List of usage examples for org.bouncycastle.pkcs.jcajce JcaPKCS12SafeBagBuilder JcaPKCS12SafeBagBuilder
public JcaPKCS12SafeBagBuilder(PrivateKey privateKey)
From source file:com.aqnote.shared.cryptology.cert.io.PKCSWriter.java
License:Open Source License
public static void storePKCS12File(X509Certificate[] chain, PrivateKey key, char[] pwd, OutputStream ostream) throws Exception { if (chain == null || key == null || ostream == null) return;/*from ww w . ja v a2 s .co m*/ PKCS12SafeBag[] certSafeBags = new PKCS12SafeBag[chain.length]; for (int i = chain.length - 1; i > 0; i--) { PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(chain[i]); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(CertificateUtil.getSubjectCN(chain[i]))); certSafeBags[i] = safeBagBuilder.build(); } X509Certificate cert = chain[0]; String subjectCN = CertificateUtil.getSubjectCN(cert); SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(cert.getPublicKey()); PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(cert); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); safeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); certSafeBags[0] = safeBagBuilder.build(); PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); // desEDE/id_aes256_CBC OutputEncryptor oKeyEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd3_KeyTripleDES_CBC) .setProvider(JCE_PROVIDER).build(pwd); PKCS12SafeBagBuilder keySafeBagBuilder = new JcaPKCS12SafeBagBuilder(key, oKeyEncryptor); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); pfxPduBuilder.addData(keySafeBagBuilder.build()); OutputEncryptor oCertEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd40BitRC2_CBC) .setProvider(JCE_PROVIDER).build(pwd); pfxPduBuilder.addEncryptedData(oCertEncryptor, certSafeBags); // PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new JcePKCS12MacCalculatorBuilder(idSHA1), pwd); BcPKCS12MacCalculatorBuilder builder = new BcPKCS12MacCalculatorBuilder(new SHA1Digest(), new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE)); PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(builder, pwd); ostream.write(pfxPdu.getEncoded(ASN1Encoding.DER)); ostream.close(); }
From source file:com.aqnote.shared.cryptology.cert.util.KeyStoreUtil.java
License:Open Source License
public static KeyStore readPKCS12KeyStore(String alias, Certificate[] chain, KeyPair keyPair, char[] pwd) throws Exception { PKCS12SafeBagBuilder BagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate) chain[0]); BagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(alias)); SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()); BagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); KeyStore store = KeyStore.getInstance(KEY_STORE_TYPE, JCE_PROVIDER); store.load(null, null);//from w ww . j ava 2s. c o m store.setKeyEntry(alias, keyPair.getPrivate(), pwd, chain); return store; }
From source file:com.aqnote.shared.encrypt.cert.bc.cover.PKCSWriter.java
License:Open Source License
public static void storePKCS12File(X509Certificate[] chain, PrivateKey key, char[] pwd, OutputStream ostream) throws Exception { if (chain == null || key == null || ostream == null) return;/*from w ww . j a va 2 s. co m*/ PKCS12SafeBag[] certSafeBags = new PKCS12SafeBag[chain.length]; for (int i = chain.length - 1; i > 0; i--) { PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(chain[i]); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(CertificateUtil.getSubjectCN(chain[i]))); certSafeBags[i] = safeBagBuilder.build(); } X509Certificate cert = (X509Certificate) chain[0]; String subjectCN = CertificateUtil.getSubjectCN(cert); SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(cert.getPublicKey()); PKCS12SafeBagBuilder safeBagBuilder = new JcaPKCS12SafeBagBuilder(cert); safeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); safeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); certSafeBags[0] = safeBagBuilder.build(); PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); // desEDE/id_aes256_CBC OutputEncryptor oKeyEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd3_KeyTripleDES_CBC) .setProvider(JCE_PROVIDER).build(pwd); PKCS12SafeBagBuilder keySafeBagBuilder = new JcaPKCS12SafeBagBuilder(key, oKeyEncryptor); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString(subjectCN)); keySafeBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); pfxPduBuilder.addData(keySafeBagBuilder.build()); OutputEncryptor oCertEncryptor = new JcePKCSPBEOutputEncryptorBuilder(pbeWithSHAAnd40BitRC2_CBC) .setProvider(JCE_PROVIDER).build(pwd); pfxPduBuilder.addEncryptedData(oCertEncryptor, certSafeBags); // PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new // JcePKCS12MacCalculatorBuilder(idSHA1), pwd); PKCS12PfxPdu pfxPdu = pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), pwd); ostream.write(pfxPdu.getEncoded(ASN1Encoding.DER)); ostream.close(); }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
@Override public byte[] encodePKCS12(X509Certificate[] crtChain, KeyPair key, PKCS10Object csr, X509CRL crl, PasswordCallback password, String resource) throws IOException, PasswordRequiredException { String passwordInput = (password != null ? password.queryPassword(resource) : null); if (password != null && passwordInput == null) { throw new PasswordRequiredException("Password input cancelled while writing PKCS#12 file"); }//from w w w.j av a 2 s . co m PKCS12SafeBagBuilder[] crtBagBuilders = new PKCS12SafeBagBuilder[crtChain != null ? crtChain.length : 0]; DERBMPString crt0FriendlyName = null; SubjectKeyIdentifier subjectKeyIdentifier = null; if (crtChain != null) { int crtIndex = 0; for (X509Certificate crt : crtChain) { PKCS12SafeBagBuilder crtBagBuilder = crtBagBuilders[crtIndex] = new JcaPKCS12SafeBagBuilder(crt); DERBMPString crtFriendlyName = new DERBMPString(crt.getSubjectX500Principal().toString()); crtBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, crtFriendlyName); if (crtIndex == 0) { crt0FriendlyName = crtFriendlyName; try { JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils(); subjectKeyIdentifier = extensionUtils.createSubjectKeyIdentifier(crt.getPublicKey()); } catch (NoSuchAlgorithmException e) { throw new StoreProviderException(e); } } crtIndex++; } } PKCS12SafeBagBuilder keyBagBuilder = null; if (key != null) { if (passwordInput != null) { BcPKCS12PBEOutputEncryptorBuilder keyBagEncryptorBuilder = new BcPKCS12PBEOutputEncryptorBuilder( PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())); OutputEncryptor keyBagEncrypter = keyBagEncryptorBuilder.build(passwordInput.toCharArray()); keyBagBuilder = new JcaPKCS12SafeBagBuilder(key.getPrivate(), keyBagEncrypter); } else { keyBagBuilder = new JcaPKCS12SafeBagBuilder(key.getPrivate()); } if (crtBagBuilders.length > 0) { crtBagBuilders[0].addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, subjectKeyIdentifier); keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, subjectKeyIdentifier); keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, crt0FriendlyName); } } PKCS12SafeBag[] crtBags = new PKCS12SafeBag[crtBagBuilders.length]; int crtBagIndex = 0; for (PKCS12SafeBagBuilder crtBagBuilder : crtBagBuilders) { crtBags[crtBagIndex] = crtBagBuilder.build(); crtBagIndex++; } PKCS12PfxPduBuilder pkcs12Builder = new PKCS12PfxPduBuilder(); if (passwordInput != null) { BcPKCS12PBEOutputEncryptorBuilder crtBagEncryptorBuilder = new BcPKCS12PBEOutputEncryptorBuilder( PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())); OutputEncryptor crtBagEncryptor = crtBagEncryptorBuilder.build(passwordInput.toCharArray()); pkcs12Builder.addEncryptedData(crtBagEncryptor, crtBags); } else { for (PKCS12SafeBag crtBag : crtBags) { pkcs12Builder.addData(crtBag); } } if (keyBagBuilder != null) { pkcs12Builder.addData(keyBagBuilder.build()); } PKCS12PfxPdu pkcs12; try { if (passwordInput != null) { pkcs12 = pkcs12Builder.build(new BcPKCS12MacCalculatorBuilder(), passwordInput.toCharArray()); } else { pkcs12 = pkcs12Builder.build(null, null); } } catch (PKCSException e) { throw new StoreProviderException(e); } return pkcs12.getEncoded(); }