List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME
String PROVIDER_NAME
To view the source code for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME.
Click Source Link
From source file:org.jboss.as.test.integration.security.picketlink.KerberosServerSetupTask.java
License:Open Source License
/** * Creates directory services, starts LDAP server and KDCServer * * @param managementClient/*ww w. ja v a 2s . c o m*/ * @param containerId * @throws Exception * @see org.jboss.as.arquillian.api.ServerSetupTask#setup(org.jboss.as.arquillian.container.ManagementClient, * java.lang.String) */ public void setup(ManagementClient managementClient, String containerId) throws Exception { try { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); removeBouncyCastle = true; } } catch (SecurityException ex) { LOGGER.warn("Cannot register BouncyCastleProvider", ex); } final String hostname = Utils.getHost(managementClient); createLdap1(managementClient, hostname); }
From source file:org.jboss.as.test.integration.security.picketlink.KerberosServerSetupTask.java
License:Open Source License
/** * Stops LDAP server and KDCServer and shuts down the directory service. * * @param managementClient//from ww w .j a v a2 s. c o m * @param containerId * @throws Exception * @see org.jboss.as.arquillian.api.ServerSetupTask#tearDown(org.jboss.as.arquillian.container.ManagementClient, * java.lang.String) */ public void tearDown(ManagementClient managementClient, String containerId) throws Exception { krbServer1.stop(); ldapServer1.stop(); directoryService1.shutdown(); KEYSTORE_FILE.delete(); FileUtils.deleteDirectory(directoryService1.getInstanceLayout().getInstanceDirectory()); if (removeBouncyCastle) { try { Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } catch (SecurityException ex) { LOGGER.warn("Cannot deregister BouncyCastleProvider", ex); } } }
From source file:org.kopi.ebics.client.User.java
License:Open Source License
/** * EBICS Specification 2.4.2 - 11.1.1 Process: * /* w ww. j a v a 2s . com*/ * <p>Identification and authentication signatures are based on the RSA signature process. * The following parameters determine the identification and authentication signature process: * * <ol> * <li> Length of the (secret) RSA key * <li> Hash algorithm * <li> Padding process * <li> Canonisation process. * </ol> * * <p>For the identification and authentication process, EBICS defines the process X002? with * the following parameters: * <ol> * <li>Key length in Kbit >=1Kbit (1024 bit) and lesser than 16Kbit</li> * <li>Hash algorithm SHA-256</li> * <li>Padding process: PKCS#1</li> * <li>Canonisation process: http://www.w3.org/TR/2001/REC-xml-c14n-20010315 * </ol> * * <p>From EBICS 2.4 on, the customer system must use the hash value of the public bank key * X002 in a request. * * <p>Notes: * <ol> * <li> The key length is defined else where. * <li> The padding is performed by the {@link Signature} class. * <li> The digest is already canonized in the {@link SignedInfo#sign(byte[]) sign(byte[])} * </ol> */ @Override public byte[] authenticate(byte[] digest) throws GeneralSecurityException { Signature signature; signature = Signature.getInstance("SHA256WithRSA", BouncyCastleProvider.PROVIDER_NAME); signature.initSign(x002PrivateKey); signature.update(digest); return signature.sign(); }
From source file:org.kopi.ebics.client.User.java
License:Open Source License
/** * EBICS Specification 2.4.2 - 14.1 Version A005/A006 of the electronic signature: * /*from ww w.j a va 2 s . c o m*/ * <p>For the signature processes A005 an interval of 1536 bit (minimum) * and 4096 bit (maximum) is defined for the key length. * * <p>The digital signature mechanisms A005 is both based on the industry standard * [PKCS1] using the hash algorithm SHA-256. They are both signature mechanisms without * message recovery. * * <p>A hash algorithm maps bit sequences of arbitrary length (input bit sequences) to byte * sequences of a fixed length, determined by the Hash algorithm. The result of the execution of * a Hash algorithm to a bit sequence is defined as hash value. * * <p>The hash algorithm SHA-256 is specified in [FIPS H2]. SHA-256 maps input bit sequences of * arbitrary length to byte sequences of 32 byte length. The padding of input bit sequences to a * length being a multiple of 64 byte is part of the hash algorithm. The padding even is applied if * the input bit sequence already has a length that is a multiple of 64 byte. * * <p>SHA-256 processes the input bit sequences in blocks of 64 byte length. * The hash value of a bit sequence x under the hash algorithm SHA-256 is referred to as * follows: SHA-256(x). * * <p>The digital signature mechanism A005 is identical to EMSA-PKCS1-v1_5 using the hash * algorithm SHA-256. The byte length H of the hash value is 32. * * According [PKCS1] (using the method EMSA-PKCS1-v1_5) the following steps shall be * performed for the computation of a signature for message M with bit length m. * <ol> * <li> The hash value HASH(M) of the byte length H shall be computed. In the case of A005 * SHA-256(M) with a length of 32 bytes.</li> * <li> The DSI for the signature algorithm shall be generated.</li> * <li> A signature shall be computed using the DSI with the standard algorithm for the * signature generation described in section 14.1.3.1 of the EBICS specification (V 2.4.2). * </ol> * * <p>The {@link Signature} is a digital signature scheme with * appendix (SSA) combining the RSA algorithm with the EMSA-PKCS1-v1_5 encoding * method. * * <p> The {@code digest} will be signed with the RSA user signature key using the * {@link Signature} that will be instantiated with the <b>SHA-256</b> * algorithm. This signature is then put in a {@link UserSignature} XML object that * will be sent to the EBICS server. */ @Override public byte[] sign(byte[] digest) throws IOException, GeneralSecurityException { Signature signature = Signature.getInstance("SHA256WithRSA", BouncyCastleProvider.PROVIDER_NAME); signature.initSign(a005PrivateKey); signature.update(removeOSSpecificChars(digest)); return signature.sign(); }
From source file:org.kopi.ebics.client.User.java
License:Open Source License
/** * EBICS IG CFONB VF 2.1.4 2012 02 24 - 2.1.3.2 Calcul de la signature: * //from w w w .j ava 2 s . c o m * <p>Il convient dutiliser PKCS1 V1.5 pour chiffrer la cl de chiffrement. * * <p>EBICS Specification 2.4.2 - 15.2 Workflows at the recipients end: * * <p><b>Decryption of the DES key</b> * <p>The leading 256 null bits of the EDEK are removed and the remaining 768 bits are decrypted * with the recipients secret key of the RSA key system. PDEK is then present. The secret DES * key DEK is obtained from the lowest-value 128 bits of PDEK, this is split into the individual * keys DEK<SUB>left</SUB> and DEK<SUB>right</SUB>. */ @Override public byte[] decrypt(byte[] encryptedData, byte[] transactionKey) throws EbicsException, GeneralSecurityException, IOException { Cipher cipher; int blockSize; ByteArrayOutputStream outputStream; cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", BouncyCastleProvider.PROVIDER_NAME); cipher.init(Cipher.DECRYPT_MODE, e002PrivateKey); blockSize = cipher.getBlockSize(); outputStream = new ByteArrayOutputStream(); for (int j = 0; j * blockSize < transactionKey.length; j++) { outputStream.write(cipher.doFinal(transactionKey, j * blockSize, blockSize)); } return decryptData(encryptedData, outputStream.toByteArray()); }
From source file:org.kopi.ebics.utils.Utils.java
License:Open Source License
/** * Encrypts or decrypts the given input according to key spec. * @param mode the encryption-decryption mode. * @param input the input to encrypt or decrypt. * @param keySpec the key spec./* w w w.j a v a2s .co m*/ * @return the encrypted or decrypted data. * @throws GeneralSecurityException */ private static byte[] encryptOrDecrypt(int mode, byte[] input, SecretKeySpec keySpec) throws EbicsException { IvParameterSpec iv; Cipher cipher; iv = new IvParameterSpec(new byte[16]); try { cipher = Cipher.getInstance("AES/CBC/ISO10126Padding", BouncyCastleProvider.PROVIDER_NAME); cipher.init(mode, keySpec, iv); return cipher.doFinal(input); } catch (GeneralSecurityException e) { throw new EbicsException(e.getMessage()); } }
From source file:org.kopi.ebics.xml.InitializationRequestElement.java
License:Open Source License
/** * Generates the upload transaction key//from w w w.j a va 2 s .c o m * @return the transaction key */ protected byte[] generateTransactionKey() throws EbicsException { try { Cipher cipher; cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding", BouncyCastleProvider.PROVIDER_NAME); cipher.init(Cipher.ENCRYPT_MODE, session.getBankE002Key()); return cipher.doFinal(nonce); } catch (Exception e) { throw new EbicsException(e.getMessage()); } }
From source file:org.nimbustools.auto_common.ezpz_ca.CertDN.java
License:Apache License
public static String dnFromPath(String path) throws IOException { final File certFile = new File(path); if (!certFile.canRead()) { final String msg = "File '" + path + "' can not be read."; throw new IOException(msg); }//from w ww .j a v a 2s .c o m final FileReader fr = new FileReader(certFile); try { final PEMReader reader = new PEMReader(fr, null, BouncyCastleProvider.PROVIDER_NAME); try { final X509Certificate cert = (X509Certificate) reader.readObject(); final X500Principal principal = cert.getSubjectX500Principal(); final String DN = principal.getName(X500Principal.RFC2253); return CertUtil.toGlobusID(DN, false); } finally { reader.close(); } } finally { fr.close(); } }
From source file:org.nimbustools.auto_common.ezpz_ca.CertFilenameHash.java
License:Apache License
public String hashFromPath(String existingFile) throws IOException, CertificateException, NoSuchProviderException { final File certFile = new File(existingFile); if (!certFile.canRead()) { final String msg = "File '" + existingFile + "' can not be read."; throw new IOException(msg); }/* w w w . ja v a 2 s .co m*/ final FileReader fr = new FileReader(certFile); try { final PEMReader reader = new PEMReader(fr, null, BouncyCastleProvider.PROVIDER_NAME); try { final X509Certificate cert = (X509Certificate) reader.readObject(); return this.nameHash(cert.getSubjectDN()); } finally { reader.close(); } } finally { fr.close(); } }
From source file:org.nimbustools.auto_common.ezpz_ca.KeystoreFromPEM.java
License:Apache License
private static Object readPemObject(File file) throws IOException { FileReader reader = new FileReader(file); try {//w ww . j a v a 2 s . co m PEMReader pemReader = new PEMReader(reader, null, BouncyCastleProvider.PROVIDER_NAME); return pemReader.readObject(); } finally { reader.close(); } }