List of usage examples for org.bouncycastle.jce.provider BouncyCastleProvider BouncyCastleProvider
public BouncyCastleProvider()
From source file:ch.admin.suis.msghandler.common.CompleteFullTest.java
License:Open Source License
@Override protected void setUp() throws Exception { super.setUp(); Security.addProvider(new BouncyCastleProvider()); SenderSession.msgGen = new V2MessageXmlGenerator(); TEMP_DIRS.forEach((dir) -> {/*from w w w . java2 s .co m*/ try { FileUtils.forceMkdir(dir); } catch (IOException ex) { // ignore } }); addToClassPath(INSTALL_DIR + "/conf"); }
From source file:ch.admin.suis.msghandler.config.ClientConfigurationFactory.java
License:Open Source License
/** * Initialize the factory with a XML file located at the given path. This is a relative path to a location somewhere * in the classpath.//from w w w .j a va 2s . c o m * Has to be called! */ @SuppressWarnings("unchecked") public void init() throws ConfigurationException { // set the unlimited policy directly. Siehe https://golb.hplar.ch/p/JCE-policy-changes-in-Java-SE-8u151-and-8u152 Security.setProperty("crypto.policy", "unlimited"); // load the BouncyCastle provider Security.addProvider(new BouncyCastleProvider()); checkSigningOutboxDirSet.clear(); // clear set... checkSigningProcessedDirSet.clear(); clientConfiguration.setSedexAdapterConfiguration(createSedexAdapterConfig(xmlConfig)); LOG.info("Sedex adapter configuration added, " + clientConfiguration.getSedexAdapterConfiguration()); final String baseDir = createBaseDir(xmlConfig); clientConfiguration.setWorkingDir(createWorkingDir(xmlConfig)); // SEDEX-175 - cleans the working dir up. cleanUpWorkingDir(clientConfiguration.getWorkingDir()); // Sets the outbox limit long secondsControllerBeforeSendingStuff = xmlConfig.getLong("messageHandler.minimumFileAge[@waitFor]", 0); if (secondsControllerBeforeSendingStuff == 0) { LOG.warn( "No delayer has been set with the key messageHandler.minimumFileAge.waitFor, which means every file " + "will be sent ASAP instead of waiting for a bit ! This is usually a bad idea for big files as " + "they tend to be slow..."); } Outbox.secondsBeforeSending = secondsControllerBeforeSendingStuff; //Sets the inbox limit long maximumInboxFiles = xmlConfig.getLong("messageHandler.maximumIncomingMessages[@accept]", Long.MAX_VALUE); if (maximumInboxFiles == 0) { LOG.error( "MessageHandler is configured to accept a maximum of 0 documents in each inbox. This is unacceptable."); throw new ConfigurationException("Cannot put 0 as a throttle for inboxes."); } Inbox.incomingMessageLimit = maximumInboxFiles; // **************** receiver-specific settings ReceiverConfiguration receiverConfiguration = setupReceiver(); // **************** checker-specific settings StatusCheckerConfiguration statusCheckerConfiguration = setupChecker(); final String defaultSenderCronValue = xmlConfig.getString("messageHandler.defaultOutboxCheck[@cron]"); if (StringUtils.isBlank(defaultSenderCronValue)) { throw new ConfigurationException("Missing attribute: messageHandler.defaultOutboxCheck[@cron]"); } // create default sender configuration - with the default cron final SenderConfiguration defaultSenderConfiguration = new SenderConfiguration(defaultSenderCronValue); setupNativeApps(defaultSenderConfiguration, baseDir, receiverConfiguration); if (!defaultSenderConfiguration.getOutboxes().isEmpty()) { // if the default config contains at least one outbox, add it to the client config clientConfiguration.addSenderConfiguration(defaultSenderConfiguration); // MANTIS 5023 LOG.info("sender added, " + defaultSenderConfiguration); } // Setting up transparent apps... setupTransparentApps(defaultSenderCronValue, baseDir, receiverConfiguration, statusCheckerConfiguration); // Launching jetty... setupHttpServer(); }
From source file:ch.admin.suis.msghandler.signer.SignerTest.java
License:Open Source License
@Override protected void setUp() throws Exception { super.setUp(); // Fr Zeile unter siehe // https://golb.hplar.ch/p/JCE-policy-changes-in-Java-SE-8u151-and-8u152 Security.setProperty("crypto.policy", "unlimited"); Security.addProvider(new BouncyCastleProvider()); // Erstelle die fr die Tests erforderlichen Verzeichnisse createDirectory(signingOutbox1);//from w w w . j av a2 s. c o m createDirectory(signingOutbox2); createDirectory(signingOutbox1Processed); }
From source file:ch.cyberduck.core.aquaticprime.Receipt.java
License:Open Source License
/** * Verifies the App Store Receipt//from w ww . ja v a 2s .c o m * * @return False if receipt validation failed. */ @Override public boolean verify() { try { Security.addProvider(new BouncyCastleProvider()); PKCS7SignedData signature = new PKCS7SignedData( IOUtils.toByteArray(new FileInputStream(this.getFile().getAbsolute()))); signature.verify(); // For additional security, you may verify the fingerprint of the root CA and the OIDs of the // intermediate CA and signing certificate. The OID in the Certificate Policies Extension of the // intermediate CA is (1 2 840 113635 100 5 6 1), and the Marker OID of the signing certificate // is (1 2 840 113635 100 6 11 1). // Extract the receipt attributes CMSSignedData s = new CMSSignedData(new FileInputStream(this.getFile().getAbsolute())); CMSProcessable signedContent = s.getSignedContent(); byte[] originalContent = (byte[]) signedContent.getContent(); ASN1Object asn = ASN1Object.fromByteArray(originalContent); byte[] opaque = null; String bundleIdentifier = null; String bundleVersion = null; byte[] hash = null; if (asn instanceof DERSet) { // 2 Bundle identifier Interpret as an ASN.1 UTF8STRING. // 3 Application version Interpret as an ASN.1 UTF8STRING. // 4 Opaque value Interpret as a series of bytes. // 5 SHA-1 hash Interpret as a 20-byte SHA-1 digest value. DERSet set = (DERSet) asn; Enumeration enumeration = set.getObjects(); while (enumeration.hasMoreElements()) { Object next = enumeration.nextElement(); if (next instanceof DERSequence) { DERSequence sequence = (DERSequence) next; DEREncodable type = sequence.getObjectAt(0); if (type instanceof DERInteger) { if (((DERInteger) type).getValue().intValue() == 2) { DEREncodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { bundleIdentifier = new String(((DEROctetString) value).getOctets(), "utf-8"); } } else if (((DERInteger) type).getValue().intValue() == 3) { DEREncodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { bundleVersion = new String(((DEROctetString) value).getOctets(), "utf-8"); } } else if (((DERInteger) type).getValue().intValue() == 4) { DEREncodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { opaque = ((DEROctetString) value).getOctets(); } } else if (((DERInteger) type).getValue().intValue() == 5) { DEREncodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { hash = ((DEROctetString) value).getOctets(); } } } } } } else { log.error(String.format("Expected set of attributes for %s", asn)); return false; } if (!StringUtils.equals("ch.sudo.cyberduck", StringUtils.trim(bundleIdentifier))) { log.error("Bundle identifier in ASN set does not match"); return false; } if (!StringUtils.equals(Preferences.instance().getDefault("CFBundleShortVersionString"), StringUtils.trim(bundleVersion))) { log.warn("Bundle version in ASN set does not match"); } NetworkInterface en0 = NetworkInterface.getByName("en0"); if (null == en0) { // Interface is not found when link is down #fail log.warn("No network interface en0"); } else { byte[] mac = en0.getHardwareAddress(); if (null == mac) { log.error("Cannot determine MAC address"); // Continue without validation return true; } final String hex = Hex.encodeHexString(mac); if (log.isDebugEnabled()) { log.debug("Interface en0:" + hex); } // Compute the hash of the GUID MessageDigest digest = MessageDigest.getInstance("SHA-1"); digest.update(mac); digest.update(opaque); digest.update(bundleIdentifier.getBytes(Charset.forName("utf-8"))); byte[] result = digest.digest(); if (Arrays.equals(result, hash)) { if (log.isInfoEnabled()) { log.info(String.format("Valid receipt for GUID %s", hex)); } this.name = hex; } else { log.error(String.format("Failed verification. Hash with GUID %s does not match hash in receipt", hex)); return false; } } } catch (Exception e) { log.error("Unknown receipt validation error", e); // Shutdown if receipt is not valid return false; } // Always return true to dismiss donation prompt. return true; }
From source file:ch.cyberduck.core.aquaticprime.ReceiptVerifier.java
License:Open Source License
@Override public boolean verify() { try {//from www . ja v a 2 s. c o m // For additional security, you may verify the fingerprint of the root CA and the OIDs of the // intermediate CA and signing certificate. The OID in the Certificate Policies Extension of the // intermediate CA is (1 2 840 113635 100 5 6 1), and the Marker OID of the signing certificate // is (1 2 840 113635 100 6 11 1). final CMSSignedData s = new CMSSignedData(new FileInputStream(file.getAbsolute())); Store certs = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); for (SignerInformation signer : (Iterable<SignerInformation>) signers.getSigners()) { final Collection<X509CertificateHolder> matches = certs.getMatches(signer.getSID()); for (X509CertificateHolder holder : matches) { if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder() .setProvider(new BouncyCastleProvider()).build(holder))) { return false; } } } // Extract the receipt attributes final CMSProcessable signedContent = s.getSignedContent(); byte[] originalContent = (byte[]) signedContent.getContent(); final ASN1Primitive asn = ASN1Primitive.fromByteArray(originalContent); byte[] opaque = null; String bundleIdentifier = null; String bundleVersion = null; byte[] hash = null; if (asn instanceof ASN1Set) { // 2 Bundle identifier Interpret as an ASN.1 UTF8STRING. // 3 Application version Interpret as an ASN.1 UTF8STRING. // 4 Opaque value Interpret as a series of bytes. // 5 SHA-1 hash Interpret as a 20-byte SHA-1 digest value. final ASN1Set set = (ASN1Set) asn; final Enumeration enumeration = set.getObjects(); while (enumeration.hasMoreElements()) { Object next = enumeration.nextElement(); if (next instanceof DLSequence) { DLSequence sequence = (DLSequence) next; ASN1Encodable type = sequence.getObjectAt(0); if (type instanceof ASN1Integer) { if (((ASN1Integer) type).getValue().intValue() == 2) { final ASN1Encodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { bundleIdentifier = new String(((DEROctetString) value).getOctets(), "UTF-8"); } } else if (((ASN1Integer) type).getValue().intValue() == 3) { final ASN1Encodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { bundleVersion = new String(((DEROctetString) value).getOctets(), "UTF-8"); } } else if (((ASN1Integer) type).getValue().intValue() == 4) { final ASN1Encodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { opaque = ((DEROctetString) value).getOctets(); } } else if (((ASN1Integer) type).getValue().intValue() == 5) { final ASN1Encodable value = sequence.getObjectAt(2); if (value instanceof DEROctetString) { hash = ((DEROctetString) value).getOctets(); } } } } } } else { log.error(String.format("Expected set of attributes for %s", asn)); return false; } if (!StringUtils.equals(PreferencesFactory.get().getDefault("application.identifier"), StringUtils.trim(bundleIdentifier))) { log.error(String.format("Bundle identifier %s in ASN set does not match", bundleIdentifier)); return false; } if (!StringUtils.equals(PreferencesFactory.get().getDefault("application.version"), StringUtils.trim(bundleVersion))) { log.warn(String.format("Bundle version %s in ASN set does not match", bundleVersion)); } final NetworkInterface en0 = NetworkInterface.getByName("en0"); if (null == en0) { // Interface is not found when link is down #fail log.warn("No network interface en0"); return true; } else { final byte[] mac = en0.getHardwareAddress(); if (null == mac) { log.error("Cannot determine MAC address"); // Continue without validation return true; } final String hex = Hex.encodeHexString(mac); if (log.isDebugEnabled()) { log.debug(String.format("Interface en0 %s", hex)); } // Compute the hash of the GUID final MessageDigest digest = MessageDigest.getInstance("SHA-1"); digest.update(mac); if (null == opaque) { log.error(String.format("Missing opaque string in ASN.1 set %s", asn)); return false; } digest.update(opaque); if (null == bundleIdentifier) { log.error(String.format("Missing bundle identifier in ASN.1 set %s", asn)); return false; } digest.update(bundleIdentifier.getBytes(Charset.forName("UTF-8"))); final byte[] result = digest.digest(); if (Arrays.equals(result, hash)) { if (log.isInfoEnabled()) { log.info(String.format("Valid receipt for GUID %s", hex)); } guid = hex; return true; } else { log.error(String.format("Failed verification. Hash with GUID %s does not match hash in receipt", hex)); return false; } } } catch (IOException e) { log.error("Receipt validation error", e); // Shutdown if receipt is not valid return false; } catch (GeneralSecurityException e) { log.error("Receipt validation error", e); // Shutdown if receipt is not valid return false; } catch (SecurityException e) { log.error("Receipt validation error", e); // Shutdown if receipt is not valid return false; } catch (CMSException e) { log.error("Receipt validation error", e); // Shutdown if receipt is not valid return false; } catch (Exception e) { log.error("Unknown receipt validation error", e); return true; } }
From source file:ch.dissem.bitmessage.cryptography.bc.BouncyCryptography.java
License:Apache License
public BouncyCryptography() { super(new BouncyCastleProvider()); }
From source file:ch.ge.ve.commons.crypto.ballot.BallotCipherServiceTest.java
License:Open Source License
@Before public void setUp() { ballotCiphersProvider = mock(BallotCiphersProvider.class); propertyConfigurationService = mock(PropertyConfigurationService.class); ballotCipherService = new BallotCipherService(ballotCiphersProvider, propertyConfigurationService); Security.addProvider(new BouncyCastleProvider()); }
From source file:ch.ge.ve.commons.crypto.SensitiveDataCryptoUtilsST.java
License:Open Source License
@BeforeClass public static void init() { Security.addProvider(new BouncyCastleProvider()); SensitiveDataCryptoUtils.configure(new TestSensitiveDataCryptoUtilsConfiguration()); }
From source file:ch.ge.ve.commons.crypto.SensitiveDataCryptoUtilsTest.java
License:Open Source License
@BeforeClass public static void init() { Security.addProvider(new BouncyCastleProvider()); SensitiveDataCryptoUtils.configure(configuration); }
From source file:ch.ge.ve.offlineadmin.OfflineAdminApp.java
License:Open Source License
/** * @param args the arguments passed//from w w w. j a v a2 s . co m */ public static void main(String[] args) { Security.addProvider(new BouncyCastleProvider()); launch(args); }