List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider BouncyCastleProvider
public BouncyCastleProvider()
From source file:cn.ieclipse.pde.signer.util.BcpSigner.java
License:Apache License
/** * Sign jar.//from w ww .j av a 2 s. c o m * * @param publicKey * @param privateKey * @param input * @param output * @param certName */ public static String sign(X509Certificate publicKey, PrivateKey privateKey, String input, String output, String certName) { String msg = null; sBouncyCastleProvider = new BouncyCastleProvider(); Security.addProvider(sBouncyCastleProvider); boolean replace = Utils.isEmpty(output) || output.equals(input); JarFile inputJar = null; JarOutputStream outputJar = null; FileOutputStream outputFile = null; try { System.out.println( String.format("input=%s,output=%s,cert=%s,replace=%b", input, output, certName, replace)); // Assume the certificate is valid for at least an hour. long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000; inputJar = new JarFile(new File(input), false); // Don't // verify. OutputStream outputStream = null; if (replace) { outputStream = new ByteArrayOutputStream(); } else { outputStream = new FileOutputStream(output); } outputJar = new JarOutputStream(outputStream); // For signing .apks, use the maximum compression to make // them as small as possible (since they live forever on // the system partition). For OTA packages, use the // default compression level, which is much much faster // and produces output that is only a tiny bit larger // (~0.1% on full OTA packages I tested). if (!replace) { outputJar.setLevel(9); } JarEntry je; Manifest manifest = addDigestsToManifest(inputJar); // Everything else copyFiles(manifest, inputJar, outputJar, timestamp); // MANIFEST.MF je = new JarEntry(JarFile.MANIFEST_NAME); je.setTime(timestamp); outputJar.putNextEntry(je); manifest.write(outputJar); // CERT.SF je = new JarEntry(String.format(CERT_SF_FORMAT, certName)); je.setTime(timestamp); outputJar.putNextEntry(je); ByteArrayOutputStream baos = new ByteArrayOutputStream(); writeSignatureFile(manifest, baos); byte[] signedData = baos.toByteArray(); outputJar.write(signedData); // CERT.RSA je = new JarEntry(String.format(CERT_RSA_FORMAT, certName)); je.setTime(timestamp); outputJar.putNextEntry(je); writeSignatureBlock(new CMSProcessableByteArray(signedData), publicKey, privateKey, outputJar); outputStream.flush(); outputJar.close(); outputJar = null; if (replace) { outputFile = new FileOutputStream(input); signWholeOutputFile(((ByteArrayOutputStream) outputStream).toByteArray(), outputFile, publicKey, privateKey); } } catch (Exception e) { msg = e.toString(); e.printStackTrace(); } finally { try { if (inputJar != null) inputJar.close(); if (outputFile != null) outputFile.close(); } catch (IOException e) { e.printStackTrace(); } } return msg; }
From source file:cn.ieclipse.pde.signer.util.SignApk.java
License:Apache License
public static void main(String[] args) { if (args.length != 4 && args.length != 5) { System.err.println(//from w w w. j ava 2s .co m "Usage: signapk [-w] " + "publickey.x509[.pem] privatekey.pk8 " + "input.jar output.jar"); System.exit(2); } sBouncyCastleProvider = new BouncyCastleProvider(); Security.addProvider(sBouncyCastleProvider); boolean signWholeFile = false; int argstart = 0; if (args[0].equals("-w")) { signWholeFile = true; argstart = 1; } JarFile inputJar = null; JarOutputStream outputJar = null; FileOutputStream outputFile = null; try { File publicKeyFile = new File(args[argstart + 0]); X509Certificate publicKey = readPublicKey(publicKeyFile); // Assume the certificate is valid for at least an hour. long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000; PrivateKey privateKey = readPrivateKey(new File(args[argstart + 1])); inputJar = new JarFile(new File(args[argstart + 2]), false); // Don't // verify. OutputStream outputStream = null; if (signWholeFile) { outputStream = new ByteArrayOutputStream(); } else { outputStream = outputFile = new FileOutputStream(args[argstart + 3]); } outputJar = new JarOutputStream(outputStream); // For signing .apks, use the maximum compression to make // them as small as possible (since they live forever on // the system partition). For OTA packages, use the // default compression level, which is much much faster // and produces output that is only a tiny bit larger // (~0.1% on full OTA packages I tested). if (!signWholeFile) { outputJar.setLevel(9); } JarEntry je; Manifest manifest = addDigestsToManifest(inputJar); // Everything else copyFiles(manifest, inputJar, outputJar, timestamp); // otacert if (signWholeFile) { addOtacert(outputJar, publicKeyFile, timestamp, manifest); } // MANIFEST.MF je = new JarEntry(JarFile.MANIFEST_NAME); je.setTime(timestamp); outputJar.putNextEntry(je); manifest.write(outputJar); // CERT.SF je = new JarEntry(CERT_SF_NAME); je.setTime(timestamp); outputJar.putNextEntry(je); ByteArrayOutputStream baos = new ByteArrayOutputStream(); writeSignatureFile(manifest, baos); byte[] signedData = baos.toByteArray(); outputJar.write(signedData); // CERT.RSA je = new JarEntry(CERT_RSA_NAME); je.setTime(timestamp); outputJar.putNextEntry(je); writeSignatureBlock(new CMSProcessableByteArray(signedData), publicKey, privateKey, outputJar); outputJar.close(); outputJar = null; outputStream.flush(); if (signWholeFile) { outputFile = new FileOutputStream(args[argstart + 3]); signWholeOutputFile(((ByteArrayOutputStream) outputStream).toByteArray(), outputFile, publicKey, privateKey); } } catch (Exception e) { e.printStackTrace(); System.exit(1); } finally { try { if (inputJar != null) inputJar.close(); if (outputFile != null) outputFile.close(); } catch (IOException e) { e.printStackTrace(); System.exit(1); } } }
From source file:co.lqnt.lockbox.key.KeyFactory.java
License:Open Source License
/** * Construct a new key factory./* w w w .ja v a 2 s . c o m*/ */ public KeyFactory() { BouncyCastleProvider provider = new BouncyCastleProvider(); this.pemParserFactory = new PemParserFactory(); this.bcKeyParametersFactory = new BcKeyParametersFactory(); this.pemDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder(); this.pemDecryptorProviderBuilder.setProvider(provider); this.pkcs8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder(); this.pkcs8DecryptorProviderBuilder.setProvider(provider); this.keyGenerator = new RSAKeyPairGenerator(); this.random = new SecureRandom(); }
From source file:co.lqnt.lockbox.key.PrivateKey.java
License:Open Source License
/** * Get the JCE private key.//from ww w . ja v a 2s .c o m * * @return The JCE private key. */ public java.security.PrivateKey jcePrivateKey() { JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter(); keyConverter.setProvider(new BouncyCastleProvider()); return this.jcePrivateKey(keyConverter); }
From source file:co.lqnt.lockbox.key.PrivateKey.java
License:Open Source License
/** * Get this key as a PEM formatted string. * * @param password A password to encrypt the PEM data with. * * @return The PEM formatted key./* ww w .ja v a 2 s. co m*/ */ public String toPem(final String password) { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder("DES-EDE3-CBC"); encryptorBuilder.setProvider(new BouncyCastleProvider()); return this.toPem(password, encryptorBuilder, new StringWriterFactory(), new PemWriterFactory()); }
From source file:co.lqnt.lockbox.key.PublicKey.java
License:Open Source License
/** * Get the JCE public key./* ww w.j a va2 s . c o m*/ * * @return The JCE public key. */ public java.security.PublicKey jcePublicKey() { JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter(); keyConverter.setProvider(new BouncyCastleProvider()); return this.jcePublicKey(keyConverter); }
From source file:co.runrightfast.core.security.BouncyCastle.java
License:Apache License
public static void installBouncyCastleSecurityProvider() { Security.addProvider(new BouncyCastleProvider()); }
From source file:com.aaasec.sigserv.csspsupport.context.SpSupportContextListener.java
License:EUPL
@Override public void contextInitialized(ServletContextEvent sce) { ServletContext servletContext = sce.getServletContext(); String contextPath = servletContext.getContextPath(); if (contextPath != null && !initialized) { try {/*from w ww . j ava 2s . co m*/ Security.removeProvider("BC"); } catch (Exception ex) { } int insertProviderAt = Security.addProvider(new BouncyCastleProvider()); SpSuppContextParams.setDataDir(getParam("DataDir", servletContext)); SpSuppContextParams.setSignTaskMap(new HashMap<String, SignSession>()); SupportModel model = new SupportModel(SpSuppContextParams.getDataDir()); SupportConfig conf = (SupportConfig) model.getConf(); String sigTempDir = FileOps.getfileNameString(model.getDataDir(), "sigTemp"); SpSuppContextParams.setConf(conf); SpSuppContextParams.setModel(model); SpSuppContextParams.setSigTempDir(sigTempDir); SpSuppContextParams.setSignSessionMaxAge(getMaxAge(getParam("SignSessionMaxAge", servletContext))); SignSupportAPI.setValidationServiceUrl(conf.getValidationServiceUrl()); SignSupportAPI.setTempFileLocation(sigTempDir); initialized = true; } }
From source file:com.aaasec.sigserv.csspsupport.models.SupportModel.java
License:EUPL
private static KeyPair generateECDSAKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException { ECGenParameterSpec ecSpec = new ECGenParameterSpec("P-256"); KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", new BouncyCastleProvider()); g.initialize(ecSpec, new SecureRandom()); KeyPair pair = g.generateKeyPair(); return pair;/* w ww . j a v a 2s . com*/ }
From source file:com.adaptris.security.util.SecurityUtil.java
License:Apache License
private static synchronized void initialise() { if (initialised) { return;/*from w w w . j av a2s. c o m*/ } try { Security.addProvider(new BouncyCastleProvider()); secureRandomInstance = SecureRandom.getInstanceStrong(); } catch (Exception e) { throw new RuntimeException(e); } initialised = true; }