List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME
String PROVIDER_NAME
To view the source code for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME.
Click Source Link
From source file:org.cesecore.keys.token.NullCryptoToken.java
License:Open Source License
@Override public void init(Properties properties, byte[] data, int id) throws Exception { // We only need to set JCA provider, if JCE provider is the same (which is the common case) setJCAProviderName(BouncyCastleProvider.PROVIDER_NAME); this.id = id; }
From source file:org.cesecore.keys.token.SoftCryptoTokenTest.java
License:Open Source License
@Override
String getProvider() {
return BouncyCastleProvider.PROVIDER_NAME;
}
From source file:org.cesecore.keys.util.KeyPairWrapper.java
License:Open Source License
/** * //from ww w. ja v a 2 s. c om * @return the decoded PublicKey object wrapped in this class. * */ private PublicKey getPublicKey() { try { KeyFactory keyFactory = KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedPublicKey); return keyFactory.generatePublic(keySpec); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not a known provider.", e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Algorithm " + algorithm + " was not known at deserialisation", e); } catch (InvalidKeySpecException e) { throw new IllegalStateException("The incorrect key specification was implemented.", e); } }
From source file:org.cesecore.keys.util.KeyPairWrapper.java
License:Open Source License
/** * /*from ww w . jav a 2s. com*/ * @return the decoded PublicKey object wrapped in this class. * */ private PrivateKey getPrivateKey() { try { KeyFactory keyFactory = KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedPrivateKey); return keyFactory.generatePrivate(keySpec); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not a known provider.", e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Algorithm " + algorithm + " was not known at deserialisation", e); } catch (InvalidKeySpecException e) { throw new IllegalStateException("The incorrect key specification was implemented.", e); } }
From source file:org.cesecore.keys.util.KeyTools.java
License:Open Source License
/** * Generates a keypair//from w w w .j a v a 2 s . com * * @param keySpec * string specification of keys to generate, typical value is 2048 for RSA keys, * 1024 for DSA keys, secp256r1 for ECDSA keys, or null if algspec is to be used. * @param algSpec * AlgorithmParameterSpec of keys to generate, typically an EXParameterSpec for EC keys, or null if keySpec is to be used. * @param keyAlg * algorithm of keys to generate, typical value is RSA, DSA or ECDSA, see AlgorithmConstants.KEYALGORITHM_XX * * @see org.cesecore.certificates.util.core.model.AlgorithmConstants * @see org.bouncycastle.asn1.x9.X962NamedCurves * @see org.bouncycastle.asn1.nist.NISTNamedCurves * @see org.bouncycastle.asn1.sec.SECNamedCurves * * @return KeyPair the generated keypair * @throws InvalidAlgorithmParameterException * @see org.cesecore.certificates.util.AlgorithmConstants#KEYALGORITHM_RSA */ public static KeyPair genKeys(final String keySpec, final AlgorithmParameterSpec algSpec, final String keyAlg) throws InvalidAlgorithmParameterException { if (log.isTraceEnabled()) { log.trace(">genKeys(" + keySpec + ", " + keyAlg + ")"); } KeyPairGenerator keygen; try { keygen = KeyPairGenerator.getInstance(keyAlg, BouncyCastleProvider.PROVIDER_NAME); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Algorithm " + keyAlg + "was not recognized.", e); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not found as a provider.", e); } if (StringUtils.equals(keyAlg, AlgorithmConstants.KEYALGORITHM_ECDSA)) { AlgorithmParameterSpec ecSpec = null; if ((keySpec != null) && !StringUtils.equals(keySpec, "implicitlyCA")) { log.debug("Generating named curve ECDSA key pair: " + keySpec); // We have EC keys ECGenParameterSpec bcSpec = new ECGenParameterSpec(keySpec); keygen.initialize(bcSpec, new SecureRandom()); // The old code should work in BC v1.50b6 and later, but in vesions prior to that the below produces a key with explicit parameter encoding instead of named curves. // There is a test for this in KeyToolsTest.testGenKeysECDSAx9 // ecSpec = ECNamedCurveTable.getParameterSpec(keySpec); // if (ecSpec == null) { // throw new InvalidAlgorithmParameterException("keySpec " + keySpec + " is invalid for ECDSA."); // } // keygen.initialize(ecSpec, new SecureRandom()); } else if (algSpec != null) { log.debug("Generating ECDSA key pair from AlgorithmParameterSpec: " + algSpec); ecSpec = algSpec; keygen.initialize(ecSpec, new SecureRandom()); } else if (StringUtils.equals(keySpec, "implicitlyCA")) { log.debug("Generating implicitlyCA encoded ECDSA key pair"); // If the keySpec is null, we have "implicitlyCA" defined EC parameters // The parameters were already installed when we installed the provider // We just make sure that ecSpec == null here keygen.initialize(ecSpec, new SecureRandom()); } else { throw new InvalidAlgorithmParameterException("No keySpec no algSpec and no implicitlyCA specified"); } } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECGOST3410)) { AlgorithmParameterSpec ecSpec = null; if (keySpec != null) { log.debug("Generating keys from given key specifications : " + keySpec); ecSpec = ECGOST3410NamedCurveTable.getParameterSpec(keySpec); if (ecSpec == null) throw new InvalidAlgorithmParameterException( "Key specification " + keySpec + " is invalid for ECGOST3410"); } else if (algSpec != null) { log.debug("Generating keys from given algorithm parameters : " + algSpec); ecSpec = algSpec; } else { throw new InvalidAlgorithmParameterException("No key or algorithm specifications"); } keygen.initialize(ecSpec, new SecureRandom()); } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSTU4145)) { AlgorithmParameterSpec ecSpec = null; if (keySpec != null) { log.debug("Generating keys from given key specifications : " + keySpec); ecSpec = dstuOidToAlgoParams(keySpec); if (ecSpec == null) throw new InvalidAlgorithmParameterException( "Key specification " + keySpec + " is invalid for DSTU4145"); } else if (algSpec != null) { log.debug("Generating keys from given algorithm parameters : " + algSpec); ecSpec = algSpec; } else { throw new InvalidAlgorithmParameterException("No key or algorithm specifications"); } keygen.initialize(ecSpec, new SecureRandom()); } else if (keySpec.startsWith("DSA")) { // DSA key with "DSA" in keyspec final int keysize = Integer.parseInt(keySpec.substring(3)); keygen.initialize(keysize); } else { // RSA or DSA key where keyspec is simply the key length final int keysize = Integer.parseInt(keySpec); keygen.initialize(keysize); } final KeyPair keys = keygen.generateKeyPair(); if (log.isDebugEnabled()) { final PublicKey pk = keys.getPublic(); final int len = getKeyLength(pk); log.debug("Generated " + keys.getPublic().getAlgorithm() + " keys with length " + len); } log.trace("<genKeys()"); return keys; }
From source file:org.cesecore.keys.util.KeyTools.java
License:Open Source License
/** * An ECDSA key can be stripped of the curve parameters so it only contains the public point, and this is not enough to use the key for * verification. However, if we know the curve name we can fill in the curve parameters and get a usable EC public key * // w w w.j av a 2 s . com * @param pk * PublicKey, org.ejbca.cvc.PublicKeyEC, that might miss parameters, if parameters are there we do not touch the public key just return it unchanged * @param pkwithparams * PublicKey, org.ejbca.cvc.PublicKeyEC, that contains all parameters. * @return PublicKey with parameters from the named curve * * @throws InvalidKeySpecException if the key specification in pkwithparams was invalid */ public static PublicKey getECPublicKeyWithParams(final PublicKey pk, final PublicKey pkwithparams) throws InvalidKeySpecException { PublicKey ret = pk; if ((pk instanceof PublicKeyEC) && (pkwithparams instanceof PublicKeyEC)) { final PublicKeyEC pkec = (PublicKeyEC) pk; // The public key of IS and DV certificate do not have any parameters so we have to do some magic to get a complete EC public key final ECParameterSpec spec = pkec.getParams(); if (spec == null) { final PublicKeyEC pkecp = (PublicKeyEC) pkwithparams; final ECParameterSpec pkspec = pkecp.getParams(); if (pkspec != null) { final org.bouncycastle.jce.spec.ECParameterSpec bcspec = EC5Util.convertSpec(pkspec, false); final java.security.spec.ECPoint p = pkec.getW(); final org.bouncycastle.math.ec.ECPoint ecp = EC5Util.convertPoint(pkspec, p, false); final ECPublicKeySpec pubKey = new ECPublicKeySpec(ecp, bcspec); KeyFactory keyfact; try { keyfact = KeyFactory.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("ECDSA was an unknown algorithm", e); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not found as a provider.", e); } ret = keyfact.generatePublic(pubKey); } else { log.info("pkwithparams does not have any params."); } } } else { log.info("Either pk or pkwithparams is not a PublicKeyEC: " + pk.toString() + ", " + pkwithparams.toString()); } return ret; }
From source file:org.cesecore.keys.util.PublicKeyWrapper.java
License:Open Source License
/** * /*from ww w . ja v a 2 s . c o m*/ * @return the decoded PublicKey object wrapped in this class. * */ public PublicKey getPublicKey() { if (publicKey == null) { try { KeyFactory keyFactory = KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); publicKey = keyFactory.generatePublic(keySpec); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not a known provider.", e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Algorithm " + algorithm + " was not known at deserialisation", e); } catch (InvalidKeySpecException e) { throw new IllegalStateException("The incorrect key specification was implemented.", e); } } return publicKey; }
From source file:org.cesecore.keys.util.SignWithWorkingAlgorithmTest.java
License:Open Source License
/** * Register BC provider before starting the test. *///w ww .j a v a2 s . c o m @BeforeClass public static void before() { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) != null) { return; } Security.addProvider(new BouncyCastleProvider()); }
From source file:org.cesecore.keys.util.SignWithWorkingAlgorithmTest.java
License:Open Source License
/** * First time for BC provider. Check that 5 tries are made until * SIGALG_SHA1_WITH_RSA_AND_MGF1 that is working is found. The key is too * short for first algorithms.//from w w w .ja va 2 s .com * @throws NoSuchProviderException * @throws GeneralSecurityException * @throws TaskWithSigningException */ @Test public void n1BC512() throws NoSuchProviderException, GeneralSecurityException, TaskWithSigningException { final SignOperation operation = new SignOperation(generateKeyPair(512)); assertTrue( SignWithWorkingAlgorithm.doSignTask(SIG_ALGS_RSA, BouncyCastleProvider.PROVIDER_NAME, operation)); assertTrue(operation.verifySignature()); assertEquals(5, operation.getNrOfCalls()); assertEquals(AlgorithmConstants.SIGALG_SHA1_WITH_RSA_AND_MGF1, operation.getUsedAlgorithm()); }
From source file:org.cesecore.keys.util.SignWithWorkingAlgorithmTest.java
License:Open Source License
/** * Second time the right key is picked directly. * @throws NoSuchProviderException/* w w w. j a va 2 s . c o m*/ * @throws GeneralSecurityException * @throws TaskWithSigningException */ @Test public void n2BC2048() throws NoSuchProviderException, GeneralSecurityException, TaskWithSigningException { final SignOperation operation = new SignOperation(generateKeyPair(2048)); assertTrue( SignWithWorkingAlgorithm.doSignTask(SIG_ALGS_RSA, BouncyCastleProvider.PROVIDER_NAME, operation)); assertTrue(operation.verifySignature()); assertEquals(1, operation.getNrOfCalls()); assertEquals(AlgorithmConstants.SIGALG_SHA1_WITH_RSA_AND_MGF1, operation.getUsedAlgorithm()); }