Example usage for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME

List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.jce.provider.*
  5. BouncyCastleProvider
  6. PROVIDER_NAME

Introduction

In this page you can find the example usage for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME.

Prototype

String PROVIDER_NAME

To view the source code for org.bouncycastle.jce.provider BouncyCastleProvider PROVIDER_NAME.

Click Source Link

Usage

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

public void generate()
        throws NoSuchAlgorithmException, InvalidKeyException, IllegalStateException, NoSuchProviderException,
        SignatureException, IOException, ParseException, OperatorCreationException, CertificateException {
    System.out.println("Generating CA ...");
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
    keyGen.initialize(2048);/*ww  w  .j  a  v  a  2s . co m*/
    // Generate keys
    KeyPair root = keyGen.generateKeyPair();
    KeyPair esteid = keyGen.generateKeyPair();
    rootCert = makeRootCert(root);
    esteidCert = makeEsteidCert(esteid, root);

    rootKey = (RSAPrivateCrtKey) root.getPrivate();
    esteidKey = (RSAPrivateCrtKey) esteid.getPrivate();
    System.out.println("Done.");
}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

private X509Certificate makeRootCert(KeyPair kp)
        throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException,
        IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException {

    // Load real root certificate
    X509CertificateHolder real = getRealCert("/resources/sk-root.pem");
    // Use values from real certificate
    // TODO/FIXME: GeneralizedTime instead of UTCTime for root
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(),
            real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(), kp.getPublic());

    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions verbatim
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }//from  w w  w.j  a  v  a  2s  .co m

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(kp.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(cert);

}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

private X509Certificate makeEsteidCert(KeyPair esteid, KeyPair root)
        throws InvalidKeyException, IllegalStateException, NoSuchProviderException, SignatureException,
        IOException, NoSuchAlgorithmException, ParseException, OperatorCreationException, CertificateException {

    // Load current root certificate
    X509CertificateHolder real = getRealCert("/resources/sk-esteid.pem");

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(),
            real.getSerialNumber(), real.getNotBefore(), real.getNotAfter(), real.getSubject(),
            esteid.getPublic());//from  w ww .  j a va 2  s . co m

    // Basic constraints
    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(root.getPrivate());

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(cert);

}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

public X509Certificate cloneUserCertificate(RSAPublicKey pubkey, X509Certificate cert)
        throws OperatorCreationException, CertificateException, IOException {
    X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded());
    // Clone everything
    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(holder.getIssuer(),
            cert.getSerialNumber(), cert.getNotBefore(), cert.getNotAfter(), holder.getSubject(), pubkey);
    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = holder.getExtensionOIDs();

    // Copy all extensions
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = holder.getExtension(extoid);
        builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), holder);
    }/*ww  w  .  j a v a  2 s.co  m*/
    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);

    X509CertificateHolder newcert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(newcert);

}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

public X509Certificate generateUserCertificate(RSAPublicKey pubkey, boolean signature, String firstname,
        String lastname, String idcode, String email)
        throws InvalidKeyException, ParseException, IOException, IllegalStateException, NoSuchProviderException,
        NoSuchAlgorithmException, SignatureException, CertificateException, OperatorCreationException {
    Date startDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2015-01-01");
    Date endDate = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH).parse("2015-12-31");

    String template = "C=EE,O=ESTEID,OU=%s,CN=%s\\,%s\\,%s,SURNAME=%s,GIVENNAME=%s,SERIALNUMBER=%s";
    // Normalize.
    lastname = lastname.toUpperCase();// ww w.ja va  2  s  .  c o  m
    firstname = firstname.toUpperCase();
    idcode = idcode.toUpperCase();
    email = email.toLowerCase();
    String subject = String.format(template, (signature ? "digital signature" : "authentication"), lastname,
            firstname, idcode, lastname, firstname, idcode);

    byte[] serialBytes = new byte[16];
    SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG");
    rnd.nextBytes(serialBytes);
    serialBytes[0] &= 0x7F; // Can't be negative
    BigInteger serial = new BigInteger(serialBytes);

    X509CertificateHolder real;
    if (signature) {
        real = getRealCert("/resources/sk-sign.pem");
    } else {
        real = getRealCert("/resources/sk-auth.pem");
    }
    serial = real.getSerialNumber();
    System.out.println("Generating from subject: " + real.getSubject());
    System.out.println("Generating subject: " + new X500Name(subject).toString());

    JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(real.getIssuer(), serial, startDate,
            endDate, new X500Name(subject), pubkey);

    @SuppressWarnings("unchecked")
    List<ASN1ObjectIdentifier> list = real.getExtensionOIDs();

    // Copy all extensions, except altName
    for (ASN1ObjectIdentifier extoid : list) {
        Extension ext = real.getExtension(extoid);
        if (ext.getExtnId().equals(Extension.subjectAlternativeName)) {
            // altName must be changed
            builder.addExtension(ext.getExtnId(), ext.isCritical(),
                    new GeneralNames(new GeneralName(GeneralName.rfc822Name, email)));
        } else {
            builder.copyAndAddExtension(ext.getExtnId(), ext.isCritical(), real);
        }
    }

    // Generate cert
    ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA")
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(esteidKey);

    X509CertificateHolder cert = builder.build(sigGen);
    return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME)
            .getCertificate(cert);
}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

public void storeToFile(File f) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException,
        CertificateException, IOException {
    KeyStore keystore = KeyStore.getInstance("pkcs12", BouncyCastleProvider.PROVIDER_NAME);
    keystore.load(null, password);//from   ww w .  java  2 s  . c  om
    keystore.setKeyEntry(root, rootKey, password, new Certificate[] { rootCert });
    keystore.setKeyEntry(esteid, esteidKey, password, new Certificate[] { esteidCert });
    keystore.store(new FileOutputStream(f), password);
}

From source file:esteidhacker.FakeEstEIDCA.java

License:Open Source License

public void loadFromFile(File f) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException,
        CertificateException, IOException, UnrecoverableKeyException {
    KeyStore keystore = KeyStore.getInstance("pkcs12", BouncyCastleProvider.PROVIDER_NAME);
    keystore.load(new FileInputStream(f), password);
    rootKey = (RSAPrivateCrtKey) keystore.getKey(root, password);
    rootCert = (X509Certificate) keystore.getCertificate(root);
    esteidKey = (RSAPrivateCrtKey) keystore.getKey(esteid, password);
    rootCert = (X509Certificate) keystore.getCertificate(esteid);
}

From source file:eu.eidas.auth.engine.core.impl.EncryptionSW.java

License:EUPL

/**
 * Load cryptographic service provider.//from  w ww. j  a va 2 s  .c  o m
 *
 * @throws SAMLEngineException the SAML engine exception
 */
private final void loadCryptServiceProvider() throws SAMLEngineException {
    LOG.debug("Loading Encryption Cryptographic Service Provider");
    try {
        // Dynamically register Bouncy Castle provider.
        boolean found = false;
        // Check if BouncyCastle is already registered as a provider
        final Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
                found = true;
            }
        }

        // Register only if the provider has not been previously registered
        if (!found) {
            LOG.debug("SAMLCore: Register Bouncy Castle provider.");
            Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
        } else {
            LOG.debug("SAMLCore: Bouncy Castle provider already registered.");
        }

    } catch (Exception e) {
        LOG.error("ERROR : Error loading encryption CryptographicServiceProvider", e.getMessage());
        throw new SAMLEngineException(EIDASErrors.SAML_ENGINE_LOAD_PROVIDER.errorCode(),
                EIDASErrors.SAML_ENGINE_LOAD_PROVIDER.errorMessage(), e);
    }
}

From source file:eu.eidas.auth.engine.core.impl.SignP12.java

License:EUPL

/**
 * Load cryptographic service provider.//from w  w  w.  j  ava  2  s  .  c  o  m
 * 
 * @throws SAMLEngineException the SAML engine exception
 */
public void loadCryptServiceProvider() throws SAMLEngineException {
    LOG.info("Load Cryptographic Service Provider");

    FileInputStream fis = null;
    FileInputStream fisTrustStore = null;

    try {
        // Dynamically register Bouncy Castle provider.
        boolean found = false;
        // Check if BouncyCastle is already registered as a provider
        final Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
                found = true;
            }
        }

        // Register only if the provider has not been previously registered
        if (!found) {
            LOG.debug("SAMLCore: Register Bouncy Castle provider.");
            Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
        }

        p12Store = KeyStore.getInstance(getProperties().getProperty("keystoreType"));

        fis = new FileInputStream(getProperties().getProperty("keystorePath"));

        p12Store.load(fis, getProperties().getProperty("keyStorePassword").toCharArray());

        trustStore = KeyStore.getInstance(getProperties().getProperty("trustStoreType"));

        fisTrustStore = new FileInputStream(getProperties().getProperty("trustStorePath"));
        trustStore.load(fisTrustStore, getProperties().getProperty("trustStorePassword").toCharArray());

    } catch (Exception e) {
        throw new SAMLEngineException("Error loading CryptographicServiceProvider", e);
    } finally {
        IOUtils.closeQuietly(fis);
        IOUtils.closeQuietly(fisTrustStore);
    }
}

From source file:eu.eidas.auth.engine.core.impl.SignSW.java

License:EUPL

/**
 * Load cryptographic service provider./* w w w . j av  a 2s  .  co  m*/
 *
 * @throws SAMLEngineException the SAML engine exception
 */
public final void loadCryptServiceProvider() throws SAMLEngineException {
    LOG.info("Load Cryptographic Service Provider");
    try {
        // Dynamically register Bouncy Castle provider.
        boolean found = false;
        // Check if BouncyCastle is already registered as a provider
        final Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
                found = true;
            }
        }

        // Register only if the provider has not been previously registered
        if (!found) {
            LOG.debug("SAMLCore: Register Bouncy Castle provider.");
            Security.insertProviderAt(new BouncyCastleProvider(), 0);
        }

        ownKeyStore = loadKeystore(null);
        metadatKeyStore = loadKeystore(PROPERTY_PREFIX_METADATA);

    } catch (Exception e) {
        LOG.info("ERROR : Error loading CryptographicServiceProvider", e.getMessage());
        LOG.debug("ERROR : Error loading CryptographicServiceProvider", e);
        throw new SAMLEngineException("Error loading CryptographicServiceProvider", e);
    }
}