aboutsummaryrefslogtreecommitdiff
path: root/spss.test/src/testgenerator/SetupCMSKeyStore.java
diff options
context:
space:
mode:
author(no author) <(no author)@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-12-22 17:28:21 +0000
committer(no author) <(no author)@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-12-22 17:28:21 +0000
commit057f884903954203339182649daa100ef4ce89e3 (patch)
tree7d6d5b0dc4aea4a63674b90800ebbf6ffcc0ca4d /spss.test/src/testgenerator/SetupCMSKeyStore.java
parent92cca056c7935075012576b684c3678a9ec9f4ad (diff)
downloadmoa-id-spss-057f884903954203339182649daa100ef4ce89e3.tar.gz
moa-id-spss-057f884903954203339182649daa100ef4ce89e3.tar.bz2
moa-id-spss-057f884903954203339182649daa100ef4ce89e3.zip
This commit was manufactured by cvs2svn to create tag 'Build_001'.tags/Build_001
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/tags/Build_001@85 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss.test/src/testgenerator/SetupCMSKeyStore.java')
-rw-r--r--spss.test/src/testgenerator/SetupCMSKeyStore.java671
1 files changed, 0 insertions, 671 deletions
diff --git a/spss.test/src/testgenerator/SetupCMSKeyStore.java b/spss.test/src/testgenerator/SetupCMSKeyStore.java
deleted file mode 100644
index 441e64236..000000000
--- a/spss.test/src/testgenerator/SetupCMSKeyStore.java
+++ /dev/null
@@ -1,671 +0,0 @@
-// Copyright (C) 1997-2002 IAIK
-// email: jce-info@iaik.tu-graz.ac.at
-//
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-// 1. Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-// 2. Redistributions in binary form must reproduce the above copyright
-// notice, this list of conditions and the following disclaimer in the
-// documentation and/or other materials provided with the distribution.
-//
-// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-// SUCH DAMAGE.
-//
-// $Header$
-//
-
-package testgenerator;
-
-import iaik.asn1.CodingException;
-import iaik.asn1.ObjectID;
-import iaik.asn1.structures.AlgorithmID;
-import iaik.asn1.structures.GeneralName;
-import iaik.asn1.structures.GeneralNames;
-import iaik.asn1.structures.Name;
-import iaik.asn1.structures.PolicyInformation;
-import iaik.asn1.structures.PolicyQualifierInfo;
-import iaik.security.provider.IAIK;
-import iaik.x509.SimpleChainVerifier;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionException;
-import iaik.x509.extensions.AuthorityKeyIdentifier;
-import iaik.x509.extensions.BasicConstraints;
-import iaik.x509.extensions.CertificatePolicies;
-import iaik.x509.extensions.KeyUsage;
-import iaik.x509.extensions.SubjectAltName;
-import iaik.x509.extensions.SubjectKeyIdentifier;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.CertificateException;
-import java.util.Calendar;
-import java.util.GregorianCalendar;
-import java.util.Random;
-
-/**
- * Creates a default KeyStore in the current working directory.
- * These keys are used by many demos included in IAIK-JCE.
- * The aliases and the password for accessing the keys and
- * certificates can be found in {@link demo.keystore.CMSKeyStoreConstants CMSKeyStoreConstants}.
- *
- * @see CMSKeyStoreConstants
- */
-public class SetupCMSKeyStore implements CMSKeyStoreConstants {
-
- // the keylength of the CA certificate shall be 1024
- private final static int CA_KEYLENGTH = 1024;
-
- // the key store to create
- KeyStore key_store;
- // the file where the key store shall be saved
- String keystore_file;
- // takes the existing keys from the KeyStore and only creates new certificates
- boolean create_only_certificates = true;
-
- // the private keys
- KeyPair ca_rsa = null;
- // RSA for signing
- KeyPair rsa512_sign = null;
- KeyPair rsa1024_sign = null;
- KeyPair rsa2048_sign = null;
- // RSA for encrypting
- KeyPair rsa512_crypt = null;
- KeyPair rsa1024_crypt = null;
- KeyPair rsa1024_crypt_ = null;
- KeyPair rsa2048_crypt = null;
-
- KeyPair ca_dsa = null;
- KeyPair dsa512 = null;
- KeyPair dsa1024 = null;
- KeyPair esdh512 = null;
- KeyPair esdh1024 = null;
- KeyPair esdh1024_ = null;
- KeyPair esdh2048 = null;
-
- // create RSA keys and certificates
- boolean create_rsa = true;
- // create DSA keys and certificates
- boolean create_dsa = true;
- // create ESDH keys and certificates
- boolean create_esdh = true;
-
- /**
- * Generate a KeyPair using the specified algorithm with the given size.
- *
- * @param algorithm the algorithm to use
- * @param bits the length of the key (modulus) in bits
- * @return the KeyPair
- */
- public static KeyPair generateKeyPair(String algorithm, int bits)
- throws NoSuchAlgorithmException {
-
- KeyPairGenerator generator = null;
-
- try {
- generator = KeyPairGenerator.getInstance(algorithm, "IAIK");
-
- } catch (NoSuchProviderException ex) {
- throw new NoSuchAlgorithmException("Provider IAIK not found!");
- }
-
- generator.initialize(bits);
- KeyPair kp = generator.generateKeyPair();
-
- return kp;
- }
-
- /**
- * Creates a certificate from the given values.
- *
- * @param subject the subject of the certificate
- * @param publicKey the public key to include
- * @param issuer the issuer of the certificate
- * @param privateKey the private key for signing the certificate
- * @param algorithm the signature algorithm to use
- */
- public static X509Certificate createCertificate(Name subject, PublicKey publicKey,
- Name issuer, PrivateKey privateKey, AlgorithmID algorithm, byte[] keyID, boolean forSigning) {
-
- // create a new certificate
- X509Certificate cert = new X509Certificate();
-
- try {
- // set the values
- cert.setSerialNumber(new BigInteger(20, new Random()));
- cert.setSubjectDN(subject);
- cert.setPublicKey(publicKey);
- cert.setIssuerDN(issuer);
-
- GregorianCalendar date = new GregorianCalendar();
- date.add(Calendar.DATE, -1);
- // not before now
- cert.setValidNotBefore(date.getTime());
-
- if (issuer.equals(subject)) {
- date.add(Calendar.MONTH, 12);
- BasicConstraints basicConstraints = new BasicConstraints(true);
- cert.addExtension(basicConstraints);
- KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
- cert.addExtension(keyUsage);
- } else {
- date.add(Calendar.MONTH, 11);
- KeyUsage keyUsage = null;
- if (forSigning) {
- keyUsage = new KeyUsage(KeyUsage.digitalSignature |
- KeyUsage.nonRepudiation);
- } else {
- keyUsage = new KeyUsage(KeyUsage.keyEncipherment |
- KeyUsage.dataEncipherment);
- }
- cert.addExtension(keyUsage);
- AuthorityKeyIdentifier authID = new AuthorityKeyIdentifier();
- authID.setKeyIdentifier(keyID);
- cert.addExtension(authID);
- GeneralNames generalNames = new GeneralNames();
- generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.at"));
- generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.tu-graz.ac.at"));
- SubjectAltName subjectAltName = new SubjectAltName(generalNames);
- cert.addExtension(subjectAltName);
- }
- String explicitText = "This certificate only may be used for test purposes";
- PolicyQualifierInfo policyQualifier = new PolicyQualifierInfo(null, null, explicitText);
- PolicyInformation[] policyInformations =
- { new PolicyInformation(new ObjectID("1.3.6.1.4.1.2706.17.0.11.1.1"),
- new PolicyQualifierInfo[] { policyQualifier }) };
- CertificatePolicies certPolicies = new CertificatePolicies(policyInformations);
-
- SubjectKeyIdentifier subjectKeyID = new SubjectKeyIdentifier(cert.getPublicKey());
- cert.addExtension(subjectKeyID);
-
- cert.addExtension(certPolicies);
- cert.setValidNotAfter(date.getTime());
- // and sign the certificate
- cert.sign(algorithm ,privateKey);
- } catch (CertificateException ex) {
- throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
- } catch (InvalidKeyException ex) {
- throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
- } catch (NoSuchAlgorithmException ex) {
- throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
- } catch (X509ExtensionException ex) {
- throw new RuntimeException("Error adding extension: "+ex.getMessage());
- } catch (CodingException ex) {
- throw new RuntimeException("Error adding SubjectKeyIdentifier extension: "+ex.getMessage());
- }
-/*
- System.out.println(cert.toString(true));
- iaik.utils.Util.waitKey();
-*/
-
- return cert;
- }
-
- /**
- * Load or create a KeyStore and initialize it.
- */
- private void initializeKeyStore() {
-
- BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
- String line;
-
- try {
- // default directory is the current user dir
- String keystore_dir = System.getProperty("user.dir");
- File ks = new File(keystore_dir, KS_FILENAME);
-
- // KeyStore does already exist
- if (ks.exists()) {
- keystore_file = ks.getAbsolutePath();
- if (create_only_certificates) {
- System.out.println("Create only new certificates from already existing keys!");
- }
- else {
- System.out.println("Existing KeyStore will be deleted!");
- }
- System.out.println("KeyStore: "+keystore_file);
- }
- else {
- // there is no KeyStore -> create also new keys
- create_only_certificates = false;
-
- while (true) {
- System.out.print("Create new KeyStore in directory: "+keystore_dir+" [y]");
- line = reader.readLine();
- if (line.length() == 0 || line.equals("y")) {
- ks = new File(keystore_dir, KS_FILENAME);
- keystore_file = ks.getAbsolutePath();
- System.out.println("KeyStore will be saved to: "+keystore_file);
- break;
- }
- System.out.print("Enter directory: ");
- keystore_dir = reader.readLine();
- }
- }
-
- // get a new KeyStore onject
- key_store = KeyStore.getInstance("IAIKKeyStore");
-
- if (create_only_certificates) {
- // take private keys from existing KeyStore
- key_store.load(new FileInputStream(ks), KS_PASSWORD);
- }
- else {
- // create a new KeyStore
- key_store.load(null, null);
- }
-
- } catch (Exception ex) {
- System.out.println("Error creating new IAIK KeyStore!");
- throw new RuntimeException("Error creating new KeyStore: "+ex.getMessage());
- }
- }
-
- /**
- * Save the KeyStore to disk.
- */
- private void saveKeyStore() {
- try {
- // write the KeyStore to disk
- FileOutputStream os = new FileOutputStream(keystore_file);
- key_store.store(os, KS_PASSWORD);
- os.close();
- } catch (Exception ex) {
- System.out.println("Error saving KeyStore!");
- ex.printStackTrace();
- }
- }
-
- /**
- * Add the private key and the certificate chain to the key store.
- */
- public void addToKeyStore(KeyPair keyPair, X509Certificate[] chain, String alias) throws KeyStoreException {
- key_store.setKeyEntry(alias, keyPair.getPrivate(), KS_PASSWORD, chain);
- }
-
- /**
- * Returns a KeyPair form the KeyStore.
- */
- private KeyPair getKeyPair(String type) throws Exception {
- PrivateKey privKey = (PrivateKey)key_store.getKey(type, KS_PASSWORD);
- PublicKey pubKey = key_store.getCertificateChain(type)[0].getPublicKey();
- return new KeyPair(pubKey, privKey);
- }
-
- /**
- * Get all private keys from the KeyStore.
- */
- private void getPrivateKeys() {
- // RSA
- try {
- ca_rsa = getKeyPair(CA_RSA);
- // for signing
- rsa512_sign = getKeyPair(RSA_512_SIGN);
- rsa1024_sign = getKeyPair(RSA_1024_SIGN);
- rsa2048_sign = getKeyPair(RSA_2048_SIGN);
- // for encrypting
- rsa512_crypt = getKeyPair(RSA_512_CRYPT);
- rsa1024_crypt = getKeyPair(RSA_1024_CRYPT);
- rsa1024_crypt_ = getKeyPair(RSA_1024_CRYPT_);
- rsa2048_crypt = getKeyPair(RSA_2048_CRYPT);
- } catch (Exception ex) {
- System.out.println("Unable to get RSA keys from KeyStore.");
- ex.printStackTrace();
- create_rsa = false;
- }
- // DSA
- try {
- ca_dsa = getKeyPair(CA_DSA);
- dsa512 = getKeyPair(DSA_512);
- dsa1024 = getKeyPair(DSA_1024);
- } catch (Exception ex) {
- System.out.println("Unable to get DSA keys from KeyStore.");
- ex.printStackTrace();
- create_dsa = false;
- }
- // ESDH
- try {
- esdh512 = getKeyPair(ESDH_512);
- esdh1024 = getKeyPair(ESDH_1024);
- esdh1024_ = getKeyPair(ESDH_1024_);
- esdh2048 = getKeyPair(ESDH_2048);
- } catch (Exception ex) {
- System.out.println("Unable to get ESDH keys from KeyStore.");
- ex.printStackTrace();
- create_esdh = false;
- }
- }
-
- /**
- * Gernerate new prviate keys.
- */
- private void generatePrivateKeys() {
- try {
- // first create the KeyPairs
- if (create_rsa) {
- try {
- System.out.println("generate RSA KeyPair for CA certificate ["+CA_KEYLENGTH+" bits]...");
- ca_rsa = generateKeyPair("RSA", CA_KEYLENGTH);
- System.out.println("Generate RSA signing keys...");
- System.out.println("generate RSA KeyPair for a test certificate [512 bits]...");
- rsa512_sign = generateKeyPair("RSA", 512);
- System.out.println("generate RSA KeyPair for a test certificate [1024 bits]...");
- rsa1024_sign = generateKeyPair("RSA", 1024);
- System.out.println("generate RSA KeyPair for a test certificate [2048 bits]...");
- rsa2048_sign = generateKeyPair("RSA", 2048);
- System.out.println("Generate RSA encryption keys...");
- System.out.println("generate RSA KeyPair for a test certificate [512 bits]...");
- rsa512_crypt = generateKeyPair("RSA", 512);
- System.out.println("generate RSA KeyPair for a test certificate [1024 bits]...");
- rsa1024_crypt = generateKeyPair("RSA", 1024);
- System.out.println("generate second RSA KeyPair for a test certificate [1024 bits]...");
- rsa1024_crypt_ = generateKeyPair("RSA", 1024);
- System.out.println("generate RSA KeyPair for a test certificate [2048 bits]...");
- rsa2048_crypt = generateKeyPair("RSA", 2048);
- } catch (NoSuchAlgorithmException ex) {
- create_rsa = false;
- System.out.println("No implementation for RSA! RSA certificates are not created!\n");
- }
- }
- if (create_dsa) {
- try {
- System.out.println("generate DSA KeyPair for CA certificate ["+CA_KEYLENGTH+" bits]...");
- ca_dsa = generateKeyPair("DSA", CA_KEYLENGTH);
- System.out.println("generate DSA KeyPair for a test certificate [512 bits]...");
- dsa512 = generateKeyPair("DSA", 512);
- System.out.println("generate DSA KeyPair for a test certificate [1024 bits]...");
- dsa1024 = generateKeyPair("DSA", 1024);
- } catch (NoSuchAlgorithmException ex) {
- create_dsa = false;
- System.out.println("No implementation for DSA! DSA certificates are not created!\n");
- }
- }
-
- if (create_esdh) {
- try {
- System.out.println("generate ESDH KeyPair for a test certificate [512 bits]...");
- esdh512 = generateKeyPair("ESDH", 512);
- System.out.println("generate ESDH KeyPair for a test certificate [1024 bits]...");
- esdh1024 = generateKeyPair("ESDH", 1024);
- System.out.println("generate ESDH KeyPair for a test certificate [1024 bits]...");
- esdh1024_ = generateKeyPair("ESDH", 1024);
- System.out.println("generate ESDH KeyPair for a test certificate [2048 bits]...");
- esdh2048 = generateKeyPair("ESDH", 2048);
- } catch (NoSuchAlgorithmException ex) {
- create_esdh = false;
- System.out.println("No implementation for ESDH! ESDH certificates are not created!\n");
- }
- }
- } catch (Exception ex) {
- System.out.println("Exception: "+ex);
- }
- }
-
- public void generateCertificates() {
-
- try {
-
- // Now create the certificates
- Name issuer = new Name();
- issuer.addRDN(ObjectID.country, "AT");
- issuer.addRDN(ObjectID.organization ,"IAIK");
- issuer.addRDN(ObjectID.organizationalUnit ,"JavaSecurity");
-
- Name subject = new Name();
- subject.addRDN(ObjectID.country, "AT");
- subject.addRDN(ObjectID.organization ,"IAIK");
- subject.addRDN(ObjectID.organizationalUnit ,"JavaSecurity");
-
- //
- // create self signed CA certs
- //
- X509Certificate caRSA = null;
- X509Certificate caDSA = null;
- X509Certificate[] chain = new X509Certificate[1];
- // for verifying the created certificates
- SimpleChainVerifier verifier = new SimpleChainVerifier();
-
- if (create_rsa) {
- issuer.addRDN(ObjectID.commonName ,"IAIK RSA Test CA");
- System.out.println("create self signed RSA CA certificate...");
- caRSA = createCertificate(issuer, ca_rsa.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, null, true);
- // verify the self signed certificate
- caRSA.verify();
- // set the CA cert as trusted root
- verifier.addTrustedCertificate(caRSA);
- chain[0] = caRSA;
- addToKeyStore(ca_rsa, chain, CA_RSA);
- issuer.removeRDN(ObjectID.commonName);
- }
-
- if (create_dsa) {
- issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA");
- System.out.println("create self signed DSA CA certificate...");
- caDSA = createCertificate(issuer, ca_dsa.getPublic(),
- issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, null, true);
- // verify the self signed certificate
- caDSA.verify();
- // set the CA cert as trusted root
- verifier.addTrustedCertificate(caDSA);
- chain[0] = caDSA;
- addToKeyStore(ca_dsa, chain, CA_DSA);
- issuer.removeRDN(ObjectID.commonName);
- }
-
- //
- // create certificates
- //
- chain = new X509Certificate[2];
-
- // create a RSA certificate
- if (create_rsa) {
- issuer.addRDN(ObjectID.commonName ,"IAIK RSA Test CA");
- SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caRSA.getExtension(SubjectKeyIdentifier.oid);
- // 512
- // for signing
- System.out.println("Create RSA demo certificates to be used for signing...");
-
- // 512
- subject.addRDN(ObjectID.commonName, "RSA 512 bit Demo Signing Certificate");
- System.out.println("create 512 bit RSA demo certificate...");
- chain[0] = createCertificate(subject, rsa512_sign.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true);
- chain[1] = caRSA;
- // and verify the chain
- verifier.verifyChain(chain);
- addToKeyStore(rsa512_sign, chain, RSA_512_SIGN);
- subject.removeRDN(ObjectID.commonName);
-
- // 1024
-
- subject.addRDN(ObjectID.commonName ,"RSA 1024 bit Demo Signing Certificate");
- System.out.println("create 1024 bit RSA demo certificate...");
- chain[0] = createCertificate(subject, rsa1024_sign.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true);
- chain[1] = caRSA;
- verifier.verifyChain(chain);
- addToKeyStore(rsa1024_sign, chain, RSA_1024_SIGN);
- subject.removeRDN(ObjectID.commonName);
-
- // 2048
-
- subject.addRDN(ObjectID.commonName ,"RSA 2048 bit Demo Signing Certificate");
- System.out.println("create 2048 bit RSA demo certificate...");
- chain[0] = createCertificate(subject, rsa2048_sign.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true);
- chain[1] = caRSA;
- verifier.verifyChain(chain);
-
- addToKeyStore(rsa2048_sign, chain, RSA_2048_SIGN);
- subject.removeRDN(ObjectID.commonName);
-
- // for encrypting
- System.out.println("Create RSA demo certificates to be used for encryption...");
- // 512
- subject.addRDN(ObjectID.commonName, "RSA 512 bit Demo Encryption Certificate");
- System.out.println("create 512 bit RSA demo certificate...");
- chain[0] = createCertificate(subject, rsa512_crypt.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
- chain[1] = caRSA;
- // and verify the chain
- verifier.verifyChain(chain);
- addToKeyStore(rsa512_crypt, chain, RSA_512_CRYPT);
- subject.removeRDN(ObjectID.commonName);
-
- // 1024
-
- subject.addRDN(ObjectID.commonName ,"RSA 1024 bit Demo Encryption Certificate");
- System.out.println("create 1024 bit RSA demo certificate...");
- chain[0] = createCertificate(subject, rsa1024_crypt.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
- chain[1] = caRSA;
- verifier.verifyChain(chain);
- addToKeyStore(rsa1024_crypt, chain, RSA_1024_CRYPT);
-
- System.out.println("create second 1024 bit RSA demo Encryption certificate...");
- chain[0] = createCertificate(subject, rsa1024_crypt_.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
- chain[1] = caRSA;
- verifier.verifyChain(chain);
- addToKeyStore(rsa1024_crypt_, chain, RSA_1024_CRYPT_);
- subject.removeRDN(ObjectID.commonName);
-
- // 2048
-
- subject.addRDN(ObjectID.commonName ,"RSA 2048 bit Demo Encryption Certificate");
- System.out.println("create 2048 bit RSA demo certificate...");
- chain[0] = createCertificate(subject, rsa2048_crypt.getPublic(),
- issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
- chain[1] = caRSA;
- verifier.verifyChain(chain);
- addToKeyStore(rsa2048_crypt, chain, RSA_2048_CRYPT);
- subject.removeRDN(ObjectID.commonName);
- issuer.removeRDN(ObjectID.commonName);
- }
-
- // create a DSA test certificate
- if (create_dsa) {
- issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA");
- // 512
- subject.addRDN(ObjectID.commonName ,"DSA 512 bit Demo Certificate");
- System.out.println("create 512 bit DSA demo certificate...");
- SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caDSA.getExtension(SubjectKeyIdentifier.oid);
- chain[0] = createCertificate(subject, dsa512.getPublic(),
- issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), true);
- subject.removeRDN(ObjectID.commonName);
- chain[1] = caDSA;
- verifier.verifyChain(chain);
-
- addToKeyStore(dsa512, chain, DSA_512);
- // 1024
- subject.addRDN(ObjectID.commonName ,"DSA 1024 bit Demo Certificate");
- System.out.println("create 1024 bit DSA demo certificate...");
- chain[0] = createCertificate(subject, dsa1024.getPublic(),
- issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), true);
- subject.removeRDN(ObjectID.commonName);
- chain[1] = caDSA;
- verifier.verifyChain(chain);
- addToKeyStore(dsa1024, chain, DSA_1024);
- issuer.removeRDN(ObjectID.commonName);
- }
-
- // create a ESDH test certificate
- if (create_esdh) {
- issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA");
- // 512
- subject.addRDN(ObjectID.commonName ,"ESDH 512 bit Demo Certificate");
- System.out.println("create 512 bit ESDH demo certificate...");
- SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caDSA.getExtension(SubjectKeyIdentifier.oid);
- chain[0] = createCertificate(subject, esdh512.getPublic(),
- issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
- subject.removeRDN(ObjectID.commonName);
- chain[1] = caDSA;
- verifier.verifyChain(chain);
- addToKeyStore(esdh512, chain, ESDH_512);
- // 1024
- subject.addRDN(ObjectID.commonName ,"ESDH 1024 bit Demo Certificate 1");
- System.out.println("create 1024 bit ESDH demo certificate...");
- chain[0] = createCertificate(subject, esdh1024.getPublic(),
- issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
- subject.removeRDN(ObjectID.commonName);
- chain[1] = caDSA;
- verifier.verifyChain(chain);
- addToKeyStore(esdh1024, chain, ESDH_1024);
- // 1024
- subject.addRDN(ObjectID.commonName ,"ESDH 1024 bit Demo Certificate 2");
- System.out.println("create second 1024 bit ESDH demo certificate...");
- chain[0] = createCertificate(subject, esdh1024_.getPublic(),
- issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
- subject.removeRDN(ObjectID.commonName);
- chain[1] = caDSA;
- verifier.verifyChain(chain);
- addToKeyStore(esdh1024_, chain, ESDH_1024_);
- // 2048
- subject.addRDN(ObjectID.commonName ,"ESDH 2048 bit Demo Certificate");
- System.out.println("create 2048 bit ESDH demo certificate...");
- chain[0] = createCertificate(subject, esdh2048.getPublic(),
- issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
- subject.removeRDN(ObjectID.commonName);
- chain[1] = caDSA;
- verifier.verifyChain(chain);
- addToKeyStore(esdh2048, chain, ESDH_2048);
- issuer.removeRDN(ObjectID.commonName);
- }
-
- System.out.println("\nCertificates created!");
-
- } catch (Exception ex) {
- System.out.println("Exception: "+ex);
- }
- }
-
- public static void start() {
- SetupCMSKeyStore suks = new SetupCMSKeyStore();
- suks.initializeKeyStore();
- if (suks.create_only_certificates) {
- suks.getPrivateKeys();
- }
- else {
- suks.generatePrivateKeys();
- }
- suks.generateCertificates();
- suks.saveKeyStore();
- }
-
- /**
- * Creates the test certificates.
- */
- public static void main(String arg[]) throws IOException {
-
- IAIK.addAsProvider(true);
- start();
- System.in.read();
- }
-} \ No newline at end of file