/** * Creates a signature algorithm string using the specified message digest and the encryption type corresponding * to the supplied signingKey. Useful when generating the signature algorithm to be used to sign server certificates * using the CA root certificate's signingKey. * <p/> * For example, if the root certificate has an RSA private key, and you * wish to use the SHA256 message digest, this method will return the string "SHA256withRSA". See the * "Signature Algorithms" section of http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html * for a list of JSSE-supported signature algorithms. * * @param messageDigest digest to use to sign the certificate, such as SHA512 * @param signingKey private key that will be used to sign the certificate * @return a JCA-compatible signature algorithm */ public static String getSignatureAlgorithm(String messageDigest, Key signingKey) { return messageDigest + "with" + getDigitalSignatureType(signingKey); }
if (EncryptionUtil.isEcKey(serverKeyPair.getPrivate()) && EncryptionUtil.isRsaKey(caPrivateKey)) { log.warn("CA private key is an RSA key and impersonated server private key is an Elliptic Curve key. JDK bug 8136442 may prevent the proxy server from creating connections to clients due to 'no cipher suites in common'.");
private CertificateAndKey loadCertificateAndKeyFiles() { if (certificateFile == null) { throw new IllegalArgumentException("PEM root certificate file cannot be null"); } if (privateKeyFile == null) { throw new IllegalArgumentException("PEM private key file cannot be null"); } if (privateKeyPassword == null) { log.warn("Attempting to load private key from file without password. Private keys should be password-protected."); } String pemEncodedCertificate = EncryptionUtil.readPemStringFromFile(certificateFile); X509Certificate certificate = securityProviderTool.decodePemEncodedCertificate(new StringReader(pemEncodedCertificate)); String pemEncodedPrivateKey = EncryptionUtil.readPemStringFromFile(privateKeyFile); PrivateKey privateKey = securityProviderTool.decodePemEncodedPrivateKey(new StringReader(pemEncodedPrivateKey), privateKeyPassword); return new CertificateAndKey(certificate, privateKey); } }
String signatureAlgorithm = EncryptionUtil.getSignatureAlgorithm(messageDigest, caPrivateKey); BigInteger serialNumber = EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE);
/** * Saves the root certificate as PEM-encoded data to the specified file. */ public void saveRootCertificateAsPemFile(File file) { String pemEncodedCertificate = securityProviderTool.encodeCertificateAsPem(generatedCertificateAndKey.get().getCertificate()); EncryptionUtil.writePemStringToFile(file, pemEncodedCertificate); }
BigInteger serial = EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE); String signatureAlgorithm = EncryptionUtil.getSignatureAlgorithm(messageDigest, keyPair.getPrivate());
/** * Saves the private key as PEM-encoded data to a file, using the specified password to encrypt the private key and * the {@link #DEFAULT_PEM_ENCRYPTION_ALGORITHM}. If the password is null, the private key will be stored unencrypted. * In general, private keys should not be stored unencrypted. * * @param file file to save the private key to * @param passwordForPrivateKey password to protect the private key */ public void savePrivateKeyAsPemFile(File file, String passwordForPrivateKey) { String pemEncodedPrivateKey = securityProviderTool.encodePrivateKeyAsPem(generatedCertificateAndKey.get().getPrivateKey(), passwordForPrivateKey, DEFAULT_PEM_ENCRYPTION_ALGORITHM); EncryptionUtil.writePemStringToFile(file, pemEncodedPrivateKey); }
String signatureAlgorithm = EncryptionUtil.getSignatureAlgorithm(messageDigest, caPrivateKey); BigInteger serialNumber = EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE);
if (EncryptionUtil.isEcKey(serverKeyPair.getPrivate()) && EncryptionUtil.isRsaKey(caPrivateKey)) { log.warn("CA private key is an RSA key and impersonated server private key is an Elliptic Curve key. JDK bug 8136442 may prevent the proxy server from creating connections to clients due to 'no cipher suites in common'.");
/** * Saves the root certificate as PEM-encoded data to the specified file. */ public void saveRootCertificateAsPemFile(File file) { String pemEncodedCertificate = securityProviderTool.encodeCertificateAsPem(generatedCertificateAndKey.get().getCertificate()); EncryptionUtil.writePemStringToFile(file, pemEncodedCertificate); }
private CertificateAndKey loadCertificateAndKeyFiles() { if (certificateFile == null) { throw new IllegalArgumentException("PEM root certificate file cannot be null"); } if (privateKeyFile == null) { throw new IllegalArgumentException("PEM private key file cannot be null"); } if (privateKeyPassword == null) { log.warn("Attempting to load private key from file without password. Private keys should be password-protected."); } String pemEncodedCertificate = EncryptionUtil.readPemStringFromFile(certificateFile); X509Certificate certificate = securityProviderTool.decodePemEncodedCertificate(new StringReader(pemEncodedCertificate)); String pemEncodedPrivateKey = EncryptionUtil.readPemStringFromFile(privateKeyFile); PrivateKey privateKey = securityProviderTool.decodePemEncodedPrivateKey(new StringReader(pemEncodedPrivateKey), privateKeyPassword); return new CertificateAndKey(certificate, privateKey); } }
/** * Creates a signature algorithm string using the specified message digest and the encryption type corresponding * to the supplied signingKey. Useful when generating the signature algorithm to be used to sign server certificates * using the CA root certificate's signingKey. * <p/> * For example, if the root certificate has an RSA private key, and you * wish to use the SHA256 message digest, this method will return the string "SHA256withRSA". See the * "Signature Algorithms" section of http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html * for a list of JSSE-supported signature algorithms. * * @param messageDigest digest to use to sign the certificate, such as SHA512 * @param signingKey private key that will be used to sign the certificate * @return a JCA-compatible signature algorithm */ public static String getSignatureAlgorithm(String messageDigest, Key signingKey) { return messageDigest + "with" + getDigitalSignatureType(signingKey); }
String signatureAlgorithm = EncryptionUtil.getSignatureAlgorithm(messageDigest, caPrivateKey); BigInteger serialNumber = EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE);
if (EncryptionUtil.isEcKey(serverKeyPair.getPrivate()) && EncryptionUtil.isRsaKey(caPrivateKey)) { log.warn("CA private key is an RSA key and impersonated server private key is an Elliptic Curve key. JDK bug 8136442 may prevent the proxy server from creating connections to clients due to 'no cipher suites in common'.");
/** * Saves the private key as PEM-encoded data to a file, using the specified password to encrypt the private key and * the {@link #DEFAULT_PEM_ENCRYPTION_ALGORITHM}. If the password is null, the private key will be stored unencrypted. * In general, private keys should not be stored unencrypted. * * @param file file to save the private key to * @param passwordForPrivateKey password to protect the private key */ public void savePrivateKeyAsPemFile(File file, String passwordForPrivateKey) { String pemEncodedPrivateKey = securityProviderTool.encodePrivateKeyAsPem(generatedCertificateAndKey.get().getPrivateKey(), passwordForPrivateKey, DEFAULT_PEM_ENCRYPTION_ALGORITHM); EncryptionUtil.writePemStringToFile(file, pemEncodedPrivateKey); }
private CertificateAndKey loadCertificateAndKeyFiles() { if (certificateFile == null) { throw new IllegalArgumentException("PEM root certificate file cannot be null"); } if (privateKeyFile == null) { throw new IllegalArgumentException("PEM private key file cannot be null"); } if (privateKeyPassword == null) { log.warn("Attempting to load private key from file without password. Private keys should be password-protected."); } String pemEncodedCertificate = EncryptionUtil.readPemStringFromFile(certificateFile); X509Certificate certificate = securityProviderTool.decodePemEncodedCertificate(new StringReader(pemEncodedCertificate)); String pemEncodedPrivateKey = EncryptionUtil.readPemStringFromFile(privateKeyFile); PrivateKey privateKey = securityProviderTool.decodePemEncodedPrivateKey(new StringReader(pemEncodedPrivateKey), privateKeyPassword); return new CertificateAndKey(certificate, privateKey); } }
/** * Creates a signature algorithm string using the specified message digest and the encryption type corresponding * to the supplied signingKey. Useful when generating the signature algorithm to be used to sign server certificates * using the CA root certificate's signingKey. * <p/> * For example, if the root certificate has an RSA private key, and you * wish to use the SHA256 message digest, this method will return the string "SHA256withRSA". See the * "Signature Algorithms" section of http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html * for a list of JSSE-supported signature algorithms. * * @param messageDigest digest to use to sign the certificate, such as SHA512 * @param signingKey private key that will be used to sign the certificate * @return a JCA-compatible signature algorithm */ public static String getSignatureAlgorithm(String messageDigest, Key signingKey) { return messageDigest + "with" + getDigitalSignatureType(signingKey); }
BigInteger serial = EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE); String signatureAlgorithm = EncryptionUtil.getSignatureAlgorithm(messageDigest, keyPair.getPrivate());
/** * Saves the private key as PEM-encoded data to a file, using the specified password to encrypt the private key and * the {@link #DEFAULT_PEM_ENCRYPTION_ALGORITHM}. If the password is null, the private key will be stored unencrypted. * In general, private keys should not be stored unencrypted. * * @param file file to save the private key to * @param passwordForPrivateKey password to protect the private key */ public void savePrivateKeyAsPemFile(File file, String passwordForPrivateKey) { String pemEncodedPrivateKey = securityProviderTool.encodePrivateKeyAsPem(generatedCertificateAndKey.get().getPrivateKey(), passwordForPrivateKey, DEFAULT_PEM_ENCRYPTION_ALGORITHM); EncryptionUtil.writePemStringToFile(file, pemEncodedPrivateKey); }
BigInteger serial = EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE); String signatureAlgorithm = EncryptionUtil.getSignatureAlgorithm(messageDigest, keyPair.getPrivate());