Search in sources :

Example 1 with JcePKCSPBEOutputEncryptorBuilder

use of org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder in project vcert-java by Venafi.

the class PEMCollection method toPkcs12.

public byte[] toPkcs12(String password) throws PKCSException {
    try {
        SubjectKeyIdentifier pubKeyId = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(certificate.getPublicKey());
        OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes128_CBC).setProvider("BC").build(password.toCharArray());
        ArrayList<PKCS12SafeBag> safeBags = new ArrayList<>();
        safeBags.ensureCapacity(chain.size() + 2);
        safeBags.add(new JcaPKCS12SafeBagBuilder((X509Certificate) certificate).addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId).build());
        for (Certificate intermediateCert : chain) {
            safeBags.add(new JcaPKCS12SafeBagBuilder((X509Certificate) intermediateCert).build());
        }
        safeBags.add(new JcaPKCS12SafeBagBuilder(privateKey, encOut).addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId).build());
        PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder();
        builder.addEncryptedData(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC).setProvider("BC").build(password.toCharArray()), safeBags.toArray(new PKCS12SafeBag[] {}));
        PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), password.toCharArray());
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        out.write(pfx.getEncoded(ASN1Encoding.DL));
        out.close();
        return out.toByteArray();
    } catch (IOException | NoSuchAlgorithmException | OperatorCreationException e) {
        throw new RuntimeException(e);
    }
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) ArrayList(java.util.ArrayList) JcePKCSPBEOutputEncryptorBuilder(org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder) SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) JcePKCS12MacCalculatorBuilder(org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilder) PKCS12SafeBag(org.bouncycastle.pkcs.PKCS12SafeBag) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu) OutputEncryptor(org.bouncycastle.operator.OutputEncryptor) JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) PKCS12PfxPduBuilder(org.bouncycastle.pkcs.PKCS12PfxPduBuilder)

Example 2 with JcePKCSPBEOutputEncryptorBuilder

use of org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder in project snowflake-kafka-connector by snowflakedb.

the class FIPSTest method generateAESKey.

public static String generateAESKey(PrivateKey key, char[] passwd) throws IOException, OperatorCreationException {
    Security.addProvider(new BouncyCastleFipsProvider());
    StringWriter writer = new StringWriter();
    JcaPEMWriter pemWriter = new JcaPEMWriter(writer);
    PKCS8EncryptedPrivateKeyInfoBuilder pkcs8EncryptedPrivateKeyInfoBuilder = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(key);
    pemWriter.writeObject(pkcs8EncryptedPrivateKeyInfoBuilder.build(new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC).setProvider("BCFIPS").build(passwd)));
    pemWriter.close();
    return writer.toString();
}
Also used : StringWriter(java.io.StringWriter) BouncyCastleFipsProvider(org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider) JcaPKCS8EncryptedPrivateKeyInfoBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS8EncryptedPrivateKeyInfoBuilder) PKCS8EncryptedPrivateKeyInfoBuilder(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder) JcePKCSPBEOutputEncryptorBuilder(org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder) JcaPKCS8EncryptedPrivateKeyInfoBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS8EncryptedPrivateKeyInfoBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)

Aggregations

JcePKCSPBEOutputEncryptorBuilder (org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 StringWriter (java.io.StringWriter)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Certificate (java.security.cert.Certificate)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)1 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)1 BouncyCastleFipsProvider (org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider)1 JcaPEMWriter (org.bouncycastle.openssl.jcajce.JcaPEMWriter)1 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1 OutputEncryptor (org.bouncycastle.operator.OutputEncryptor)1 PKCS12PfxPdu (org.bouncycastle.pkcs.PKCS12PfxPdu)1 PKCS12PfxPduBuilder (org.bouncycastle.pkcs.PKCS12PfxPduBuilder)1 PKCS12SafeBag (org.bouncycastle.pkcs.PKCS12SafeBag)1 PKCS8EncryptedPrivateKeyInfoBuilder (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder)1 JcaPKCS12SafeBagBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)1 JcaPKCS8EncryptedPrivateKeyInfoBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS8EncryptedPrivateKeyInfoBuilder)1