</library>
</orderEntry>
<orderEntry type="module-library">
- <library name="bcprov-jdk15on-1.57.jar">
+ <library name="bcprov-jdk15on-1.69.jar">
<CLASSES>
- <root url="jar://$MODULE_DIR$/ext/bcprov-jdk15on-1.57.jar!/" />
+ <root url="jar://$MODULE_DIR$/ext/bcprov-jdk15on-1.69.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
- <root url="jar://$MODULE_DIR$/ext/src/bcprov-jdk15on-1.57.jar!/" />
+ <root url="jar://$MODULE_DIR$/ext/src/bcprov-jdk15on-1.69.jar!/" />
</SOURCES>
</library>
</orderEntry>
<orderEntry type="module-library">
- <library name="bcmail-jdk15on-1.57.jar">
+ <library name="bcmail-jdk15on-1.69.jar">
<CLASSES>
- <root url="jar://$MODULE_DIR$/ext/bcmail-jdk15on-1.57.jar!/" />
+ <root url="jar://$MODULE_DIR$/ext/bcmail-jdk15on-1.69.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
- <root url="jar://$MODULE_DIR$/ext/src/bcmail-jdk15on-1.57.jar!/" />
+ <root url="jar://$MODULE_DIR$/ext/src/bcmail-jdk15on-1.69.jar!/" />
</SOURCES>
</library>
</orderEntry>
<orderEntry type="module-library">
- <library name="bcpkix-jdk15on-1.57.jar">
+ <library name="bcutil-jdk15on-1.69.jar">
<CLASSES>
- <root url="jar://$MODULE_DIR$/ext/bcpkix-jdk15on-1.57.jar!/" />
+ <root url="jar://$MODULE_DIR$/ext/bcutil-jdk15on-1.69.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
- <root url="jar://$MODULE_DIR$/ext/src/bcpkix-jdk15on-1.57.jar!/" />
+ <root url="jar://$MODULE_DIR$/ext/src/bcutil-jdk15on-1.69.jar!/" />
+ </SOURCES>
+ </library>
+ </orderEntry>
+ <orderEntry type="module-library">
+ <library name="bcpkix-jdk15on-1.69.jar">
+ <CLASSES>
+ <root url="jar://$MODULE_DIR$/ext/bcpkix-jdk15on-1.69.jar!/" />
+ </CLASSES>
+ <JAVADOC />
+ <SOURCES>
+ <root url="jar://$MODULE_DIR$/ext/src/bcpkix-jdk15on-1.69.jar!/" />
</SOURCES>
</library>
</orderEntry>
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
public class FileKeyPairProvider extends AbstractKeyPairProvider {
private String[] files;
- private PasswordFinder passwordFinder;
public FileKeyPairProvider() {
}
this.files = files;
}
- public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) {
- this.files = files;
- this.passwordFinder = passwordFinder;
- }
-
public String[] getFiles() {
return files;
}
this.files = files;
}
- public PasswordFinder getPasswordFinder() {
- return passwordFinder;
- }
-
- public void setPasswordFinder(PasswordFinder passwordFinder) {
- this.passwordFinder = passwordFinder;
- }
-
public Iterable<KeyPair> loadKeys() {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
- if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
- JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
- PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
- o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
- }
-
if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair)o);
return (KeyPair) o;
import org.bouncycastle.asn1.x509.GeneralName;\r
import org.bouncycastle.asn1.x509.GeneralNames;\r
import org.bouncycastle.asn1.x509.KeyUsage;\r
-import org.bouncycastle.asn1.x509.X509Extension;\r
+import org.bouncycastle.asn1.x509.Extension;\r
import org.bouncycastle.cert.X509CRLHolder;\r
import org.bouncycastle.cert.X509v2CRLBuilder;\r
import org.bouncycastle.cert.X509v3CertificateBuilder;\r
import org.bouncycastle.jce.PrincipalUtil;\r
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;\r
import org.bouncycastle.openssl.PEMEncryptor;\r
-import org.bouncycastle.openssl.PEMWriter;\r
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;\r
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;\r
import org.bouncycastle.operator.ContentSigner;\r
boolean asPem = targetFile.getName().toLowerCase().endsWith(".pem");\r
if (asPem) {\r
// PEM encoded X509\r
- PEMWriter pemWriter = null;\r
+ JcaPEMWriter pemWriter = null;\r
try {\r
- pemWriter = new PEMWriter(new FileWriter(tmpFile));\r
+ pemWriter = new JcaPEMWriter(new FileWriter(tmpFile));\r
pemWriter.writeObject(cert);\r
pemWriter.flush();\r
} finally {\r
pair.getPublic());\r
\r
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();\r
- certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));\r
- certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));\r
- certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));\r
+ certBuilder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));\r
+ certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));\r
+ certBuilder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));\r
\r
// support alternateSubjectNames for SSL certificates\r
List<GeneralName> altNames = new ArrayList<GeneralName>();\r
}\r
if (altNames.size() > 0) {\r
GeneralNames subjectAltName = new GeneralNames(altNames.toArray(new GeneralName [altNames.size()]));\r
- certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);\r
+ certBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltName);\r
}\r
\r
ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM)\r
caPair.getPublic());\r
\r
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();\r
- caBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic()));\r
- caBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic()));\r
- caBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));\r
- caBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));\r
+ caBuilder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic()));\r
+ caBuilder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic()));\r
+ caBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));\r
+ caBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));\r
\r
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC);\r
X509Certificate cert = converter.getCertificate(caBuilder.build(caSigner));\r
pair.getPublic());\r
\r
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();\r
- certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));\r
- certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));\r
- certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));\r
- certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature));\r
+ certBuilder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic()));\r
+ certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));\r
+ certBuilder.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));\r
+ certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature));\r
if (!StringUtils.isEmpty(clientMetadata.emailAddress)) {\r
GeneralNames subjectAltName = new GeneralNames(\r
new GeneralName(GeneralName.rfc822Name, clientMetadata.emailAddress));\r
- certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName);\r
+ certBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltName);\r
}\r
\r
ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPrivateKey);\r
projects / gitblit.git / commitdiff