From 643b4096cdd0f0ed98f21c9b5b681ed89bcb08dc Mon Sep 17 00:00:00 2001 From: gregor Date: Tue, 11 Nov 2003 22:36:36 +0000 Subject: Erstellt. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@51 d688527b-c9ab-4aba-bd8d-4036d912da1d --- spss.test/src/testgenerator/SetupCMSKeyStore.java | 671 ++++++++++++++++++++++ 1 file changed, 671 insertions(+) create mode 100644 spss.test/src/testgenerator/SetupCMSKeyStore.java (limited to 'spss.test/src/testgenerator/SetupCMSKeyStore.java') diff --git a/spss.test/src/testgenerator/SetupCMSKeyStore.java b/spss.test/src/testgenerator/SetupCMSKeyStore.java new file mode 100644 index 000000000..441e64236 --- /dev/null +++ b/spss.test/src/testgenerator/SetupCMSKeyStore.java @@ -0,0 +1,671 @@ +// Copyright (C) 1997-2002 IAIK +// email: jce-info@iaik.tu-graz.ac.at +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// 1. Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// 2. Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in the +// documentation and/or other materials provided with the distribution. +// +// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +// SUCH DAMAGE. +// +// $Header$ +// + +package testgenerator; + +import iaik.asn1.CodingException; +import iaik.asn1.ObjectID; +import iaik.asn1.structures.AlgorithmID; +import iaik.asn1.structures.GeneralName; +import iaik.asn1.structures.GeneralNames; +import iaik.asn1.structures.Name; +import iaik.asn1.structures.PolicyInformation; +import iaik.asn1.structures.PolicyQualifierInfo; +import iaik.security.provider.IAIK; +import iaik.x509.SimpleChainVerifier; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionException; +import iaik.x509.extensions.AuthorityKeyIdentifier; +import iaik.x509.extensions.BasicConstraints; +import iaik.x509.extensions.CertificatePolicies; +import iaik.x509.extensions.KeyUsage; +import iaik.x509.extensions.SubjectAltName; +import iaik.x509.extensions.SubjectKeyIdentifier; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.cert.CertificateException; +import java.util.Calendar; +import java.util.GregorianCalendar; +import java.util.Random; + +/** + * Creates a default KeyStore in the current working directory. + * These keys are used by many demos included in IAIK-JCE. + * The aliases and the password for accessing the keys and + * certificates can be found in {@link demo.keystore.CMSKeyStoreConstants CMSKeyStoreConstants}. + * + * @see CMSKeyStoreConstants + */ +public class SetupCMSKeyStore implements CMSKeyStoreConstants { + + // the keylength of the CA certificate shall be 1024 + private final static int CA_KEYLENGTH = 1024; + + // the key store to create + KeyStore key_store; + // the file where the key store shall be saved + String keystore_file; + // takes the existing keys from the KeyStore and only creates new certificates + boolean create_only_certificates = true; + + // the private keys + KeyPair ca_rsa = null; + // RSA for signing + KeyPair rsa512_sign = null; + KeyPair rsa1024_sign = null; + KeyPair rsa2048_sign = null; + // RSA for encrypting + KeyPair rsa512_crypt = null; + KeyPair rsa1024_crypt = null; + KeyPair rsa1024_crypt_ = null; + KeyPair rsa2048_crypt = null; + + KeyPair ca_dsa = null; + KeyPair dsa512 = null; + KeyPair dsa1024 = null; + KeyPair esdh512 = null; + KeyPair esdh1024 = null; + KeyPair esdh1024_ = null; + KeyPair esdh2048 = null; + + // create RSA keys and certificates + boolean create_rsa = true; + // create DSA keys and certificates + boolean create_dsa = true; + // create ESDH keys and certificates + boolean create_esdh = true; + + /** + * Generate a KeyPair using the specified algorithm with the given size. + * + * @param algorithm the algorithm to use + * @param bits the length of the key (modulus) in bits + * @return the KeyPair + */ + public static KeyPair generateKeyPair(String algorithm, int bits) + throws NoSuchAlgorithmException { + + KeyPairGenerator generator = null; + + try { + generator = KeyPairGenerator.getInstance(algorithm, "IAIK"); + + } catch (NoSuchProviderException ex) { + throw new NoSuchAlgorithmException("Provider IAIK not found!"); + } + + generator.initialize(bits); + KeyPair kp = generator.generateKeyPair(); + + return kp; + } + + /** + * Creates a certificate from the given values. + * + * @param subject the subject of the certificate + * @param publicKey the public key to include + * @param issuer the issuer of the certificate + * @param privateKey the private key for signing the certificate + * @param algorithm the signature algorithm to use + */ + public static X509Certificate createCertificate(Name subject, PublicKey publicKey, + Name issuer, PrivateKey privateKey, AlgorithmID algorithm, byte[] keyID, boolean forSigning) { + + // create a new certificate + X509Certificate cert = new X509Certificate(); + + try { + // set the values + cert.setSerialNumber(new BigInteger(20, new Random())); + cert.setSubjectDN(subject); + cert.setPublicKey(publicKey); + cert.setIssuerDN(issuer); + + GregorianCalendar date = new GregorianCalendar(); + date.add(Calendar.DATE, -1); + // not before now + cert.setValidNotBefore(date.getTime()); + + if (issuer.equals(subject)) { + date.add(Calendar.MONTH, 12); + BasicConstraints basicConstraints = new BasicConstraints(true); + cert.addExtension(basicConstraints); + KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign); + cert.addExtension(keyUsage); + } else { + date.add(Calendar.MONTH, 11); + KeyUsage keyUsage = null; + if (forSigning) { + keyUsage = new KeyUsage(KeyUsage.digitalSignature | + KeyUsage.nonRepudiation); + } else { + keyUsage = new KeyUsage(KeyUsage.keyEncipherment | + KeyUsage.dataEncipherment); + } + cert.addExtension(keyUsage); + AuthorityKeyIdentifier authID = new AuthorityKeyIdentifier(); + authID.setKeyIdentifier(keyID); + cert.addExtension(authID); + GeneralNames generalNames = new GeneralNames(); + generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.at")); + generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.tu-graz.ac.at")); + SubjectAltName subjectAltName = new SubjectAltName(generalNames); + cert.addExtension(subjectAltName); + } + String explicitText = "This certificate only may be used for test purposes"; + PolicyQualifierInfo policyQualifier = new PolicyQualifierInfo(null, null, explicitText); + PolicyInformation[] policyInformations = + { new PolicyInformation(new ObjectID("1.3.6.1.4.1.2706.17.0.11.1.1"), + new PolicyQualifierInfo[] { policyQualifier }) }; + CertificatePolicies certPolicies = new CertificatePolicies(policyInformations); + + SubjectKeyIdentifier subjectKeyID = new SubjectKeyIdentifier(cert.getPublicKey()); + cert.addExtension(subjectKeyID); + + cert.addExtension(certPolicies); + cert.setValidNotAfter(date.getTime()); + // and sign the certificate + cert.sign(algorithm ,privateKey); + } catch (CertificateException ex) { + throw new RuntimeException("Error creating the certificate: "+ex.getMessage()); + } catch (InvalidKeyException ex) { + throw new RuntimeException("Error creating the certificate: "+ex.getMessage()); + } catch (NoSuchAlgorithmException ex) { + throw new RuntimeException("Error creating the certificate: "+ex.getMessage()); + } catch (X509ExtensionException ex) { + throw new RuntimeException("Error adding extension: "+ex.getMessage()); + } catch (CodingException ex) { + throw new RuntimeException("Error adding SubjectKeyIdentifier extension: "+ex.getMessage()); + } +/* + System.out.println(cert.toString(true)); + iaik.utils.Util.waitKey(); +*/ + + return cert; + } + + /** + * Load or create a KeyStore and initialize it. + */ + private void initializeKeyStore() { + + BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + String line; + + try { + // default directory is the current user dir + String keystore_dir = System.getProperty("user.dir"); + File ks = new File(keystore_dir, KS_FILENAME); + + // KeyStore does already exist + if (ks.exists()) { + keystore_file = ks.getAbsolutePath(); + if (create_only_certificates) { + System.out.println("Create only new certificates from already existing keys!"); + } + else { + System.out.println("Existing KeyStore will be deleted!"); + } + System.out.println("KeyStore: "+keystore_file); + } + else { + // there is no KeyStore -> create also new keys + create_only_certificates = false; + + while (true) { + System.out.print("Create new KeyStore in directory: "+keystore_dir+" [y]"); + line = reader.readLine(); + if (line.length() == 0 || line.equals("y")) { + ks = new File(keystore_dir, KS_FILENAME); + keystore_file = ks.getAbsolutePath(); + System.out.println("KeyStore will be saved to: "+keystore_file); + break; + } + System.out.print("Enter directory: "); + keystore_dir = reader.readLine(); + } + } + + // get a new KeyStore onject + key_store = KeyStore.getInstance("IAIKKeyStore"); + + if (create_only_certificates) { + // take private keys from existing KeyStore + key_store.load(new FileInputStream(ks), KS_PASSWORD); + } + else { + // create a new KeyStore + key_store.load(null, null); + } + + } catch (Exception ex) { + System.out.println("Error creating new IAIK KeyStore!"); + throw new RuntimeException("Error creating new KeyStore: "+ex.getMessage()); + } + } + + /** + * Save the KeyStore to disk. + */ + private void saveKeyStore() { + try { + // write the KeyStore to disk + FileOutputStream os = new FileOutputStream(keystore_file); + key_store.store(os, KS_PASSWORD); + os.close(); + } catch (Exception ex) { + System.out.println("Error saving KeyStore!"); + ex.printStackTrace(); + } + } + + /** + * Add the private key and the certificate chain to the key store. + */ + public void addToKeyStore(KeyPair keyPair, X509Certificate[] chain, String alias) throws KeyStoreException { + key_store.setKeyEntry(alias, keyPair.getPrivate(), KS_PASSWORD, chain); + } + + /** + * Returns a KeyPair form the KeyStore. + */ + private KeyPair getKeyPair(String type) throws Exception { + PrivateKey privKey = (PrivateKey)key_store.getKey(type, KS_PASSWORD); + PublicKey pubKey = key_store.getCertificateChain(type)[0].getPublicKey(); + return new KeyPair(pubKey, privKey); + } + + /** + * Get all private keys from the KeyStore. + */ + private void getPrivateKeys() { + // RSA + try { + ca_rsa = getKeyPair(CA_RSA); + // for signing + rsa512_sign = getKeyPair(RSA_512_SIGN); + rsa1024_sign = getKeyPair(RSA_1024_SIGN); + rsa2048_sign = getKeyPair(RSA_2048_SIGN); + // for encrypting + rsa512_crypt = getKeyPair(RSA_512_CRYPT); + rsa1024_crypt = getKeyPair(RSA_1024_CRYPT); + rsa1024_crypt_ = getKeyPair(RSA_1024_CRYPT_); + rsa2048_crypt = getKeyPair(RSA_2048_CRYPT); + } catch (Exception ex) { + System.out.println("Unable to get RSA keys from KeyStore."); + ex.printStackTrace(); + create_rsa = false; + } + // DSA + try { + ca_dsa = getKeyPair(CA_DSA); + dsa512 = getKeyPair(DSA_512); + dsa1024 = getKeyPair(DSA_1024); + } catch (Exception ex) { + System.out.println("Unable to get DSA keys from KeyStore."); + ex.printStackTrace(); + create_dsa = false; + } + // ESDH + try { + esdh512 = getKeyPair(ESDH_512); + esdh1024 = getKeyPair(ESDH_1024); + esdh1024_ = getKeyPair(ESDH_1024_); + esdh2048 = getKeyPair(ESDH_2048); + } catch (Exception ex) { + System.out.println("Unable to get ESDH keys from KeyStore."); + ex.printStackTrace(); + create_esdh = false; + } + } + + /** + * Gernerate new prviate keys. + */ + private void generatePrivateKeys() { + try { + // first create the KeyPairs + if (create_rsa) { + try { + System.out.println("generate RSA KeyPair for CA certificate ["+CA_KEYLENGTH+" bits]..."); + ca_rsa = generateKeyPair("RSA", CA_KEYLENGTH); + System.out.println("Generate RSA signing keys..."); + System.out.println("generate RSA KeyPair for a test certificate [512 bits]..."); + rsa512_sign = generateKeyPair("RSA", 512); + System.out.println("generate RSA KeyPair for a test certificate [1024 bits]..."); + rsa1024_sign = generateKeyPair("RSA", 1024); + System.out.println("generate RSA KeyPair for a test certificate [2048 bits]..."); + rsa2048_sign = generateKeyPair("RSA", 2048); + System.out.println("Generate RSA encryption keys..."); + System.out.println("generate RSA KeyPair for a test certificate [512 bits]..."); + rsa512_crypt = generateKeyPair("RSA", 512); + System.out.println("generate RSA KeyPair for a test certificate [1024 bits]..."); + rsa1024_crypt = generateKeyPair("RSA", 1024); + System.out.println("generate second RSA KeyPair for a test certificate [1024 bits]..."); + rsa1024_crypt_ = generateKeyPair("RSA", 1024); + System.out.println("generate RSA KeyPair for a test certificate [2048 bits]..."); + rsa2048_crypt = generateKeyPair("RSA", 2048); + } catch (NoSuchAlgorithmException ex) { + create_rsa = false; + System.out.println("No implementation for RSA! RSA certificates are not created!\n"); + } + } + if (create_dsa) { + try { + System.out.println("generate DSA KeyPair for CA certificate ["+CA_KEYLENGTH+" bits]..."); + ca_dsa = generateKeyPair("DSA", CA_KEYLENGTH); + System.out.println("generate DSA KeyPair for a test certificate [512 bits]..."); + dsa512 = generateKeyPair("DSA", 512); + System.out.println("generate DSA KeyPair for a test certificate [1024 bits]..."); + dsa1024 = generateKeyPair("DSA", 1024); + } catch (NoSuchAlgorithmException ex) { + create_dsa = false; + System.out.println("No implementation for DSA! DSA certificates are not created!\n"); + } + } + + if (create_esdh) { + try { + System.out.println("generate ESDH KeyPair for a test certificate [512 bits]..."); + esdh512 = generateKeyPair("ESDH", 512); + System.out.println("generate ESDH KeyPair for a test certificate [1024 bits]..."); + esdh1024 = generateKeyPair("ESDH", 1024); + System.out.println("generate ESDH KeyPair for a test certificate [1024 bits]..."); + esdh1024_ = generateKeyPair("ESDH", 1024); + System.out.println("generate ESDH KeyPair for a test certificate [2048 bits]..."); + esdh2048 = generateKeyPair("ESDH", 2048); + } catch (NoSuchAlgorithmException ex) { + create_esdh = false; + System.out.println("No implementation for ESDH! ESDH certificates are not created!\n"); + } + } + } catch (Exception ex) { + System.out.println("Exception: "+ex); + } + } + + public void generateCertificates() { + + try { + + // Now create the certificates + Name issuer = new Name(); + issuer.addRDN(ObjectID.country, "AT"); + issuer.addRDN(ObjectID.organization ,"IAIK"); + issuer.addRDN(ObjectID.organizationalUnit ,"JavaSecurity"); + + Name subject = new Name(); + subject.addRDN(ObjectID.country, "AT"); + subject.addRDN(ObjectID.organization ,"IAIK"); + subject.addRDN(ObjectID.organizationalUnit ,"JavaSecurity"); + + // + // create self signed CA certs + // + X509Certificate caRSA = null; + X509Certificate caDSA = null; + X509Certificate[] chain = new X509Certificate[1]; + // for verifying the created certificates + SimpleChainVerifier verifier = new SimpleChainVerifier(); + + if (create_rsa) { + issuer.addRDN(ObjectID.commonName ,"IAIK RSA Test CA"); + System.out.println("create self signed RSA CA certificate..."); + caRSA = createCertificate(issuer, ca_rsa.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, null, true); + // verify the self signed certificate + caRSA.verify(); + // set the CA cert as trusted root + verifier.addTrustedCertificate(caRSA); + chain[0] = caRSA; + addToKeyStore(ca_rsa, chain, CA_RSA); + issuer.removeRDN(ObjectID.commonName); + } + + if (create_dsa) { + issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA"); + System.out.println("create self signed DSA CA certificate..."); + caDSA = createCertificate(issuer, ca_dsa.getPublic(), + issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, null, true); + // verify the self signed certificate + caDSA.verify(); + // set the CA cert as trusted root + verifier.addTrustedCertificate(caDSA); + chain[0] = caDSA; + addToKeyStore(ca_dsa, chain, CA_DSA); + issuer.removeRDN(ObjectID.commonName); + } + + // + // create certificates + // + chain = new X509Certificate[2]; + + // create a RSA certificate + if (create_rsa) { + issuer.addRDN(ObjectID.commonName ,"IAIK RSA Test CA"); + SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caRSA.getExtension(SubjectKeyIdentifier.oid); + // 512 + // for signing + System.out.println("Create RSA demo certificates to be used for signing..."); + + // 512 + subject.addRDN(ObjectID.commonName, "RSA 512 bit Demo Signing Certificate"); + System.out.println("create 512 bit RSA demo certificate..."); + chain[0] = createCertificate(subject, rsa512_sign.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true); + chain[1] = caRSA; + // and verify the chain + verifier.verifyChain(chain); + addToKeyStore(rsa512_sign, chain, RSA_512_SIGN); + subject.removeRDN(ObjectID.commonName); + + // 1024 + + subject.addRDN(ObjectID.commonName ,"RSA 1024 bit Demo Signing Certificate"); + System.out.println("create 1024 bit RSA demo certificate..."); + chain[0] = createCertificate(subject, rsa1024_sign.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true); + chain[1] = caRSA; + verifier.verifyChain(chain); + addToKeyStore(rsa1024_sign, chain, RSA_1024_SIGN); + subject.removeRDN(ObjectID.commonName); + + // 2048 + + subject.addRDN(ObjectID.commonName ,"RSA 2048 bit Demo Signing Certificate"); + System.out.println("create 2048 bit RSA demo certificate..."); + chain[0] = createCertificate(subject, rsa2048_sign.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), true); + chain[1] = caRSA; + verifier.verifyChain(chain); + + addToKeyStore(rsa2048_sign, chain, RSA_2048_SIGN); + subject.removeRDN(ObjectID.commonName); + + // for encrypting + System.out.println("Create RSA demo certificates to be used for encryption..."); + // 512 + subject.addRDN(ObjectID.commonName, "RSA 512 bit Demo Encryption Certificate"); + System.out.println("create 512 bit RSA demo certificate..."); + chain[0] = createCertificate(subject, rsa512_crypt.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false); + chain[1] = caRSA; + // and verify the chain + verifier.verifyChain(chain); + addToKeyStore(rsa512_crypt, chain, RSA_512_CRYPT); + subject.removeRDN(ObjectID.commonName); + + // 1024 + + subject.addRDN(ObjectID.commonName ,"RSA 1024 bit Demo Encryption Certificate"); + System.out.println("create 1024 bit RSA demo certificate..."); + chain[0] = createCertificate(subject, rsa1024_crypt.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false); + chain[1] = caRSA; + verifier.verifyChain(chain); + addToKeyStore(rsa1024_crypt, chain, RSA_1024_CRYPT); + + System.out.println("create second 1024 bit RSA demo Encryption certificate..."); + chain[0] = createCertificate(subject, rsa1024_crypt_.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false); + chain[1] = caRSA; + verifier.verifyChain(chain); + addToKeyStore(rsa1024_crypt_, chain, RSA_1024_CRYPT_); + subject.removeRDN(ObjectID.commonName); + + // 2048 + + subject.addRDN(ObjectID.commonName ,"RSA 2048 bit Demo Encryption Certificate"); + System.out.println("create 2048 bit RSA demo certificate..."); + chain[0] = createCertificate(subject, rsa2048_crypt.getPublic(), + issuer, ca_rsa.getPrivate(), AlgorithmID.sha1WithRSAEncryption, subjectKeyID.get(), false); + chain[1] = caRSA; + verifier.verifyChain(chain); + addToKeyStore(rsa2048_crypt, chain, RSA_2048_CRYPT); + subject.removeRDN(ObjectID.commonName); + issuer.removeRDN(ObjectID.commonName); + } + + // create a DSA test certificate + if (create_dsa) { + issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA"); + // 512 + subject.addRDN(ObjectID.commonName ,"DSA 512 bit Demo Certificate"); + System.out.println("create 512 bit DSA demo certificate..."); + SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caDSA.getExtension(SubjectKeyIdentifier.oid); + chain[0] = createCertificate(subject, dsa512.getPublic(), + issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), true); + subject.removeRDN(ObjectID.commonName); + chain[1] = caDSA; + verifier.verifyChain(chain); + + addToKeyStore(dsa512, chain, DSA_512); + // 1024 + subject.addRDN(ObjectID.commonName ,"DSA 1024 bit Demo Certificate"); + System.out.println("create 1024 bit DSA demo certificate..."); + chain[0] = createCertificate(subject, dsa1024.getPublic(), + issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), true); + subject.removeRDN(ObjectID.commonName); + chain[1] = caDSA; + verifier.verifyChain(chain); + addToKeyStore(dsa1024, chain, DSA_1024); + issuer.removeRDN(ObjectID.commonName); + } + + // create a ESDH test certificate + if (create_esdh) { + issuer.addRDN(ObjectID.commonName ,"IAIK DSA Test CA"); + // 512 + subject.addRDN(ObjectID.commonName ,"ESDH 512 bit Demo Certificate"); + System.out.println("create 512 bit ESDH demo certificate..."); + SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caDSA.getExtension(SubjectKeyIdentifier.oid); + chain[0] = createCertificate(subject, esdh512.getPublic(), + issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false); + subject.removeRDN(ObjectID.commonName); + chain[1] = caDSA; + verifier.verifyChain(chain); + addToKeyStore(esdh512, chain, ESDH_512); + // 1024 + subject.addRDN(ObjectID.commonName ,"ESDH 1024 bit Demo Certificate 1"); + System.out.println("create 1024 bit ESDH demo certificate..."); + chain[0] = createCertificate(subject, esdh1024.getPublic(), + issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false); + subject.removeRDN(ObjectID.commonName); + chain[1] = caDSA; + verifier.verifyChain(chain); + addToKeyStore(esdh1024, chain, ESDH_1024); + // 1024 + subject.addRDN(ObjectID.commonName ,"ESDH 1024 bit Demo Certificate 2"); + System.out.println("create second 1024 bit ESDH demo certificate..."); + chain[0] = createCertificate(subject, esdh1024_.getPublic(), + issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false); + subject.removeRDN(ObjectID.commonName); + chain[1] = caDSA; + verifier.verifyChain(chain); + addToKeyStore(esdh1024_, chain, ESDH_1024_); + // 2048 + subject.addRDN(ObjectID.commonName ,"ESDH 2048 bit Demo Certificate"); + System.out.println("create 2048 bit ESDH demo certificate..."); + chain[0] = createCertificate(subject, esdh2048.getPublic(), + issuer, ca_dsa.getPrivate(), AlgorithmID.dsaWithSHA, subjectKeyID.get(), false); + subject.removeRDN(ObjectID.commonName); + chain[1] = caDSA; + verifier.verifyChain(chain); + addToKeyStore(esdh2048, chain, ESDH_2048); + issuer.removeRDN(ObjectID.commonName); + } + + System.out.println("\nCertificates created!"); + + } catch (Exception ex) { + System.out.println("Exception: "+ex); + } + } + + public static void start() { + SetupCMSKeyStore suks = new SetupCMSKeyStore(); + suks.initializeKeyStore(); + if (suks.create_only_certificates) { + suks.getPrivateKeys(); + } + else { + suks.generatePrivateKeys(); + } + suks.generateCertificates(); + suks.saveKeyStore(); + } + + /** + * Creates the test certificates. + */ + public static void main(String arg[]) throws IOException { + + IAIK.addAsProvider(true); + start(); + System.in.read(); + } +} \ No newline at end of file -- cgit v1.2.3