001 // Copyright (C) 2002 IAIK
002 // https://jce.iaik.tugraz.at
003 //
004 // Copyright (C) 2003 - 2025 Stiftung Secure Information and
005 // Communication Technologies SIC
006 // https://sic.tech
007 //
008 // All rights reserved.
009 //
010 // Redistribution and use in source and binary forms, with or without
011 // modification, are permitted provided that the following conditions
012 // are met:
013 // 1. Redistributions of source code must retain the above copyright
014 // notice, this list of conditions and the following disclaimer.
015 // 2. Redistributions in binary form must reproduce the above copyright
016 // notice, this list of conditions and the following disclaimer in the
017 // documentation and/or other materials provided with the distribution.
018 //
019 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
020 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
021 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
022 // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
023 // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
024 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
025 // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
026 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
027 // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
028 // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
029 // SUCH DAMAGE.
030
031 // Copyright (C) 2002 IAIK
032 // https://sic.tech/
033 //
034 // Copyright (C) 2003 - 2025 Stiftung Secure Information and
035 // Communication Technologies SIC
036 // https://sic.tech/
037 //
038 // All rights reserved.
039 //
040 // This source is provided for inspection purposes and recompilation only,
041 // unless specified differently in a contract with IAIK. This source has to
042 // be kept in strict confidence and must not be disclosed to any third party
043 // under any circumstances. Redistribution in source and binary forms, with
044 // or without modification, are <not> permitted in any case!
045 //
046 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
047 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
048 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
049 // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
050 // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
051 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
052 // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
053 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
054 // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
055 // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
056 // SUCH DAMAGE.
057 //
058 // $Header: /IAIK-CMS/current/src/demo/cms/ecc/keystore/CMSEccKeyStore.java 26 12.02.25 17:58 Dbratko $
059 // $Revision: 26 $
060 //
061
062 package demo.cms.ecc.keystore;
063
064 import java.io.File;
065 import java.io.FileInputStream;
066 import java.security.KeyStore;
067 import java.security.PrivateKey;
068 import java.util.HashMap;
069
070 import demo.keystore.CMSKeyStore;
071 import iaik.cms.SecurityProvider;
072 import iaik.utils.Util;
073 import iaik.x509.X509Certificate;
074
075 /**
076 * Keystore for the ECC demos of IAIK-CMS.
077 */
078 public class CMSEccKeyStore implements CMSEccKeyStoreConstants {
079
080 /**
081 * Certificates.
082 */
083 static Object[][] certificates = new Object[2][22];
084 /**
085 * Keys.
086 */
087 static PrivateKey[][] keys = new PrivateKey[2][22];
088 /**
089 * Ca certificate.
090 */
091 static X509Certificate ca_certificate;
092 /**
093 * Ca key.
094 */
095 static PrivateKey ca_key;
096
097 /**
098 * Repository holding keys by their corresponding (certificate) ids.
099 */
100 private static HashMap recipientKeys_ = new HashMap();
101
102 /**
103 * Repository holding certs by their corresponding (certificate) ids.
104 */
105 private static HashMap recipientCerts_ = new HashMap();
106
107 public final static int ECDSA = 0;
108 public final static int ECDH = 1;
109
110 // signing keys
111 public final static int SZ_192_SIGN = 0;
112 public final static int SZ_224_SIGN = 1;
113 public final static int SZ_256_SIGN = 2;
114 public final static int SZ_384_SIGN = 3;
115 public final static int SZ_521_SIGN = 4;
116 public final static int SZ_ED25519 = 5;
117 public final static int SZ_ED448 = 6;
118 public final static int SZ_192_BRAINPOOL_SIGN = 7;
119 public final static int SZ_224_BRAINPOOL_SIGN = 8;
120 public final static int SZ_256_BRAINPOOL_SIGN = 9;
121 public final static int SZ_384_BRAINPOOL_SIGN = 10;
122 public final static int SZ_512_BRAINPOOL_SIGN = 11;
123
124 // encryption / key agreement keys
125 public final static int SZ_192_CRYPT_1 = 0;
126 public final static int SZ_192_CRYPT_2 = 1;
127 public final static int SZ_224_CRYPT_1 = 2;
128 public final static int SZ_224_CRYPT_2 = 3;
129 public final static int SZ_256_CRYPT_1 = 4;
130 public final static int SZ_256_CRYPT_2 = 5;
131 public final static int SZ_384_CRYPT_1 = 6;
132 public final static int SZ_384_CRYPT_2 = 7;
133 public final static int SZ_521_CRYPT_1 = 8;
134 public final static int SZ_521_CRYPT_2 = 9;
135 public final static int SZ_X25519 = 10;
136 public final static int SZ_X448 = 11;
137 public final static int SZ_192_BRAINPOOL_CRYPT_1 = 12;
138 public final static int SZ_192_BRAINPOOL_CRYPT_2 = 13;
139 public final static int SZ_224_BRAINPOOL_CRYPT_1 = 14;
140 public final static int SZ_224_BRAINPOOL_CRYPT_2 = 15;
141 public final static int SZ_256_BRAINPOOL_CRYPT_1 = 16;
142 public final static int SZ_256_BRAINPOOL_CRYPT_2 = 17;
143 public final static int SZ_384_BRAINPOOL_CRYPT_1 = 18;
144 public final static int SZ_384_BRAINPOOL_CRYPT_2 = 19;
145 public final static int SZ_512_BRAINPOOL_CRYPT_1 = 20;
146 public final static int SZ_512_BRAINPOOL_CRYPT_2 = 21;
147
148 /**
149 * Keystore.
150 */
151 static KeyStore key_store;
152
153 /**
154 * Loads and inits keystore.
155 */
156 static {
157 System.out.println("initializing KeyStore...");
158 loadKeyStore();
159 initKeyStore();
160 }
161
162 /**
163 * Loads the keystore from the file ("cmsecc.keystore").
164 */
165 private static void loadKeyStore() {
166 boolean createKeyStore = false;
167 // try to locate the KeyStore
168 // first check the current working directory
169 File ks = new File(KS_DIRECTORY, KS_FILENAME);
170 if (!ks.exists()) {
171 createKeyStore = true;
172 // called from demo batch file (try parent directory)
173 File ksDir = new File(KS_DIRECTORY);
174 if (ksDir.exists()) {
175 String parentDir = ksDir.getParent();
176 String pDir = parentDir.toLowerCase();
177 if ((pDir.endsWith("cms")) || (pDir.endsWith("smime"))) {
178 File ksParent = new File(parentDir, KS_FILENAME);
179 if (ksParent.exists()) {
180 ks = ksParent;
181 createKeyStore = false;
182 }
183 }
184 }
185 if (createKeyStore) {
186 // keystore does not exist ==> create new one
187 System.out.println();
188 System.out.println();
189 System.out.println("Can not find the KeyStore " + KS_FILENAME + " in directory:");
190 System.out.println(ks.getAbsolutePath());
191 System.out.println("Generating key store!");
192 try {
193 SetupCMSEccKeyStore.main(new String[] {});
194 } catch (Exception ex) {
195 System.out.println("Unable to create KeyStore!");
196 ex.printStackTrace();
197 demo.DemoUtil.waitKey();
198 System.exit(1);
199 }
200 }
201 }
202
203 FileInputStream fis = null;
204 // now try to create and load the KeyStore
205 try {
206 fis = new FileInputStream(ks);
207 key_store = SecurityProvider.getSecurityProvider().getKeyStore("IAIKKeyStore");
208 key_store.load(fis, KS_PASSWORD);
209 fis.close();
210 } catch (Exception ex) {
211 System.out.println("Unable to load KeyStore!");
212 ex.printStackTrace();
213 if (fis != null) {
214 try {
215 fis.close();
216 } catch (Exception e) {
217 // ignore
218 }
219 }
220 demo.DemoUtil.waitKey();
221 System.exit(1);
222 }
223 }
224
225 /**
226 * Initializes the keystore.
227 */
228 private static void initKeyStore() {
229 try {
230 ca_certificate = Util.convertCertificateChain(key_store.getCertificateChain(CA_ECDSA))[0];
231 ca_key = (PrivateKey)key_store.getKey(CA_ECDSA, KS_PASSWORD);
232
233 certificates[ECDSA][SZ_192_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_192));
234 keys[ECDSA][SZ_192_SIGN] = (PrivateKey)key_store.getKey(ECDSA_192, KS_PASSWORD);
235 certificates[ECDSA][SZ_224_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_224));
236 keys[ECDSA][SZ_224_SIGN] = (PrivateKey)key_store.getKey(ECDSA_224, KS_PASSWORD);
237 certificates[ECDSA][SZ_256_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_256));
238 keys[ECDSA][SZ_256_SIGN] = (PrivateKey)key_store.getKey(ECDSA_256, KS_PASSWORD);
239 certificates[ECDSA][SZ_384_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_384));
240 keys[ECDSA][SZ_384_SIGN] = (PrivateKey)key_store.getKey(ECDSA_384, KS_PASSWORD);
241 certificates[ECDSA][SZ_521_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_521));
242 keys[ECDSA][SZ_521_SIGN] = (PrivateKey)key_store.getKey(ECDSA_521, KS_PASSWORD);
243
244 } catch (Exception ex) {
245 System.out.println("Unable to get ECDSA certificates from KeyStore.");
246 ex.printStackTrace();
247 }
248
249 try {
250 certificates[ECDH][SZ_192_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_192_1));
251 keys[ECDH][SZ_192_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_192_1, KS_PASSWORD);
252 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_192_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_192_CRYPT_1]));
253 certificates[ECDH][SZ_192_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_192_2));
254 keys[ECDH][SZ_192_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_192_2, KS_PASSWORD);
255 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_192_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_192_CRYPT_2]));
256 certificates[ECDH][SZ_224_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_224_1));
257 keys[ECDH][SZ_224_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_224_1, KS_PASSWORD);
258 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_224_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_224_CRYPT_1]));
259 certificates[ECDH][SZ_224_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_224_2));
260 keys[ECDH][SZ_224_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_224_2, KS_PASSWORD);
261 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_224_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_224_CRYPT_2]));
262 certificates[ECDH][SZ_256_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_256_1));
263 keys[ECDH][SZ_256_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_256_1, KS_PASSWORD);
264 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_256_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_256_CRYPT_1]));
265 certificates[ECDH][SZ_256_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_256_2));
266 keys[ECDH][SZ_256_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_256_2, KS_PASSWORD);
267 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_256_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_256_CRYPT_2]));
268 certificates[ECDH][SZ_384_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_384_1));
269 keys[ECDH][SZ_384_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_384_1, KS_PASSWORD);
270 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_384_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_384_CRYPT_1]));
271 certificates[ECDH][SZ_384_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_384_2));
272 keys[ECDH][SZ_384_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_384_2, KS_PASSWORD);
273 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_384_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_384_CRYPT_2]));
274 certificates[ECDH][SZ_521_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_521_1));
275 keys[ECDH][SZ_521_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_521_1, KS_PASSWORD);
276 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_521_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_521_CRYPT_1]));
277 certificates[ECDH][SZ_521_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_521_2));
278 keys[ECDH][SZ_521_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_521_2, KS_PASSWORD);
279 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_521_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_521_CRYPT_2]));
280 } catch (Exception ex) {
281 System.out.println("Unable to get ECDH certificates from KeyStore.");
282 ex.printStackTrace();
283 }
284
285 try {
286 certificates[ECDSA][SZ_ED25519] = Util.convertCertificateChain(key_store.getCertificateChain(EDDSA_ED25519));
287 keys[ECDSA][SZ_ED25519] = (PrivateKey)key_store.getKey(EDDSA_ED25519, KS_PASSWORD);
288 certificates[ECDSA][SZ_ED448] = Util.convertCertificateChain(key_store.getCertificateChain(EDDSA_ED448));
289 keys[ECDSA][SZ_ED448] = (PrivateKey)key_store.getKey(EDDSA_ED448, KS_PASSWORD);
290 } catch (Exception ex) {
291 System.out.println("Unable to get EdDSA certificate from KeyStore.");
292 ex.printStackTrace();
293 }
294
295 try {
296 certificates[ECDH][SZ_X25519] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_X25519));
297 keys[ECDH][SZ_X25519] = (PrivateKey)key_store.getKey(ECDH_X25519, KS_PASSWORD);
298 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_X25519], ((X509Certificate[])certificates[ECDH][SZ_X25519]));
299 certificates[ECDH][SZ_X448] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_X448));
300 keys[ECDH][SZ_X448] = (PrivateKey)key_store.getKey(ECDH_X448, KS_PASSWORD);
301 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_X448], ((X509Certificate[])certificates[ECDH][SZ_X448]));
302 } catch (Exception ex) {
303 System.out.println("Unable to get ECDH x25519, x448 certificate from KeyStore.");
304 ex.printStackTrace();
305 }
306
307 try {
308 certificates[ECDSA][SZ_192_BRAINPOOL_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_BRAINPOOL_192));
309 keys[ECDSA][SZ_192_BRAINPOOL_SIGN] = (PrivateKey)key_store.getKey(ECDSA_BRAINPOOL_192, KS_PASSWORD);
310 certificates[ECDSA][SZ_224_BRAINPOOL_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_BRAINPOOL_224));
311 keys[ECDSA][SZ_224_BRAINPOOL_SIGN] = (PrivateKey)key_store.getKey(ECDSA_BRAINPOOL_224, KS_PASSWORD);
312 certificates[ECDSA][SZ_256_BRAINPOOL_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_BRAINPOOL_256));
313 keys[ECDSA][SZ_256_BRAINPOOL_SIGN] = (PrivateKey)key_store.getKey(ECDSA_BRAINPOOL_256, KS_PASSWORD);
314 certificates[ECDSA][SZ_384_BRAINPOOL_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_BRAINPOOL_384));
315 keys[ECDSA][SZ_384_BRAINPOOL_SIGN] = (PrivateKey)key_store.getKey(ECDSA_BRAINPOOL_384, KS_PASSWORD);
316 certificates[ECDSA][SZ_512_BRAINPOOL_SIGN] = Util.convertCertificateChain(key_store.getCertificateChain(ECDSA_BRAINPOOL_512));
317 keys[ECDSA][SZ_512_BRAINPOOL_SIGN] = (PrivateKey)key_store.getKey(ECDSA_BRAINPOOL_512, KS_PASSWORD);
318
319 } catch (Exception ex) {
320 System.out.println("Unable to get ECDSA Brainpool certificates from KeyStore.");
321 ex.printStackTrace();
322 }
323
324 try {
325 certificates[ECDH][SZ_192_BRAINPOOL_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_192_1));
326 keys[ECDH][SZ_192_BRAINPOOL_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_192_1, KS_PASSWORD);
327 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_192_BRAINPOOL_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_192_BRAINPOOL_CRYPT_1]));
328 certificates[ECDH][SZ_192_BRAINPOOL_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_192_2));
329 keys[ECDH][SZ_192_BRAINPOOL_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_192_2, KS_PASSWORD);
330 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_192_BRAINPOOL_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_192_BRAINPOOL_CRYPT_2]));
331 certificates[ECDH][SZ_224_BRAINPOOL_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_224_1));
332 keys[ECDH][SZ_224_BRAINPOOL_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_224_1, KS_PASSWORD);
333 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_224_BRAINPOOL_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_224_BRAINPOOL_CRYPT_1]));
334 certificates[ECDH][SZ_224_BRAINPOOL_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_224_2));
335 keys[ECDH][SZ_224_BRAINPOOL_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_224_2, KS_PASSWORD);
336 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_224_BRAINPOOL_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_224_BRAINPOOL_CRYPT_2]));
337 certificates[ECDH][SZ_256_BRAINPOOL_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_256_1));
338 keys[ECDH][SZ_256_BRAINPOOL_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_256_1, KS_PASSWORD);
339 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_256_BRAINPOOL_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_256_BRAINPOOL_CRYPT_1]));
340 certificates[ECDH][SZ_256_BRAINPOOL_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_256_2));
341 keys[ECDH][SZ_256_BRAINPOOL_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_256_2, KS_PASSWORD);
342 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_256_BRAINPOOL_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_256_BRAINPOOL_CRYPT_2]));
343 certificates[ECDH][SZ_384_BRAINPOOL_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_384_1));
344 keys[ECDH][SZ_384_BRAINPOOL_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_384_1, KS_PASSWORD);
345 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_384_BRAINPOOL_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_384_BRAINPOOL_CRYPT_1]));
346 certificates[ECDH][SZ_384_BRAINPOOL_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_384_2));
347 keys[ECDH][SZ_384_BRAINPOOL_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_384_2, KS_PASSWORD);
348 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_384_BRAINPOOL_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_384_BRAINPOOL_CRYPT_2]));
349 certificates[ECDH][SZ_512_BRAINPOOL_CRYPT_1] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_512_1));
350 keys[ECDH][SZ_512_BRAINPOOL_CRYPT_1] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_512_1, KS_PASSWORD);
351 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_512_BRAINPOOL_CRYPT_1], ((X509Certificate[])certificates[ECDH][SZ_512_BRAINPOOL_CRYPT_1]));
352 certificates[ECDH][SZ_512_BRAINPOOL_CRYPT_2] = Util.convertCertificateChain(key_store.getCertificateChain(ECDH_BRAINPOOL_512_2));
353 keys[ECDH][SZ_512_BRAINPOOL_CRYPT_2] = (PrivateKey)key_store.getKey(ECDH_BRAINPOOL_512_2, KS_PASSWORD);
354 CMSKeyStore.addRecipientKey(keys[ECDH][SZ_512_BRAINPOOL_CRYPT_2], ((X509Certificate[])certificates[ECDH][SZ_512_BRAINPOOL_CRYPT_2]));
355 } catch (Exception ex) {
356 System.out.println("Unable to get ECDH Brainpool certificates from KeyStore.");
357 ex.printStackTrace();
358 }
359
360
361 }
362
363 /**
364 * Returns the private key of a CA certificate.
365 *
366 * @param type {@link #ECDSA ECDSA} or {@link #ECDH ECDH}
367 * @param size the key size
368 *
369 * @return the key
370 */
371 public static PrivateKey getPrivateKey(int type, int size) {
372 try {
373 return keys[type][size];
374 } catch (ArrayIndexOutOfBoundsException ex) {
375 throw new RuntimeException("Wrong type or size!");
376 }
377 }
378
379 /**
380 * Returns a demo user certificate.
381 *
382 * @param type {@link #ECDSA ECDSA} or {@link #ECDH ECDH}
383 * @param size the size of the corresponding key
384 *
385 * @return the certificate chain
386 */
387 public static X509Certificate[] getCertificateChain(int type, int size) {
388 try {
389 return (X509Certificate[])certificates[type][size];
390 } catch (ArrayIndexOutOfBoundsException ex) {
391 throw new RuntimeException("Wrong type or size!");
392 }
393 }
394
395 /**
396 * Returns the private key of a CA certificate.
397 *
398 * @return the private key of the ca
399 */
400 public static PrivateKey getCaPrivateKey() {
401 return ca_key;
402 }
403
404 /**
405 * Returns the demo CA certificate.
406 *
407 * @return the demo CA certificate
408 */
409 public static X509Certificate getCaCertificate() {
410 return ca_certificate;
411 }
412 }