X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FPkiUtils.java;h=050b7d4d7b3cdcf123cee983452404e4f8b0c876;hb=18af628c072e386420f03261ab207a72341a0a1b;hp=d8b39cdbc2238b039f7f9ac115061acaedd4a596;hpb=0a7d938324d33848ac7dc4ef4007c73a714171ee;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java
index d8b39cdbc..050b7d4d7 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java
@@ -8,16 +8,18 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.KeyStore;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 
 import javax.security.auth.x500.X500Principal;
 
-import org.argeo.ArgeoException;
+import org.argeo.cms.CmsException;
 import org.bouncycastle.cert.X509v3CertificateBuilder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 
@@ -25,47 +27,39 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
  * Utilities around private keys and certificate, mostly wrapping BouncyCastle
  * implementations.
  */
-public class PkiUtils {
+class PkiUtils {
 	private final static String SECURITY_PROVIDER;
 	static {
-		// Security.addProvider(new BouncyCastleProvider());
+		Security.addProvider(new BouncyCastleProvider());
 		SECURITY_PROVIDER = "BC";
 	}
 
-	public static X509Certificate generateSelfSignedCertificate(
-			KeyStore keyStore, X500Principal x500Principal, char[] keyPassword) {
+	public static X509Certificate generateSelfSignedCertificate(KeyStore keyStore, X500Principal x500Principal,
+			int keySize, char[] keyPassword) {
 		try {
-			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
-					SECURITY_PROVIDER);
-			kpGen.initialize(1024, new SecureRandom());
+			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", SECURITY_PROVIDER);
+			kpGen.initialize(keySize, new SecureRandom());
 			KeyPair pair = kpGen.generateKeyPair();
 			Date notBefore = new Date(System.currentTimeMillis() - 10000);
-			Date notAfter = new Date(
-					System.currentTimeMillis() + 24L * 3600 * 1000);
+			Date notAfter = new Date(System.currentTimeMillis() + 24L * 3600 * 1000);
 			BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
-			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
-					x500Principal, serial, notBefore, notAfter, x500Principal,
-					pair.getPublic());
-			ContentSigner sigGen = new JcaContentSignerBuilder(
-					"SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER)
+			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(x500Principal, serial, notBefore,
+					notAfter, x500Principal, pair.getPublic());
+			ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER)
 					.build(pair.getPrivate());
-			X509Certificate cert = new JcaX509CertificateConverter()
-					.setProvider(SECURITY_PROVIDER).getCertificate(
-							certGen.build(sigGen));
+			X509Certificate cert = new JcaX509CertificateConverter().setProvider(SECURITY_PROVIDER)
+					.getCertificate(certGen.build(sigGen));
 			cert.checkValidity(new Date());
 			cert.verify(cert.getPublicKey());
 
-			keyStore.setKeyEntry(x500Principal.getName(), pair.getPrivate(),
-					keyPassword, new Certificate[] { cert });
+			keyStore.setKeyEntry(x500Principal.getName(), pair.getPrivate(), keyPassword, new Certificate[] { cert });
 			return cert;
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot generate self-signed certificate",
-					e);
+			throw new CmsException("Cannot generate self-signed certificate", e);
 		}
 	}
 
-	public static KeyStore getKeyStore(File keyStoreFile,
-			char[] keyStorePassword) {
+	public static KeyStore getKeyStore(File keyStoreFile, char[] keyStorePassword) {
 		try {
 			KeyStore store = KeyStore.getInstance("PKCS12", SECURITY_PROVIDER);
 			if (keyStoreFile.exists()) {
@@ -77,19 +71,89 @@ public class PkiUtils {
 			}
 			return store;
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot load keystore " + keyStoreFile, e);
+			throw new CmsException("Cannot load keystore " + keyStoreFile, e);
 		}
 	}
 
-	public static void saveKeyStore(File keyStoreFile, char[] keyStorePassword,
-			KeyStore keyStore) {
+	public static void saveKeyStore(File keyStoreFile, char[] keyStorePassword, KeyStore keyStore) {
 		try {
 			try (FileOutputStream fis = new FileOutputStream(keyStoreFile)) {
 				keyStore.store(fis, keyStorePassword);
 			}
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot save keystore " + keyStoreFile, e);
+			throw new CmsException("Cannot save keystore " + keyStoreFile, e);
 		}
 	}
 
+	public static void main(String[] args) {
+		final String ALGORITHM = "RSA";
+		final String provider = "BC";
+		SecureRandom secureRandom = new SecureRandom();
+		long begin = System.currentTimeMillis();
+		for (int i = 512; i < 1024; i = i + 2) {
+			try {
+				KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM,provider);
+				keyGen.initialize(i, secureRandom);
+				keyGen.generateKeyPair();
+			} catch (Exception e) {
+				System.err.println(i + " : " + e.getMessage());
+			}
+		}
+		System.out.println( (System.currentTimeMillis() - begin) + " ms");
+
+//		// String text = "a";
+//		String text = "testtesttesttesttesttesttesttesttesttesttesttesttesttesttest";
+//		try {
+//			System.out.println(text);
+//			PrivateKey privateKey;
+//			PublicKey publicKey;
+//			char[] password = "changeit".toCharArray();
+//			String alias = "CN=test";
+//			KeyStore keyStore = KeyStore.getInstance("pkcs12");
+//			File p12file = new File("test.p12");
+//			p12file.delete();
+//			if (!p12file.exists()) {
+//				keyStore.load(null);
+//				generateSelfSignedCertificate(keyStore, new X500Principal(alias), 513, password);
+//				try (OutputStream out = new FileOutputStream(p12file)) {
+//					keyStore.store(out, password);
+//				}
+//			}
+//			try (InputStream in = new FileInputStream(p12file)) {
+//				keyStore.load(in, password);
+//				privateKey = (PrivateKey) keyStore.getKey(alias, password);
+//				publicKey = keyStore.getCertificateChain(alias)[0].getPublicKey();
+//			}
+//			// KeyPair key;
+//			// final KeyPairGenerator keyGen =
+//			// KeyPairGenerator.getInstance(ALGORITHM);
+//			// keyGen.initialize(4096, new SecureRandom());
+//			// long begin = System.currentTimeMillis();
+//			// key = keyGen.generateKeyPair();
+//			// System.out.println((System.currentTimeMillis() - begin) + " ms");
+//			// keyStore.load(null);
+//			// keyStore.setKeyEntry("test", key.getPrivate(), password, null);
+//			// try(OutputStream out=new FileOutputStream(p12file)) {
+//			// keyStore.store(out, password);
+//			// }
+//			// privateKey = key.getPrivate();
+//			// publicKey = key.getPublic();
+//
+//			Cipher encrypt = Cipher.getInstance(ALGORITHM);
+//			encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
+//			byte[] encrypted = encrypt.doFinal(text.getBytes());
+//			String encryptedBase64 = Base64.getEncoder().encodeToString(encrypted);
+//			System.out.println(encryptedBase64);
+//			byte[] encryptedFromBase64 = Base64.getDecoder().decode(encryptedBase64);
+//
+//			Cipher decrypt = Cipher.getInstance(ALGORITHM);
+//			decrypt.init(Cipher.DECRYPT_MODE, privateKey);
+//			byte[] decrypted = decrypt.doFinal(encryptedFromBase64);
+//			System.out.println(new String(decrypted));
+//		} catch (Exception e) {
+//			e.printStackTrace();
+//		}
+
+	}
+
 }