Examples with KeyPair - java.security.KeyPair

Example 6 with KeyPair

use of java.security.KeyPair in project hadoop by apache.

the class TestReloadingX509TrustManager method testReloadMissingTrustStore.

@Test(timeout = 30000)
public void testReloadMissingTrustStore() throws Exception {
    KeyPair kp = generateKeyPair("RSA");
    cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
    cert2 = generateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
    String truststoreLocation = BASEDIR + "/testmissing.jks";
    createTrustStore(truststoreLocation, "password", "cert1", cert1);
    ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10);
    try {
        tm.init();
        assertEquals(1, tm.getAcceptedIssuers().length);
        X509Certificate cert = tm.getAcceptedIssuers()[0];
        assertFalse(reloaderLog.getOutput().contains(ReloadingX509TrustManager.RELOAD_ERROR_MESSAGE));
        new File(truststoreLocation).delete();
        waitForFailedReloadAtLeastOnce((int) tm.getReloadInterval());
        assertEquals(1, tm.getAcceptedIssuers().length);
        assertEquals(cert, tm.getAcceptedIssuers()[0]);
    } finally {
        reloaderLog.stopCapturing();
        tm.destroy();
    }
}

Also used : KeyPair(java.security.KeyPair) KeyStoreTestUtil.generateKeyPair(org.apache.hadoop.security.ssl.KeyStoreTestUtil.generateKeyPair) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 7 with KeyPair

use of java.security.KeyPair in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyPairGeneratorTest method testKeyPairGenerator_GenerateKeyPair_Encrypted_Success.

public void testKeyPairGenerator_GenerateKeyPair_Encrypted_Success() throws Exception {
    setupPassword();
    mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()).setAlias(TEST_ALIAS_1).setSubject(TEST_DN_1).setSerialNumber(TEST_SERIAL_1).setStartDate(NOW).setEndDate(NOW_PLUS_10_YEARS).setEncryptionRequired().build());
    final KeyPair pair = mGenerator.generateKeyPair();
    assertNotNull("The KeyPair returned should not be null", pair);
    assertKeyPairCorrect(pair, TEST_ALIAS_1, TEST_DN_1, TEST_SERIAL_1, NOW, NOW_PLUS_10_YEARS);
}

Also used : KeyPair(java.security.KeyPair)

Example 8 with KeyPair

use of java.security.KeyPair in project neo4j by neo4j.

the class Certificates method createSelfSignedCertificate.

public void createSelfSignedCertificate(File certificatePath, File privateKeyPath, String hostName) throws GeneralSecurityException, IOException, OperatorCreationException {
    installCleanupHook(certificatePath, privateKeyPath);
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance(DEFAULT_ENCRYPTION);
    keyGen.initialize(2048, random);
    KeyPair keypair = keyGen.generateKeyPair();
    // Prepare the information required for generating an X.509 certificate.
    X500Name owner = new X500Name("CN=" + hostName);
    X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(owner, new BigInteger(64, random), NOT_BEFORE, NOT_AFTER, owner, keypair.getPublic());
    PrivateKey privateKey = keypair.getPrivate();
    ContentSigner signer = new JcaContentSignerBuilder("SHA512WithRSAEncryption").build(privateKey);
    X509CertificateHolder certHolder = builder.build(signer);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(certHolder);
    //check so that cert is valid
    cert.verify(keypair.getPublic());
    //write to disk
    writePem("CERTIFICATE", cert.getEncoded(), certificatePath);
    writePem("PRIVATE KEY", privateKey.getEncoded(), privateKeyPath);
    // Mark as done so we don't clean up certificates
    cleanupRequired = false;
}

Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) ContentSigner(org.bouncycastle.operator.ContentSigner) BigInteger(java.math.BigInteger) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate)

Example 9 with KeyPair

use of java.security.KeyPair in project OpenAM by OpenRock.

the class JwtSnapshotTokenHandlerFactory method configureJwtTokenHandler.

private SnapshotTokenHandler configureJwtTokenHandler(JwtTokenHandlerConfig config) {
    SigningManager signingManager = new SigningManager();
    SigningHandler signingHandler = signingManager.newHmacSigningHandler(config.getSharedKey());
    KeyPair keyPair = provider.getKeyPair(config.getKeyPairAlgorithm(), config.getKeyPairSize());
    return new JwtTokenHandler(config.getJweAlgorithm(), config.getEncryptionMethod(), keyPair, config.getJwsAlgorithm(), signingHandler, config.getTokenLifeTimeInSeconds());
}

Also used : KeyPair(java.security.KeyPair) JwtTokenHandler(org.forgerock.selfservice.stages.tokenhandlers.JwtTokenHandler) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler) SigningManager(org.forgerock.json.jose.jws.SigningManager)

Example 10 with KeyPair

use of java.security.KeyPair in project OpenAM by OpenRock.

the class JwtGenerator method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
        System.exit(1);
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(512);
    KeyPair keyPair = keyGen.genKeyPair();
    PublicKey publicKey = keyPair.getPublic();
    long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
    String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
    System.out.println("JWT: " + jwt);
    Calendar expiry = Calendar.getInstance();
    expiry.add(Calendar.DAY_OF_YEAR, 7);
    X509CertInfo info = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(keyPair.getPrivate(), "SHA256withRSA");
    System.out.println("Certificate:");
    BASE64Encoder encoder = new BASE64Encoder();
    System.out.println(X509Factory.BEGIN_CERT);
    encoder.encodeBuffer(cert.getEncoded(), System.out);
    System.out.println(X509Factory.END_CERT);
}

Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) CertificateSubjectName(sun.security.x509.CertificateSubjectName) KeyPair(java.security.KeyPair) X509CertInfo(sun.security.x509.X509CertInfo) PublicKey(java.security.PublicKey) Calendar(java.util.Calendar) CertificateIssuerName(sun.security.x509.CertificateIssuerName) BASE64Encoder(sun.misc.BASE64Encoder) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) SigningManager(org.forgerock.json.jose.jws.SigningManager) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Aggregations

KeyPair (java.security.KeyPair)903 KeyPairGenerator (java.security.KeyPairGenerator)345 Test (org.junit.Test)235 PrivateKey (java.security.PrivateKey)189 X509Certificate (java.security.cert.X509Certificate)185 PublicKey (java.security.PublicKey)167 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)127 IOException (java.io.IOException)121 BigInteger (java.math.BigInteger)87 Date (java.util.Date)78 SecureRandom (java.security.SecureRandom)75 KeyStore (java.security.KeyStore)74 GeneralSecurityException (java.security.GeneralSecurityException)63 RSAPublicKey (java.security.interfaces.RSAPublicKey)55 X500Principal (javax.security.auth.x500.X500Principal)53 File (java.io.File)52 KeyFactory (java.security.KeyFactory)52 ECPrivateKey (java.security.interfaces.ECPrivateKey)52 ECPublicKey (java.security.interfaces.ECPublicKey)52 InvalidKeyException (java.security.InvalidKeyException)40