X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FPkiUtils.java;h=031515caadbcd0705ec08fd9cc13fe2429224ef4;hb=acda41eb8c71beabdf94d321ed8fde037a83ab46;hp=d8b39cdbc2238b039f7f9ac115061acaedd4a596;hpb=0a7d938324d33848ac7dc4ef4007c73a714171ee;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java
index d8b39cdbc..031515caa 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java
@@ -8,16 +8,18 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.KeyStore;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 
 import javax.security.auth.x500.X500Principal;
 
-import org.argeo.ArgeoException;
+import org.argeo.cms.CmsException;
 import org.bouncycastle.cert.X509v3CertificateBuilder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 
@@ -25,47 +27,39 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
  * Utilities around private keys and certificate, mostly wrapping BouncyCastle
  * implementations.
  */
-public class PkiUtils {
+class PkiUtils {
 	private final static String SECURITY_PROVIDER;
 	static {
-		// Security.addProvider(new BouncyCastleProvider());
+		Security.addProvider(new BouncyCastleProvider());
 		SECURITY_PROVIDER = "BC";
 	}
 
-	public static X509Certificate generateSelfSignedCertificate(
-			KeyStore keyStore, X500Principal x500Principal, char[] keyPassword) {
+	public static X509Certificate generateSelfSignedCertificate(KeyStore keyStore, X500Principal x500Principal,
+			int keySize, char[] keyPassword) {
 		try {
-			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
-					SECURITY_PROVIDER);
-			kpGen.initialize(1024, new SecureRandom());
+			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", SECURITY_PROVIDER);
+			kpGen.initialize(keySize, new SecureRandom());
 			KeyPair pair = kpGen.generateKeyPair();
 			Date notBefore = new Date(System.currentTimeMillis() - 10000);
-			Date notAfter = new Date(
-					System.currentTimeMillis() + 24L * 3600 * 1000);
+			Date notAfter = new Date(System.currentTimeMillis() + 365 * 24L * 3600 * 1000);
 			BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
-			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
-					x500Principal, serial, notBefore, notAfter, x500Principal,
-					pair.getPublic());
-			ContentSigner sigGen = new JcaContentSignerBuilder(
-					"SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER)
+			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(x500Principal, serial, notBefore,
+					notAfter, x500Principal, pair.getPublic());
+			ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER)
 					.build(pair.getPrivate());
-			X509Certificate cert = new JcaX509CertificateConverter()
-					.setProvider(SECURITY_PROVIDER).getCertificate(
-							certGen.build(sigGen));
+			X509Certificate cert = new JcaX509CertificateConverter().setProvider(SECURITY_PROVIDER)
+					.getCertificate(certGen.build(sigGen));
 			cert.checkValidity(new Date());
 			cert.verify(cert.getPublicKey());
 
-			keyStore.setKeyEntry(x500Principal.getName(), pair.getPrivate(),
-					keyPassword, new Certificate[] { cert });
+			keyStore.setKeyEntry(x500Principal.getName(), pair.getPrivate(), keyPassword, new Certificate[] { cert });
 			return cert;
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot generate self-signed certificate",
-					e);
+			throw new CmsException("Cannot generate self-signed certificate", e);
 		}
 	}
 
-	public static KeyStore getKeyStore(File keyStoreFile,
-			char[] keyStorePassword) {
+	public static KeyStore getKeyStore(File keyStoreFile, char[] keyStorePassword) {
 		try {
 			KeyStore store = KeyStore.getInstance("PKCS12", SECURITY_PROVIDER);
 			if (keyStoreFile.exists()) {
@@ -77,19 +71,93 @@ public class PkiUtils {
 			}
 			return store;
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot load keystore " + keyStoreFile, e);
+			throw new CmsException("Cannot load keystore " + keyStoreFile, e);
 		}
 	}
 
-	public static void saveKeyStore(File keyStoreFile, char[] keyStorePassword,
-			KeyStore keyStore) {
+	public static void saveKeyStore(File keyStoreFile, char[] keyStorePassword, KeyStore keyStore) {
 		try {
 			try (FileOutputStream fis = new FileOutputStream(keyStoreFile)) {
 				keyStore.store(fis, keyStorePassword);
 			}
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot save keystore " + keyStoreFile, e);
+			throw new CmsException("Cannot save keystore " + keyStoreFile, e);
 		}
 	}
 
+	public static void main(String[] args) {
+		final String ALGORITHM = "RSA";
+		final String provider = "BC";
+		SecureRandom secureRandom = new SecureRandom();
+		long begin = System.currentTimeMillis();
+		for (int i = 512; i < 1024; i = i + 2) {
+			try {
+				KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM, provider);
+				keyGen.initialize(i, secureRandom);
+				keyGen.generateKeyPair();
+			} catch (Exception e) {
+				System.err.println(i + " : " + e.getMessage());
+			}
+		}
+		System.out.println((System.currentTimeMillis() - begin) + " ms");
+
+		// // String text = "a";
+		// String text =
+		// "testtesttesttesttesttesttesttesttesttesttesttesttesttesttest";
+		// try {
+		// System.out.println(text);
+		// PrivateKey privateKey;
+		// PublicKey publicKey;
+		// char[] password = "changeit".toCharArray();
+		// String alias = "CN=test";
+		// KeyStore keyStore = KeyStore.getInstance("pkcs12");
+		// File p12file = new File("test.p12");
+		// p12file.delete();
+		// if (!p12file.exists()) {
+		// keyStore.load(null);
+		// generateSelfSignedCertificate(keyStore, new X500Principal(alias),
+		// 513, password);
+		// try (OutputStream out = new FileOutputStream(p12file)) {
+		// keyStore.store(out, password);
+		// }
+		// }
+		// try (InputStream in = new FileInputStream(p12file)) {
+		// keyStore.load(in, password);
+		// privateKey = (PrivateKey) keyStore.getKey(alias, password);
+		// publicKey = keyStore.getCertificateChain(alias)[0].getPublicKey();
+		// }
+		// // KeyPair key;
+		// // final KeyPairGenerator keyGen =
+		// // KeyPairGenerator.getInstance(ALGORITHM);
+		// // keyGen.initialize(4096, new SecureRandom());
+		// // long begin = System.currentTimeMillis();
+		// // key = keyGen.generateKeyPair();
+		// // System.out.println((System.currentTimeMillis() - begin) + " ms");
+		// // keyStore.load(null);
+		// // keyStore.setKeyEntry("test", key.getPrivate(), password, null);
+		// // try(OutputStream out=new FileOutputStream(p12file)) {
+		// // keyStore.store(out, password);
+		// // }
+		// // privateKey = key.getPrivate();
+		// // publicKey = key.getPublic();
+		//
+		// Cipher encrypt = Cipher.getInstance(ALGORITHM);
+		// encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
+		// byte[] encrypted = encrypt.doFinal(text.getBytes());
+		// String encryptedBase64 =
+		// Base64.getEncoder().encodeToString(encrypted);
+		// System.out.println(encryptedBase64);
+		// byte[] encryptedFromBase64 =
+		// Base64.getDecoder().decode(encryptedBase64);
+		//
+		// Cipher decrypt = Cipher.getInstance(ALGORITHM);
+		// decrypt.init(Cipher.DECRYPT_MODE, privateKey);
+		// byte[] decrypted = decrypt.doFinal(encryptedFromBase64);
+		// System.out.println(new String(decrypted));
+		// } catch (Exception e) {
+		// e.printStackTrace();
+		// }
+
+	}
+
 }