8 Aralık 2021 Çarşamba

Bouncy Castle

Maven
Şu satırı dahil ederiz
<dependency>
  <groupId>org.bouncycastle</groupId>
  <artifactId>bcprov-jdk15on</artifactId>
  <version>1.70</version>
</dependency>
RSA Provider
Bouncy Castle bir RSA provider. 
Örnek
Kullanmak için şöyle yaparız
import org.bouncycastle.jce.provider.BouncyCastleProvider;

   
// Load Bouncy Castle provider
Security.addProvider(new BouncyCastleProvider());

// Encrypt data using public key
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
Örnek
Elimizde şöyle bir kod olsun
KeyPair generateKeyPair() {
  try {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048, new SecureRandom());
    return keyPairGenerator.generateKeyPair();
  } catch (GeneralSecurityException var2) {
    throw new AssertionError(var2);
  }
}
Import'lar için şöyle yaparız
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
Şöyle yaparız
Security.addProvider(new BouncyCastleProvider());

String name = ...;
Map<String, String> labels = ...;
String host = ...;

X500Principal subject = new X500Principal("CN=" + host);
X500Principal signedByPrincipal = subject;

KeyPair keyPair = generateKeyPair();
KeyPair signedByKeyPair = keyPair;

long notBefore = System.currentTimeMillis();
long notAfter = notBefore + (1000L * 3600L * 24 * 365);

ASN1Encodable[] encodableAltNames = new ASN1Encodable[]{ alonew GeneralName(GeneralName.dNSName, host)};
KeyPurposeId[] purposes = new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth};

X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( signedByPrincipal,
  BigInteger.ONE, new Date(notBefore), new Date(notAfter), subject, keyPair.getPublic());

certBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature + KeyUsage.keyEncipherment));
certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(purposes));
certBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(encodableAltNames));

ContentSigner signer = new JcaContentSignerBuilder(("SHA256withRSA")) .build(signedByKeyPair.getPrivate());
X509CertificateHolder certHolder = certBuilder.build(signer);

Hiç yorum yok:

Yorum Gönder