List of usage examples for java.security KeyPair getPublic
public PublicKey getPublic()
From source file:MainClass.java
public static X509Certificate generateV1Certificate(KeyPair pair) throws InvalidKeyException, NoSuchProviderException, SignatureException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=Test Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000)); certGen.setSubjectDN(new X500Principal("CN=Test Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.generateX509Certificate(pair.getPrivate(), "BC"); }
From source file:org.opensaml.xml.security.XMLSecurityHelper.java
/** * Generate a random asymmetric key pair and return in a BasicCredential. * //from w w w . ja v a2 s . c o m * @param algorithmURI The XML Encryption algorithm URI * @param keyLength key length * @param includePrivate if true, the private key will be included as well * @return a basic credential containing a randomly generated asymmetric key pair * @throws NoSuchAlgorithmException algorithm not found * @throws NoSuchProviderException provider not found */ public static Credential generateKeyPairAndCredential(String algorithmURI, int keyLength, boolean includePrivate) throws NoSuchAlgorithmException, NoSuchProviderException { KeyPair keyPair = generateKeyPairFromURI(algorithmURI, keyLength); BasicCredential credential = new BasicCredential(); credential.setPublicKey(keyPair.getPublic()); if (includePrivate) { credential.setPrivateKey(keyPair.getPrivate()); } return credential; }
From source file:com.vmware.identity.sts.auth.impl.UserCertAuthenticatorTest.java
private static X509Certificate generateCertificate(KeyPair keyPair, String dn) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic()); v3CertGen.addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(upn)) })))); X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:org.panbox.core.pairing.file.PanboxFilePairingUtils.java
/** * Stores a pairing file at the specified path for the specified device and * type//from w w w . ja va 2 s .co m * * @param outputFile * Pairing file to be saved * @param devicename * Name of the device that should be paired * @param password * Password of the identity */ public static PanboxFilePairingWriteReturnContainer storePairingFile(File outputFile, String devicename, char[] password, PairingType type, DeviceType devType, String eMail, String firstName, String lastName, PrivateKey privEncKey, X509Certificate encCert, PrivateKey privSignKey, X509Certificate signCert, Map<String, X509Certificate> devices, Collection<VCard> contacts) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException { logger.debug("PanboxFilePairingUtils : storePairingFile : Storing pairing container to: " + outputFile.getAbsolutePath()); ZipArchiveOutputStream out = new ZipArchiveOutputStream(new FileOutputStream(outputFile)); // 1. add device name to pairing file ZipArchiveEntry entry = new ZipArchiveEntry("devicename"); entry.setSize(devicename.getBytes().length); out.putArchiveEntry(entry); out.write(devicename.getBytes()); out.flush(); out.closeArchiveEntry(); // 2. add device name to pairing file entry = new ZipArchiveEntry("email"); entry.setSize(eMail.getBytes().length); out.putArchiveEntry(entry); out.write(eMail.getBytes()); out.flush(); out.closeArchiveEntry(); // 3. add device name to pairing file entry = new ZipArchiveEntry("firstname"); entry.setSize(firstName.getBytes().length); out.putArchiveEntry(entry); out.write(firstName.getBytes()); out.flush(); out.closeArchiveEntry(); // 4. add device name to pairing file entry = new ZipArchiveEntry("lastname"); entry.setSize(lastName.getBytes().length); out.putArchiveEntry(entry); out.write(lastName.getBytes()); out.flush(); out.closeArchiveEntry(); // 5. generate and add a new device key + cert for the newly device KeyPair devKey = CryptCore.generateKeypair(); X509Certificate devCert = CryptCore.createSelfSignedX509Certificate(devKey.getPrivate(), devKey.getPublic(), new PairingIPersonDummy(eMail, firstName, lastName)); KeyStore devKeyStore = KeyStore.getInstance("PKCS12"); devKeyStore.load(null, null); devKeyStore.setKeyEntry(devicename, (Key) devKey.getPrivate(), password, new Certificate[] { devCert }); ByteArrayOutputStream baos = new ByteArrayOutputStream(); devKeyStore.store(baos, password); baos.flush(); byte[] data = baos.toByteArray(); entry = new ZipArchiveEntry("devicekey.p12"); entry.setSize(data.length); out.putArchiveEntry(entry); out.write(data); out.flush(); out.closeArchiveEntry(); // 6. add device certs and names for all known devices baos = new ByteArrayOutputStream(); ByteArrayOutputStream deviceNamesFile = new ByteArrayOutputStream(); KeyStore deviceKeyStore = KeyStore.getInstance("BKS"); deviceKeyStore.load(null, null); int i = 0; for (Entry<String, X509Certificate> device : devices.entrySet()) { deviceKeyStore.setCertificateEntry("device" + i, device.getValue()); deviceNamesFile.write(("device" + i + DELIMITER + device.getKey() + "\n").getBytes()); ++i; } deviceKeyStore.store(baos, password); baos.flush(); deviceNamesFile.flush(); byte[] data2 = deviceNamesFile.toByteArray(); entry = new ZipArchiveEntry("knownDevices.list"); entry.setSize(data2.length); out.putArchiveEntry(entry); out.write(data2); out.flush(); data = baos.toByteArray(); entry = new ZipArchiveEntry("knownDevices.bks"); entry.setSize(data.length); out.putArchiveEntry(entry); out.write(data); out.flush(); // 7. add vcard for all known contacts File tempContacts = File.createTempFile("panboxContacts", null); AbstractAddressbookManager.exportContacts(contacts, tempContacts); FileInputStream fis = new FileInputStream(tempContacts); data = new byte[(int) tempContacts.length()]; fis.read(data); fis.close(); tempContacts.delete(); entry = new ZipArchiveEntry("contacts.vcard"); entry.setSize(data.length); out.putArchiveEntry(entry); out.write(data); out.flush(); // 8. add owner certs or keys in case of main/restricted KeyStore ownerKeyStore = null; if (type == PairingType.MASTER) { ownerKeyStore = KeyStore.getInstance("PKCS12"); ownerKeyStore.load(null, null); ownerKeyStore.setKeyEntry("ownerEncKey", privEncKey, password, new Certificate[] { encCert }); ownerKeyStore.setKeyEntry("ownerSignKey", privSignKey, password, new Certificate[] { signCert }); entry = new ZipArchiveEntry("ownerKeys.p12"); } else { ownerKeyStore = KeyStore.getInstance("BKS"); ownerKeyStore.load(null, null); ownerKeyStore.setCertificateEntry("ownerEncCert", encCert); ownerKeyStore.setCertificateEntry("ownerSignCert", signCert); entry = new ZipArchiveEntry("ownerCerts.bks"); } baos = new ByteArrayOutputStream(); ownerKeyStore.store(baos, password); baos.flush(); data = baos.toByteArray(); entry.setSize(data.length); out.putArchiveEntry(entry); out.write(data); out.flush(); out.closeArchiveEntry(); out.flush(); out.close(); logger.debug("PanboxFilePairingUtils : storePairingFile : Storing pairing container finished."); return new PanboxFilePairingWriteReturnContainer(devicename, devCert, devType); }
From source file:com.vmware.identity.openidconnect.client.TestUtils.java
static X509Certificate generateCertificate(KeyPair keyPair, String dn, String subjectAltName) throws Exception { ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()); Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + dn), new BigInteger(64, new SecureRandom()), startDate, endDate, new X500Name("CN=" + dn), keyPair.getPublic()); if (subjectAltName != null) { v3CertGen// w w w.j av a2s .com .addExtension(Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(GeneralName.otherName, new DERSequence(new ASN1Encodable[] { new DERObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DERTaggedObject(true, 0, new DERUTF8String(subjectAltName)) })))); } X509CertificateHolder certHolder = v3CertGen.build(sigGen); X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(certHolder); return x509Certificate; }
From source file:io.vertx.config.vault.utils.Certificates.java
/** * See http://www.programcreek.com/java-api-examples/index.php?api=org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder * * @param keyPair The RSA keypair with which to generate the certificate * @param issuer The issuer (and subject) to use for the certificate * @return An X509 certificate/*from w w w.j av a2 s.co m*/ * @throws IOException * @throws OperatorCreationException * @throws CertificateException * @throws NoSuchProviderException * @throws NoSuchAlgorithmException * @throws InvalidKeyException * @throws SignatureException */ private static X509Certificate generateCert(final KeyPair keyPair, final String issuer) throws IOException, OperatorCreationException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { final String subject = issuer; final X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(new X500Name(issuer), BigInteger.ONE, new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), new X500Name(subject), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())); final GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.iPAddress, "127.0.0.1")); certificateBuilder.addExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName, false, subjectAltNames); final AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder() .find("SHA1WithRSAEncryption"); final AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); final BcContentSignerBuilder signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId); final AsymmetricKeyParameter keyp = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()); final ContentSigner signer = signerBuilder.build(keyp); final X509CertificateHolder x509CertificateHolder = certificateBuilder.build(signer); final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder); certificate.checkValidity(new Date()); certificate.verify(keyPair.getPublic()); return certificate; }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
/** * @param kp/*from w w w .java 2s . co m*/ * @param issuer * @param subject * * @return */ public static X509Certificate generateCaCertificate(final String friendlyName, final KeyPair kp, final BigInteger serial, final X509Name issuer, final X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); setNotBeforeNotAfter(gen, 20); // The CA certificate is valid for 20 years gen.setSubjectDN(subject); gen.setPublicKey(kp.getPublic()); gen.setSignatureAlgorithm(getSignatureAlgorithm()); if (serial != null) gen.setSerialNumber(serial); else gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addCaExtensions(gen, kp.getPublic()); // gen.addExtension(X509Extensions.SubjectKeyIdentifier, false, // new SubjectKeyIdentifierStructure(kp.getPublic())); cert = gen.generate(kp.getPrivate(), "BC"); cert.checkValidity(); cert.verify(kp.getPublic(), "BC"); if (friendlyName != null) { PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(friendlyName)); } return cert; }
From source file:com.streamreduce.util.CAGenerator.java
public static X509Certificate generateCACert(KeyPair keyPair) throws Exception { Date startDate = new Date(System.currentTimeMillis()); // time from which certificate is valid Calendar expiry = Calendar.getInstance(); expiry.add(Calendar.DAY_OF_YEAR, 1000 * 365); Date expiryDate = expiry.getTime(); // time after which certificate is not valid BigInteger serialNumber = new BigInteger(Long.toString(System.currentTimeMillis())); // serial number for certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal("CN=Nodeable Client"); certGen.setSerialNumber(serialNumber); certGen.setIssuerDN(dnName);//from ww w. j av a2s . com certGen.setNotBefore(startDate); certGen.setNotAfter(expiryDate); certGen.setSubjectDN(dnName); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("MD5withRSA"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic())); return certGen.generate(keyPair.getPrivate()); // note: private key of CA }
From source file:com.kixeye.chassis.transport.shared.JettyConnectorRegistry.java
/** * Register to listen to HTTPS.// w ww .j ava 2 s. c o m * * @param server * @param address * @throws Exception */ public static void registerHttpsConnector(Server server, InetSocketAddress address, boolean selfSigned, boolean mutualSsl, String keyStorePath, String keyStoreData, String keyStorePassword, String keyManagerPassword, String trustStorePath, String trustStoreData, String trustStorePassword, String[] excludedCipherSuites) throws Exception { // SSL Context Factory SslContextFactory sslContextFactory = new SslContextFactory(); if (selfSigned) { char[] passwordChars = UUID.randomUUID().toString().toCharArray(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, passwordChars); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); KeyPair keyPair = keyPairGenerator.generateKeyPair(); X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()).abs()); v3CertGen.setIssuerDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None")); v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * 10))); v3CertGen.setSubjectDN(new X509Principal("CN=" + "kixeye.com" + ", OU=None, O=None L=None, C=None")); v3CertGen.setPublicKey(keyPair.getPublic()); v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption"); X509Certificate privateKeyCertificate = v3CertGen.generateX509Certificate(keyPair.getPrivate()); keyStore.setKeyEntry("selfSigned", keyPair.getPrivate(), passwordChars, new java.security.cert.Certificate[] { privateKeyCertificate }); ByteArrayOutputStream keyStoreBaos = new ByteArrayOutputStream(); keyStore.store(keyStoreBaos, passwordChars); keyStoreData = new String(Hex.encode(keyStoreBaos.toByteArray()), Charsets.UTF_8); keyStorePassword = new String(passwordChars); keyManagerPassword = keyStorePassword; sslContextFactory.setTrustAll(true); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); if (StringUtils.isNotBlank(keyStoreData)) { keyStore.load(new ByteArrayInputStream(Hex.decode(keyStoreData)), keyStorePassword.toCharArray()); } else if (StringUtils.isNotBlank(keyStorePath)) { try (InputStream inputStream = new DefaultResourceLoader().getResource(keyStorePath).getInputStream()) { keyStore.load(inputStream, keyStorePassword.toCharArray()); } } sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyStorePassword(keyStorePassword); if (StringUtils.isBlank(keyManagerPassword)) { keyManagerPassword = keyStorePassword; } sslContextFactory.setKeyManagerPassword(keyManagerPassword); KeyStore trustStore = null; if (StringUtils.isNotBlank(trustStoreData)) { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(new ByteArrayInputStream(Hex.decode(trustStoreData)), trustStorePassword.toCharArray()); } else if (StringUtils.isNotBlank(trustStorePath)) { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream inputStream = new DefaultResourceLoader().getResource(trustStorePath) .getInputStream()) { trustStore.load(inputStream, trustStorePassword.toCharArray()); } } if (trustStore != null) { sslContextFactory.setTrustStore(trustStore); sslContextFactory.setTrustStorePassword(trustStorePassword); } sslContextFactory.setNeedClientAuth(mutualSsl); sslContextFactory.setExcludeCipherSuites(excludedCipherSuites); // SSL Connector ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory()); connector.setHost(address.getHostName()); connector.setPort(address.getPort()); server.addConnector(connector); }
From source file:org.umit.icm.mobile.utils.ProfilerRun.java
private static void profileRSAEncrypt() { Profiler profiler = new Profiler(); profiler.runProfiler(new TaskInterface() { public void task() { try { KeyPair keyPair = RSACrypto.generateKey(); RSACrypto.encryptPublic(keyPair.getPublic(), "This is a test string"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace();// ww w .j a v a2 s . com } } public String taskName() { return "RSA Public Encryption"; } }); }