List of usage examples for java.security SecureRandom nextBytes
@Override public void nextBytes(byte[] bytes)
From source file:org.bedework.util.security.pki.PKITools.java
/** * @return RSAKeys/* w ww. j ava 2 s . co m*/ * @throws PKIException */ public RSAKeys genRSAKeys() throws PKIException { RSAKeys keys = new RSAKeys(); try { SecureRandom secureRandom = new SecureRandom(); secureRandom.nextBytes(new byte[1]); KeyPairGenerator rsaKeyGen; if (curSchema.pName == null) { rsaKeyGen = KeyPairGenerator.getInstance(curSchema.keyFactory); } else { rsaKeyGen = KeyPairGenerator.getInstance(curSchema.keyFactory, curSchema.pName); } rsaKeyGen.initialize(1024, secureRandom); if (trace()) { trace("Generating keys..."); } KeyPair rsaKeyPair = rsaKeyGen.generateKeyPair(); if (trace()) { trace("Saving Public Key..."); } keys.privateKey = rsaKeyPair.getPrivate().getEncoded(); keys.publicKey = rsaKeyPair.getPublic().getEncoded(); if (trace()) { trace("Done..."); } return keys; } catch (Throwable t) { throw new PKIException(t); } }
From source file:test.unit.be.agiv.security.handler.WSSecurityHandlerTest.java
private X509Certificate generateSelfSignedCertificate(KeyPair keyPair) throws Exception { X500Name issuer = new X500Name("CN=Test"); X500Name subject = issuer;/* w ww .j a va2s . c o m*/ SecureRandom secureRandom = new SecureRandom(); byte[] serialValue = new byte[8]; secureRandom.nextBytes(serialValue); BigInteger serial = new BigInteger(serialValue); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusMonths(1); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuer, serial, notBefore.toDate(), notAfter.toDate(), subject, publicKeyInfo); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory .createKey(keyPair.getPrivate().getEncoded()); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId) .build(asymmetricKeyParameter); X509CertificateHolder x509CertificateHolder = x509v3CertificateBuilder.build(contentSigner); byte[] encodedCertificate = x509CertificateHolder.getEncoded(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(encodedCertificate)); return certificate; }
From source file:wssec.TestWSSecurityNewSCT.java
public void testSCTKDKTSign() { try {/*from w w w . j a va2 s .c o m*/ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(); sctBuilder.prepare(doc, crypto); SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); byte[] tempSecret = new byte[16]; random.nextBytes(tempSecret); // Store the secret this.secrets.put(sctBuilder.getIdentifier(), tempSecret); String tokenId = sctBuilder.getSctId(); // Derived key signature WSSecDKSign sigBuilder = new WSSecDKSign(); sigBuilder.setExternalKey(tempSecret, tokenId); sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1); sigBuilder.build(doc, secHeader); sctBuilder.prependSCTElementToHeader(doc, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } verify(doc); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } }
From source file:wssec.TestWSSecurityNewSCT.java
/** * Test encryption using a derived key which is based on a secret associated * with a security context token/*from ww w . j av a2 s . c om*/ */ public void testSCTDKTEncrypt() { try { SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(); sctBuilder.prepare(doc, crypto); SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); byte[] tempSecret = new byte[16]; random.nextBytes(tempSecret); // Store the secret this.secrets.put(sctBuilder.getIdentifier(), tempSecret); String tokenId = sctBuilder.getSctId(); // Derived key encryption WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt(); encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128); encrBuilder.setExternalKey(tempSecret, tokenId); encrBuilder.build(doc, secHeader); sctBuilder.prependSCTElementToHeader(doc, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } verify(doc); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } }
From source file:wssec.TestWSSecurityNewSCT.java
/** * Test for WSS-217://from www .j av a 2 s.c o m * "Add ability to specify a reference to an absolute URI in the derived key functionality". */ public void testSCTKDKTSignAbsolute() { try { SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(); sctBuilder.prepare(doc, crypto); SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); byte[] tempSecret = new byte[16]; random.nextBytes(tempSecret); // Store the secret this.secrets.put(sctBuilder.getIdentifier(), tempSecret); // Derived key signature WSSecDKSign sigBuilder = new WSSecDKSign(); sigBuilder.setExternalKey(tempSecret, sctBuilder.getIdentifier()); sigBuilder.setTokenIdDirectId(true); sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1); sigBuilder.build(doc, secHeader); sctBuilder.prependSCTElementToHeader(doc, secHeader); if (LOG.isDebugEnabled()) { LOG.debug("DKT Absolute"); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } verify(doc); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } }
From source file:keyserver.KeyServerServlet.java
private String createKeyForUser(User _user) { SecureRandom srand = new SecureRandom(); byte[] iv = new byte[512]; srand.nextBytes(iv); MessageDigest md = null;//from w w w .ja va2 s. co m // This block initializes the MessageDigest try { md = MessageDigest.getInstance("SHA-256"); } catch (NoSuchAlgorithmException e) { // Not going to happen. Every implementation of Java is required // to support SHA-256, please see here: // http://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html } md.update(iv); byte[] hash = md.digest(); return new String(Base64.encode(hash)); }
From source file:wssec.TestWSSecurityNewSCT.java
/** * Test signature and verification using a SecurityContextToken directly, * rather than using a DerivedKeyToken to point to a SecurityContextToken. * See WSS-216 - https://issues.apache.org/jira/browse/WSS-216 *//*from w ww.j ava2 s . c o m*/ public void testSCTSign() { try { SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(); sctBuilder.prepare(doc, crypto); SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); byte[] tempSecret = new byte[16]; random.nextBytes(tempSecret); // Store the secret this.secrets.put(sctBuilder.getIdentifier(), tempSecret); String tokenId = sctBuilder.getSctId(); WSSecSignature builder = new WSSecSignature(); builder.setSecretKey(tempSecret); builder.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); builder.setCustomTokenValueType(WSConstants.WSC_SCT); builder.setCustomTokenId(tokenId); builder.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1); builder.build(doc, crypto, secHeader); sctBuilder.prependSCTElementToHeader(doc, secHeader); if (LOG.isDebugEnabled()) { LOG.debug("SCT sign"); String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } verify(doc); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } }
From source file:wssec.TestWSSecurityNewSCT.java
public void testSCTKDKTSignEncrypt() { try {//from www.ja v a2s.c om SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(); sctBuilder.prepare(doc, crypto); SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); byte[] tempSecret = new byte[16]; random.nextBytes(tempSecret); // Store the secret this.secrets.put(sctBuilder.getIdentifier(), tempSecret); String tokenId = sctBuilder.getSctId(); // Derived key signature WSSecDKSign sigBuilder = new WSSecDKSign(); sigBuilder.setExternalKey(tempSecret, tokenId); sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1); sigBuilder.build(doc, secHeader); // Derived key encryption WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt(); encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128); encrBuilder.setExternalKey(tempSecret, tokenId); encrBuilder.build(doc, secHeader); sctBuilder.prependSCTElementToHeader(doc, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } verify(doc); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } }
From source file:wssec.TestWSSecurityNewSCT.java
public void testSCTKDKTEncryptSign() { try {/*from w ww . j a v a 2 s. com*/ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope(); Document doc = unsignedEnvelope.getAsDocument(); WSSecHeader secHeader = new WSSecHeader(); secHeader.insertSecurityHeader(doc); WSSecSecurityContextToken sctBuilder = new WSSecSecurityContextToken(); sctBuilder.prepare(doc, crypto); SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); byte[] tempSecret = new byte[16]; random.nextBytes(tempSecret); // Store the secret this.secrets.put(sctBuilder.getIdentifier(), tempSecret); String tokenId = sctBuilder.getSctId(); // Derived key encryption WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt(); encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128); encrBuilder.setExternalKey(tempSecret, tokenId); encrBuilder.build(doc, secHeader); // Derived key signature WSSecDKSign sigBuilder = new WSSecDKSign(); sigBuilder.setExternalKey(tempSecret, tokenId); sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1); sigBuilder.build(doc, secHeader); sctBuilder.prependSCTElementToHeader(doc, secHeader); if (LOG.isDebugEnabled()) { String outputString = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); LOG.debug(outputString); } verify(doc); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } }