Search in sources :

Example 1 with JcaX509v1CertificateBuilder

use of org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder in project tomee by apache.

the class SslTomEETest method test.

@Test
public void test() throws Exception {
    final File keystore = new File("target/keystore");
    {
        // generate keystore/trustore
        if (keystore.exists()) {
            Files.delete(keystore);
        }
        keystore.getParentFile().mkdirs();
        try (final FileOutputStream fos = new FileOutputStream(keystore)) {
            final KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
            keyGenerator.initialize(1024);
            final KeyPair pair = keyGenerator.generateKeyPair();
            final boolean addBc = Security.getProvider("BC") == null;
            if (addBc) {
                Security.addProvider(new BouncyCastleProvider());
            }
            try {
                final X509v1CertificateBuilder x509v1CertificateBuilder = new JcaX509v1CertificateBuilder(new X500Name("cn=serveralias"), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1)), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)), new X500Name("cn=serveralias"), pair.getPublic());
                final X509CertificateHolder certHldr = x509v1CertificateBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(pair.getPrivate()));
                final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHldr);
                final KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(null, "changeit".toCharArray());
                ks.setKeyEntry("serveralias", pair.getPrivate(), "changeit".toCharArray(), new Certificate[] { cert });
                ks.store(fos, "changeit".toCharArray());
            } finally {
                if (addBc) {
                    Security.removeProvider("BC");
                }
            }
        } catch (final Exception e) {
            Assert.fail(e.getMessage());
        }
    }
    final Configuration configuration = new Configuration();
    configuration.setSsl(true);
    configuration.setKeystoreFile(keystore.getAbsolutePath());
    configuration.setKeystorePass("changeit");
    configuration.setKeyAlias("serveralias");
    final Container container = new Container();
    container.setup(configuration);
    container.start();
    try {
        assertEquals(8443, ManagementFactory.getPlatformMBeanServer().getAttribute(new ObjectName("Tomcat:type=ProtocolHandler,port=8443"), "port"));
    } finally {
        container.stop();
    }
    // ensure it is not always started
    configuration.setSsl(false);
    container.setup(configuration);
    container.start();
    try {
        assertFalse(ManagementFactory.getPlatformMBeanServer().isRegistered(new ObjectName("Tomcat:type=ProtocolHandler,port=8443")));
    } finally {
        container.close();
    }
}
Also used : KeyPair(java.security.KeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStore(java.security.KeyStore) JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) ObjectName(javax.management.ObjectName) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) FileOutputStream(java.io.FileOutputStream) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder) JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder) File(java.io.File) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 2 with JcaX509v1CertificateBuilder

use of org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder in project tomee by apache.

the class HttpsConnectionTest method createKeyStore.

private File createKeyStore() throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
    dropKeyStore();
    File keyStore = new File(STORE_PATH);
    keyStore.getParentFile().mkdirs();
    try (final FileOutputStream fos = new FileOutputStream(keyStore)) {
        final KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
        keyGenerator.initialize(1024);
        final KeyPair pair = keyGenerator.generateKeyPair();
        final boolean addBc = Security.getProvider("BC") == null;
        if (addBc) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            final X509v1CertificateBuilder x509v1CertificateBuilder = new JcaX509v1CertificateBuilder(new X500Name("cn=" + SERVER), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1)), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)), new X500Name("cn=" + SERVER), pair.getPublic());
            final X509CertificateHolder certHldr = x509v1CertificateBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(pair.getPrivate()));
            final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHldr);
            final KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(null, STORE_PWD.toCharArray());
            ks.setKeyEntry(SERVER, pair.getPrivate(), STORE_PWD.toCharArray(), new Certificate[] { cert });
            ks.store(fos, STORE_PWD.toCharArray());
        } finally {
            if (addBc) {
                Security.removeProvider("BC");
            }
        }
    } catch (final Exception e) {
        Assert.fail(e.getMessage());
    }
    return keyStore;
}
Also used : KeyPair(java.security.KeyPair) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyStore(java.security.KeyStore) JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) InvocationTargetException(java.lang.reflect.InvocationTargetException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) FileOutputStream(java.io.FileOutputStream) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509v1CertificateBuilder(org.bouncycastle.cert.X509v1CertificateBuilder) JcaX509v1CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder) File(java.io.File) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Aggregations

File (java.io.File)2 FileOutputStream (java.io.FileOutputStream)2 KeyPair (java.security.KeyPair)2 KeyPairGenerator (java.security.KeyPairGenerator)2 KeyStore (java.security.KeyStore)2 X509Certificate (java.security.cert.X509Certificate)2 Date (java.util.Date)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 X509v1CertificateBuilder (org.bouncycastle.cert.X509v1CertificateBuilder)2 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)2 JcaX509v1CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder)2 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)2 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)2 IOException (java.io.IOException)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 URISyntaxException (java.net.URISyntaxException)1 KeyManagementException (java.security.KeyManagementException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Certificate (java.security.cert.Certificate)1