List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider BouncyCastleProvider
public BouncyCastleProvider()
From source file:com.vektorsoft.lockdown.app.Lockdown.java
License:Open Source License
@Override public void init() throws Exception { LockdownCrypto.instance().initialize(new BouncyCastleProvider()); mainScreen = FXMLLoader.load(this.getClass().getResource("/gui/fxml/main_screen.fxml")); if (!Initializer.instance().checkFileStructure()) { System.out.println("File structure does not exist"); needsInit = true;//from ww w .ja v a 2s .c o m } }
From source file:com.vektorsoft.lockdown.crypto.seed.DeviceSeedTest.java
License:Open Source License
@BeforeClass public static void init() throws Exception { LockdownCrypto.instance().initialize(new BouncyCastleProvider()); Mnemonic mnemonic = new Mnemonic(); mnemonicWords = mnemonic.generateMnemonic(MnemonicLanguage.ENGLISH, EntropyInfo.ENTROPY_128_BITS); MasterSeed seed = new MasterSeed(); seedBytes = seed.generateSeedFromMnemonic(mnemonicWords, PASSWORD, MnemonicLanguage.ENGLISH); DeviceSeed devSeed = new DeviceSeed(); byte[] deviceSeedBytes = devSeed.generateDeviceSeed(seedBytes, DEVICE_NAME); encryptionSeedBytes = devSeed.getKeySeed(deviceSeedBytes, DeviceSeed.SeedType.ENCRYPTION); signingSeedBytes = devSeed.getKeySeed(deviceSeedBytes, DeviceSeed.SeedType.SIGNING); authenticationSeedBytes = devSeed.getKeySeed(deviceSeedBytes, DeviceSeed.SeedType.AUTHENTICATION); }
From source file:com.vektorsoft.lockdown.crypto.seed.MasterSeedTest.java
License:Open Source License
@BeforeClass public static void init() throws Exception { LockdownCrypto.instance().initialize(new BouncyCastleProvider()); Mnemonic mnemonic = new Mnemonic(); mnemonicWords = mnemonic.generateMnemonic(MnemonicLanguage.ENGLISH, EntropyInfo.ENTROPY_128_BITS); MasterSeed seed = new MasterSeed(); seedBytes = seed.generateSeedFromMnemonic(mnemonicWords, PASSWORD, MnemonicLanguage.ENGLISH); }
From source file:com.vektorsoft.lockdown.crypto.seed.MnemonicTest.java
License:Open Source License
@BeforeClass public static void init() { LockdownCrypto.instance().initialize(new BouncyCastleProvider()); }
From source file:com.vmware.admiral.common.util.KeyUtil.java
License:Open Source License
public static KeyPair generateRSAKeyPair() { try {/* w ww . j a v a 2 s . c om*/ KeyPairGenerator generator = KeyPairGenerator.getInstance(RSA_ALGORITHM, new BouncyCastleProvider()); generator.initialize(KEY_SIZE); return generator.generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Failed to generate RSA key pair", e); } }
From source file:com.vmware.demo.SamlService.java
License:Open Source License
private void init() { // Bootstrap the OpenSAML libraries if (bootstrap == false) { try {// w w w . j ava 2 s. co m DefaultBootstrap.bootstrap(); bootstrap = true; } catch (ConfigurationException e) { logger.error("Failed to bootstrap OpenSAML", e); } // Add Bouncy Castle provider for x509 parsing Security.addProvider(new BouncyCastleProvider()); } }
From source file:com.vmware.identity.openidconnect.protocol.TestContext.java
License:Open Source License
public static void initialize() throws Exception { Security.addProvider(new BouncyCastleProvider()); KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyGenerator.initialize(1024, new SecureRandom()); KeyPair keyPair = keyGenerator.genKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); CERT = generateCertificate(keyPair, CERT_SUBJECT_DN); CERT_ENCODED = Base64Utils.encodeToString(CERT.getEncoded()); long lifetimeSeconds = 300; Date issueTime = new Date(); Date expirationTime = new Date(issueTime.getTime() + (lifetimeSeconds * 1000L)); ID_TOKEN = new IDToken(privateKey, TokenType.BEARER, new JWTID(), new Issuer("iss"), new Subject("sub"), Arrays.asList("aud"), issueTime, expirationTime, Scope.OPENID, "tenant", (ClientID) null, (SessionID) null, publicKey, (Subject) null, (Nonce) null, Collections.<String>emptySet(), "given_name", "family_name"); ACCESS_TOKEN = new AccessToken(privateKey, TokenType.BEARER, new JWTID(), new Issuer("iss"), new Subject("sub"), Arrays.asList("aud"), issueTime, expirationTime, Scope.OPENID, "tenant", (ClientID) null, (SessionID) null, publicKey, (Subject) null, (Nonce) null, Collections.<String>emptySet(), "Administrator"); REFRESH_TOKEN = new RefreshToken(privateKey, TokenType.BEARER, new JWTID(), new Issuer("iss"), new Subject("sub"), Arrays.asList("aud"), issueTime, expirationTime, Scope.OPENID, "tenant", (ClientID) null, (SessionID) null, publicKey, (Subject) null, (Nonce) null); CLIENT_ASSERTION = new ClientAssertion(privateKey, new JWTID(), CLIENT_ID, URI.create("https://a.com"), issueTime);//w w w. j a va2s . c o m SOLUTION_USER_ASSERTION = new SolutionUserAssertion(privateKey, new JWTID(), CERT_SUBJECT_DN, URI.create("https://a.com"), issueTime); PersonUserAssertionSigner testSigner = new PersonUserAssertionSigner() { @Override public byte[] signUsingRS256(byte[] data) { return null; } }; PERSON_USER_ASSERTION = new PersonUserAssertion(testSigner, new JWTID(), CERT_SUBJECT_DN, URI.create("https://a.com"), issueTime); }
From source file:com.vmware.identity.openidconnect.sample.RelyingPartyInstaller.java
License:Open Source License
void install(String[] redirectEndpointUrls, String[] postLogoutRedirectUrls, String logoutUrl) throws Exception { String domainControllerFQDN = this.relyingPartyConfig.getOpFQDN(); int domainControllerPort = Integer.parseInt(this.relyingPartyConfig.getOpListeningPort()); String tenant = this.relyingPartyConfig.getTenant(); // retrieve OIDC meta data MetadataHelper metadataHelper = new MetadataHelper.Builder(domainControllerFQDN) .domainControllerPort(domainControllerPort).tenant(tenant).keyStore(this.keyStore).build(); ProviderMetadata providerMetadata = metadataHelper.getProviderMetadata(); RSAPublicKey providerPublicKey = metadataHelper.getProviderRSAPublicKey(providerMetadata); // create a non-registered OIDC client and get bearer tokens by admin user name/password ConnectionConfig connectionConfig = new ConnectionConfig(providerMetadata, providerPublicKey, this.keyStore); ClientConfig clientConfig = new ClientConfig(connectionConfig, null, null); OIDCClient nonRegisteredClient = new OIDCClient(clientConfig); TokenSpec tokenSpec = new TokenSpec.Builder(TokenType.BEARER) .resourceServers(Arrays.asList("rs_admin_server")).build(); OIDCTokens oidcTokens = nonRegisteredClient.acquireTokensByPassword( this.relyingPartyConfig.getAdminUsername(), this.relyingPartyConfig.getAdminPassword(), tokenSpec); // create a private/public key pair, generate a certificate and assign it to a solution user name. Security.addProvider(new BouncyCastleProvider()); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC"); keyGen.initialize(1024, new SecureRandom()); KeyPair keypair = keyGen.generateKeyPair(); String solutionUserName = this.relyingPartyConfig.getClientPrefix() + UUID.randomUUID().toString(); X509Certificate clientCertificate = generateCertificate(keypair, solutionUserName); // create REST idm client IdmClient idmClient = createIdmClient(oidcTokens.getAccessToken(), domainControllerFQDN, domainControllerPort);/*from w w w . jav a 2 s. c om*/ VmdirClient vmdirClient = createVMdirClient(oidcTokens.getAccessToken(), domainControllerFQDN, domainControllerPort); // create a solution user CertificateDTO certificateDTO = new CertificateDTO.Builder() .withEncoded(convertToBase64PEMString(clientCertificate)).build(); SolutionUserDTO solutionUserDTO = new SolutionUserDTO.Builder().withName(solutionUserName) .withDomain(tenant).withCertificate(certificateDTO).build(); vmdirClient.solutionUser().create(tenant, solutionUserDTO); // add the solution user to ActAs group List<String> members = Arrays.asList(solutionUserName + "@" + tenant); vmdirClient.group().addMembers(tenant, "ActAsUsers", tenant, members, com.vmware.directory.rest.common.data.MemberType.USER); // register a OIDC client OIDCClientMetadataDTO oidcClientMetadataDTO = new OIDCClientMetadataDTO.Builder() .withRedirectUris(Arrays.asList(redirectEndpointUrls)) .withPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUrls)).withLogoutUri(logoutUrl) .withTokenEndpointAuthMethod("private_key_jwt") .withCertSubjectDN(clientCertificate.getSubjectDN().getName()) .withAuthnRequestClientAssertionLifetimeMS(2 * 60 * 1000L).build(); OIDCClientDTO oidcClientDTO = idmClient.oidcClient().register(tenant, oidcClientMetadataDTO); // persist data involved installation in files so they can be picked up in case server reboots savePublicKey(this.relyingPartyConfig.getOpPublickeyFile(), providerPublicKey); savePrivateKey(this.relyingPartyConfig.getRpPrivatekeyFile(), keypair.getPrivate()); writeObject(this.relyingPartyConfig.getRpCertificateFile(), clientCertificate); writeObject(this.relyingPartyConfig.getRpInfoFile(), oidcClientDTO.getClientId()); writeObject(this.relyingPartyConfig.getRpListeningPortFile(), this.relyingPartyConfig.getRpListeningPort()); }
From source file:com.vmware.identity.openidconnect.server.TestContext.java
License:Open Source License
public static void initialize() throws Exception { SESSION_COOKIE_NAME = SessionManager.getSessionCookieName(TENANT_NAME); Security.addProvider(new BouncyCastleProvider()); KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyGenerator.initialize(1024, new SecureRandom()); KeyPair kp = keyGenerator.genKeyPair(); TENANT_PRIVATE_KEY = (RSAPrivateKey) kp.getPrivate(); TENANT_PUBLIC_KEY = (RSAPublicKey) kp.getPublic(); TENANT_CERT = TestUtil.generateCertificate(kp, "CN=server"); kp = keyGenerator.genKeyPair();//from www . j a v a2s . co m CLIENT_PRIVATE_KEY = (RSAPrivateKey) kp.getPrivate(); CLIENT_PUBLIC_KEY = (RSAPublicKey) kp.getPublic(); CLIENT_CERT = TestUtil.generateCertificate(kp, CLIENT_CERT_SUBJECT_DN); SOLUTION_USER = new SolutionUser(new PrincipalId(SOLUTION_USERNAME, TENANT_NAME), TENANT_NAME, CLIENT_CERT); }
From source file:com.vmware.identity.rest.core.test.util.CertificateGenerator.java
License:Open Source License
/** * Generate a self-signed X.509 certificate * * @param pair the key pair to use when signing the certificate * @param algorithm the signing algorithm to use * @param dn the X.509 distinguished name for the certificate * @return a self-signed X.509 certificate * @throws NoSuchAlgorithmException/*from w w w.j a v a 2s .c o m*/ * @throws NoSuchProviderException * @throws InvalidKeyException * @throws SignatureException * @throws IOException * @throws CertificateException */ public static X509Certificate generateSelfSignedCertificate(KeyPair pair, AlgorithmName algorithm, String dn) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CertificateException { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } AtomicLong serialNumber = new AtomicLong(System.currentTimeMillis()); X500Name owner = new X500Name(dn); V1TBSCertificateGenerator generator = new V1TBSCertificateGenerator(); long time = System.currentTimeMillis(); generator.setSerialNumber(new ASN1Integer(serialNumber.getAndIncrement())); generator.setIssuer(owner); generator.setSubject(owner); generator.setStartDate(new Time(new Date(time - 5000))); generator.setEndDate(new Time(new Date(time + 30 * 60 * 1000))); generator.setSignature(ALGORITHM_IDS.get(algorithm)); generator.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); Signature sig = Signature.getInstance(algorithm.toString(), "BC"); sig.initSign(pair.getPrivate()); sig.update(generator.generateTBSCertificate().getEncoded(ASN1Encoding.DER)); TBSCertificate tbsCert = generator.generateTBSCertificate(); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(ALGORITHM_IDS.get(algorithm)); v.add(new DERBitString(sig.sign())); return (X509Certificate) CertificateFactory.getInstance("X.509", "BC") .generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER))); }