1 package org
.argeo
.cms
.internal
.kernel
;
4 import java
.io
.FileInputStream
;
5 import java
.io
.FileOutputStream
;
6 import java
.math
.BigInteger
;
7 import java
.security
.KeyPair
;
8 import java
.security
.KeyPairGenerator
;
9 import java
.security
.KeyStore
;
10 import java
.security
.SecureRandom
;
11 import java
.security
.Security
;
12 import java
.security
.cert
.Certificate
;
13 import java
.security
.cert
.X509Certificate
;
14 import java
.util
.Date
;
16 import javax
.security
.auth
.x500
.X500Principal
;
18 import org
.argeo
.cms
.CmsException
;
19 import org
.bouncycastle
.cert
.X509v3CertificateBuilder
;
20 import org
.bouncycastle
.cert
.jcajce
.JcaX509CertificateConverter
;
21 import org
.bouncycastle
.cert
.jcajce
.JcaX509v3CertificateBuilder
;
22 import org
.bouncycastle
.jce
.provider
.BouncyCastleProvider
;
23 import org
.bouncycastle
.operator
.ContentSigner
;
24 import org
.bouncycastle
.operator
.jcajce
.JcaContentSignerBuilder
;
27 * Utilities around private keys and certificate, mostly wrapping BouncyCastle
31 private final static String SECURITY_PROVIDER
;
33 Security
.addProvider(new BouncyCastleProvider());
34 SECURITY_PROVIDER
= "BC";
37 public static X509Certificate
generateSelfSignedCertificate(KeyStore keyStore
, X500Principal x500Principal
,
38 int keySize
, char[] keyPassword
) {
40 KeyPairGenerator kpGen
= KeyPairGenerator
.getInstance("RSA", SECURITY_PROVIDER
);
41 kpGen
.initialize(keySize
, new SecureRandom());
42 KeyPair pair
= kpGen
.generateKeyPair();
43 Date notBefore
= new Date(System
.currentTimeMillis() - 10000);
44 Date notAfter
= new Date(System
.currentTimeMillis() + 365 * 24L * 3600 * 1000);
45 BigInteger serial
= BigInteger
.valueOf(System
.currentTimeMillis());
46 X509v3CertificateBuilder certGen
= new JcaX509v3CertificateBuilder(x500Principal
, serial
, notBefore
,
47 notAfter
, x500Principal
, pair
.getPublic());
48 ContentSigner sigGen
= new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(SECURITY_PROVIDER
)
49 .build(pair
.getPrivate());
50 X509Certificate cert
= new JcaX509CertificateConverter().setProvider(SECURITY_PROVIDER
)
51 .getCertificate(certGen
.build(sigGen
));
52 cert
.checkValidity(new Date());
53 cert
.verify(cert
.getPublicKey());
55 keyStore
.setKeyEntry(x500Principal
.getName(), pair
.getPrivate(), keyPassword
, new Certificate
[] { cert
});
57 } catch (Exception e
) {
58 throw new CmsException("Cannot generate self-signed certificate", e
);
62 public static KeyStore
getKeyStore(File keyStoreFile
, char[] keyStorePassword
) {
64 KeyStore store
= KeyStore
.getInstance("JKS", SECURITY_PROVIDER
);
65 if (keyStoreFile
.exists()) {
66 try (FileInputStream fis
= new FileInputStream(keyStoreFile
)) {
67 store
.load(fis
, keyStorePassword
);
73 } catch (Exception e
) {
74 throw new CmsException("Cannot load keystore " + keyStoreFile
, e
);
78 public static void saveKeyStore(File keyStoreFile
, char[] keyStorePassword
, KeyStore keyStore
) {
80 try (FileOutputStream fis
= new FileOutputStream(keyStoreFile
)) {
81 keyStore
.store(fis
, keyStorePassword
);
83 } catch (Exception e
) {
84 throw new CmsException("Cannot save keystore " + keyStoreFile
, e
);
88 public static void main(String
[] args
) {
89 final String ALGORITHM
= "RSA";
90 final String provider
= "BC";
91 SecureRandom secureRandom
= new SecureRandom();
92 long begin
= System
.currentTimeMillis();
93 for (int i
= 512; i
< 1024; i
= i
+ 2) {
95 KeyPairGenerator keyGen
= KeyPairGenerator
.getInstance(ALGORITHM
, provider
);
96 keyGen
.initialize(i
, secureRandom
);
97 keyGen
.generateKeyPair();
98 } catch (Exception e
) {
99 System
.err
.println(i
+ " : " + e
.getMessage());
102 System
.out
.println((System
.currentTimeMillis() - begin
) + " ms");
104 // // String text = "a";
106 // "testtesttesttesttesttesttesttesttesttesttesttesttesttesttest";
108 // System.out.println(text);
109 // PrivateKey privateKey;
110 // PublicKey publicKey;
111 // char[] password = "changeit".toCharArray();
112 // String alias = "CN=test";
113 // KeyStore keyStore = KeyStore.getInstance("pkcs12");
114 // File p12file = new File("test.p12");
116 // if (!p12file.exists()) {
117 // keyStore.load(null);
118 // generateSelfSignedCertificate(keyStore, new X500Principal(alias),
120 // try (OutputStream out = new FileOutputStream(p12file)) {
121 // keyStore.store(out, password);
124 // try (InputStream in = new FileInputStream(p12file)) {
125 // keyStore.load(in, password);
126 // privateKey = (PrivateKey) keyStore.getKey(alias, password);
127 // publicKey = keyStore.getCertificateChain(alias)[0].getPublicKey();
130 // // final KeyPairGenerator keyGen =
131 // // KeyPairGenerator.getInstance(ALGORITHM);
132 // // keyGen.initialize(4096, new SecureRandom());
133 // // long begin = System.currentTimeMillis();
134 // // key = keyGen.generateKeyPair();
135 // // System.out.println((System.currentTimeMillis() - begin) + " ms");
136 // // keyStore.load(null);
137 // // keyStore.setKeyEntry("test", key.getPrivate(), password, null);
138 // // try(OutputStream out=new FileOutputStream(p12file)) {
139 // // keyStore.store(out, password);
141 // // privateKey = key.getPrivate();
142 // // publicKey = key.getPublic();
144 // Cipher encrypt = Cipher.getInstance(ALGORITHM);
145 // encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
146 // byte[] encrypted = encrypt.doFinal(text.getBytes());
147 // String encryptedBase64 =
148 // Base64.getEncoder().encodeToString(encrypted);
149 // System.out.println(encryptedBase64);
150 // byte[] encryptedFromBase64 =
151 // Base64.getDecoder().decode(encryptedBase64);
153 // Cipher decrypt = Cipher.getInstance(ALGORITHM);
154 // decrypt.init(Cipher.DECRYPT_MODE, privateKey);
155 // byte[] decrypted = decrypt.doFinal(encryptedFromBase64);
156 // System.out.println(new String(decrypted));
157 // } catch (Exception e) {
158 // e.printStackTrace();