]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.security.core/src/org/argeo/security/crypto/PkiUtils.java
projects / lgpl / argeo-commons.git / blob


ed6640f36993ef06ddff5049d1c886ba782906d7
[lgpl/argeo-commons.git] / org.argeo.security.core / src / org / argeo / security / crypto / PkiUtils.java
1 package org.argeo.security.crypto;
2
3 import java.io.File;
4 import java.io.FileInputStream;
5 import java.io.FileOutputStream;
6 import java.math.BigInteger;
7 import java.security.KeyPair;
8 import java.security.KeyPairGenerator;
9 import java.security.KeyStore;
10 import java.security.SecureRandom;
11 import java.security.Security;
12 import java.security.cert.Certificate;
13 import java.security.cert.X509Certificate;
14 import java.util.Date;
15
16 import javax.security.auth.x500.X500Principal;
17
18 import org.argeo.ArgeoException;
19 import org.bouncycastle.cert.X509v3CertificateBuilder;
20 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
21 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
22 import org.bouncycastle.jce.provider.BouncyCastleProvider;
23 import org.bouncycastle.operator.ContentSigner;
24 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
25
26 /**
27 * Utilities around private keys and certificate, mostly wrapping BouncyCastle
28 * implementations.
29 */
30 public class PkiUtils {
31 private final static String SECURITY_PROVIDER;
32 static {
33 Security.addProvider(new BouncyCastleProvider());
34 SECURITY_PROVIDER = "BC";
35 }
36
37 public static X509Certificate generateSelfSignedCertificate(
38 KeyStore keyStore, X500Principal x500Principal, char[] keyPassword) {
39 try {
40 KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
41 SECURITY_PROVIDER);
42 kpGen.initialize(1024, new SecureRandom());
43 KeyPair pair = kpGen.generateKeyPair();
44 Date notBefore = new Date(System.currentTimeMillis() - 10000);
45 Date notAfter = new Date(
46 System.currentTimeMillis() + 24L * 3600 * 1000);
47 BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
48 X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
49 x500Principal, serial, notBefore, notAfter, x500Principal,
50 pair.getPublic());
51 ContentSigner sigGen = new JcaContentSignerBuilder(
52 "SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER)
53 .build(pair.getPrivate());
54 X509Certificate cert = new JcaX509CertificateConverter()
55 .setProvider(SECURITY_PROVIDER).getCertificate(
56 certGen.build(sigGen));
57 cert.checkValidity(new Date());
58 cert.verify(cert.getPublicKey());
59
60 keyStore.setKeyEntry(x500Principal.getName(), pair.getPrivate(),
61 keyPassword, new Certificate[] { cert });
62 return cert;
63 } catch (Exception e) {
64 throw new ArgeoException("Cannot generate self-signed certificate",
65 e);
66 }
67 }
68
69 public static KeyStore getKeyStore(File keyStoreFile,
70 char[] keyStorePassword) {
71 try {
72 KeyStore store = KeyStore.getInstance("PKCS12", SECURITY_PROVIDER);
73 if (keyStoreFile.exists()) {
74 try (FileInputStream fis = new FileInputStream(keyStoreFile)) {
75 store.load(fis, keyStorePassword);
76 }
77 } else {
78 store.load(null);
79 }
80 return store;
81 } catch (Exception e) {
82 throw new ArgeoException("Cannot load keystore " + keyStoreFile, e);
83 }
84 }
85
86 public static void saveKeyStore(File keyStoreFile, char[] keyStorePassword,
87 KeyStore keyStore) {
88 try {
89 try (FileOutputStream fis = new FileOutputStream(keyStoreFile)) {
90 keyStore.store(fis, keyStorePassword);
91 }
92 } catch (Exception e) {
93 throw new ArgeoException("Cannot save keystore " + keyStoreFile, e);
94 }
95 }
96
97 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi