Examples with BouncyCastleProvider org.bouncycastle.jce.provider.BouncyCastleProvider used on opensource projects

Search in sources :

Example 26 with BouncyCastleProvider

use of org.bouncycastle.jce.provider.BouncyCastleProvider in project keywhiz by square.

the class CryptoFixtures method contentCryptographer.

/** @return a content cryptographer initialized with the testing derivation key. */
public static ContentCryptographer contentCryptographer() {
    if (cryptographer != null) {
        return cryptographer;
    }
    Provider provider = new BouncyCastleProvider();
    if (Security.getProvider(provider.getName()) == null) {
        Security.addProvider(provider);
    }
    SecretKey baseKey;
    char[] password = "CHANGE".toCharArray();
    try (InputStream in = Resources.getResource("derivation.jceks").openStream()) {
        KeyStore keyStore = KeyStore.getInstance("JCEKS");
        keyStore.load(in, password);
        baseKey = (SecretKey) keyStore.getKey("basekey", password);
    } catch (CertificateException | UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException | IOException e) {
        throw Throwables.propagate(e);
    }
    cryptographer = new ContentCryptographer(baseKey, provider, provider, FakeRandom.create());
    return cryptographer;
}
Also used : InputStream(java.io.InputStream) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) Provider(java.security.Provider) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) SecretKey(javax.crypto.SecretKey) UnrecoverableKeyException(java.security.UnrecoverableKeyException) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 27 with BouncyCastleProvider

use of org.bouncycastle.jce.provider.BouncyCastleProvider in project wildfly by wildfly.

the class LdapExtLDAPServerSetupTask method setup.

/**
     * Creates directory services, starts LDAP server and KDCServer
     *
     * @param managementClient
     * @param containerId
     * @throws Exception
     * @see org.jboss.as.arquillian.api.ServerSetupTask#setup(org.jboss.as.arquillian.container.ManagementClient,
     * java.lang.String)
     */
public void setup(ManagementClient managementClient, String containerId) throws Exception {
    try {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
            removeBouncyCastle = true;
        }
    } catch (SecurityException ex) {
        LOGGER.warn("Cannot register BouncyCastleProvider", ex);
    }
    final String hostname = Utils.getSecondaryTestAddress(managementClient, false);
    createLdap1(hostname);
    createLdap2(hostname);
}
Also used : BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 28 with BouncyCastleProvider

use of org.bouncycastle.jce.provider.BouncyCastleProvider in project zaproxy by zaproxy.

the class SslCertificateUtils method createRootCA.

/**
	 * Creates a new Root CA certificate and returns private and public key as
	 * {@link KeyStore}. The {@link KeyStore#getDefaultType()} is used.
	 *
	 * @return
	 * @throws NoSuchAlgorithmException If no providers are found
	 * for 'RSA' key pair generator
	 * or 'SHA1PRNG' Secure random number generator
	 * @throws IllegalStateException in case of errors during assembling {@link KeyStore}
	 */
public static final KeyStore createRootCA() throws NoSuchAlgorithmException {
    final Date startDate = Calendar.getInstance().getTime();
    final Date expireDate = new Date(startDate.getTime() + (DEFAULT_VALID_DAYS * 24L * 60L * 60L * 1000L));
    final KeyPairGenerator g = KeyPairGenerator.getInstance("RSA");
    g.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
    final KeyPair keypair = g.genKeyPair();
    final PrivateKey privKey = keypair.getPrivate();
    final PublicKey pubKey = keypair.getPublic();
    Security.addProvider(new BouncyCastleProvider());
    Random rnd = new Random();
    // using the hash code of the user's name and home path, keeps anonymity
    // but also gives user a chance to distinguish between each other
    X500NameBuilder namebld = new X500NameBuilder(BCStyle.INSTANCE);
    namebld.addRDN(BCStyle.CN, "OWASP Zed Attack Proxy Root CA");
    namebld.addRDN(BCStyle.L, Integer.toHexString(System.getProperty("user.name").hashCode()) + Integer.toHexString(System.getProperty("user.home").hashCode()));
    namebld.addRDN(BCStyle.O, "OWASP Root CA");
    namebld.addRDN(BCStyle.OU, "OWASP ZAP Root CA");
    namebld.addRDN(BCStyle.C, "xx");
    X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(namebld.build(), BigInteger.valueOf(rnd.nextInt()), startDate, expireDate, namebld.build(), pubKey);
    KeyStore ks = null;
    try {
        certGen.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(pubKey.getEncoded()));
        certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        certGen.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign));
        KeyPurposeId[] eku = { KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth, KeyPurposeId.anyExtendedKeyUsage };
        certGen.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(eku));
        final ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(privKey);
        final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
        ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(null, null);
        ks.setKeyEntry(SslCertificateService.ZAPROXY_JKS_ALIAS, privKey, SslCertificateService.PASSPHRASE, new Certificate[] { cert });
    } catch (final Exception e) {
        throw new IllegalStateException("Errors during assembling root CA.", e);
    }
    return ks;
}
Also used : KeyPair(java.security.KeyPair) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) KeyPurposeId(org.bouncycastle.asn1.x509.KeyPurposeId) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) KeyPairGenerator(java.security.KeyPairGenerator) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) KeyStore(java.security.KeyStore) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Random(java.util.Random) SecureRandom(java.security.SecureRandom) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 29 with BouncyCastleProvider

use of org.bouncycastle.jce.provider.BouncyCastleProvider in project oxTrust by GluuFederation.

the class ManageCertificateAction method generateCSR.

public String generateCSR(String fileName) throws IOException {
    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
        Security.addProvider(new BouncyCastleProvider());
    }
    KeyPair pair = getKeyPair(fileName);
    boolean result = false;
    if (pair != null) {
        String url = appConfiguration.getIdpUrl().replaceFirst(".*//", "");
        String csrPrincipal = String.format("CN=%s", url);
        X500Principal principal = new X500Principal(csrPrincipal);
        PKCS10CertificationRequest csr = null;
        try {
            csr = new PKCS10CertificationRequest("SHA1withRSA", principal, pair.getPublic(), null, pair.getPrivate());
        } catch (GeneralSecurityException e) {
            log.error(e.getMessage(), e);
            return OxTrustConstants.RESULT_FAILURE;
        }
        // Form download responce
        StringBuilder response = new StringBuilder();
        response.append(BEGIN_CERT_REQ + "\n");
        response.append(WordUtils.wrap(new String(Base64.encode(csr.getEncoded(ASN1Encoding.DER))), 64, "\n", true) + "\n");
        response.append(END_CERT_REQ + "\n");
        FacesContext facesContext = FacesContext.getCurrentInstance();
        result = ResponseHelper.downloadFile("csr.pem", OxTrustConstants.CONTENT_TYPE_TEXT_PLAIN, response.toString().getBytes(), facesContext);
    }
    return result ? OxTrustConstants.RESULT_SUCCESS : OxTrustConstants.RESULT_FAILURE;
}
Also used : PKCS10CertificationRequest(org.bouncycastle.jce.PKCS10CertificationRequest) FacesContext(javax.faces.context.FacesContext) KeyPair(java.security.KeyPair) GeneralSecurityException(java.security.GeneralSecurityException) X500Principal(javax.security.auth.x500.X500Principal) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 30 with BouncyCastleProvider

use of org.bouncycastle.jce.provider.BouncyCastleProvider in project cloudstack by apache.

the class SAMLUtils method generateRandomKeyPair.

public static KeyPair generateRandomKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException {
    Security.addProvider(new BouncyCastleProvider());
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
    keyPairGenerator.initialize(4096, new SecureRandom());
    return keyPairGenerator.generateKeyPair();
}
Also used : SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Aggregations

BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)34 IOException (java.io.IOException)12 KeyPair (java.security.KeyPair)9 X509Certificate (java.security.cert.X509Certificate)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 KeyPairGenerator (java.security.KeyPairGenerator)6 KeyStore (java.security.KeyStore)6 SecureRandom (java.security.SecureRandom)5 Date (java.util.Date)5 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)5 File (java.io.File)4 FileOutputStream (java.io.FileOutputStream)4 SecretKey (javax.crypto.SecretKey)4 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)4 Before (org.junit.Before)4 KeyStoreException (java.security.KeyStoreException)3 NoSuchProviderException (java.security.NoSuchProviderException)3 CertificateException (java.security.cert.CertificateException)3 X500Name (org.bouncycastle.asn1.x500.X500Name)3 Test (org.junit.Test)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial