Example 1 with JcaX509v1CertificateBuilder
use of org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder in project tomee by apache.
the class SslTomEETest method test.
@Test
public void test() throws Exception {
final File keystore = new File("target/keystore");
{
// generate keystore/trustore
if (keystore.exists()) {
Files.delete(keystore);
}
keystore.getParentFile().mkdirs();
try (final FileOutputStream fos = new FileOutputStream(keystore)) {
final KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
keyGenerator.initialize(1024);
final KeyPair pair = keyGenerator.generateKeyPair();
final boolean addBc = Security.getProvider("BC") == null;
if (addBc) {
Security.addProvider(new BouncyCastleProvider());
}
try {
final X509v1CertificateBuilder x509v1CertificateBuilder = new JcaX509v1CertificateBuilder(new X500Name("cn=serveralias"), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1)), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)), new X500Name("cn=serveralias"), pair.getPublic());
final X509CertificateHolder certHldr = x509v1CertificateBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(pair.getPrivate()));
final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHldr);
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, "changeit".toCharArray());
ks.setKeyEntry("serveralias", pair.getPrivate(), "changeit".toCharArray(), new Certificate[] { cert });
ks.store(fos, "changeit".toCharArray());
} finally {
if (addBc) {
Security.removeProvider("BC");
}
}
} catch (final Exception e) {
Assert.fail(e.getMessage());
}
}
final Configuration configuration = new Configuration();
configuration.setSsl(true);
configuration.setKeystoreFile(keystore.getAbsolutePath());
configuration.setKeystorePass("changeit");
configuration.setKeyAlias("serveralias");
final Container container = new Container();
container.setup(configuration);
container.start();
try {
assertEquals(8443, ManagementFactory.getPlatformMBeanServer().getAttribute(new ObjectName("Tomcat:type=ProtocolHandler,port=8443"), "port"));
} finally {
container.stop();
}
// ensure it is not always started
configuration.setSsl(false);
container.setup(configuration);
container.start();
try {
assertFalse(ManagementFactory.getPlatformMBeanServer().isRegistered(new ObjectName("Tomcat:type=ProtocolHandler,port=8443")));
} finally {
container.close();
}
}
Also used :
KeyPair(java.security.KeyPair)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStore(java.security.KeyStore)
JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
ObjectName(javax.management.ObjectName)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
FileOutputStream(java.io.FileOutputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder)
JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)
File(java.io.File)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Test(org.junit.Test)
Example 2 with JcaX509v1CertificateBuilder
use of org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder in project tomee by apache.
the class HttpsConnectionTest method createKeyStore.
private File createKeyStore() throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
dropKeyStore();
File keyStore = new File(STORE_PATH);
keyStore.getParentFile().mkdirs();
try (final FileOutputStream fos = new FileOutputStream(keyStore)) {
final KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
keyGenerator.initialize(1024);
final KeyPair pair = keyGenerator.generateKeyPair();
final boolean addBc = Security.getProvider("BC") == null;
if (addBc) {
Security.addProvider(new BouncyCastleProvider());
}
try {
final X509v1CertificateBuilder x509v1CertificateBuilder = new JcaX509v1CertificateBuilder(new X500Name("cn=" + SERVER), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1)), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)), new X500Name("cn=" + SERVER), pair.getPublic());
final X509CertificateHolder certHldr = x509v1CertificateBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(pair.getPrivate()));
final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHldr);
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, STORE_PWD.toCharArray());
ks.setKeyEntry(SERVER, pair.getPrivate(), STORE_PWD.toCharArray(), new Certificate[] { cert });
ks.store(fos, STORE_PWD.toCharArray());
} finally {
if (addBc) {
Security.removeProvider("BC");
}
}
} catch (final Exception e) {
Assert.fail(e.getMessage());
}
return keyStore;
}
Also used :
KeyPair(java.security.KeyPair)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStore(java.security.KeyStore)
JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
FileOutputStream(java.io.FileOutputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder)
JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)
File(java.io.File)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Aggregations
File (java.io.File)2
FileOutputStream (java.io.FileOutputStream)2
KeyPair (java.security.KeyPair)2
KeyPairGenerator (java.security.KeyPairGenerator)2
KeyStore (java.security.KeyStore)2
X509Certificate (java.security.cert.X509Certificate)2
Date (java.util.Date)2
X500Name (org.bouncycastle.asn1.x500.X500Name)2
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2
X509v1CertificateBuilder (org.bouncycastle.cert.X509v1CertificateBuilder)2
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)2
JcaX509v1CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)2
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)2
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)2
IOException (java.io.IOException)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
URISyntaxException (java.net.URISyntaxException)1
KeyManagementException (java.security.KeyManagementException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
Certificate (java.security.cert.Certificate)1
