]> git.argeo.org Git - lgpl/argeo-commons.git/blob - PkiUtils.java
projects / lgpl / argeo-commons.git / blob


f66d3f99cf9ca9f42cb37d0e975c81accb280c18
[lgpl/argeo-commons.git] / PkiUtils.java
1 package org.argeo.security.crypto;
2
3 import java.io.File;
4 import java.io.FileInputStream;
5 import java.io.FileOutputStream;
6 import java.math.BigInteger;
7 import java.security.KeyPair;
8 import java.security.KeyPairGenerator;
9 import java.security.KeyStore;
10 import java.security.SecureRandom;
11 import java.security.cert.Certificate;
12 import java.security.cert.X509Certificate;
13 import java.util.Date;
14
15 import javax.security.auth.x500.X500Principal;
16
17 import org.argeo.ArgeoException;
18 import org.bouncycastle.cert.X509v3CertificateBuilder;
19 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
20 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
21 import org.bouncycastle.operator.ContentSigner;
22 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
23
24 /**
25 * Utilities around private keys and certificate, mostly wrapping BouncyCastle
26 * implementations.
27 */
28 public class PkiUtils {
29 private final static String SECURITY_PROVIDER;
30 static {
31 // Security.addProvider(new BouncyCastleProvider());
32 SECURITY_PROVIDER = "BC";
33 }
34
35 public static X509Certificate generateSelfSignedCertificate(
36 KeyStore keyStore, X500Principal x500Principal, char[] keyPassword) {
37 try {
38 KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
39 SECURITY_PROVIDER);
40 kpGen.initialize(1024, new SecureRandom());
41 KeyPair pair = kpGen.generateKeyPair();
42 Date notBefore = new Date(System.currentTimeMillis() - 10000);
43 Date notAfter = new Date(
44 System.currentTimeMillis() + 24L * 3600 * 1000);
45 BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
46 X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
47 x500Principal, serial, notBefore, notAfter, x500Principal,
48 pair.getPublic());
49 ContentSigner sigGen = new JcaContentSignerBuilder(
50 "SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER)
51 .build(pair.getPrivate());
52 X509Certificate cert = new JcaX509CertificateConverter()
53 .setProvider(SECURITY_PROVIDER).getCertificate(
54 certGen.build(sigGen));
55 cert.checkValidity(new Date());
56 cert.verify(cert.getPublicKey());
57
58 keyStore.setKeyEntry(x500Principal.getName(), pair.getPrivate(),
59 keyPassword, new Certificate[] { cert });
60 return cert;
61 } catch (Exception e) {
62 throw new ArgeoException("Cannot generate self-signed certificate",
63 e);
64 }
65 }
66
67 public static KeyStore getKeyStore(File keyStoreFile,
68 char[] keyStorePassword) {
69 try {
70 KeyStore store = KeyStore.getInstance("PKCS12", SECURITY_PROVIDER);
71 if (keyStoreFile.exists()) {
72 try (FileInputStream fis = new FileInputStream(keyStoreFile)) {
73 store.load(fis, keyStorePassword);
74 }
75 } else {
76 store.load(null);
77 }
78 return store;
79 } catch (Exception e) {
80 throw new ArgeoException("Cannot load keystore " + keyStoreFile, e);
81 }
82 }
83
84 public static void saveKeyStore(File keyStoreFile, char[] keyStorePassword,
85 KeyStore keyStore) {
86 try {
87 try (FileOutputStream fis = new FileOutputStream(keyStoreFile)) {
88 keyStore.store(fis, keyStorePassword);
89 }
90 } catch (Exception e) {
91 throw new ArgeoException("Cannot save keystore " + keyStoreFile, e);
92 }
93 }
94
95 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi