertificateException(e); } }
From source file:org.apache.nifi.registry.security.util.CertificateUtils.java
License:Apache License
/** * Generates an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair} * * @param dn the distinguished name to use * @param publicKey the public key to issue the certificate to * @param extensions extensions extracted from the CSR * @param issuer the issuer's certificate * @param issuerKeyPair the issuer's keypair * @param signingAlgorithm the signing algorithm to use * @param days the number of days it should be valid for * @return an issued {@link X509Certificate} from the given issuer certificate and {@link KeyPair} * @throws CertificateException if there is an error issuing the certificate *///w ww . ja va 2 s .c om public static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, Extensions extensions, X509Certificate issuer, KeyPair issuerKeyPair, String signingAlgorithm, int days) throws CertificateException { try { ContentSigner sigGen = new JcaContentSignerBuilder(signingAlgorithm) .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(issuerKeyPair.getPrivate()); SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); Date startDate = new Date(); Date endDate = new Date(startDate.getTime() + TimeUnit.DAYS.toMillis(days)); X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( reverseX500Name(new X500Name(issuer.getSubjectX500Principal().getName())), getUniqueSerialNumber(), startDate, endDate, reverseX500Name(new X500Name(dn)), subPubKeyInfo); certBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey)); certBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(issuerKeyPair.getPublic())); // Set certificate extensions // (1) digitalSignature extension certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement | KeyUsage.nonRepudiation)); certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false)); // (2) extendedKeyUsage extension certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage( new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth })); // (3) subjectAlternativeName if (extensions != null && extensions.getExtension(Extension.subjectAlternativeName) != null) { certBuilder.addExtension(Extension.subjectAlternativeName, false, extensions.getExtensionParsedValue(Extension.subjectAlternativeName)); } X509CertificateHolder certificateHolder = certBuilder.build(sigGen); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(certificateHolder); } catch (CertIOException | NoSuchAlgorithmException | OperatorCreationException e) { throw new CertificateException(e); } }
From source file:org.apache.nifi.registry.security.util.KeyStoreUtils.java
License:Apache License
/** * Returns the provider that will be used for the given keyStoreType * * @param keyStoreType the keyStoreType// ww w .ja va2 s .com * @return the provider that will be used */ public static String getKeyStoreProvider(String keyStoreType) { if (KeystoreType.PKCS12.toString().equalsIgnoreCase(keyStoreType)) { return BouncyCastleProvider.PROVIDER_NAME; } return null; }
From source file:org.apache.nifi.toolkit.tls.manager.BaseTlsManager.java
License:Apache License
private KeyStore getInstance(String keyStoreType) throws KeyStoreException, NoSuchProviderException { if (PKCS_12.equalsIgnoreCase(keyStoreType)) { return KeyStore.getInstance(keyStoreType, BouncyCastleProvider.PROVIDER_NAME); } else {/*from ww w . j a va 2s . c o m*/ return KeyStore.getInstance(keyStoreType); } }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelper.java
License:Apache License
public static byte[] calculateHMac(String token, PublicKey publicKey) throws GeneralSecurityException { SecretKeySpec keySpec = new SecretKeySpec(token.getBytes(StandardCharsets.UTF_8), "RAW"); Mac mac = Mac.getInstance("Hmac-SHA256", BouncyCastleProvider.PROVIDER_NAME); mac.init(keySpec);/*from w w w . j a v a2 s . co m*/ return mac.doFinal(getKeyIdentifier(publicKey)); }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelper.java
License:Apache License
public static X509Certificate parseCertificate(Reader pemEncodedCertificate) throws IOException, CertificateException { return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(parsePem(X509CertificateHolder.class, pemEncodedCertificate)); }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelper.java
License:Apache License
public static KeyPair parseKeyPair(Reader pemEncodedKeyPair) throws IOException { return new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getKeyPair(parsePem(PEMKeyPair.class, pemEncodedKeyPair)); }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelperTest.java
License:Apache License
public static X509Certificate loadCertificate(Reader reader) throws IOException, CertificateException { try (PEMParser pemParser = new PEMParser(reader)) { Object object = pemParser.readObject(); assertEquals(X509CertificateHolder.class, object.getClass()); return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate((X509CertificateHolder) object); }/* www . j a v a 2 s . c om*/ }
From source file:org.apache.nifi.web.server.JettyServerTest.java
License:Apache License
@Test public void testConfigureSslContextFactoryWithPkcsKeyStore() { // Expect that we will set Bouncy Castle provider for pkcs12 keystore final Map<String, String> addProps = new HashMap<>(); String keyStoreType = KeystoreType.PKCS12.toString(); addProps.put(NiFiProperties.SECURITY_KEYSTORE_TYPE, keyStoreType); NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps); SslContextFactory contextFactory = mock(SslContextFactory.class); JettyServer.configureSslContextFactory(contextFactory, nifiProperties); verify(contextFactory).setKeyStoreType(keyStoreType); verify(contextFactory).setKeyStoreProvider(BouncyCastleProvider.PROVIDER_NAME); }