cryptoPrimitives = new CryptoPrimitives(); cryptoPrimitives.init(); } catch (Exception e) { throw new InvalidArgumentException(e); cryptoPrimitives.addCACertificatesToTrustStore(bis); try (BufferedInputStream bis = new BufferedInputStream( new ByteArrayInputStream(Files.readAllBytes(Paths.get(pem))))) { cryptoPrimitives.addCACertificatesToTrustStore(bis); .loadTrustMaterial(cryptoPrimitives.getTrustStore(), null) .build(); if (null != properties && "true".equals(properties.getProperty("allowAllHostNames"))) { AllHostsSSLSocketFactory msf = new AllHostsSSLSocketFactory(cryptoPrimitives.getTrustStore()); msf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); sf = msf;
private void addCACertificateToTrustStore(Certificate certificate) throws InvalidArgumentException, CryptoException { String alias; if (certificate instanceof X509Certificate) { alias = ((X509Certificate) certificate).getSerialNumber().toString(); } else { // not likely ... alias = Integer.toString(certificate.hashCode()); } addCACertificateToTrustStore(certificate, alias); }
cp = new CryptoPrimitives(); } catch (Exception e) { throw new RuntimeException(e); whatBytes = ckb; logger.trace("client TLS key bytes:" + Hex.encodeHexString(ckb)); PrivateKey clientKey = cp.bytesToPrivateKey(ckb); logger.trace("converted TLS key."); what = "certificate"; whatBytes = ccb; logger.trace("client TLS certificate bytes:" + Hex.encodeHexString(ccb)); X509Certificate[] clientCert = new X509Certificate[] {(X509Certificate) cp.bytesToCertificate(ccb)}; logger.trace("converted client TLS certificate.");
@Override public void loadCACertificatesAsBytes(Collection<byte[]> certificatesBytes) throws CryptoException { if (certificatesBytes == null || certificatesBytes.size() == 0) { throw new CryptoException("List of CA certificates is empty. Nothing to load."); } ArrayList<Certificate> certList = new ArrayList<>(); for (byte[] certBytes : certificatesBytes) { certList.add(bytesToCertificate(certBytes)); } loadCACertificates(certList); }
@Override public CryptoSuite getCryptoSuite(Properties properties) throws CryptoException, InvalidArgumentException { CryptoSuite ret = cache.get(properties); if (ret == null) { try { CryptoPrimitives cp = new CryptoPrimitives(); cp.setProperties(properties); cp.init(); ret = cp; } catch (Exception e) { throw new CryptoException(e.getMessage(), e); } cache.put(properties, ret); } return ret; }
byte[] signature = sig.sign(); BigInteger[] sigs = decodeECDSASignature(signature); sigs = preventMalleability(sigs, curveN);
@Override public KeyPair keyGen() throws CryptoException { return ecdsaKeyGen(); }
/** * getTrustStore returns the KeyStore object where we keep trusted certificates. * If no trust store has been set, this method will create one. * * @return the trust store as a java.security.KeyStore object * @throws CryptoException * @see KeyStore */ public KeyStore getTrustStore() throws CryptoException { if (trustStore == null) { createTrustStore(); } return trustStore; }
/** * generateCertificationRequest * * @param subject The subject to be added to the certificate * @param pair Public private key pair * @return PKCS10CertificationRequest Certificate Signing Request. * @throws OperatorCreationException */ public String generateCertificationRequest(String subject, KeyPair pair) throws InvalidArgumentException { try { PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal("CN=" + subject), pair.getPublic()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withECDSA"); if (null != SECURITY_PROVIDER) { csBuilder.setProvider(SECURITY_PROVIDER); } ContentSigner signer = csBuilder.build(pair.getPrivate()); return certificationRequestToPEM(p10Builder.build(signer)); } catch (Exception e) { logger.error(e); throw new InvalidArgumentException(e); } }
byte[] der = cp.certificateToDER(cert); if (null != der && der.length > 0) {
@Override public CryptoSuite getCryptoSuite(Properties properties) throws CryptoException, InvalidArgumentException { CryptoSuite ret = cache.get(properties); if (ret == null) { try { CryptoPrimitives cp = new CryptoPrimitives(); cp.setProperties(properties); cp.init(); ret = cp; } catch (Exception e) { throw new CryptoException(e.getMessage(), e); } cache.put(properties, ret); } return ret; }
@Override public void loadCACertificatesAsBytes(Collection<byte[]> certificatesBytes) throws CryptoException { if (certificatesBytes == null || certificatesBytes.size() == 0) { throw new CryptoException("List of CA certificates is empty. Nothing to load."); } ArrayList<Certificate> certList = new ArrayList<>(); for (byte[] certBytes : certificatesBytes) { certList.add(bytesToCertificate(certBytes)); } loadCACertificates(certList); }
/** * Sign data with the specified elliptic curve private key. * * @param privateKey elliptic curve private key. * @param data data to sign * @return the signed data. * @throws CryptoException */ private byte[] ecdsaSignToBytes(ECPrivateKey privateKey, byte[] data) throws CryptoException { try { X9ECParameters params = ECNamedCurveTable.getByName(curveName); BigInteger curveN = params.getN(); Signature sig = SECURITY_PROVIDER == null ? Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM, SECURITY_PROVIDER); sig.initSign(privateKey); sig.update(data); byte[] signature = sig.sign(); BigInteger[] sigs = decodeECDSASignature(signature); sigs = preventMalleability(sigs, curveN); try (ByteArrayOutputStream s = new ByteArrayOutputStream()) { DERSequenceGenerator seq = new DERSequenceGenerator(s); seq.addObject(new ASN1Integer(sigs[0])); seq.addObject(new ASN1Integer(sigs[1])); seq.close(); return s.toByteArray(); } } catch (Exception e) { throw new CryptoException("Could not sign the message using private key", e); } }
@Override public KeyPair keyGen() throws CryptoException { return ecdsaKeyGen(); }
/** * getTrustStore returns the KeyStore object where we keep trusted certificates. * If no trust store has been set, this method will create one. * * @return the trust store as a java.security.KeyStore object * @throws CryptoException * @see KeyStore */ public KeyStore getTrustStore() throws CryptoException { if (trustStore == null) { createTrustStore(); } return trustStore; }
/** * generateCertificationRequest * * @param subject The subject to be added to the certificate * @param pair Public private key pair * @return PKCS10CertificationRequest Certificate Signing Request. * @throws OperatorCreationException */ public String generateCertificationRequest(String subject, KeyPair pair) throws InvalidArgumentException { try { PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder( new X500Principal("CN=" + subject), pair.getPublic()); JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withECDSA"); if (null != SECURITY_PROVIDER) { csBuilder.setProvider(SECURITY_PROVIDER); } ContentSigner signer = csBuilder.build(pair.getPrivate()); return certificationRequestToPEM(p10Builder.build(signer)); } catch (Exception e) { logger.error(e); throw new InvalidArgumentException(e); } }
byte[] der = cp.certificateToDER(cert); if (null != der && der.length > 0) {
cryptoPrimitives = new CryptoPrimitives(); cryptoPrimitives.init(); } catch (Exception e) { throw new InvalidArgumentException(e); cryptoPrimitives.addCACertificatesToTrustStore(bis); try (BufferedInputStream bis = new BufferedInputStream( new ByteArrayInputStream(Files.readAllBytes(Paths.get(pem))))) { cryptoPrimitives.addCACertificatesToTrustStore(bis); .loadTrustMaterial(cryptoPrimitives.getTrustStore(), null) .build(); if (null != properties && "true".equals(properties.getProperty("allowAllHostNames"))) { AllHostsSSLSocketFactory msf = new AllHostsSSLSocketFactory(cryptoPrimitives.getTrustStore()); msf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); sf = msf;
CryptoPrimitives cp; try { cp = new CryptoPrimitives(); } catch (Exception e) { throw new RuntimeException(e); if (cn == null) { X500Name x500name = new JcaX509CertificateHolder( (X509Certificate) cp.bytesToCertificate(pemBytes)).getSubject(); RDN rdn = x500name.getRDNs(BCStyle.CN)[0]; cn = IETFUtils.valueToString(rdn.getFirst().getValue()); whatBytes = ckb; logger.trace("client TLS key bytes:" + Hex.encodeHexString(ckb)); clientKey = cp.bytesToPrivateKey(ckb); logger.trace("converted TLS key."); what = "certificate"; whatBytes = ccb; logger.trace("client TLS certificate bytes:" + Hex.encodeHexString(ccb)); clientCert = new X509Certificate[] {(X509Certificate) cp.bytesToCertificate(ccb)}; logger.trace("converted client TLS certificate.");
@Override public CryptoSuite getCryptoSuite(Properties properties) throws CryptoException, InvalidArgumentException { CryptoSuite ret = cache.get(properties); if (ret == null) { try { CryptoPrimitives cp = new CryptoPrimitives(); cp.setProperties(properties); cp.init(); ret = cp; } catch (Exception e) { throw new CryptoException(e.getMessage(), e); } cache.put(properties, ret); } return ret; }