List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:com.aqnote.shared.encrypt.cert.gen.SingleX509V1Creator.java
License:Open Source License
public static X509Certificate generate(MadCertificateObject certObject, KeyPair keyPair) throws CertException { try {//w w w. ja v a 2 s. c om X509v1CertificateBuilder certBuilder = new JcaX509v1CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.encrypt.cert.gen.SingleX509V3Creator.java
License:Open Source License
public static X509Certificate generate(MadCertificateObject certObject, KeyPair keyPair) throws CertException { try {//w w w. j a v a2s . c om X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( new X500Name(certObject.getIssuer()), BigInteger.valueOf(System.currentTimeMillis()), certObject.getNotBefore(), certObject.getNotAfter(), new X500Name(certObject.getSubject()), keyPair.getPublic()); certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "trust_device"))); ContentSigner signer = new JcaContentSignerBuilder(ALG_SIG_SHA256_RSA).setProvider(JCE_PROVIDER) .build(keyPair.getPrivate()); return new JcaX509CertificateConverter().setProvider(JCE_PROVIDER) .getCertificate(certBuilder.build(signer)); } catch (CertificateEncodingException e) { throw new CertException(e); } catch (IllegalStateException e) { throw new CertException(e); } catch (CertIOException e) { throw new CertException(e); } catch (OperatorCreationException e) { throw new CertException(e); } catch (CertificateException e) { throw new CertException(e); } }
From source file:com.aqnote.shared.encrypt.cert.main.bc.AQCRLCreator.java
License:Open Source License
public static void createNewCRL() throws CertException { try {//from ww w . ja v a2 s. co m X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(X500NameUtil.createRootPrincipal(), new Date()); crlBuilder.setNextUpdate(new Date(System.currentTimeMillis() + DateConstant.ONE_YEAR)); X509CRLHolder crlHolder = crlBuilder.build(new JcaContentSignerBuilder(SHA256_RSA) .setProvider(JCE_PROVIDER).build(CaCertLoader.getCaKeyPair().getPrivate())); X509CRL crl = new JcaX509CRLConverter().setProvider(JCE_PROVIDER).getCRL(crlHolder); FileOutputStream fostream = new FileOutputStream(MAD_CRL_FILE); PKCSWriter.storeCRLFile(crl, fostream); ASN1Dump.dumpAsString(crlHolder.toASN1Structure()); } catch (OperatorCreationException e) { throw new CertException(e); } catch (IOException e) { throw new CertException(e); } catch (InvalidKeyException e) { throw new CertException(e); } catch (CRLException e) { throw new CertException(e); } catch (NoSuchAlgorithmException e) { throw new CertException(e); } catch (NoSuchProviderException e) { throw new CertException(e); } catch (SignatureException e) { throw new CertException(e); } catch (Exception e) { throw new CertException(e); } return; }
From source file:com.bettertls.nameconstraints.KeyStoreGenerator.java
License:Apache License
public KeyStore build() throws Exception { KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA"); rsa.initialize(2048);/*ww w.j a v a 2s . c om*/ KeyPair kp = rsa.generateKeyPair(); X509CertificateHolder caCertHolder; if (caKeyEntry != null) { caCertHolder = new X509CertificateHolder(caKeyEntry.getCertificate().getEncoded()); } else { caCertHolder = null; } Calendar cal = Calendar.getInstance(); cal.add(Calendar.MONTH, 12); if (caCertHolder != null && cal.getTime().after(caCertHolder.getNotAfter())) { cal.setTime(caCertHolder.getNotAfter()); } byte[] pk = kp.getPublic().getEncoded(); SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk); String subjectNameStr = "C=US, ST=California, L=Los Gatos, O=Netflix Inc, OU=Platform Security (" + System.nanoTime() + ")"; if (commonName != null) { subjectNameStr += ", CN=" + commonName; } X500Name subjectName = new X500Name(subjectNameStr); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder( caCertHolder == null ? subjectName : caCertHolder.getSubject(), BigInteger.valueOf(System.nanoTime()), new Date(), cal.getTime(), subjectName, bcPk); certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(isCa)); if (nameConstraints != null) { certGen.addExtension(Extension.nameConstraints, true, nameConstraints); } if (sans != null) { certGen.addExtension(Extension.subjectAlternativeName, false, sans); } X509CertificateHolder certHolder = certGen.build(new JcaContentSignerBuilder("SHA256withRSA") .build(caKeyEntry == null ? kp.getPrivate() : caKeyEntry.getPrivateKey())); java.security.cert.Certificate certificate; try (ByteArrayInputStream bais = new ByteArrayInputStream(certHolder.getEncoded())) { certificate = CertificateFactory.getInstance("X.509").generateCertificate(bais); } java.security.cert.Certificate[] certificateChain; if (caKeyEntry == null) { certificateChain = new java.security.cert.Certificate[] { certificate }; } else { certificateChain = new java.security.cert.Certificate[caKeyEntry.getCertificateChain().length + 1]; certificateChain[0] = certificate; System.arraycopy(caKeyEntry.getCertificateChain(), 0, certificateChain, 1, caKeyEntry.getCertificateChain().length); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setKeyEntry(DEFAULT_ALIAS, kp.getPrivate(), KEYSTORE_PASSWORD.toCharArray(), certificateChain); return keyStore; }
From source file:com.cordova.plugin.CertPlugin.java
License:Open Source License
private String getPriAndCsr() { try {/* ww w .j a v a 2 s.c o m*/ KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(2048); KeyPair pair = gen.generateKeyPair(); PrivateKey privateKey = pair.getPrivate(); Log.i(TAG, "privateKey : " + Base64.encodeToString(privateKey.getEncoded(), 0)); String strPrivateKey = Base64.encodeToString(privateKey.getEncoded(), 0); //? SharedPreferences SharedPreferences sp = this.cordova.getActivity().getSharedPreferences("SP", this.cordova.getActivity().getBaseContext().MODE_PRIVATE); //? SharedPreferences.Editor editor = sp.edit(); editor.putString("PRIVATE_KEY", strPrivateKey); editor.commit(); // PRIVATE_KEY Log.d("SP", sp.getString("PRIVATE_KEY", "none")); PublicKey publicKey = pair.getPublic(); // X500Principal subject = new X500Principal("C=NO, ST=Trondheim, L=Trondheim, O=Senthadev, OU=Innovation, CN=www.senthadev.com, EMAILADDRESS=senthadev@gmail.com"); ContentSigner signGen = new JcaContentSignerBuilder("SHA1withRSA").build(privateKey); X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); X500Name x500Name = x500NameBuilder.build(); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(x500Name, publicKey); PKCS10CertificationRequest csr = csrBuilder.build(signGen); Log.i(TAG, Base64.encodeToString(csr.getEncoded(), 0)); return Base64.encodeToString(csr.getEncoded(), 0); } catch (Exception e) { e.printStackTrace(); } return ""; }
From source file:com.cordova.plugin.CertPlugin.java
License:Open Source License
private CMSSignedData getCMSSignedData(String src, ArrayList<X509Certificate> certList, PrivateKey privateKey) { try {//w w w. j av a 2s . c o m CMSTypedData msg = new CMSProcessableByteArray(src.getBytes()); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(privateKey); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, certList.get(0))); gen.addCertificates(certs); return gen.generate(msg, false); } catch (Exception e) { e.printStackTrace(); } return null; }
From source file:com.cws.esolutions.security.dao.certmgmt.impl.CertificateManagerImpl.java
License:Apache License
/** * @see com.cws.esolutions.security.dao.certmgmt.interfaces.ICertificateManager#createCertificateRequest(List, String, int, int) *///from w ww .j a v a 2s .co m public synchronized File createCertificateRequest(final List<String> subjectData, final String storePassword, final int validityPeriod, final int keySize) throws CertificateManagementException { final String methodName = ICertificateManager.CNAME + "#createCertificateRequest(final List<String> subjectData, final String storePassword, final int validityPeriod, final int keySize) throws CertificateManagementException"; if (DEBUG) { DEBUGGER.debug(methodName); DEBUGGER.debug("Value: {}", subjectData); DEBUGGER.debug("Value: {}", validityPeriod); DEBUGGER.debug("Value: {}", keySize); } final File rootDirectory = certConfig.getRootDirectory(); final String signatureAlgorithm = certConfig.getSignatureAlgorithm(); final String certificateAlgorithm = certConfig.getCertificateAlgorithm(); final File privateKeyDirectory = FileUtils .getFile(certConfig.getPrivateKeyDirectory() + "/" + subjectData.get(0)); final File publicKeyDirectory = FileUtils .getFile(certConfig.getPublicKeyDirectory() + "/" + subjectData.get(0)); final File csrDirectory = FileUtils.getFile(certConfig.getCsrDirectory() + "/" + subjectData.get(0)); final File storeDirectory = FileUtils.getFile(certConfig.getStoreDirectory() + "/" + subjectData.get(0)); final X500Name x500Name = new X500Name("CN=" + subjectData.get(0) + ",OU=" + subjectData.get(1) + ",O=" + subjectData.get(2) + ",L=" + subjectData.get(3) + ",ST=" + subjectData.get(4) + ",C=" + subjectData.get(5) + ",E=" + subjectData.get(6)); if (DEBUG) { DEBUGGER.debug("rootDirectory: {}", rootDirectory); DEBUGGER.debug("signatureAlgorithm: {}", signatureAlgorithm); DEBUGGER.debug("certificateAlgorithm: {}", certificateAlgorithm); DEBUGGER.debug("privateKeyDirectory: {}", privateKeyDirectory); DEBUGGER.debug("publicKeyDirectory: {}", publicKeyDirectory); DEBUGGER.debug("csrDirectory: {}", csrDirectory); DEBUGGER.debug("storeDirectory: {}", storeDirectory); DEBUGGER.debug("x500Name: {}", x500Name); } File csrFile = null; JcaPEMWriter csrPemWriter = null; JcaPEMWriter publicKeyWriter = null; JcaPEMWriter privateKeyWriter = null; FileOutputStream csrFileStream = null; FileOutputStream keyStoreStream = null; FileOutputStream publicKeyFileStream = null; FileOutputStream privateKeyFileStream = null; OutputStreamWriter csrFileStreamWriter = null; OutputStreamWriter privateKeyStreamWriter = null; OutputStreamWriter publicKeyStreamWriter = null; try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, storePassword.toCharArray()); if (DEBUG) { DEBUGGER.debug("KeyStore: {}", keyStore); } SecureRandom random = new SecureRandom(); KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(certificateAlgorithm); keyGenerator.initialize(keySize, random); if (DEBUG) { DEBUGGER.debug("KeyGenerator: {}", keyGenerator); } KeyPair keyPair = keyGenerator.generateKeyPair(); if (DEBUG) { DEBUGGER.debug("KeyPair: {}", keyPair); } if (keyPair != null) { final Signature sig = Signature.getInstance(signatureAlgorithm); final PrivateKey privateKey = keyPair.getPrivate(); final PublicKey publicKey = keyPair.getPublic(); if (DEBUG) { DEBUGGER.debug("Signature: {}", sig); DEBUGGER.debug("PrivateKey: {}", privateKey); DEBUGGER.debug("PublicKey: {}", publicKey); } sig.initSign(privateKey, random); ContentSigner signGen = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey); if (DEBUG) { DEBUGGER.debug("ContentSigner: {}", signGen); } Calendar expiry = Calendar.getInstance(); expiry.add(Calendar.DAY_OF_YEAR, validityPeriod); if (DEBUG) { DEBUGGER.debug("Calendar: {}", expiry); } CertificateFactory certFactory = CertificateFactory.getInstance(certConfig.getCertificateType()); if (DEBUG) { DEBUGGER.debug("CertificateFactory: {}", certFactory); } X509Certificate[] issuerCert = new X509Certificate[] { (X509Certificate) certFactory .generateCertificate(new FileInputStream(certConfig.getIntermediateCertificateFile())) }; if (DEBUG) { DEBUGGER.debug("X509Certificate[]: {}", (Object) issuerCert); } keyStore.setCertificateEntry(certConfig.getRootCertificateName(), certFactory.generateCertificate( new FileInputStream(FileUtils.getFile(certConfig.getRootCertificateFile())))); keyStore.setCertificateEntry(certConfig.getIntermediateCertificateName(), certFactory.generateCertificate(new FileInputStream( FileUtils.getFile(certConfig.getIntermediateCertificateFile())))); PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name, publicKey); if (DEBUG) { DEBUGGER.debug("PKCS10CertificationRequestBuilder: {}", builder); } PKCS10CertificationRequest csr = builder.build(signGen); if (DEBUG) { DEBUGGER.debug("PKCS10CertificationRequest: {}", csr); } // write private key File privateKeyFile = FileUtils.getFile(privateKeyDirectory + "/" + subjectData.get(0) + SecurityServiceConstants.PRIVATEKEY_FILE_EXT); if (DEBUG) { DEBUGGER.debug("privateKeyFile: {}", privateKeyFile); } if (!(privateKeyFile.createNewFile())) { throw new IOException("Failed to store private file"); } privateKeyFileStream = new FileOutputStream(privateKeyFile); privateKeyStreamWriter = new OutputStreamWriter(privateKeyFileStream); if (DEBUG) { DEBUGGER.debug("privateKeyFileStream: {}", privateKeyFileStream); DEBUGGER.debug("privateKeyStreamWriter: {}", privateKeyStreamWriter); } privateKeyWriter = new JcaPEMWriter(privateKeyStreamWriter); privateKeyWriter.writeObject(privateKey); privateKeyWriter.flush(); privateKeyStreamWriter.flush(); privateKeyFileStream.flush(); // write public key File publicKeyFile = FileUtils.getFile(publicKeyDirectory + "/" + subjectData.get(0) + SecurityServiceConstants.PUBLICKEY_FILE_EXT); if (DEBUG) { DEBUGGER.debug("publicKeyFile: {}", publicKeyFile); } if (!(publicKeyFile.createNewFile())) { throw new IOException("Failed to store public key file"); } publicKeyFileStream = new FileOutputStream(publicKeyFile); publicKeyStreamWriter = new OutputStreamWriter(publicKeyFileStream); if (DEBUG) { DEBUGGER.debug("publicKeyFileStream: {}", publicKeyFileStream); DEBUGGER.debug("publicKeyStreamWriter: {}", publicKeyStreamWriter); } publicKeyWriter = new JcaPEMWriter(publicKeyStreamWriter); publicKeyWriter.writeObject(publicKey); publicKeyWriter.flush(); publicKeyStreamWriter.flush(); publicKeyFileStream.flush(); // write csr csrFile = FileUtils .getFile(csrDirectory + "/" + subjectData.get(0) + SecurityServiceConstants.CSR_FILE_EXT); if (DEBUG) { DEBUGGER.debug("csrFile: {}", csrFile); } if (!(csrFile.createNewFile())) { throw new IOException("Failed to store CSR file"); } csrFileStream = new FileOutputStream(csrFile); csrFileStreamWriter = new OutputStreamWriter(csrFileStream); if (DEBUG) { DEBUGGER.debug("publicKeyFileStream: {}", publicKeyFileStream); DEBUGGER.debug("publicKeyStreamWriter: {}", publicKeyStreamWriter); } csrPemWriter = new JcaPEMWriter(csrFileStreamWriter); csrPemWriter.writeObject(csr); csrPemWriter.flush(); csrFileStreamWriter.flush(); csrFileStream.flush(); File keyStoreFile = FileUtils .getFile(storeDirectory + "/" + subjectData.get(0) + "." + KeyStore.getDefaultType()); if (DEBUG) { DEBUGGER.debug("keyStoreFile: {}", keyStoreFile); } keyStoreStream = FileUtils.openOutputStream(keyStoreFile); if (DEBUG) { DEBUGGER.debug("keyStoreStream: {}", keyStoreStream); } keyStore.setKeyEntry(subjectData.get(0), (Key) keyPair.getPrivate(), storePassword.toCharArray(), issuerCert); keyStore.store(keyStoreStream, storePassword.toCharArray()); keyStoreStream.flush(); if (DEBUG) { DEBUGGER.debug("KeyStore: {}", keyStore); } } else { throw new CertificateManagementException("Failed to generate keypair. Cannot continue."); } } catch (FileNotFoundException fnfx) { throw new CertificateManagementException(fnfx.getMessage(), fnfx); } catch (IOException iox) { throw new CertificateManagementException(iox.getMessage(), iox); } catch (NoSuchAlgorithmException nsax) { throw new CertificateManagementException(nsax.getMessage(), nsax); } catch (IllegalStateException isx) { throw new CertificateManagementException(isx.getMessage(), isx); } catch (InvalidKeyException ikx) { throw new CertificateManagementException(ikx.getMessage(), ikx); } catch (OperatorCreationException ocx) { throw new CertificateManagementException(ocx.getMessage(), ocx); } catch (KeyStoreException ksx) { throw new CertificateManagementException(ksx.getMessage(), ksx); } catch (CertificateException cx) { throw new CertificateManagementException(cx.getMessage(), cx); } finally { if (csrFileStreamWriter != null) { IOUtils.closeQuietly(csrFileStreamWriter); } if (csrFileStream != null) { IOUtils.closeQuietly(csrFileStream); } if (csrPemWriter != null) { IOUtils.closeQuietly(csrPemWriter); } if (publicKeyFileStream != null) { IOUtils.closeQuietly(publicKeyFileStream); } if (publicKeyStreamWriter != null) { IOUtils.closeQuietly(publicKeyStreamWriter); } if (publicKeyWriter != null) { IOUtils.closeQuietly(publicKeyWriter); } if (privateKeyFileStream != null) { IOUtils.closeQuietly(privateKeyFileStream); } if (privateKeyStreamWriter != null) { IOUtils.closeQuietly(privateKeyStreamWriter); } if (privateKeyWriter != null) { IOUtils.closeQuietly(privateKeyWriter); } if (keyStoreStream != null) { IOUtils.closeQuietly(keyStoreStream); } } return csrFile; }
From source file:com.delcyon.capo.crypto.CertificateRequestProcessor.java
License:Open Source License
@Override public void process(ClientRequest clientRequest) throws Exception { String type = XPath.selectSingleNodeValue(clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.TYPE); if (type == null || type.trim().isEmpty()) { throw new ControllerProcessingException("CertificateRequest missing type attribute", clientRequest.getRequestDocument()); } else {//from ww w.ja v a 2 s . co m Element certificateRequestElement = (Element) XPath.selectSingleNode( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest"); String publicKeyString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.CLIENT_PUBLIC_KEY); String dhGeneratorString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.DH_GENERATOR); String dhLengthString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.DH_LENGTH); String dhPrimeString = XPath.selectSingleNodeValue( clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.DH_PRIME); String clientID = XPath.selectSingleNodeValue(clientRequest.getRequestDocument().getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.CLIENT_ID); //process clientID //check to see if client ID is a valid client id, if not, we need to create a new one if (clientID == null || clientID.matches("capo\\.client\\.0") || clientID.matches("capo\\.client\\.\\d+") == false) { clientID = "capo.client." + CapoApplication.getDataManager().nextValue("client_id_sequence") + ""; } //create parameter specs BigInteger dhParameterSpecGenerator = new BigInteger(dhGeneratorString, 16); BigInteger dhParameterSpecPrime = new BigInteger(dhPrimeString, 16); int dhParameterSpecLength = Integer.parseInt(dhLengthString); //on remote generate a key pair using original specs KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("DH"); DHParameterSpec dhParameterSpec2 = new DHParameterSpec(dhParameterSpecPrime, dhParameterSpecGenerator, dhParameterSpecLength); keyPairGenerator2.initialize(dhParameterSpec2); //generate remote key pair KeyPair keyPair2 = keyPairGenerator2.generateKeyPair(); byte[] encodedPublicKey2 = keyPair2.getPublic().getEncoded(); //start remote key agreement KeyAgreement keyAgreement2 = KeyAgreement.getInstance("DH"); keyAgreement2.init(keyPair2.getPrivate()); //read in keyspec KeyFactory keyFactory2 = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509Spec2 = new X509EncodedKeySpec( DatatypeConverter.parseBase64Binary(publicKeyString)); //load keyspec, and finish key agreement PublicKey publicKey1 = keyFactory2.generatePublic(x509Spec2); keyAgreement2.doPhase(publicKey1, true); //get remote secret key byte secret2[] = keyAgreement2.generateSecret(); //use our secret to generate our remote secret key SecretKeyFactory secretKeyFactory2 = SecretKeyFactory.getInstance("DES"); DESKeySpec desKeySpec2 = new DESKeySpec(secret2); SecretKey secretKey2 = secretKeyFactory2.generateSecret(desKeySpec2); //encrypt message Cipher cipher2 = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher2.init(Cipher.ENCRYPT_MODE, secretKey2); byte encryptedMessage[] = cipher2.doFinal(CapoApplication.getCeritifcate()); //populate attributes certificateRequestElement.setAttribute(CertificateRequest.Attributes.SERVER_PUBLIC_KEY.toString(), DatatypeConverter.printBase64Binary(encodedPublicKey2)); certificateRequestElement.setAttribute(CertificateRequest.Attributes.PAYLOAD.toString(), DatatypeConverter.printBase64Binary(encryptedMessage)); certificateRequestElement.setAttribute(CertificateRequest.Attributes.SERVER_ID.toString(), CapoApplication.getConfiguration().getValue(CapoServer.Preferences.SERVER_ID)); certificateRequestElement.setAttribute(CertificateRequest.Attributes.CLIENT_ID.toString(), clientID); String oneTimePassword = CapoApplication.getConfiguration() .getValue(PREFERENCE.CLIENT_VERIFICATION_PASSWORD); if (oneTimePassword.isEmpty()) { oneTimePassword = (new Random().nextInt(Integer.MAX_VALUE)) + ""; CapoApplication.logger.log(Level.INFO, "One time client verification password = '" + oneTimePassword + "'"); } Document originalRequestDocument = clientRequest.getRequestDocument(); //chnage this to a response, and send it back ((CNode) originalRequestDocument.getDocumentElement()).setNodeName("ServerResponse"); ((CNode) originalRequestDocument.getDocumentElement().getElementsByTagName("CertificateRequest") .item(0)).setNodeName("CertificateRequestResponse"); clientRequest.getXmlStreamProcessor().writeDocument(originalRequestDocument); Document requestDocument = clientRequest.getXmlStreamProcessor().readNextDocument(); byte[] encryptedPayload = DatatypeConverter .parseBase64Binary(XPath.selectSingleNodeValue(requestDocument.getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.PAYLOAD)); //decrypt message cipher2.init(Cipher.DECRYPT_MODE, secretKey2); String returnedPassword = new String(cipher2.doFinal(encryptedPayload)); if (oneTimePassword.equals(returnedPassword)) { //create certificate from public key byte[] clientPublicKeyBytes = DatatypeConverter .parseBase64Binary(XPath.selectSingleNodeValue(requestDocument.getDocumentElement(), "//CertificateRequest/@" + CertificateRequest.Attributes.CLIENT_PUBLIC_KEY)); KeyFactory keyFactory3 = KeyFactory.getInstance("RSA"); X509EncodedKeySpec x509Spec3 = new X509EncodedKeySpec(clientPublicKeyBytes); //load keyspec, and finish key agreement PublicKey clientPublicKey = keyFactory3.generatePublic(x509Spec3); X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); String clientAlias = clientID + ".cert"; x500NameBuilder.addRDN(BCStyle.CN, clientAlias); String serverAlias = CapoApplication.getConfiguration().getValue(Preferences.SERVER_ID) + ".private"; RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) CapoApplication.getKeyStore().getKey(serverAlias, CapoApplication.getConfiguration().getValue(Configuration.PREFERENCE.KEYSTORE_PASSWORD) .toCharArray()); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(rsaPrivateKey); Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.MONTH, CapoApplication.getConfiguration().getIntValue(Preferences.KEY_MONTHS_VALID)); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( x500NameBuilder.build(), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 50000), calendar.getTime(), x500NameBuilder.build(), clientPublicKey); X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certificateBuilder.build(contentSigner)); CapoApplication.getKeyStore().setCertificateEntry(clientAlias, certificate); ((CapoServer) CapoApplication.getApplication()).writeKeyStore(CapoApplication.getKeyStore()); Document responseDocument = CapoApplication.getDefaultDocument("default_response.xml"); responseDocument.getDocumentElement().setAttribute("result", "SUCCESS"); clientRequest.getXmlStreamProcessor().writeDocument(responseDocument); } else { Document responseDocument = CapoApplication.getDefaultDocument("default_response.xml"); responseDocument.getDocumentElement().setAttribute("result", "WRONG_PASSWORD"); clientRequest.getXmlStreamProcessor().writeDocument(responseDocument); } } }
From source file:com.delcyon.capo.server.CapoServer.java
License:Open Source License
/** * This loads an xml file, starts he server, and sends the document as a * request, then returns an array of [requestDocument,responseDocument] * TESTING ONLY/*www. j a v a2 s. c o m*/ * * @param filename * @return * @throws Exception */ private KeyStore buildKeyStore() throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); char[] password = getConfiguration().getValue(PREFERENCE.KEYSTORE_PASSWORD).toCharArray(); //generate keys KeyPairGenerator rsakeyPairGenerator = KeyPairGenerator.getInstance("RSA"); rsakeyPairGenerator.initialize(getConfiguration().getIntValue(Preferences.KEY_SIZE)); KeyPair rsaKeyPair = rsakeyPairGenerator.generateKeyPair(); //begin bouncy castle crap X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE); x500NameBuilder.addRDN(BCStyle.CN, getConfiguration().getValue(Preferences.SERVER_ID)); ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC) .build(rsaKeyPair.getPrivate()); Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.MONTH, getConfiguration().getIntValue(Preferences.KEY_MONTHS_VALID)); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 50000), calendar.getTime(), x500NameBuilder.build(), rsaKeyPair.getPublic()); X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certificateBuilder.build(contentSigner)); //end bouncy castle crap keyStore.load(null, password); KeyStore.TrustedCertificateEntry trustedCertificateEntry = new TrustedCertificateEntry(certificate); keyStore.setEntry(getConfiguration().getValue(Preferences.SERVER_ID), trustedCertificateEntry, null); keyStore.setEntry("capo.server.cert", trustedCertificateEntry, null); KeyStore.PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(rsaKeyPair.getPrivate(), new Certificate[] { certificate }); keyStore.setEntry(getConfiguration().getValue(Preferences.SERVER_ID) + ".private", privateKeyEntry, new KeyStore.PasswordProtection(password)); writeKeyStore(keyStore); return keyStore; }
From source file:com.difference.historybook.server.CertManager.java
License:Apache License
private static X509Certificate signCertificate(X509v3CertificateBuilder certificateBuilder, PrivateKey signedWithPrivateKey) throws OperatorCreationException, CertificateException { ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER_NAME) .build(signedWithPrivateKey); X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER_NAME) .getCertificate(certificateBuilder.build(signer)); return cert;//from w w w . jav a 2s .co m }