List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME
String PROVIDER_NAME
To view the source code for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME.
Click Source Link
From source file:org.xdi.oxauth.cert.validation.PathCertificateVerifier.java
License:MIT License
/** * Attempts to build a certification chain for given certificate to verify * it. Relies on a set of root CA certificates (trust anchors) and a set of * intermediate certificates (to be used as part of the chain). *///from w w w .j a v a2 s.c om private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts) throws GeneralSecurityException { // Create the selector that specifies the starting certificate X509CertSelector selector = new X509CertSelector(); selector.setBasicConstraints(-2); selector.setCertificate(certificate); // Create the trust anchors (set of root CA certificates) Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>(); for (X509Certificate trustedRootCert : trustedRootCerts) { trustAnchors.add(new TrustAnchor(trustedRootCert, null)); } // Configure the PKIX certificate builder algorithm parameters PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector); // Turn off default revocation-checking mechanism pkixParams.setRevocationEnabled(false); // Specify a list of intermediate certificates CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts)); pkixParams.addCertStore(intermediateCertStore); // Build and verify the certification chain CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams); // Additional check to Verify cert path CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator .validate(certPathBuilderResult.getCertPath(), pkixParams); return certPathBuilderResult; }
From source file:org.xdi.oxauth.crypto.cert.CertificateParser.java
License:MIT License
public static X509Certificate parsePem(String pemEncodedCert) throws CertificateException { StringReader sr = new StringReader(pemEncodedCert); PEMParser pemReader = new PEMParser(sr); try {// w w w. ja v a2s . c o m X509CertificateHolder certificateHolder = ((X509CertificateHolder) pemReader.readObject()); if (certificateHolder == null) { return null; } X509Certificate cert = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(certificateHolder); return cert; } catch (IOException ex) { throw new CertificateException(ex); } finally { IOUtils.closeQuietly(pemReader); } }
From source file:org.xdi.oxauth.model.util.SecurityProviderUtility.java
License:MIT License
public static void installBCProvider(boolean silent) { Provider provider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); if (provider == null) { if (!silent) { log.info("Adding Bouncy Castle Provider"); }/*from ww w. java 2s . c om*/ Security.addProvider(new BouncyCastleProvider()); } else { if (!silent) { log.info("Bouncy Castle Provider was added already"); } } }
From source file:org.xipki.security.provider.RSAPSSSignatureSpi.java
License:Open Source License
protected AlgorithmParameters engineGetParameters() { if (engineParams == null) { if (paramSpec != null) { try { engineParams = AlgorithmParameters.getInstance("PSS", BouncyCastleProvider.PROVIDER_NAME); engineParams.init(paramSpec); } catch (Exception e) { throw new RuntimeException(e.getMessage(), e); }//from www . j ava 2 s.c o m } } return engineParams; }
From source file:org.xmlsh.aws.util.AWSS3Command.java
License:BSD License
protected void getS3Client(Options opts) throws UnsupportedEncodingException, IOException, CoreException { if (opts.hasOpt("crypt")) { synchronized (AWSS3Command.class) { if (Security.getProperty(BouncyCastleProvider.PROVIDER_NAME) == null) Security.addProvider(new BouncyCastleProvider()); }/* w ww.ja v a 2 s .c o m*/ XValue sKeypair = opts.getOptValueRequired("keypair"); KeyPair keyPair = (KeyPair) readPEM(sKeypair); mAmazon = new AmazonS3EncryptionClient(new AWSCommandCredentialsProviderChain(mShell, opts), new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair)) ); } else mAmazon = new AmazonS3Client(new AWSCommandCredentialsProviderChain(mShell, opts) ); setEndpoint(opts); setRegion(opts); if (opts.hasOpt("threads")) mThreads = opts.getOptInt("threads", mThreads); }
From source file:org.xwiki.signedscripts.internal.DefaultKeyManager.java
License:Open Source License
/** * {@inheritDoc}/*from w w w . j a va 2 s . com*/ * * @see org.xwiki.component.phase.Initializable#initialize() */ public void initialize() throws InitializationException { // register Bouncycastle provider if needed if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } }
From source file:org.yawlfoundation.yawl.digitalSignature.DigitalSignature.java
License:Open Source License
public CMSSignedData SignedData(Element InputDocument) { try {/*from w w w .j av a 2 s . c o m*/ X509Certificate cert = getCertificate(); PrivateKey privatekey = getPrivateKey(); if (privatekey == null) { return null; } else { String Document = PrepareDocumentToBeSign(InputDocument); System.out.println(Document); System.out.println("Certificate loaded"); // define the provider Bouncy castle if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); } //register the user certificate in the collection ArrayList certList = new ArrayList(); certList.add(cert); CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"); System.out.println("provider loaded"); // create the CMSSignedData CMSSignedDataGenerator signGen = new CMSSignedDataGenerator(); System.out.println("CMS created"); signGen.addSigner(privatekey, cert, CMSSignedDataGenerator.DIGEST_SHA1); signGen.addCertificatesAndCRLs(certs); System.out.println("Signer loaded"); CMSProcessable content = new CMSProcessableByteArray(Document.getBytes()); System.out.println("BytesArray loaded"); // the second variable "true" means that the content will be wrap with the signature return signGen.generate(content, true, "BC"); } } catch (Exception e) { e.printStackTrace(); return null; } }
From source file:ru.jts.authserver.network.crypt.CryptEngine.java
License:Apache License
public byte[] decrypt(byte[] data, byte[] key) { try {//from w ww .jav a2 s.c o m Cipher rsa = Cipher.getInstance("Blowfish/ECB/NoPadding", BouncyCastleProvider.PROVIDER_NAME); SecretKeySpec keySpec = new SecretKeySpec(key, "Blowfish"); rsa.init(Cipher.DECRYPT_MODE, keySpec); for (int i = 0; i < data.length; i += BLOCK_SIZE) { rsa.doFinal(data, i, BLOCK_SIZE, data, i); if (i > 0) { for (int j = i; j < i + BLOCK_SIZE; j++) { data[j] ^= data[j - BLOCK_SIZE]; } } } } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | ShortBufferException e) { e.printStackTrace(); } return data; }
From source file:ru.jts.authserver.network.crypt.CryptEngine.java
License:Apache License
public byte[] encrypt(byte[] data, byte key[], int padding) { byte[] output = null; try {// w w w .j a va 2 s.c o m if (padding == ZERO_TRAILING_MODE) { data = zeroPadding(data); } else if (padding == RANDOM_BYTES_MODE) { data = randomBytesPadding(data); } byte[] original = new byte[data.length]; System.arraycopy(data, 0, original, 0, data.length); output = data; Cipher rsa = Cipher.getInstance("Blowfish/ECB/NoPadding", BouncyCastleProvider.PROVIDER_NAME); SecretKeySpec keySpec = new SecretKeySpec(key, "Blowfish"); rsa.init(Cipher.ENCRYPT_MODE, keySpec); for (int i = 0; i < output.length; i += BLOCK_SIZE) { if (i > 0) { for (int j = i; j < i + BLOCK_SIZE; j++) { output[j] ^= original[j - BLOCK_SIZE]; } } rsa.doFinal(output, i, BLOCK_SIZE, output, i); } } catch (NoSuchPaddingException | BadPaddingException | NoSuchAlgorithmException | IllegalBlockSizeException | ShortBufferException | NoSuchProviderException | InvalidKeyException e) { e.printStackTrace(); } return output; }
From source file:ru.jts.authserver.network.crypt.RSAEngine.java
License:Apache License
/** * @param data - ?? /*from w ww .j a v a2 s. c o m*/ * @param from * @param length * @return - ?? ? */ private byte[] decrypt0(byte[] data, int from, int length) { ByteBuf buf = Unpooled.buffer().order(ByteOrder.LITTLE_ENDIAN); PrivateKey privateKey = KeyStore.getInstance().getPrivateKey(); try { Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding", BouncyCastleProvider.PROVIDER_NAME); rsa.init(Cipher.DECRYPT_MODE, privateKey); final int blockSize = rsa.getBlockSize(); for (int i = from; i < length; i += blockSize) { if (i + blockSize > length) { byte[] tempData = rsa.doFinal(data, i, length - i); buf.writeBytes(tempData); } else { byte[] tempData = rsa.doFinal(data, i, blockSize); buf.writeBytes(tempData); } } } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | NoSuchProviderException e) { e.printStackTrace(); } return buf.array(); }