X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fcrypto%2FPkiUtils.java;fp=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fcrypto%2FPkiUtils.java;h=0000000000000000000000000000000000000000;hb=0a7d938324d33848ac7dc4ef4007c73a714171ee;hp=f66d3f99cf9ca9f42cb37d0e975c81accb280c18;hpb=9dba7b01008499bdaf15c754190906d3200713fe;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/security/crypto/PkiUtils.java b/org.argeo.security.core/src/org/argeo/security/crypto/PkiUtils.java deleted file mode 100644 index f66d3f99c..000000000 --- a/org.argeo.security.core/src/org/argeo/security/crypto/PkiUtils.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.argeo.security.crypto; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStore; -import java.security.SecureRandom; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.Date; - -import javax.security.auth.x500.X500Principal; - -import org.argeo.ArgeoException; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; - -/** - * Utilities around private keys and certificate, mostly wrapping BouncyCastle - * implementations. - */ -public class PkiUtils { - private final static String SECURITY_PROVIDER; - static { - // Security.addProvider(new BouncyCastleProvider()); - SECURITY_PROVIDER = "BC"; - } - - public static X509Certificate generateSelfSignedCertificate( - KeyStore keyStore, X500Principal x500Principal, char[] keyPassword) { - try { - KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", - SECURITY_PROVIDER); - kpGen.initialize(1024, new SecureRandom()); - KeyPair pair = kpGen.generateKeyPair(); - Date notBefore = new Date(System.currentTimeMillis() - 10000); - Date notAfter = new Date( - System.currentTimeMillis() + 24L * 3600 * 1000); - BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); - X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder( - x500Principal, serial, notBefore, notAfter, x500Principal, - pair.getPublic()); - ContentSigner sigGen = new JcaContentSignerBuilder( - "SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER) - .build(pair.getPrivate()); - X509Certificate cert = new JcaX509CertificateConverter() - .setProvider(SECURITY_PROVIDER).getCertificate( - certGen.build(sigGen)); - cert.checkValidity(new Date()); - cert.verify(cert.getPublicKey()); - - keyStore.setKeyEntry(x500Principal.getName(), pair.getPrivate(), - keyPassword, new Certificate[] { cert }); - return cert; - } catch (Exception e) { - throw new ArgeoException("Cannot generate self-signed certificate", - e); - } - } - - public static KeyStore getKeyStore(File keyStoreFile, - char[] keyStorePassword) { - try { - KeyStore store = KeyStore.getInstance("PKCS12", SECURITY_PROVIDER); - if (keyStoreFile.exists()) { - try (FileInputStream fis = new FileInputStream(keyStoreFile)) { - store.load(fis, keyStorePassword); - } - } else { - store.load(null); - } - return store; - } catch (Exception e) { - throw new ArgeoException("Cannot load keystore " + keyStoreFile, e); - } - } - - public static void saveKeyStore(File keyStoreFile, char[] keyStorePassword, - KeyStore keyStore) { - try { - try (FileOutputStream fis = new FileOutputStream(keyStoreFile)) { - keyStore.store(fis, keyStorePassword); - } - } catch (Exception e) { - throw new ArgeoException("Cannot save keystore " + keyStoreFile, e); - } - } - -}