From aebb96b32e6c2bef86ada43a4f87a8c24e3d987b Mon Sep 17 00:00:00 2001 From: Gravit Date: Mon, 1 Jul 2019 22:20:05 +0700 Subject: [PATCH] =?UTF-8?q?[FEATURE]=20=D0=AD=D0=BB=D0=BB=D0=B8=D0=BF?= =?UTF-8?q?=D1=82=D0=B8=D1=87=D0=B5=D1=81=D0=BA=D0=B0=D1=8F=20=D0=BA=D1=80?= =?UTF-8?q?=D0=B8=D0=BF=D1=82=D0=BE=D0=B3=D1=80=D0=B0=D1=84=D0=B8=D1=8F.?= =?UTF-8?q?=20=D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0=BD=D0=B8=D0=B5=20CA,=20?= =?UTF-8?q?=D0=B7=D0=B0=D0=BF=D0=B8=D1=81=D1=8C=20=D1=81=D0=B5=D1=80=D1=82?= =?UTF-8?q?=D0=B8=D1=84=D0=B8=D0=BA=D0=B0=D1=82=D0=BE=D0=B2=20=D0=BD=D0=B0?= =?UTF-8?q?=20=D0=B4=D0=B8=D1=81=D0=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../manangers/CertificateManager.java | 52 ++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/CertificateManager.java b/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/CertificateManager.java index 2f518ecb..f7e10deb 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/CertificateManager.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/manangers/CertificateManager.java @@ -1,22 +1,41 @@ package pro.gravit.launchserver.manangers; +import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.X500NameBuilder; import org.bouncycastle.asn1.x500.style.BCStyle; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.CertIOException; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.ECKeyParameters; +import org.bouncycastle.crypto.util.PrivateKeyFactory; +import org.bouncycastle.jce.ECNamedCurveTable; +import org.bouncycastle.jce.spec.ECParameterSpec; +import org.bouncycastle.openssl.PEMWriter; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.bc.BcECContentSignerBuilder; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemWriter; +import pro.gravit.utils.helper.IOHelper; import pro.gravit.utils.helper.SecurityHelper; +import java.io.FileWriter; +import java.io.IOException; import java.math.BigInteger; -import java.security.PublicKey; +import java.nio.file.Path; +import java.security.*; +import java.security.cert.CertificateException; +import java.security.spec.ECGenParameterSpec; import java.time.Instant; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.time.ZoneId; import java.time.temporal.ChronoUnit; import java.util.Date; @@ -47,4 +66,35 @@ public X509CertificateHolder generateCertificate(String subjectName, PublicKey s return v3CertGen.build(sigGen); } + + public void generateCA() throws NoSuchAlgorithmException, IOException, OperatorCreationException, InvalidAlgorithmParameterException { + ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("secp384r1"); + KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); + generator.initialize(ecGenSpec, SecurityHelper.newRandom()); + KeyPair pair = generator.generateKeyPair(); + LocalDateTime startDate = LocalDate.now().atStartOfDay(); + + X509v3CertificateBuilder builder= new X509v3CertificateBuilder( + new X500Name("CN=ca"), + new BigInteger("0"), + Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()), + Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()), + new X500Name("CN=ca"), + SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); + JcaContentSignerBuilder csBuilder= new JcaContentSignerBuilder("SHA256WITHECDSA"); + ContentSigner signer = csBuilder.build(pair.getPrivate()); + ca = builder.build(signer); + caKey = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded()); + } + + public void writePrivateKey(Path file, PrivateKey privateKey) throws IOException { + try (PemWriter writer = new PemWriter(IOHelper.newWriter(file))) { + writer.writeObject(new PemObject("PRIVATE KEY", privateKey.getEncoded())); + } + } + public void writeCertificate(Path file, X509CertificateHolder holder) throws IOException { + try (PemWriter writer = new PemWriter(IOHelper.newWriter(file))) { + writer.writeObject(new PemObject("CERTIFICATE", holder.toASN1Structure().getEncoded())); + } + } }