List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME
String PROVIDER_NAME
To view the source code for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME.
Click Source Link
From source file:org.qi4j.library.shiro.authc.X509AuthenticationToken.java
License:Open Source License
public X509Store getClientCertChainStore() { try {/*w w w. j a va2s .c o m*/ X509CollectionStoreParameters params = new X509CollectionStoreParameters( Arrays.asList(clientX509CertChain)); return X509Store.getInstance("CERTIFICATE/COLLECTION", params, BouncyCastleProvider.PROVIDER_NAME); } catch (NoSuchStoreException ex) { return null; } catch (NoSuchProviderException ex) { return null; } }
From source file:org.qi4j.library.shiro.authc.X509CredentialsPKIXPathMatcher.java
License:Open Source License
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { try {//from w w w. j av a 2s. co m X509AuthenticationToken x509AuthToken = (X509AuthenticationToken) token; X509AuthenticationInfo x509AuthInfo = (X509AuthenticationInfo) info; ExtendedPKIXBuilderParameters params = new ExtendedPKIXBuilderParameters( x509AuthInfo.getGrantedTrustAnchors(), x509AuthToken.getClientX509CertSelector()); params.addStore(x509AuthToken.getClientCertChainStore()); params.setRevocationEnabled(false); CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); CertPathBuilderResult result = pathBuilder.build(params); if (LOGGER.isDebugEnabled()) { PKIXCertPathReviewer reviewer = new PKIXCertPathReviewer(result.getCertPath(), params); String certPathEnd = ((X509Certificate) reviewer.getCertPath().getCertificates() .get(reviewer.getCertPathSize() - 1)).getSubjectX500Principal().getName(); LOGGER.debug( "A valid ({}) certification path (length: {}) was found for the following certificate: '{}' ending on: '{}'", new Object[] { reviewer.isValidCertPath(), reviewer.getCertPathSize(), x509AuthToken.getClientX509Certificate().getSubjectX500Principal().getName(), certPathEnd }); } return true; } catch (GeneralSecurityException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } catch (CertPathReviewerException ex) { LOGGER.trace("Unable to do credentials matching", ex); return false; } }
From source file:org.qipki.ca.http.presentation.rest.resources.tools.CryptoInspectorResource.java
License:Open Source License
private boolean isDER(InputStream stream) { CertificateFactory certFactory = null; try {/*from w w w. j ava2s . c o m*/ certFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); } catch (GeneralSecurityException ignored) { return false; } try { certFactory.generateCRLs(stream); return true; } catch (CRLException ignored) { } try { certFactory.generateCertificates(stream); return true; } catch (CertificateException ignored) { } // TODO : all other types ........ return false; }
From source file:org.qipki.ca.http.presentation.rest.resources.tools.CryptoInspectorResource.java
License:Open Source License
private KeyStore getKeyStoreInstance(KeyStoreType storeType) throws KeyStoreException, NoSuchProviderException { if (KeyStoreType.PKCS12 == storeType) { return KeyStore.getInstance(storeType.typeString(), BouncyCastleProvider.PROVIDER_NAME); }// w ww . j av a 2 s. co m return KeyStore.getInstance(storeType.typeString()); }
From source file:org.qipki.ca.tests.http.QiPkiHttpCaTest.java
License:Open Source License
private void testCA() throws InterruptedException, IOException, JSONException, GeneralSecurityException { // Get CA list HttpGet get = new HttpGet(caApi.caListUri().get()); addAcceptJsonHeader(get);// ww w . j av a 2s . c o m String jsonCaList = httpClient.execute(get, strResponseHandler); LOGGER.debug("CAs List: {}", new JSONObject(jsonCaList).toString(2)); RestListValue caList = valueBuilderFactory.newValueFromJSON(RestListValue.class, jsonCaList); CAValue firstCa = (CAValue) caList.items().get().get(0); // Get first CA as Value get = new HttpGet(firstCa.uri().get()); addAcceptJsonHeader(get); String caJson = httpClient.execute(get, strResponseHandler); CAValue ca = valueBuilderFactory.newValueFromJSON(CAValue.class, caJson); LOGGER.debug("First CA JSON:\n{}", ca.toJSON()); // Get first CA CRL get = new HttpGet(ca.crlUri().get()); String crl = httpClient.execute(get, strResponseHandler); LOGGER.debug("First CA CRL:\n{}", crl); X509CRL x509CRL = cryptio.readCRLPEM(new StringReader(crl)); // Create a new CryptoStore HttpPost post = new HttpPost(caApi.cryptoStoreListUri().get()); addAcceptJsonHeader(post); CryptoStoreFactoryParamsValue csParams = paramsFactory.createCryptoStoreFactoryParams(testCryptoStoreName, KeyStoreType.JKS, "changeit".toCharArray()); post.setEntity(new StringEntity(csParams.toJSON())); String csJson = httpClient.execute(post, strResponseHandler); CryptoStoreValue cryptoStore = valueBuilderFactory.newValueFromJSON(CryptoStoreValue.class, csJson); // Create a new CA post = new HttpPost(caApi.caListUri().get()); addAcceptJsonHeader(post); KeyPairSpecValue keyPairSpec = cryptoValuesFactory.createKeySpec(AsymetricAlgorithm.RSA, 512); CAFactoryParamsValue caParams = paramsFactory.createCAFactoryParams(cryptoStore.uri().get(), testCaName, 1, "CN=" + testCaName, keyPairSpec, null); post.setEntity(new StringEntity(caParams.toJSON())); caJson = httpClient.execute(post, strResponseHandler); ca = valueBuilderFactory.newValueFromJSON(CAValue.class, caJson); // Create a new X509Profile post = new HttpPost(caApi.x509ProfileListUri().get()); addAcceptJsonHeader(post); X509ProfileFactoryParamsValue profileParams = paramsFactory.createX509ProfileFactoryParams("SSLClient", 1, "A simple SSLClient x509 profile for unit tests", x509ExtValuesFactory.buildKeyUsagesValue(true, EnumSet.of(KeyUsage.keyEncipherment, KeyUsage.digitalSignature)), x509ExtValuesFactory.buildExtendedKeyUsagesValue(false, EnumSet.of(ExtendedKeyUsage.clientAuth)), x509ExtValuesFactory.buildNetscapeCertTypesValue(false, EnumSet.of(NetscapeCertType.sslClient)), x509ExtValuesFactory.buildBasicConstraintsValue(true, false, 0), null); post.setEntity(new StringEntity(profileParams.toJSON())); String sslClientProfileJson = httpClient.execute(post, strResponseHandler); X509ProfileValue sslClientProfile = valueBuilderFactory.newValueFromJSON(X509ProfileValue.class, sslClientProfileJson); // Add profile to CA post = new HttpPost(ca.uri().get()); addAcceptJsonHeader(post); ValueBuilder<CAValue> caValueBuilder = valueBuilderFactory.newValueBuilder(CAValue.class).withPrototype(ca); // Needed as Values are immutables ca = caValueBuilder.prototype(); ca.allowedX509Profiles().get().add( paramsFactory.createX509ProfileAssignment(sslClientProfile.uri().get(), KeyEscrowPolicy.allowed)); ca = caValueBuilder.newInstance(); post.setEntity(new StringEntity(ca.toJSON())); caJson = httpClient.execute(post, strResponseHandler); ca = valueBuilderFactory.newValueFromJSON(CAValue.class, caJson); // Request certificate on X509Factory with a PKCS#10 request using the first CA KeyPair keyPair = asymGenerator .generateKeyPair(new AsymetricGeneratorParameters(AsymetricAlgorithm.RSA, 512)); PKCS10CertificationRequest pkcs10 = x509Generator.generatePKCS10(new DistinguishedName("CN=qipki"), keyPair, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "qipki@codeartisans.org"))); String pkcs10PEM = cryptio.asPEM(pkcs10).toString(); LOGGER.debug("Will request a new X509 with the following PKCS#10: " + pkcs10PEM); X509FactoryParamsValue x509FactoryParams = paramsFactory.createX509FactoryParams(ca.uri().get(), sslClientProfile.uri().get(), pkcs10PEM); post = new HttpPost(caApi.x509ListUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(x509FactoryParams.toJSON())); String jsonX509 = httpClient.execute(post, strResponseHandler); X509Value newX509 = valueBuilderFactory.newValueFromJSON(X509Value.class, jsonX509); LOGGER.debug("New X509 created using /api/x509/factory after POST/302/REDIRECT: {}", newX509.toJSON()); // Get detailled info about new X509 get = new HttpGet(newX509.detailUri().get()); addAcceptJsonHeader(get); String jsonX509Detail = httpClient.execute(get, strResponseHandler); LOGGER.debug("New X509 detail: {}", new JSONObject(jsonX509Detail).toString(2)); X509DetailValue newX509Detail = valueBuilderFactory.newValueFromJSON(X509DetailValue.class, jsonX509Detail); assertTrue(newX509Detail.keysExtensions().get().extendedKeyUsages().get().extendedKeyUsages().get() .contains(ExtendedKeyUsage.clientAuth)); assertTrue(newX509Detail.keysExtensions().get().netscapeCertTypes().get().netscapeCertTypes().get() .contains(NetscapeCertType.sslClient)); // Get X509 list get = new HttpGet(caApi.x509ListUri().get()); addAcceptJsonHeader(get); String jsonX509List = httpClient.execute(get, strResponseHandler); LOGGER.debug("X509s List: {}", new JSONObject(jsonX509List).toString(2)); RestListValue x509List = valueBuilderFactory.newValueFromJSON(RestListValue.class, jsonX509List); X509Value firstX509 = (X509Value) x509List.items().get().get(0); // Get first X509 get = new HttpGet(firstX509.uri().get()); addAcceptJsonHeader(get); jsonX509 = httpClient.execute(get, strResponseHandler); LOGGER.debug("First X509: {}", new JSONObject(jsonX509).toString(2)); firstX509 = valueBuilderFactory.newValueFromJSON(X509Value.class, jsonX509); // Revoke first X509 X509RevocationParamsValue x509RevocationParams = paramsFactory .createX509RevocationParams(RevocationReason.cessationOfOperation); post = new HttpPost(firstX509.revocationUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(x509RevocationParams.toJSON())); String jsonRevocation = httpClient.execute(post, strResponseHandler); LOGGER.debug(jsonRevocation); // Get KeyPair list get = new HttpGet(caApi.escrowedKeyPairListUri().get()); addAcceptJsonHeader(get); String jsonKeyPairList = httpClient.execute(get, strResponseHandler); LOGGER.debug("EscrowedKeyPair List: {}", new JSONObject(jsonKeyPairList).toString(2)); // Create KeyPair EscrowedKeyPairFactoryParamsValue escrowParams = paramsFactory .createEscrowedKeyPairFactoryParams(AsymetricAlgorithm.RSA, 512); post = new HttpPost(caApi.escrowedKeyPairListUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(escrowParams.toJSON())); String jsonEscrowed = httpClient.execute(post, strResponseHandler); LOGGER.debug("EscrowedKeyPair : {}", new JSONObject(jsonEscrowed).toString(2)); EscrowedKeyPairValue ekp = valueBuilderFactory.newValueFromJSON(EscrowedKeyPairValue.class, jsonEscrowed); // Recover KeyPair get = new HttpGet(ekp.recoveryUri().get()); addAcceptJsonHeader(get); String kpPem = httpClient.execute(get, strResponseHandler); LOGGER.debug("EscrowedKeyPair PEM: {}", kpPem); KeyPair keypair = cryptio.readKeyPairPEM(new StringReader(kpPem)); // Issue X509Certificate using an escrowed keypair String dn = "CN=qipki-escrowed"; LOGGER.debug("Will request a new X509 with the following DN: " + dn); x509FactoryParams = paramsFactory.createX509FactoryParams(ca.uri().get(), sslClientProfile.uri().get(), ekp.uri().get(), dn); post = new HttpPost(caApi.x509ListUri().get()); addAcceptJsonHeader(post); post.setEntity(new StringEntity(x509FactoryParams.toJSON())); jsonX509 = httpClient.execute(post, strResponseHandler); newX509 = valueBuilderFactory.newValueFromJSON(X509Value.class, jsonX509); LOGGER.debug("New X509 created using /api/x509/factory and an escrowed keypair after POST/302/REDIRECT: {}", newX509.toJSON()); // Getting new X509 PEM get = new HttpGet(newX509.pemUri().get()); String x509pem = httpClient.execute(get, strResponseHandler); LOGGER.debug("X509 created from escrowed keypair PEM: {}", x509pem); X509Certificate x509Certificate = cryptio.readX509PEM(new StringReader(x509pem)); // Getting EscrowedKeyPair from X509Certificate get = new HttpGet(newX509.recoveryUri().get()); kpPem = httpClient.execute(get, strResponseHandler); LOGGER.debug("EscrowedKeyPair PEM: {}", kpPem); keypair = cryptio.readKeyPairPEM(new StringReader(kpPem)); // Create local PKCS#12 keystore with keypair, certificate and full certchain char[] password = "changeit".toCharArray(); KeyStore ks = KeyStore.getInstance(KeyStoreType.PKCS12.typeString(), BouncyCastleProvider.PROVIDER_NAME); ks.load(null, password); ks.setEntry("wow", new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] { x509Certificate }), new KeyStore.PasswordProtection(password)); String base64encodedp12 = cryptio.base64Encode(ks, password); System.out.println(base64encodedp12); // Exporting CA in a PKCS#12 keystore get = new HttpGet(ca.exportUri().get() + "?password=changeit"); byte[] responseBytes = httpClient.execute(get, bytesResponseHandler); ks = KeyStore.getInstance(KeyStoreType.PKCS12.typeString(), BouncyCastleProvider.PROVIDER_NAME); ks.load(new ByteArrayInputStream(responseBytes), password); base64encodedp12 = cryptio.base64Encode(ks, password); System.out.println(base64encodedp12); // Exporting CA in a JKS keystore get = new HttpGet(ca.exportUri().get() + "?password=changeit&kstype=jks"); responseBytes = httpClient.execute(get, bytesResponseHandler); ks = KeyStore.getInstance(KeyStoreType.JKS.typeString()); ks.load(new ByteArrayInputStream(responseBytes), password); base64encodedp12 = cryptio.base64Encode(ks, password); System.out.println(base64encodedp12); }
From source file:org.qipki.crypto.cipher.CipherTest.java
License:Open Source License
@Test public void testAES128WithoutQi4j() throws Exception { Security.addProvider(new BouncyCastleProvider()); CryptoContext cryptoContext = new DefaultCryptoContext(); testAES128(new SymetricGeneratorImpl(cryptoContext), new CipherFactoryImpl(cryptoContext)); Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); }
From source file:org.qipki.crypto.DefaultCryptoContext.java
License:Open Source License
public DefaultCryptoContext() throws NoSuchAlgorithmException { this(BouncyCastleProvider.PROVIDER_NAME, "SHA1PRNG", 128); }
From source file:org.qipki.crypto.DefaultCryptoContext.java
License:Open Source License
public DefaultCryptoContext(String randomAlgorithm) throws NoSuchAlgorithmException { this(BouncyCastleProvider.PROVIDER_NAME, randomAlgorithm, 128); }
From source file:org.qipki.crypto.DefaultCryptoContext.java
License:Open Source License
public DefaultCryptoContext(String randomAlgorithm, int seedSize) throws NoSuchAlgorithmException { this(BouncyCastleProvider.PROVIDER_NAME, randomAlgorithm, seedSize); }
From source file:org.qipki.crypto.DefaultCryptoContext.java
License:Open Source License
public DefaultCryptoContext(SecureRandom random) { this(BouncyCastleProvider.PROVIDER_NAME, random); }