List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider BouncyCastleProvider
public BouncyCastleProvider()
From source file:com.delcyon.capo.server.CapoServer.java
License:Open Source License
/** * @param programArgs//from w ww.j a v a2s.co m * @throws Exception * @throws SecurityException */ public void init(String[] programArgs) throws SecurityException, Exception { setApplicationState(ApplicationState.INITIALIZING); setConfiguration(new Configuration(programArgs)); if (getConfiguration().hasOption(PREFERENCE.HELP)) { getConfiguration().printHelp(); System.exit(0); } clientRequestProcessorSessionManager = new ClientRequestProcessorSessionManager(); clientRequestProcessorSessionManager.start(); //setup resource manager setDataManager(CapoDataManager.loadDataManager(getConfiguration().getValue(PREFERENCE.RESOURCE_MANAGER))); getDataManager().init(true); if (getConfiguration().getBooleanValue(Preferences.DISABLE_REPO) != true) { capoJcrServer = new CapoJcrServer(); capoJcrServer.start(); setSession(CapoJcrServer.createSession()); } getDataManager().init(false); //change over to using the repo by default once were up and running //getDataManager().setDefaultResourceTypeScheme("repo"); TaskManagerThread.startTaskManagerThread(); Security.addProvider(new BouncyCastleProvider()); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); ResourceDescriptor keystoreFile = getDataManager().getResourceDescriptor(null, getConfiguration().getValue(PREFERENCE.KEYSTORE)); keystoreFile.addResourceParameters(null, new ResourceParameter( FileResourceType.Parameters.PARENT_PROVIDED_DIRECTORY, PREFERENCE.CONFIG_DIR)); char[] password = getConfiguration().getValue(PREFERENCE.KEYSTORE_PASSWORD).toCharArray(); if (keystoreFile.getResourceMetaData(null).exists() == false) { keyStore = buildKeyStore(); } else { keystoreFile.open(null); InputStream keyStoreFileInputStream = keystoreFile.getInputStream(null); keyStore.load(keyStoreFileInputStream, password); keyStoreFileInputStream.close(); keystoreFile.close(null); } setKeyStore(keyStore); trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(getKeyStore()); keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(getKeyStore(), getConfiguration().getValue(PREFERENCE.KEYSTORE_PASSWORD).toCharArray()); setSslSocketFactory(getLocalSslSocketFactory()); serverSocket = new ServerSocket(getConfiguration().getIntValue(PREFERENCE.PORT)); logger.log(Level.INFO, "Listening on " + serverSocket); try { runStartupScript("repo:" + getConfiguration().getValue(PREFERENCE.STARTUP_SCRIPT)); } catch (Exception exception) { exception.printStackTrace(); } if (getConfiguration().getBooleanValue(Preferences.DISABLE_WEBSERVER) != true) { capoJettyServer = new CapoJettyServer(keyStore, getConfiguration().getValue(PREFERENCE.KEYSTORE_PASSWORD), getConfiguration().getIntValue(Preferences.WEB_PORT)); capoJettyServer.start(); } setApplicationState(ApplicationState.INITIALIZED); }
From source file:com.difference.historybook.server.CertManager.java
License:Apache License
/** * Create a self-signed certificate and store in a keystore (if it doesn't already exist) * //from www. j a va 2 s . c o m * @param keystore path to the keystore to save to * @param password password to use to encrypt keystore * @param alias name to give the certificate in the keystore * @param x500String X500 name for the certificate. (e.g. "CN=localhost,OU=issuer) * @param duration length of time a newly created certificate should remain valid (in seconds) * * @throws @RuntimeException if an error occurs in creating the certificate */ public static void initialize(Path keystore, String password, String alias, String commonName, String organization, long duration) { if (keystore.toFile().exists()) { LOG.info("Keystore {} found.", keystore); return; } try { Security.addProvider(new BouncyCastleProvider()); // generate a key pair KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER_NAME); keyPairGenerator.initialize(KEY_LENGTH, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); PublicKey pubKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); // build name X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); nameBuilder.addRDN(BCStyle.CN, commonName); nameBuilder.addRDN(BCStyle.O, organization); nameBuilder.addRDN(BCStyle.OU, organization); X500Name issuerName = nameBuilder.build(); X500Name subjectName = issuerName; // build serial BigInteger serial = BigInteger.valueOf(new Random().nextInt()); // build a certificate generator X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerName, serial, new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000), // yesterday new Date(System.currentTimeMillis() + duration * 1000), subjectName, pubKey); KeyUsage usage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment); certBuilder.addExtension(Extension.keyUsage, true, usage); ASN1EncodableVector purposes = new ASN1EncodableVector(); purposes.add(KeyPurposeId.id_kp_serverAuth); certBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(purposes)); X509Certificate[] chain = new X509Certificate[1]; chain[0] = signCertificate(certBuilder, keyPair.getPrivate()); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), chain); keyStore.store(new FileOutputStream(keystore.toFile()), password.toCharArray()); Files.setPosixFilePermissions(keystore, ImmutableSet.of(PosixFilePermission.OWNER_READ)); LOG.info("Created keystore at {}.", keystore); } catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateException | KeyStoreException | IOException | OperatorCreationException e) { LOG.error(e.getLocalizedMessage()); throw new RuntimeException(e); } }
From source file:com.distrimind.util.crypto.CodeProvider.java
License:Open Source License
private static void ensureBouncyCastleProviderLoaded() { if (bouncyProvider == null) { synchronized (CodeProvider.class) { if (bouncyProvider == null) { bouncyProvider = new BouncyCastleProvider(); Security.insertProviderAt(bouncyProvider, Security.getProviders().length + 1); }/*w w w . j av a 2 s . c o m*/ } } }
From source file:com.ejemploj2ee.Login.java
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods.//from w w w . j av a 2 s . c om * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { request.getSession().setAttribute("login", "OK"); //Pasar password simetrica sobre asimetrico. Security.addProvider(new BouncyCastleProvider()); // Cargar el provider BC Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Cipher cifrador = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC"); // PASO 2: Crear cifrador RSA // Cipher cifrador =Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC"); // Hace uso del provider BC /** * ********************************************************************** * IMPORTANTE: En BouncyCastle el algoritmo RSA no funciona * realmente en modo ECB * No divide el mensaje de entrada en * bloques * Solo cifra los primeros 512 bits (tam. clave) * Para * cifrar mensajes mayores, habra que hacer la divisin en bloques * "a mano" *********************************************************************** */ /** * * Crear KeyFactory (depende del provider) usado para las * transformaciones de claves */ KeyFactory keyFactoryRSA = KeyFactory.getInstance("RSA", "BC"); // Hace uso del provider BC /** * * 4 Recuperar clave PUBLICA del fichero */ // 4.1 Leer datos binarios x809 byte[] bufferPriv = new byte[5000]; FileInputStream in = new FileInputStream( new File(request.getServletContext().getRealPath("/WEB-INF/server1024.privada"))); int chars = in.read(bufferPriv, 0, 5000); in.close(); byte[] bufferPriv2 = new byte[chars]; System.arraycopy(bufferPriv, 0, bufferPriv2, 0, chars); // 2.2 Recuperar clave privada desde datos codificados en formato PKCS8 PKCS8EncodedKeySpec clavePrivadaSpec = new PKCS8EncodedKeySpec(bufferPriv2); PrivateKey clavePrivada2 = keyFactoryRSA.generatePrivate(clavePrivadaSpec); // PASO 3a: Poner cifrador en modo CIFRADO cifrador.init(Cipher.ENCRYPT_MODE, clavePrivada2); // Cifra con la clave publica // create new key SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); request.getSession().setAttribute("clave", secretKey); byte[] bufferCifrado = cifrador.doFinal(secretKey.getEncoded()); String mandar = new String(Base64.encodeBase64(bufferCifrado)); response.getWriter().print(mandar); } catch (NoSuchAlgorithmException ex) { Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchProviderException ex) { Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchPaddingException ex) { Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidKeySpecException ex) { Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidKeyException ex) { Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex); } catch (IllegalBlockSizeException ex) { Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex); } catch (BadPaddingException ex) { Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex); } }
From source file:com.encriptacionservidor.PruebaPFX.java
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods.//from w ww . java 2 s . co m * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String op = request.getParameter("op"); switch (op) { case "NUEVO": try { //mandar clave publica. Security.addProvider(new BouncyCastleProvider()); // Cargar el provider BC CertAndKeyGen certGen = new CertAndKeyGen("RSA", "SHA256WithRSA", null); // generate it with 2048 bits certGen.generate(2048); // prepare the validity of the certificate long validSecs = (long) 365 * 24 * 60 * 60; // valid for one year // add the certificate information, currently only valid for one year. //firmar x509 por servidor PKCS8EncodedKeySpec clavePrivadaSpec = null; byte[] bufferPriv = new byte[5000]; InputStream in = request.getServletContext().getResourceAsStream("/WEB-INF/dam1024.privada"); int chars; try { chars = in.read(bufferPriv, 0, 5000); in.close(); byte[] bufferPriv2 = new byte[chars]; System.arraycopy(bufferPriv, 0, bufferPriv2, 0, chars); // 2.2 Recuperar clave privada desde datos codificados en formato PKCS8 clavePrivadaSpec = new PKCS8EncodedKeySpec(bufferPriv2); } catch (IOException ex) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, ex); } PrivateKey clavePrivadaServidor; // Anadir provider JCE (provider por defecto no soporta RSA) Security.addProvider(new BouncyCastleProvider()); // Cargar el provider BC //Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyFactory keyFactoryRSA = null; // Hace uso del provider BC keyFactoryRSA = KeyFactory.getInstance("RSA", "BC"); clavePrivadaServidor = keyFactoryRSA.generatePrivate(clavePrivadaSpec); X509Certificate cert = certGen.getSelfCertificate( // enter your details according to your application new X500Name("CN=TestingLogin,O=My Organisation,L=My City,C=DE"), validSecs); byte[] inCertBytes = cert.getTBSCertificate(); X509CertInfo info = new X509CertInfo(inCertBytes); info.set(X509CertInfo.ISSUER, new X500Name("CN=SERVIDOR,O=My Organisation,L=My City,C=DE")); X509CertImpl certificadoCliente = new X509CertImpl(info); certificadoCliente.sign(clavePrivadaServidor, cert.getSigAlgName()); PrivateKey clavePrivadaCliente = certGen.getPrivateKey(); KeyStore ks = KeyStore.getInstance("PKCS12", "BC"); ks.load(null, null); ks.setCertificateEntry("publica", certificadoCliente); ks.setKeyEntry("privada", clavePrivadaCliente, null, new Certificate[] { certificadoCliente }); ByteArrayOutputStream fos = new ByteArrayOutputStream(); // String webInfPath = request.getServletContext().getRealPath("WEB-INF"); // FileOutputStream fo = new FileOutputStream(webInfPath+"//keystore.pfx"); // ks.store(fo,password); char[] password = "abc".toCharArray(); ks.store(fos, password); //String respuesta = new String(Base64.encodeBase64(fos.toByteArray())); response.getOutputStream().write(Base64.encodeBase64(fos.toByteArray())); fos.close(); } catch (Exception e) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, e); } break; case "MANDAR": try { String publica = request.getParameter("cert"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert2 = (X509Certificate) cf .generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(publica))); //cargar clave public de servidor KeyFactory keyFactoryRSA = null; // Hace uso del provider BC keyFactoryRSA = KeyFactory.getInstance("RSA", "BC"); byte[] bufferPub = new byte[5000]; InputStream in = request.getServletContext().getResourceAsStream("/WEB-INF/dam1024.publica"); int charsPub; charsPub = in.read(bufferPub, 0, 5000); in.close(); byte[] bufferPub2 = new byte[charsPub]; System.arraycopy(bufferPub, 0, bufferPub2, 0, charsPub); //d.readFully(bufferPub, 0, 162); //in.read(bufferPub, 0, 5000); in.close(); X509EncodedKeySpec clavePublicaSpec = new X509EncodedKeySpec(bufferPub2); PublicKey clavePublica2 = keyFactoryRSA.generatePublic(clavePublicaSpec); cert2.verify(clavePublica2); String texto = request.getParameter("texto"); byte[] firma = Base64.decodeBase64(request.getParameter("firma")); Signature sign = Signature.getInstance("SHA256WithRSA"); sign.initVerify(cert2.getPublicKey()); sign.update(texto.getBytes()); System.out.println(cert2.getIssuerX500Principal()); System.out.println(cert2.getSubjectDN()); LdapName ldapDN = new LdapName(cert2.getSubjectDN().getName()); for (Rdn rdn : ldapDN.getRdns()) { if (rdn.getType().equals("CN")) { System.out.println(rdn.getValue()); } } System.out.println("FIRMADO " + sign.verify(firma)); } catch (Exception e) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, e); } break; } }
From source file:com.encriptacionservidor.PruebaRSA.java
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods./*from w w w . j a v a2s. c o m*/ * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException { String op = request.getParameter("op"); switch (op) { case "PUBLICA": //mandar clave publica. byte[] bufferPub = new byte[5000]; InputStream in = request.getServletContext().getResourceAsStream("/WEB-INF/dam1024.publica"); int charsPub; try { charsPub = in.read(bufferPub, 0, 5000); in.close(); byte[] bufferPub2 = new byte[charsPub]; System.arraycopy(bufferPub, 0, bufferPub2, 0, charsPub); //d.readFully(bufferPub, 0, 162); //in.read(bufferPub, 0, 5000); in.close(); byte[] bufferCode64 = Base64.encodeBase64(bufferPub2); response.getOutputStream().write(bufferCode64); } catch (IOException ex) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, ex); } break; case "CIFRADO": // Anadir provider JCE (provider por defecto no soporta RSA) Security.addProvider(new BouncyCastleProvider()); // Cargar el provider BC //Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Cipher cifrador = null; KeyFactory keyFactoryRSA = null; // Hace uso del provider BC try { cifrador = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC"); keyFactoryRSA = KeyFactory.getInstance("RSA", "BC"); } catch (NoSuchAlgorithmException ex) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchProviderException ex) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchPaddingException ex) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, ex); } // Crear KeyFactory (depende del provider) usado para las transformaciones de claves*/ //cifrar un mensaje String mensaje = "HOLA Q TAL"; // PASO 3b: Poner cifrador en modo DESCIFRADO // 2 Recuperar clave Privada del fichero */ // 2.1 Leer datos binarios PKCS8 PKCS8EncodedKeySpec clavePrivadaSpec = null; byte[] bufferPriv = new byte[5000]; in = request.getServletContext().getResourceAsStream("/WEB-INF/dam1024.privada"); int chars; try { chars = in.read(bufferPriv, 0, 5000); in.close(); byte[] bufferPriv2 = new byte[chars]; System.arraycopy(bufferPriv, 0, bufferPriv2, 0, chars); // 2.2 Recuperar clave privada desde datos codificados en formato PKCS8 clavePrivadaSpec = new PKCS8EncodedKeySpec(bufferPriv2); } catch (IOException ex) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, ex); } PrivateKey clavePrivada2; try { clavePrivada2 = keyFactoryRSA.generatePrivate(clavePrivadaSpec); cifrador.init(Cipher.ENCRYPT_MODE, clavePrivada2); // Descrifra con la clave privada System.out.println("3b. Cifrar con clave privada"); byte[] bufferPlano2 = cifrador.doFinal(mensaje.getBytes("UTF-8")); response.getOutputStream().write(Base64.encodeBase64(bufferPlano2)); } catch (Exception ex) { Logger.getLogger(PruebaRSA.class.getName()).log(Level.SEVERE, null, ex); } break; } }
From source file:com.enioka.jqm.pki.CertificateRequest.java
License:Open Source License
private void generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException { Security.addProvider(new BouncyCastleProvider()); SecureRandom random = new SecureRandom(); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Constants.KEY_ALGORITHM, Constants.JCA_PROVIDER);/*from w w w . j a v a 2 s. c o m*/ keyPairGenerator.initialize(size, random); KeyPair keyPair = keyPairGenerator.generateKeyPair(); publicKey = keyPair.getPublic(); privateKey = keyPair.getPrivate(); }
From source file:com.eucalyptus.auth.Credentials.java
License:Open Source License
public static void init() { Security.addProvider(new BouncyCastleProvider()); org.apache.xml.security.Init.init(); WSSConfig.getDefaultWSConfig().addJceProvider("BC", BouncyCastleProvider.class.getCanonicalName()); WSSConfig.getDefaultWSConfig().setTimeStampStrict(true); WSSConfig.getDefaultWSConfig().setEnableSignatureConfirmation(true); }
From source file:com.eucalyptus.auth.crypto.StringCrypto.java
License:Open Source License
public StringCrypto(String format, String provider) { this.asymmetricFormat = format; this.provider = provider; Security.addProvider(new BouncyCastleProvider()); if (Security.getProvider(this.provider) == null) throw new RuntimeException("cannot find security provider " + this.provider); keystore = SystemCredentials.getKeyStore(); if (keystore == null) throw new RuntimeException("cannot load keystore or find the key"); }
From source file:com.eucalyptus.bootstrap.SystemBootstrapper.java
License:Open Source License
/** * {@inheritDoc #handleException(Throwable)} * /*from w ww .j av a2 s .c o m*/ * @return * @throws Throwable */ public boolean init() throws Throwable { ExpandoMetaClass.enableGlobally(); Logs.init(); Thread.setDefaultUncaughtExceptionHandler(new UncaughtExceptionHandler() { @Override public void uncaughtException(Thread t, Throwable e) { try { String stack = Joiner.on("\t\n").join(Thread.currentThread().getStackTrace()); LOG.error(stack); LOG.error(e, e); } catch (Exception ex) { try { System.out.println(Joiner.on("\t\n").join(Thread.currentThread().getStackTrace())); e.printStackTrace(); ex.printStackTrace(); } catch (Exception ex1) { System.out.println("Failed because of badness in uncaught exception path."); System.out.println("Thread: " + t.toString()); System.out.println("Exception: " + e.getClass()); System.out.println("Message: " + e.getMessage()); System.out.println("All threads:\n"); for (Map.Entry<Thread, StackTraceElement[]> ent : Thread.getAllStackTraces().entrySet()) { } } } } }); OrderedShutdown.initialize(); BootstrapArgs.init(); if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { if (Security.getProviders().length > 4) { Security.insertProviderAt(new BouncyCastleProvider(), 4); // EUCA-5833 } else { Security.addProvider(new BouncyCastleProvider()); } } try {//GRZE:HACK: need to remove the nss add-on in deb based distros as it breaks ssl. Groovyness.eval( "import sun.security.jca.*; Providers.setProviderList( ProviderList.remove( Providers.@providerList,\"SunPKCS11-NSS\") );"); } catch (Exception ex) { LOG.error(ex, ex); } try { if (!BootstrapArgs.isInitializeSystem()) { Bootstrap.init(); Bootstrap.Stage stage = Bootstrap.transition(); stage.load(); } return true; } catch (Throwable t) { SystemBootstrapper.handleException(t); return false; } }