public X509CertificateGenerator() { Security.addProvider(new BouncyCastleProvider()); this.keyStoreManager = new KeyStoreManager(); }
@Override public Object run() { if(Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } return null; } });
public static boolean isConscryptPreferred() { // mainly to allow tests to run cleanly if ("conscrypt".equals(Util.getSystemProperty("okhttp.platform", null))) { return true; } // check if Provider manually installed String preferredProvider = Security.getProviders()[0].getName(); return "Conscrypt".equals(preferredProvider); }
@Override protected TTransportFactory getServerTransportFactory(boolean impersonationAllowed) throws IOException { //create an authentication callback handler CallbackHandler serverCallbackHandler = new SimpleSaslServerCallbackHandler(impersonationAllowed, (userName) -> Optional.of("password".toCharArray())); if (Security.getProvider(SaslPlainServer.SecurityProvider.SASL_PLAIN_SERVER) == null) { Security.addProvider(new SaslPlainServer.SecurityProvider()); } //create a transport factory that will invoke our auth callback for digest TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory(); factory.addServerDefinition(PLAIN, ClientAuthUtils.SERVICE, "localhost", null, serverCallbackHandler); LOG.error("SASL PLAIN transport factory will be used. This is totally insecure. Please do not use this."); return factory; }
public static void main(String[] args) throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(dataPath + "/liumapp.keystore"), "111111".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey pk = (PrivateKey)ks.getKey(alias, "111111".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); BouncyCastleProvider provider = new BouncyCastleProvider(); Security.addProvider(provider); FileOutputStream os = new FileOutputStream(tempPath); appearance.setImageScale((float) ((1)/img.getWidth())); PrivateKeySignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256, provider.getName()); ExternalDigest digest = new BouncyCastleDigest(); MakeSignature.signDetached(appearance, digest, pks, chain, null, null, null, 0, MakeSignature.CryptoStandard.CMS); reader.close(); os.close(); stamper.close();
OutputStream os = new FileOutputStream("c:\\temp\\sign\\test.pdf"); PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); Security.addProvider(new BouncyCastleProvider()); FileInputStream fis = new FileInputStream("c:\\ssl\\test.pfx"); String password = "myPassword"; KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(fis, password.toCharArray()); String alias = ks.aliases().nextElement(); PrivateKey pk = (PrivateKey) ks.getKey(alias, password.toCharArray());
public static void sign() throws Exception { BouncyCastleProvider provider = new BouncyCastleProvider(); Security.addProvider(provider); KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(new FileInputStream(cert_path), cert_pwd.toCharArray()); String alias = (String) ks.aliases().nextElement(); // PrivateKey pk = (PrivateKey) ks.getKey(alias, cert_pwd.toCharArray()); // KeyStore ks = KeyStore.getInstance("PKCS12"); // ks.load(new FileInputStream(cert_path), cert_pwd.toCharArray()); PkxSign sign = new PkxSign(); PrivateKey pk = sign.GetPvkformPfx(cert_path, cert_pwd); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader(source_pdf); FileOutputStream os = new FileOutputStream(output_pdf); PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.getSignatureAppearance(); appearance.setReason("digtal signature"); appearance.setLocation("FuZhou"); appearance.setVisibleSignature(new Rectangle(0, 300, 300, 109), 1, "sig"); // Creating the signature // ExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256, provider.getName()); // ExternalDigest digest = new BouncyCastleDigest(); // MakeSignature.signDetached(appearance, digest, pks, chain, null, null, null, 0, CryptoStandard.CMS); }
ByteArrayInputStream config = new ByteArrayInputStream(pkcs11Config.getBytes(StringUtils.UTF8)); Provider p = (Provider) c.newInstance(config); Security.addProvider(p); ks = KeyStore.getInstance("PKCS11",p); pcb = new PasswordCallback("PKCS11 Password: ",false); callbackHandler.handle(new Callback[] {pcb}); ks.load(null,pcb.getPassword()); ks = KeyStore.getInstance("KeychainStore","Apple"); ks.load(null,null); pcb = new PasswordCallback("Keystore Password: ", false); callbackHandler.handle(new Callback[] { pcb }); ks.load(new FileInputStream(keystorePath), pcb.getPassword()); final SecureRandom secureRandom = new java.security.SecureRandom(); X509TrustManager customTrustManager = config.getCustomX509TrustManager();
throw new Exception("Could not find keystore"); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray()); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
Security.addProvider(new BouncyCastleProvider()); contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(rootKeyPair.getPrivate()); rootCertificate = createSelfSignedCertifcate(rootKeyPair); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, PASSWORD); trustStore.setCertificateEntry(rootCertificate.getSubjectDN().toString(), rootCertificate); FileOutputStream outputStream = new FileOutputStream(truststorePath); trustStore.store(outputStream, PASSWORD); outputStream.flush(); outputStream.close(); X509Certificate validCertificate = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(), HOSTNAME, "127.0.0.1", null, null); writeKeystore(validCertificate, defaultKeyPair, validKeystorePath);
ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null,null); ks.store(new FileOutputStream(new File(getFilesDir(),"out.bks")),"password".toCharArray()); } catch (KeyStoreException e) { e.printStackTrace(); Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1);
String toVerify = "A1005056807CE11EE2B4CE0025305725CFrCN%3DKED,OU%3DI0020266601,OU%3DSAPWebAS,O%3DSAPTrustCommunity,C%3DDE20130611102236"; String signed = "MIIBUQYJKoZIhvcNAQcCoIIBQjCCAT4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR0wggEZAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjY2NjAxMQwwCgYDVQQDEwNLRUQCByASEgITMlYwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMTA4MjM1MVowIwYJKoZIhvcNAQkEMRYEFGy7jXb/pUqMYdk2dss2Qe6hNroaMAkGByqGSM44BAMELjAsAhRMJ+t5/3RxQAsHKnIoPY4BnO0qCAIUAbKRwWNjOYsewB56zoZqnZwRyWw="; byte[] signedByte = Base64.decode(signed); Security.addProvider(new BouncyCastleProvider()); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(toVerify.getBytes()), signedByte); SignerInformationStore signers = s.getSignerInfos(); SignerInformation signerInfo = (SignerInformation)signers.getSigners().iterator().next(); FileInputStream fis = new FileInputStream("c:\\sap.cer"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificates(fis).iterator().next(); boolean result = signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SUN").build(cert.getPublicKey())); System.out.println("Verified: "+result);
Security.addProvider(new BouncyCastleProvider()); keyPairGenerator.initialize(1024, new SecureRandom()); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); KeyStore clientKeystore = KeyStore.getInstance("PKCS12", "BC"); clientKeystore.load(null, null); clientKeystore.setKeyEntry("mkey", keyPair.getPrivate(), null, new X509Certificate[] { cert }); clientKeystore.store(new FileOutputStream("admin.pkcs"), "pass".toCharArray());
KeyStore keystore = KeyStore.getInstance("JKS"); InputStream is = new FileInputStream(PATH_TO_KEYSTORE); keystore.load(is, KEYSTORE_PASSWORD.toCharArray()); return keystore; Security.addProvider(new BouncyCastleProvider()); Certificate[] certchain = (Certificate[]) keystore.getCertificateChain(KEY_ALIAS_IN_KEYSTORE);
Security.addProvider( new org.bouncycastle.jce.provider.BouncyCastleProvider() ); issuer, serial, notBefore, notAfter, subject, keyPair.getPublic() ); org.bouncycastle.cert.X509CertificateHolder certificateHolder = certificateBuilder.build( new org.bouncycastle.operator.jcajce.JcaContentSignerBuilder( "GOST3411withECGOST3410" ) .build( keyPair.getPrivate() ) ); org.bouncycastle.cert.jcajce.JcaX509CertificateConverter certificateConverter = new org.bouncycastle.cert.jcajce.JcaX509CertificateConverter(); X509Certificate certificate = certificateConverter.getCertificate( certificateHolder ); KeyStore keyStore = KeyStore.getInstance( "JKS" ); keyStore.load( null, null ); // initialize new keystore keyStore.setEntry( "alias", new KeyStore.PrivateKeyEntry( keyPair.getPrivate(), new Certificate[] { certificate } ), new KeyStore.PasswordProtection( "entryPassword".toCharArray() ) ); keyStore.store( new FileOutputStream( "test.jks" ), "keystorePassword".toCharArray() );
java.security.provider hsm_provider = (java.security.provider)Class.forName("com.ncipher.provider.km.nCipherKM").newInstance(); java.security.Security.addProvider(hsm_provider); myKeyStore = KeyStore.getInstance(KeyStore.getDefaulttype,"nCipherKM"); myKeyStore .load(new FileInputStream(KeyStorePath),null);
Security.addProvider(new BouncyCastleProvider()); signature.initSign(keyPair.getPrivate()); signature.update(message.getBytes()); byte [] signatureBytes = signature.sign(); verifier.initVerify(keyPair.getPublic()); verifier.update(message.getBytes()); if (verifier.verify(signatureBytes)) {
Security.addProvider(new BouncyCastleProvider()); PrivateKey key = (PrivateKey)reader.readObject(); KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null); keystore.setCertificateEntry("cert-alias", cert); keystore.setKeyEntry("key-alias", key, "changeit".toCharArray(), new Certificate[] {cert});
private static KeyManagerFactory buildKmf(KeyConfig privateKeyConfig) throws IOException, GeneralSecurityException { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } byte[] passwordBytes = new byte[64]; RANDOM.nextBytes(passwordBytes); char[] password = Base64.getEncoder().encodeToString(passwordBytes).toCharArray(); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); ks.setKeyEntry("key", privateKeyConfig.privateKey().orElseThrow(() -> new RuntimeException("Private key not available")), password, privateKeyConfig.certChain().toArray(new Certificate[0])); KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, password); return kmf; }
/** * Taking in an input {@link OutputStream} and a passPhrase, return an {@link OutputStream} that can be used to output * encrypted output to the input {@link OutputStream}. * @param outputStream the output stream to hold the ciphertext {@link OutputStream} * @param passPhrase pass phrase * @param cipher the symmetric cipher to use for encryption. If null or empty then a default cipher is used. * @return {@link OutputStream} to write content to for encryption * @throws IOException */ public OutputStream encryptFile(OutputStream outputStream, String passPhrase, String cipher) throws IOException { try { if (Security.getProvider(PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator( new JcePGPDataEncryptorBuilder(symmetricKeyAlgorithmNameToTag(cipher)) .setSecureRandom(new SecureRandom()) .setProvider(PROVIDER_NAME)); cPk.addMethod(new JcePBEKeyEncryptionMethodGenerator(passPhrase.toCharArray()).setProvider(PROVIDER_NAME)); OutputStream cOut = cPk.open(outputStream, new byte[BUFFER_SIZE]); PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator(); OutputStream _literalOut = literalGen.open(cOut, PGPLiteralDataGenerator.BINARY, PAYLOAD_NAME, new Date(), new byte[BUFFER_SIZE]); return new ClosingWrapperOutputStream(_literalOut, cOut, outputStream); } catch (PGPException e) { throw new IOException(e); } }