package chapter4;import java.io.ByteArrayOutputStream;import java.io.FileOut

1. package chapter4;
2. import java.io.ByteArrayOutputStream;
3. import java.io.FileOutputStream;
4. import java.io.IOException;
5. import java.math.BigInteger;
6. import java.security.GeneralSecurityException;
7. import java.security.KeyPair;
8. import java.security.KeyPairGenerator;
9. import java.security.PrivateKey;
10. import java.security.PublicKey;
11. import java.security.SecureRandom;
12. import java.security.Signature;
13. import java.security.cert.X509Certificate;
14. import java.util.Date;
15. import javax.crypto.Cipher;
16. import javax.crypto.SecretKey;
17. import javax.crypto.SecretKeyFactory;
18. import javax.crypto.spec.PBEKeySpec;
19. import javax.crypto.spec.PBEParameterSpec;
20. import sun.security.x509.AlgorithmId;
21. import sun.security.x509.CertificateAlgorithmId;
22. import sun.security.x509.CertificateIssuerName;
23. import sun.security.x509.CertificateSerialNumber;
24. import sun.security.x509.CertificateSubjectName;
25. import sun.security.x509.CertificateValidity;
26. import sun.security.x509.CertificateVersion;
27. import sun.security.x509.CertificateX509Key;
28. import sun.security.x509.X500Name;
29. import sun.security.x509.X509CertImpl;
30. import sun.security.x509.X509CertInfo;
31.  
32. class GenSigDuplicate {
33.  
34. public static void main(String[] args) {
35. GenSig gensig = new GenSig();
36. KeyPair keyPair = gensig.generateKeyPair();
37. try {
38. X509Certificate certificate = gensig.generateCertificate(
39. "CN=Test, L=London, C=GB", keyPair, 3, "SHA1withRSA");
40. FileOutputStream pvt = new FileOutputStream("d:\\sureshtest.cer");
41. try {
42. pvt.write(certificate.getEncoded());
43. pvt.flush();
44. } finally {
45. pvt.close();
46. }
47.  
48. } catch (GeneralSecurityException e) {
49. e.printStackTrace();
50. } catch (IOException e) {
51. e.printStackTrace();
52. }
53.  
54. for (Object obj : java.security.Security.getAlgorithms("Cipher")) {
55. System.out.println(obj);
56. }
57. }
58.  
59. public KeyPair generateKeyPair() {
60. KeyPair pair = null;
61. try {
62. String password = "1234";
63. KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
64. SecureRandom random = Utils.createFixedRandom();
65. keyGen.initialize(1024, random);
66. pair = keyGen.generateKeyPair();
67. PrivateKey privkey1 = pair.getPrivate();
68. PublicKey pubKey1 = pair.getPublic();
69.  
70. byte[] privateKeyBytes = pair.getPrivate().getEncoded();
71. byte[] encryptedPrivateKeyBytes = passwordEncrypt(
72. password.toCharArray(), privateKeyBytes);
73. Signature dsa = Signature.getInstance("SHA1withRSA");
74. dsa.initSign(privkey1);
75. Cipher cipher = Cipher
76. .getInstance("RSA");
77. cipher.init(Cipher.ENCRYPT_MODE, pubKey1, random);
78. byte[] input = new byte[] { (byte) 0xbe, (byte) 0xef };
79. System.out.println("input : " + Utils.toHex(input));
80. byte[] cipherText = cipher.doFinal(input);
81. System.out.println("cipher: " + Utils.toHex(cipherText));
82. cipher.init(Cipher.DECRYPT_MODE, privkey1);
83. byte[] plainText = cipher.doFinal(cipherText);
84. System.out.println("plain : " + Utils.toHex(plainText));
85. } catch (Exception e) {
86. System.err.println("Caught exception " + e.toString());
87. }
88.  
89. return pair;
90.  
91. }
92.  
93. X509Certificate generateCertificate(String dn, KeyPair pair, int days,
94. String algorithm) throws GeneralSecurityException, IOException {
95. PrivateKey privkey = pair.getPrivate();
96. X509CertInfo info = new X509CertInfo();
97.  
98. Date from = new Date();
99. Date to = new Date(from.getTime() + days * 86400000l);
100. CertificateValidity interval = new CertificateValidity(from, to);
101. BigInteger sn = new BigInteger(64, new SecureRandom());
102. X500Name owner = new X500Name(dn);
103.  
104. info.set(X509CertInfo.VALIDITY, interval);
105. info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
106. info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
107. info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
108. info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
109. info.set(X509CertInfo.VERSION, new CertificateVersion(
110. CertificateVersion.V3));
111. AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
112. info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
113.  
114. X509CertImpl cert = new X509CertImpl(info);
115. cert.sign(privkey, algorithm);
116. algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
117. info.set(CertificateAlgorithmId.NAME + "."
118. + CertificateAlgorithmId.ALGORITHM, algo);
119. cert = new X509CertImpl(info);
120. cert.sign(privkey, algorithm);
121. return cert;
122. }
123.  
124. static void generateSelfSignedX509Certificate() throws Exception {
125. }
126.  
127. private static byte[] passwordEncrypt(char[] password, byte[] plaintext) {
128. ByteArrayOutputStream baos = new ByteArrayOutputStream();
129. try {
130. int MD5_ITERATIONS = 1000;
131. byte[] salt = new byte[8];
132. SecureRandom random = new SecureRandom();
133. random.nextBytes(salt);
134.  
135. PBEKeySpec keySpec = new PBEKeySpec(password);
136. SecretKeyFactory keyFactory = SecretKeyFactory
137. .getInstance("PBEWITHMD5ANDTRIPLEDES"/* "PBEWithSHAAndTwofish-CBC" */);
138. SecretKey key = keyFactory.generateSecret(keySpec);
139. PBEParameterSpec paramSpec = new PBEParameterSpec(salt,
140. MD5_ITERATIONS);
141. Cipher cipher = Cipher.getInstance("PBEWITHMD5ANDTRIPLEDES");
142. cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
143.  
144. byte[] ciphertext = cipher.doFinal(plaintext);
145.  
146. baos.write(salt);
147. baos.write(ciphertext);
148. return baos.toByteArray();
149. } catch (Exception e) {
150. e.printStackTrace();
151. }
152. return baos.toByteArray();
153.  
154. }
155.  
156.  
157. }