aboutsummaryrefslogtreecommitdiff
path: root/spss.test/src/testgenerator/SetupCMSKeyStore.java
diff options
context:
space:
mode:
Diffstat (limited to 'spss.test/src/testgenerator/SetupCMSKeyStore.java')
-rw-r--r--spss.test/src/testgenerator/SetupCMSKeyStore.java671
1 files changed, 671 insertions, 0 deletions
diff --git a/spss.test/src/testgenerator/SetupCMSKeyStore.java b/spss.test/src/testgenerator/SetupCMSKeyStore.java
new file mode 100644
index 000000000..441e64236
--- /dev/null
+++ b/spss.test/src/testgenerator/SetupCMSKeyStore.java
@@ -0,0 +1,671 @@
+// Copyright (C) 1997-2002 IAIK
+// email: jce-info@iaik.tu-graz.ac.at
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+// SUCH DAMAGE.
+//
+// $Header$
+//
+
+package testgenerator;
+
+import iaik.asn1.CodingException;
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.asn1.structures.GeneralName;
+import iaik.asn1.structures.GeneralNames;
+import iaik.asn1.structures.Name;
+import iaik.asn1.structures.PolicyInformation;
+import iaik.asn1.structures.PolicyQualifierInfo;
+import iaik.security.provider.IAIK;
+import iaik.x509.SimpleChainVerifier;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionException;
+import iaik.x509.extensions.AuthorityKeyIdentifier;
+import iaik.x509.extensions.BasicConstraints;
+import iaik.x509.extensions.CertificatePolicies;
+import iaik.x509.extensions.KeyUsage;
+import iaik.x509.extensions.SubjectAltName;
+import iaik.x509.extensions.SubjectKeyIdentifier;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
+import java.util.Random;
+
+/**
+ * Creates a default KeyStore in the current working directory.
+ * These keys are used by many demos included in IAIK-JCE.
+ * The aliases and the password for accessing the keys and
+ * certificates can be found in {@link demo.keystore.CMSKeyStoreConstants CMSKeyStoreConstants}.
+ *
+ * @see CMSKeyStoreConstants
+ */
+public class SetupCMSKeyStore implements CMSKeyStoreConstants {
+
+ // the keylength of the CA certificate shall be 1024
+ private final static int CA_KEYLENGTH = 1024;
+
+ // the key store to create
+ KeyStore key_store;
+ // the file where the key store shall be saved
+ String keystore_file;
+ // takes the existing keys from the KeyStore and only creates new certificates
+ boolean create_only_certificates = true;
+
+ // the private keys
+ KeyPair ca_rsa = null;
+ // RSA for signing
+ KeyPair rsa512_sign = null;
+ KeyPair rsa1024_sign = null;
+ KeyPair rsa2048_sign = null;
+ // RSA for encrypting
+ KeyPair rsa512_crypt = null;
+ KeyPair rsa1024_crypt = null;
+ KeyPair rsa1024_crypt_ = null;
+ KeyPair rsa2048_crypt = null;
+
+ KeyPair ca_dsa = null;
+ KeyPair dsa512 = null;
+ KeyPair dsa1024 = null;
+ KeyPair esdh512 = null;
+ KeyPair esdh1024 = null;
+ KeyPair esdh1024_ = null;
+ KeyPair esdh2048 = null;
+
+ // create RSA keys and certificates
+ boolean create_rsa = true;
+ // create DSA keys and certificates
+ boolean create_dsa = true;
+ // create ESDH keys and certificates
+ boolean create_esdh = true;
+
+ /**
+ * Generate a KeyPair using the specified algorithm with the given size.
+ *
+ * @param algorithm the algorithm to use
+ * @param bits the length of the key (modulus) in bits
+ * @return the KeyPair
+ */
+ public static KeyPair generateKeyPair(String algorithm, int bits)
+ throws NoSuchAlgorithmException {
+
+ KeyPairGenerator generator = null;
+
+ try {
+ generator = KeyPairGenerator.getInstance(algorithm, "IAIK");
+
+ } catch (NoSuchProviderException ex) {
+ throw new NoSuchAlgorithmException("Provider IAIK not found!");
+ }
+
+ generator.initialize(bits);
+ KeyPair kp = generator.generateKeyPair();
+
+ return kp;
+ }
+
+ /**
+ * Creates a certificate from the given values.
+ *
+ * @param subject the subject of the certificate
+ * @param publicKey the public key to include
+ * @param issuer the issuer of the certificate
+ * @param privateKey the private key for signing the certificate
+ * @param algorithm the signature algorithm to use
+ */
+ public static X509Certificate createCertificate(Name subject, PublicKey publicKey,
+ Name issuer, PrivateKey privateKey, AlgorithmID algorithm, byte[] keyID, boolean forSigning) {
+
+ // create a new certificate
+ X509Certificate cert = new X509Certificate();
+
+ try {
+ // set the values
+ cert.setSerialNumber(new BigInteger(20, new Random()));
+ cert.setSubjectDN(subject);
+ cert.setPublicKey(publicKey);
+ cert.setIssuerDN(issuer);
+
+ GregorianCalendar date = new GregorianCalendar();
+ date.add(Calendar.DATE, -1);
+ // not before now
+ cert.setValidNotBefore(date.getTime());
+
+ if (issuer.equals(subject)) {
+ date.add(Calendar.MONTH, 12);
+ BasicConstraints basicConstraints = new BasicConstraints(true);
+ cert.addExtension(basicConstraints);
+ KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
+ cert.addExtension(keyUsage);
+ } else {
+ date.add(Calendar.MONTH, 11);
+ KeyUsage keyUsage = null;
+ if (forSigning) {
+ keyUsage = new KeyUsage(KeyUsage.digitalSignature |
+ KeyUsage.nonRepudiation);
+ } else {
+ keyUsage = new KeyUsage(KeyUsage.keyEncipherment |
+ KeyUsage.dataEncipherment);
+ }
+ cert.addExtension(keyUsage);
+ AuthorityKeyIdentifier authID = new AuthorityKeyIdentifier();
+ authID.setKeyIdentifier(keyID);
+ cert.addExtension(authID);
+ GeneralNames generalNames = new GeneralNames();
+ generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.at"));
+ generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.tu-graz.ac.at"));
+ SubjectAltName subjectAltName = new SubjectAltName(generalNames);
+ cert.addExtension(subjectAltName);
+ }
+ String explicitText = "This certificate only may be used for test purposes";
+ PolicyQualifierInfo policyQualifier = new PolicyQualifierInfo(null, null, explicitText);
+ PolicyInformation[] policyInformations =
+ { new PolicyInformation(new ObjectID("1.3.6.1.4.1.2706.17.0.11.1.1"),
+ new PolicyQualifierInfo[] { policyQualifier }) };
+ CertificatePolicies certPolicies = new CertificatePolicies(policyInformations);
+
+ SubjectKeyIdentifier subjectKeyID = new SubjectKeyIdentifier(cert.getPublicKey());
+ cert.addExtension(subjectKeyID);
+
+ cert.addExtension(certPolicies);
+ cert.setValidNotAfter(date.getTime());
+ // and sign the certificate
+ cert.sign(algorithm ,privateKey);
+ } catch (CertificateException ex) {
+ throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
+ } catch (InvalidKeyException ex) {
+ throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
+ } catch (NoSuchAlgorithmException ex) {
+ throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
+ } catch (X509ExtensionException ex) {
+ throw new RuntimeException("Error adding extension: "+ex.getMessage());
+ } catch (CodingException ex) {
+ throw new RuntimeException("Error adding SubjectKeyIdentifier extension: "+ex.getMessage());
+ }
+/*
+ System.out.println(cert.toString(true));
+ iaik.utils.Util.waitKey();
+*/
+
+ return cert;
+ }
+
+ /**
+ * Load or create a KeyStore and initialize it.
+ */
+ private void initializeKeyStore() {
+
+ BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
+ String line;
+
+ try {
+ // default directory is the current user dir
+ String keystore_dir = System.getProperty("user.dir");
+ File ks = new File(keystore_dir, KS_FILENAME);
+
+ // KeyStore does already exist
+ if (ks.exists()) {
+ keystore_file = ks.getAbsolutePath();
+ if (create_only_certificates) {
+ System.out.println("Create only new certificates from already existing keys!");
+ }
+ else {
+ System.out.println("Existing KeyStore will be deleted!");
+ }
+ System.out.println("KeyStore: "+keystore_file);
+ }
+ else {
+ // there is no KeyStore -> create also new keys
+ create_only_certificates = false;
+
+ while (true) {
+ System.out.print("Create new KeyStore in directory: "+keystore_dir+" [y]");
+ line = reader.readLine();
+ if (line.length() == 0 || line.equals("y")) {
+ ks = new File(keystore_dir, KS_FILENAME);
+ keystore_file = ks.getAbsolutePath();
+ System.out.println("KeyStore will be saved to: "+keystore_file);
+ break;
+ }
+ System.out.print("Enter directory: ");
+ keystore_dir = reader.readLine();
+ }
+ }
+
+ // get a new KeyStore onject
+ key_store = KeyStore.getInstance("IAIKKeyStore");
+
+ if (create_only_certificates) {
+ // take private keys from existing KeyStore
+ key_store.load(new FileInputStream(ks), KS_PASSWORD);
+ }
+ else {
+ // create a new KeyStore
+ key_store.load(null, null);
+ }
+
+ } catch (Exception ex) {
+ System.out.println("Error creating new IAIK KeyStore!");
+ throw new RuntimeException("Error creating new KeyStore: "+ex.getMessage());
+ }
+ }
+
+ /**
+ * Save the KeyStore to disk.
+ */
+ private void saveKeyStore() {
+ try {
+ // write the KeyStore to disk
+ FileOutputStream os = new FileOutputStream(keystore_file);
+ key_store.store(os, KS_PASSWORD);
+ os.close();
+ } catch (Exception ex) {
+ System.out.println("Error saving KeyStore!");
+ ex.printStackTrace();
+ }
+ }
+
+ /**
+ * Add the private key and the certificate chain to the key store.
+ */
+ public void addToKeyStore(KeyPair keyPair, X509Certificate[] chain, String alias) throws KeyStoreException {
+ key_store.setKeyEntry(alias, keyPair.getPrivate(), KS_PASSWORD, chain);
+ }
+
+ /**
+ * Returns a KeyPair form the KeyStore.
+ */
+ private KeyPair getKeyPair(String type) throws Exception {
+ PrivateKey privKey = (PrivateKey)key_store.getKey(type, KS_PASSWORD);
+ PublicKey pubKey = key_store.getCertificateChain(type)[0].getPublicKey();
+ return new KeyPair(pubKey, privKey);
+ }
+
+ /**
+ * Get all private keys from the KeyStore.
+ */
+ private void getPrivateKeys() {
+ // RSA
+ try {
+ ca_rsa = getKeyPair(CA_RSA);
+ // for signing
+ rsa512_sign = getKeyPair(RSA_512_SIGN);
+ rsa1024_sign = getKeyPair(RSA_1024_SIGN);
+ rsa2048_sign = getKeyPair(RSA_2048_SIGN);
+ // for encrypting
+ rsa512_crypt = getKeyPair(RSA_512_CRYPT);
+ rsa1024_crypt = getKeyPair(RSA_1024_CRYPT);
+ rsa1024_crypt_ = getKeyPair(RSA_1024_CRYPT_);
+ rsa2048_crypt = getKeyPair(RSA_2048_CRYPT);
+ } catch (Exception ex) {
+ System.out.println("Unable to get RSA keys from KeyStore.");
+ ex.printStackTrace();
+ create_rsa = false;
+ }
+ // DSA
+ try {
+ ca_dsa = getKeyPair(CA_DSA);
+ dsa512 = getKeyPair(DSA_512);
+ dsa1024 = getKeyPair(DSA_1024);
+ } catch (Exception ex) {
+ System.out.println("Unable to get DSA keys from KeyStore.");
+ ex.printStackTrace();
+ create_dsa = false;
+ }
+ // ESDH
+ try {
+ esdh512 = getKeyPair(ESDH_512);
+ esdh1024 = getKeyPair(ESDH_1024);
+ esdh1024_ = getKeyPair(ESDH_1024_);
+ esdh2048 = getKeyPair(ESDH_2048);
+ } catch (Exception ex) {
+ System.out.println("Unable to get ESDH keys from KeyStore.");
+ ex.printStackTrace();
+ create_esdh = false;
+ }
+ }
+
+ /**
+ * Gernerate new prviate keys.
+ */
+ private void generatePrivateKeys() {
+ try {
+ // first create the KeyPairs
+ if (create_rsa) {
+ try {
+ System.out.println("generate RSA KeyPair for CA certificate ["+CA_KEYLENGTH+" bits]...");
+ ca_rsa = generateKeyPair("RSA", CA_KEYLENGTH);
+ System.out.println("Generate RSA signing keys...");
+ System.out.println("generate RSA KeyPair for a test certificate [512 bits]...");
+ rsa512_sign = generateKeyPair("RSA", 512);
+ System.out.println("generate RSA KeyPair for a test certificate [1024 bits]...");
+ rsa1024_sign = generateKeyPair("RSA", 1024);
+ System.out.println("generate RSA KeyPair for a test certificate [2048 bits]...");
+ rsa2048_sign = generateKeyPair("RSA", 2048);
+ System.out.println("Generate RSA encryption keys...");
+ System.out.println("generate RSA KeyPair for a test certificate [512 bits]...");
+ rsa512_crypt = generateKeyPair("RSA", 512);
+ System.out.println("generate RSA KeyPair for a test certificate [1024 bits]...");
+ rsa1024_crypt = generateKeyPair("RSA", 1024);
+ System.out.println("generate second RSA KeyPair for a test certificate [1024 bits]...");
+ rsa1024_crypt_ = generateKeyPair("RSA", 1024);
+ System.out.println("generate RSA KeyPair for a test certificate [2048 bits]...");
+ rsa2048_crypt = generateKeyPair("RSA", 2048);
+ } catch (NoSuchAlgorithmException ex) {
+ create_rsa = false;
+ System.out.println("No implementation for RSA! RSA certificates are not created!\n");
+ }
+ }
+ if (create_dsa) {
+ try {
+ System.out.println("generate DSA KeyPair for CA certificate ["+CA_KEYLENGTH+" bits]...");
+ ca_dsa = generateKeyPair("DSA", CA_KEYLENGTH);
+ System.out.println("generate DSA KeyPair for a test certificate [512 bits]...");
+ dsa512 = generateKeyPair("DSA", 512);
+ System.out.println("generate DSA KeyPair for a test certificate [1024 bits]...");
+ dsa1024 = generateKeyPair("DSA", 1024);
+ } catch (NoSuchAlgorithmException ex) {
+ create_dsa = false;
+ System.out.println("No implementation for DSA! DSA certificates are not created!\n");
+ }
+ }
+
+ if (create_esdh) {
+ try {
+ System.out.println("generate ESDH KeyPair for a test certificate [512 bits]...");
+ esdh512 = generateKeyPair("ESDH", 512);
+ System.out.println("generate ESDH KeyPair for a test certificate [1024 bits]...");
+ esdh1024 = generateKeyPair("ESDH", 1024);
+ System.out.println("generate ESDH KeyPair for a test certificate [1024 bits]...");
+ esdh1024_ = generateKeyPair("ESDH", 1024);
+ System.out.println("generate ESDH KeyPair for a test certificate [2048 bits]...");
+ esdh2048 = generateKeyPair("ESDH", 2048);
+ } catch (NoSuchAlgorithmException ex) {
+ create_esdh = false;
+ System.out.println("No implementation for ESDH! ESDH certificates are not created!\n");
+ }
+ }
+ } catch (Exception ex) {
+ System.out.println("Exception: "+ex);
+ }
+ }
+
+ public void generateCertificates() {
+
+ try {
+
+ // Now create the certificates
+ Name issuer = new Name();
+ issuer.addRDN(ObjectID.country, "AT");
+ issuer.addRDN(ObjectID.organization ,"IAIK");
+ issuer.addRDN(ObjectID.organizationalUnit ,"JavaSecurity");
+
+ Name subject = new Name();
+ subject.addRDN(ObjectID.country, "AT");
+ subject.addRDN(ObjectID.organization ,"IAIK");
+ subject.addRDN(ObjectID.organizationalUnit ,"JavaSecurity");
+
+ //
+ // create self signed CA certs
+ //
+ X509Certificate caRSA = null;
+ X509Certificate caDSA = null;
+ X509Certificate[] chain = new X509Certificate[1];
+ // for verifying the created certificates
+ SimpleChainVerifier verifier = new SimpleChainVerifier();
+
+ if (create_rsa) {
+ issuer.addRDN(ObjectID.commonName ,"IAIK RSA Test CA");
+ System.out.println("create self signed RSA CA certificate...");
+ caRSA = createCertificate(issuer, ca_rsa.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, null, true);
+ // verify the self signed certificate
+ caRSA.verify();
+ // set the CA cert as trusted root
+ verifier.addTrustedCertificate(caRSA);
+ chain[0] = caRSA;
+ addToKeyStore(ca_rsa, chain, CA_RSA);
+ issuer.removeRDN(ObjectID.commonName);
+ }
+
+ if (create_dsa) {
+ issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA");
+ System.out.println("create self signed DSA CA certificate...");
+ caDSA = createCertificate(issuer, ca_dsa.getPublic(),
+ issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, null, true);
+ // verify the self signed certificate
+ caDSA.verify();
+ // set the CA cert as trusted root
+ verifier.addTrustedCertificate(caDSA);
+ chain[0] = caDSA;
+ addToKeyStore(ca_dsa, chain, CA_DSA);
+ issuer.removeRDN(ObjectID.commonName);
+ }
+
+ //
+ // create certificates
+ //
+ chain = new X509Certificate[2];
+
+ // create a RSA certificate
+ if (create_rsa) {
+ issuer.addRDN(ObjectID.commonName ,"IAIK RSA Test CA");
+ SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caRSA.getExtension(SubjectKeyIdentifier.oid);
+ // 512
+ // for signing
+ System.out.println("Create RSA demo certificates to be used for signing...");
+
+ // 512
+ subject.addRDN(ObjectID.commonName, "RSA 512 bit Demo Signing Certificate");
+ System.out.println("create 512 bit RSA demo certificate...");
+ chain[0] = createCertificate(subject, rsa512_sign.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true);
+ chain[1] = caRSA;
+ // and verify the chain
+ verifier.verifyChain(chain);
+ addToKeyStore(rsa512_sign, chain, RSA_512_SIGN);
+ subject.removeRDN(ObjectID.commonName);
+
+ // 1024
+
+ subject.addRDN(ObjectID.commonName ,"RSA 1024 bit Demo Signing Certificate");
+ System.out.println("create 1024 bit RSA demo certificate...");
+ chain[0] = createCertificate(subject, rsa1024_sign.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true);
+ chain[1] = caRSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(rsa1024_sign, chain, RSA_1024_SIGN);
+ subject.removeRDN(ObjectID.commonName);
+
+ // 2048
+
+ subject.addRDN(ObjectID.commonName ,"RSA 2048 bit Demo Signing Certificate");
+ System.out.println("create 2048 bit RSA demo certificate...");
+ chain[0] = createCertificate(subject, rsa2048_sign.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true);
+ chain[1] = caRSA;
+ verifier.verifyChain(chain);
+
+ addToKeyStore(rsa2048_sign, chain, RSA_2048_SIGN);
+ subject.removeRDN(ObjectID.commonName);
+
+ // for encrypting
+ System.out.println("Create RSA demo certificates to be used for encryption...");
+ // 512
+ subject.addRDN(ObjectID.commonName, "RSA 512 bit Demo Encryption Certificate");
+ System.out.println("create 512 bit RSA demo certificate...");
+ chain[0] = createCertificate(subject, rsa512_crypt.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
+ chain[1] = caRSA;
+ // and verify the chain
+ verifier.verifyChain(chain);
+ addToKeyStore(rsa512_crypt, chain, RSA_512_CRYPT);
+ subject.removeRDN(ObjectID.commonName);
+
+ // 1024
+
+ subject.addRDN(ObjectID.commonName ,"RSA 1024 bit Demo Encryption Certificate");
+ System.out.println("create 1024 bit RSA demo certificate...");
+ chain[0] = createCertificate(subject, rsa1024_crypt.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
+ chain[1] = caRSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(rsa1024_crypt, chain, RSA_1024_CRYPT);
+
+ System.out.println("create second 1024 bit RSA demo Encryption certificate...");
+ chain[0] = createCertificate(subject, rsa1024_crypt_.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
+ chain[1] = caRSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(rsa1024_crypt_, chain, RSA_1024_CRYPT_);
+ subject.removeRDN(ObjectID.commonName);
+
+ // 2048
+
+ subject.addRDN(ObjectID.commonName ,"RSA 2048 bit Demo Encryption Certificate");
+ System.out.println("create 2048 bit RSA demo certificate...");
+ chain[0] = createCertificate(subject, rsa2048_crypt.getPublic(),
+ issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false);
+ chain[1] = caRSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(rsa2048_crypt, chain, RSA_2048_CRYPT);
+ subject.removeRDN(ObjectID.commonName);
+ issuer.removeRDN(ObjectID.commonName);
+ }
+
+ // create a DSA test certificate
+ if (create_dsa) {
+ issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA");
+ // 512
+ subject.addRDN(ObjectID.commonName ,"DSA 512 bit Demo Certificate");
+ System.out.println("create 512 bit DSA demo certificate...");
+ SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caDSA.getExtension(SubjectKeyIdentifier.oid);
+ chain[0] = createCertificate(subject, dsa512.getPublic(),
+ issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), true);
+ subject.removeRDN(ObjectID.commonName);
+ chain[1] = caDSA;
+ verifier.verifyChain(chain);
+
+ addToKeyStore(dsa512, chain, DSA_512);
+ // 1024
+ subject.addRDN(ObjectID.commonName ,"DSA 1024 bit Demo Certificate");
+ System.out.println("create 1024 bit DSA demo certificate...");
+ chain[0] = createCertificate(subject, dsa1024.getPublic(),
+ issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), true);
+ subject.removeRDN(ObjectID.commonName);
+ chain[1] = caDSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(dsa1024, chain, DSA_1024);
+ issuer.removeRDN(ObjectID.commonName);
+ }
+
+ // create a ESDH test certificate
+ if (create_esdh) {
+ issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA");
+ // 512
+ subject.addRDN(ObjectID.commonName ,"ESDH 512 bit Demo Certificate");
+ System.out.println("create 512 bit ESDH demo certificate...");
+ SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caDSA.getExtension(SubjectKeyIdentifier.oid);
+ chain[0] = createCertificate(subject, esdh512.getPublic(),
+ issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
+ subject.removeRDN(ObjectID.commonName);
+ chain[1] = caDSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(esdh512, chain, ESDH_512);
+ // 1024
+ subject.addRDN(ObjectID.commonName ,"ESDH 1024 bit Demo Certificate 1");
+ System.out.println("create 1024 bit ESDH demo certificate...");
+ chain[0] = createCertificate(subject, esdh1024.getPublic(),
+ issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
+ subject.removeRDN(ObjectID.commonName);
+ chain[1] = caDSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(esdh1024, chain, ESDH_1024);
+ // 1024
+ subject.addRDN(ObjectID.commonName ,"ESDH 1024 bit Demo Certificate 2");
+ System.out.println("create second 1024 bit ESDH demo certificate...");
+ chain[0] = createCertificate(subject, esdh1024_.getPublic(),
+ issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
+ subject.removeRDN(ObjectID.commonName);
+ chain[1] = caDSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(esdh1024_, chain, ESDH_1024_);
+ // 2048
+ subject.addRDN(ObjectID.commonName ,"ESDH 2048 bit Demo Certificate");
+ System.out.println("create 2048 bit ESDH demo certificate...");
+ chain[0] = createCertificate(subject, esdh2048.getPublic(),
+ issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false);
+ subject.removeRDN(ObjectID.commonName);
+ chain[1] = caDSA;
+ verifier.verifyChain(chain);
+ addToKeyStore(esdh2048, chain, ESDH_2048);
+ issuer.removeRDN(ObjectID.commonName);
+ }
+
+ System.out.println("\nCertificates created!");
+
+ } catch (Exception ex) {
+ System.out.println("Exception: "+ex);
+ }
+ }
+
+ public static void start() {
+ SetupCMSKeyStore suks = new SetupCMSKeyStore();
+ suks.initializeKeyStore();
+ if (suks.create_only_certificates) {
+ suks.getPrivateKeys();
+ }
+ else {
+ suks.generatePrivateKeys();
+ }
+ suks.generateCertificates();
+ suks.saveKeyStore();
+ }
+
+ /**
+ * Creates the test certificates.
+ */
+ public static void main(String arg[]) throws IOException {
+
+ IAIK.addAsProvider(true);
+ start();
+ System.in.read();
+ }
+} \ No newline at end of file