throw new Exception("Could not find keystore"); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray()); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyStore keystore = KeyStore.getInstance("JKS"); InputStream is = new FileInputStream(PATH_TO_KEYSTORE); keystore.load(is, KEYSTORE_PASSWORD.toCharArray()); return keystore; Security.addProvider(new BouncyCastleProvider()); Certificate[] certchain = (Certificate[]) keystore.getCertificateChain(KEY_ALIAS_IN_KEYSTORE);
String toVerify = "A1005056807CE11EE2B4CE0025305725CFrCN%3DKED,OU%3DI0020266601,OU%3DSAPWebAS,O%3DSAPTrustCommunity,C%3DDE20130611102236"; String signed = "MIIBUQYJKoZIhvcNAQcCoIIBQjCCAT4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR0wggEZAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjY2NjAxMQwwCgYDVQQDEwNLRUQCByASEgITMlYwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMTA4MjM1MVowIwYJKoZIhvcNAQkEMRYEFGy7jXb/pUqMYdk2dss2Qe6hNroaMAkGByqGSM44BAMELjAsAhRMJ+t5/3RxQAsHKnIoPY4BnO0qCAIUAbKRwWNjOYsewB56zoZqnZwRyWw="; byte[] signedByte = Base64.decode(signed); Security.addProvider(new BouncyCastleProvider()); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(toVerify.getBytes()), signedByte); SignerInformationStore signers = s.getSignerInfos(); SignerInformation signerInfo = (SignerInformation)signers.getSigners().iterator().next(); FileInputStream fis = new FileInputStream("c:\\sap.cer"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificates(fis).iterator().next(); boolean result = signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SUN").build(cert.getPublicKey())); System.out.println("Verified: "+result);
@Override public void applyTo(HttpClientConfig.Builder builder) { if (java.security.Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); } try ( FileInputStream clientCert = new FileInputStream(new File(clientCertPath)); FileInputStream key = new FileInputStream(new File(keyPath)); FileInputStream certificateAuthoritiies = new FileInputStream(new File(caPath)) ) { KeyStore keyStore = PemReader.loadKeyStore(clientCert, key, Optional.ofNullable(keyPassphrase)); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPassphrase.toCharArray()); KeyStore trustStore = PemReader.loadTrustStore(certificateAuthoritiies); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); // TODO: add support for hostname verification modes builder.sslSocketFactory(new SSLConnectionSocketFactory(sslContext)); builder.httpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier())); } catch (IOException | GeneralSecurityException e) { throw new ConfigurationException(configExceptionMessage, e); } }
Security.addProvider(new BouncyCastleProvider()); SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore)null); //this is where you would add the truststore KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); //spongyCastle library keyStore.load(new FileInputStream("D:\\Documents\\VISA Direct Api\\cabcentralcert.p12"), "cabcentral".toCharArray()); //inputStream to PKCS12 keyManagerFactory.init(keyStore, "cabcentral".toCharArray()); //TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); TrustManager[] trustAllCertManagers = { new X509TrustManager() { // this is vulnerable to MITM attack @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}; sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCertManagers, new SecureRandom()); URL url = new URL(strUrl); HttpsURLConnection httpsUrlConnection = (HttpsURLConnection) url.openConnection(); httpsUrlConnection.setSSLSocketFactory(sslContext.getSocketFactory()); System.out.println("Response Code : " + httpsUrlConnection.getResponseCode()); System.out.println("Cipher Suite : " + httpsUrlConnection.getCipherSuite());
public static void main(String[] args) throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(dataPath + "/liumapp.keystore"), "111111".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey pk = (PrivateKey)ks.getKey(alias, "111111".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); BouncyCastleProvider provider = new BouncyCastleProvider(); Security.addProvider(provider); appearance.setImageScale((float) ((1)/img.getWidth())); PrivateKeySignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256, provider.getName()); ExternalDigest digest = new BouncyCastleDigest(); MakeSignature.signDetached(appearance, digest, pks, chain, null, null, null, 0, MakeSignature.CryptoStandard.CMS);
public static void sign() throws Exception { BouncyCastleProvider provider = new BouncyCastleProvider(); Security.addProvider(provider); KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(new FileInputStream(cert_path), cert_pwd.toCharArray()); String alias = (String) ks.aliases().nextElement(); // PrivateKey pk = (PrivateKey) ks.getKey(alias, cert_pwd.toCharArray()); // KeyStore ks = KeyStore.getInstance("PKCS12"); // ks.load(new FileInputStream(cert_path), cert_pwd.toCharArray()); PkxSign sign = new PkxSign(); PrivateKey pk = sign.GetPvkformPfx(cert_path, cert_pwd); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader(source_pdf); FileOutputStream os = new FileOutputStream(output_pdf); PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.getSignatureAppearance(); appearance.setReason("digtal signature"); appearance.setLocation("FuZhou"); appearance.setVisibleSignature(new Rectangle(0, 300, 300, 109), 1, "sig"); // Creating the signature // ExternalSignature pks = new PrivateKeySignature(pk, DigestAlgorithms.SHA256, provider.getName()); // ExternalDigest digest = new BouncyCastleDigest(); // MakeSignature.signDetached(appearance, digest, pks, chain, null, null, null, 0, CryptoStandard.CMS); }
CertificateFactory cf = CertificateFactory.getInstance("X509", new BouncyCastleProvider()); Certificate yourCert = cf.generateCertificate(new FileInputStream("C:/your_certificate_path")); KeyStore ks = KeyStore.getInstance("PKCS12", new BouncyCastleProvider()); ks.load(null, null); ks.setKeyEntry(alias, privatekey, null, certChain);
Security.addProvider(new BouncyCastleProvider()); SecretKeySpec aesKey = new SecretKeySpec(DigestUtils.md5Hex(key).toLowerCase().getBytes(), ALGORITHM); Cipher cipher = null; try { cipher = Cipher.getInstance(ALGORITHM_MODE_PADDING); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); cipher.init(Cipher.DECRYPT_MODE, aesKey); } catch (InvalidKeyException e) { e.printStackTrace(); return new String(cipher.doFinal(Base64.getDecoder().decode(data))); } catch (IllegalBlockSizeException e) { e.printStackTrace();
@Before public void setUp() throws Exception { File file = new File("./","/src/test/res/moby_dick.txt"); FileInputStream fis = new FileInputStream(file); testText = IOUtils.toString(fis); // specify bouncyCastle provider for unit test runtime AESEncryptDecrypt.setProvider(new BouncyCastleProvider(), "BC"); }
Security.addProvider(new BouncyCastleProvider()); signature.initSign(keyPair.getPrivate()); signature.update(message.getBytes()); byte [] signatureBytes = signature.sign(); verifier.initVerify(keyPair.getPublic()); verifier.update(message.getBytes()); if (verifier.verify(signatureBytes)) {
Security.addProvider(new BouncyCastleProvider()); PrivateKey key = (PrivateKey)reader.readObject(); KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null); keystore.setCertificateEntry("cert-alias", cert); keystore.setKeyEntry("key-alias", key, "changeit".toCharArray(), new Certificate[] {cert});
Security.addProvider(new BouncyCastleProvider()); keyPairGenerator.initialize(1024, new SecureRandom()); certGen.setPublicKey(keyPair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC"); KeyStore clientKeystore = KeyStore.getInstance("PKCS12", "BC"); clientKeystore.load(null, null); clientKeystore.setKeyEntry("mkey", keyPair.getPrivate(), null, new X509Certificate[] { cert }); clientKeystore.store(new FileOutputStream("admin.pkcs"), "pass".toCharArray());
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECIES"); ECGenParameterSpec brainpoolP256R1 = new ECGenParameterSpec( "brainpoolP256R1"); kpg.initialize(brainpoolP256R1); KeyPair kp = kpg.generateKeyPair(); Cipher c = Cipher.getInstance("ECIES"); c.init(Cipher.ENCRYPT_MODE, kp.getPublic()); final byte[] aesKeyData = new byte[16]; SecureRandom rng = new SecureRandom(); rng.nextBytes(aesKeyData); byte[] wrappedKey = c.doFinal(aesKeyData); SecretKey aesKey = new SecretKeySpec(aesKeyData, "AES"); Arrays.fill(aesKeyData, (byte) 0); }
Security.addProvider(new BouncyCastleProvider()); contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(rootKeyPair.getPrivate()); rootCertificate = createSelfSignedCertifcate(rootKeyPair); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, PASSWORD); trustStore.setCertificateEntry(rootCertificate.getSubjectDN().toString(), rootCertificate); FileOutputStream outputStream = new FileOutputStream(truststorePath); X509Certificate validCertificate = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(), HOSTNAME, "127.0.0.1", null, null); writeKeystore(validCertificate, defaultKeyPair, validKeystorePath);
/** * 用公钥加密 * * @param data * 待加密数据 * @param key * 公钥 * * @return byte[] 加密数据 * * @throws Exception */ public static byte[] encryptByPublicKey(byte[] data, byte[] key) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { // 加入BouncyCastleProvider支持 Security.addProvider(new BouncyCastleProvider()); // 公钥材料转换 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(key); // 实例化密钥工厂 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 生成公钥 Key publicKey = keyFactory.generatePublic(x509KeySpec); // 对数据加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data); }
/** * 用私钥解密 * * @param data * 待解密数据 * @param key * 私钥 * * @return byte[] 解密数据 * * @throws Exception */ public static byte[] decryptByPrivateKey(byte[] data, byte[] key) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { // 加入BouncyCastleProvider支持 Security.addProvider(new BouncyCastleProvider()); // 私钥材料转换 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(key); // 实例化密钥工厂 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 生成私钥 Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); // 对数据解密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); }
Security.addProvider(new BouncyCastleProvider()); KeyStore ks = KeyStore.getInstance(PKCS_KEYSTORE_TYPE, BOUNCY_CASTLE_PROVIDER); try { ks.load(publicKeystoreInputStream, smimePw); } finally { publicKeystoreInputStream.close(); Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement();
Security.addProvider(new BouncyCastleProvider()); PEMParser reader = new PEMParser(new StringReader(key)); PemObject obj = reader.readPemObject(); org.bouncycastle.asn1.pkcs.RSAPublicKey rsaPublicKey = org.bouncycastle.asn1.pkcs.RSAPublicKey.getInstance(obj.getContent()); BigInteger modulus = rsaPublicKey.getModulus(); BigInteger publicExponent = rsaPublicKey.getPublicExponent(); KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC"); RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(modulus, publicExponent); PublicKey pubKey = keyFactory.generatePublic(pubKeySpec); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");//This line should use right padding.For PKCS#1 format RSA key , it should be this. cipher.init(Cipher.ENCRYPT_MODE, pubKey); return cipher.doFinal(data);
Security.addProvider(new BouncyCastleProvider()); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PublicKey pubKey = keyFactory.generatePublic(keySpec);