001 // Copyright (C) 2002 IAIK
002 // https://jce.iaik.tugraz.at
003 //
004 // Copyright (C) 2003 - 2025 Stiftung Secure Information and
005 // Communication Technologies SIC
006 // https://sic.tech
007 //
008 // All rights reserved.
009 //
010 // Redistribution and use in source and binary forms, with or without
011 // modification, are permitted provided that the following conditions
012 // are met:
013 // 1. Redistributions of source code must retain the above copyright
014 // notice, this list of conditions and the following disclaimer.
015 // 2. Redistributions in binary form must reproduce the above copyright
016 // notice, this list of conditions and the following disclaimer in the
017 // documentation and/or other materials provided with the distribution.
018 //
019 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
020 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
021 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
022 // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
023 // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
024 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
025 // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
026 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
027 // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
028 // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
029 // SUCH DAMAGE.
030
031 // Copyright (C) 2002 IAIK
032 // https://sic.tech/
033 //
034 // Copyright (C) 2003 - 2025 Stiftung Secure Information and
035 // Communication Technologies SIC
036 // https://sic.tech/
037 //
038 // All rights reserved.
039 //
040 // This source is provided for inspection purposes and recompilation only,
041 // unless specified differently in a contract with IAIK. This source has to
042 // be kept in strict confidence and must not be disclosed to any third party
043 // under any circumstances. Redistribution in source and binary forms, with
044 // or without modification, are <not> permitted in any case!
045 //
046 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
047 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
048 // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
049 // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
050 // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
051 // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
052 // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
053 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
054 // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
055 // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
056 // SUCH DAMAGE.
057 //
058 // $Header: /IAIK-CMS/current/src/demo/cms/ecc/keystore/SetupCMSEccKeyStore.java 29 12.02.25 17:58 Dbratko $
059 // $Revision: 29 $
060 //
061
062 package demo.cms.ecc.keystore;
063
064 import java.io.BufferedReader;
065 import java.io.File;
066 import java.io.FileInputStream;
067 import java.io.FileOutputStream;
068 import java.io.IOException;
069 import java.io.InputStreamReader;
070 import java.math.BigInteger;
071 import java.security.InvalidKeyException;
072 import java.security.KeyPair;
073 import java.security.KeyPairGenerator;
074 import java.security.KeyStore;
075 import java.security.KeyStoreException;
076 import java.security.NoSuchAlgorithmException;
077 import java.security.NoSuchProviderException;
078 import java.security.PrivateKey;
079 import java.security.PublicKey;
080 import java.security.Security;
081 import java.security.cert.CertificateException;
082 import java.security.spec.AlgorithmParameterSpec;
083 import java.util.Calendar;
084 import java.util.GregorianCalendar;
085 import java.util.Random;
086
087 import demo.DemoUtil;
088 import demo.cms.ecc.ECCDemoUtil;
089 import iaik.asn1.CodingException;
090 import iaik.asn1.ObjectID;
091 import iaik.asn1.structures.AlgorithmID;
092 import iaik.asn1.structures.GeneralName;
093 import iaik.asn1.structures.GeneralNames;
094 import iaik.asn1.structures.Name;
095 import iaik.asn1.structures.PolicyInformation;
096 import iaik.asn1.structures.PolicyQualifierInfo;
097 import iaik.cms.CMSAlgorithmID;
098 import iaik.cms.SecurityProvider;
099 import iaik.x509.SimpleChainVerifier;
100 import iaik.x509.X509Certificate;
101 import iaik.x509.X509ExtensionException;
102 import iaik.x509.extensions.AuthorityKeyIdentifier;
103 import iaik.x509.extensions.BasicConstraints;
104 import iaik.x509.extensions.CertificatePolicies;
105 import iaik.x509.extensions.KeyUsage;
106 import iaik.x509.extensions.SubjectAltName;
107 import iaik.x509.extensions.SubjectKeyIdentifier;
108
109 /**
110 * Creates a test KeyStore ("cmsecc.keystore") in the current working directory.
111 * These keys are used by the ECC demos included in IAIK-CMS.
112 * The aliases and the password for accessing the keys and
113 * certificates can be found in {@link CMSEccKeyStoreConstants
114 * CMSEccKeyStoreConstants}.
115 *
116 * @see CMSEccKeyStoreConstants
117 * @see CMSEccKeyStore
118 */
119 public class SetupCMSEccKeyStore implements CMSEccKeyStoreConstants {
120
121 // the key length of the CA certificate
122 private final static int CA_KEYLENGTH = 256;
123
124 // the key store to create
125 KeyStore key_store;
126 // the file where the key store shall be saved
127 String keystore_file;
128 // takes the existing keys from the KeyStore and only creates new certificates
129 boolean create_only_certificates = true;
130
131 KeyPair ca_ecdsa = null;
132 KeyPair ecdsa192 = null;
133 KeyPair ecdsa224 = null;
134 KeyPair ecdsa256 = null;
135 KeyPair ecdsa384 = null;
136 KeyPair ecdsa521 = null;
137 KeyPair ecdh192_1 = null;
138 KeyPair ecdh192_2 = null;
139 KeyPair ecdh224_1 = null;
140 KeyPair ecdh224_2 = null;
141 KeyPair ecdh256_1 = null;
142 KeyPair ecdh256_2 = null;
143 KeyPair ecdh384_1 = null;
144 KeyPair ecdh384_2 = null;
145 KeyPair ecdh521_1 = null;
146 KeyPair ecdh521_2 = null;
147
148 KeyPair ecdsa_brainpool_192 = null;
149 KeyPair ecdsa_brainpool_224 = null;
150 KeyPair ecdsa_brainpool_256 = null;
151 KeyPair ecdsa_brainpool_384 = null;
152 KeyPair ecdsa_brainpool_512 = null;
153 KeyPair ecdh_brainpool_192_1 = null;
154 KeyPair ecdh_brainpool_192_2 = null;
155 KeyPair ecdh_brainpool_224_1 = null;
156 KeyPair ecdh_brainpool_224_2 = null;
157 KeyPair ecdh_brainpool_256_1 = null;
158 KeyPair ecdh_brainpool_256_2 = null;
159 KeyPair ecdh_brainpool_384_1 = null;
160 KeyPair ecdh_brainpool_384_2 = null;
161 KeyPair ecdh_brainpool_512_1 = null;
162 KeyPair ecdh_brainpool_512_2 = null;
163
164 KeyPair eddsa25519 = null;
165 KeyPair eddsa448 = null;
166
167 KeyPair ecdhx25519 = null;
168 KeyPair ecdhx448 = null;
169
170 // create ECDSA keys and certificates
171 boolean create_ecdsa;
172 // create ECDH keys and certificates
173 boolean create_ecdh;
174 //create EDDSA keys and certificates
175 boolean create_eddsa;
176 //create ecdh X25518, x448 keys and certificates
177 boolean create_ecdh_x25519_x448;
178 // create keys and certificates with Brainpool curves
179 boolean create_brainpool;
180
181
182 /**
183 * Default Constructor.
184 */
185 public SetupCMSEccKeyStore() {
186 create_ecdsa = true;
187 create_ecdh = true;
188 create_eddsa = true;
189 create_ecdh_x25519_x448 = true;
190 create_brainpool = true;
191 double eccelerateVersion = ECCDemoUtil.getECCelerateVersion();
192 if (eccelerateVersion < 4.02) {
193 create_eddsa = false;
194 create_ecdh_x25519_x448 = false;
195 }
196 }
197
198 /**
199 * Generates a key pair for a curve with a certain name
200 *
201 * @param algorithm the key algorithm
202 * @param bitLength the length of the key (in bits).
203 *
204 * @return the generated key pair
205 *
206 * @throws NoSuchAlgorithmException if ECDSA KeyPairGenerator is not available
207 * @throws NoSuchProviderException if provider IAIK_ECC is not installed
208 */
209 public KeyPair generateKeyPair(String algorithm, int bitLength)
210 throws NoSuchAlgorithmException, NoSuchProviderException {
211 String providerName = "IAIK ECCelerate";
212 if (Security.getProvider(providerName) == null) {
213 providerName = "IAIK_ECC";
214 }
215 KeyPairGenerator kpg = KeyPairGenerator.getInstance(algorithm, providerName);
216 kpg.initialize(bitLength);
217 return kpg.generateKeyPair();
218
219 }
220
221 /**
222 * Generates an ECC key pair for a curve with a certain name
223 *
224 * @param algorithm the key algorithm
225 * @param curveName the name of the curve to be used.
226 *
227 * @return the generated key pair
228 *
229 * @throws Exception if the KeyPair cannot be generated
230 */
231 public static KeyPair generateEccKeyPair(String algorithm, String curveName) throws Exception {
232
233 KeyPair kp = null;
234 AlgorithmParameterSpec paramSpec = ECCDemoUtil.createParamSpec(curveName);
235 if (paramSpec == null) {
236 throw new Exception("Curve " + curveName + " not supported!");
237 }
238 String providerName = "IAIK ECCelerate";
239 if (Security.getProvider(providerName) == null) {
240 providerName = "IAIK_ECC";
241 }
242 KeyPairGenerator kpg = KeyPairGenerator.getInstance(algorithm, providerName);
243 kpg.initialize(paramSpec);
244 return kpg.generateKeyPair();
245 }
246
247
248
249 /**
250 * Creates a certificate from the given values.
251 *
252 * @param subject the subject of the certificate
253 * @param publicKey the public key to include
254 * @param issuer the issuer of the certificate
255 * @param privateKey the private key for signing the certificate
256 * @param algorithm the signature algorithm to use
257 * @param keyID the key id for the AuthotityKeyIdentifier extension
258 * @param forSigning if the certificate to be created shall be used for signing or encryption
259 *
260 * @return the certificate just created
261 */
262 public static X509Certificate createCertificate(Name subject, PublicKey publicKey,
263 Name issuer, PrivateKey privateKey, AlgorithmID algorithm, byte[] keyID, boolean forSigning) {
264
265 // create a new certificate
266 X509Certificate cert = new X509Certificate();
267
268 try {
269 // set the values
270 cert.setSerialNumber(new BigInteger(20, new Random()));
271 cert.setSubjectDN(subject);
272 cert.setPublicKey(publicKey);
273 cert.setIssuerDN(issuer);
274
275 GregorianCalendar date = new GregorianCalendar();
276 // not before now
277 cert.setValidNotBefore(date.getTime());
278
279 if (issuer.equals(subject)) {
280 // ca certificate
281 date.add(Calendar.YEAR, 10);
282 BasicConstraints basicConstraints = new BasicConstraints(true);
283 cert.addExtension(basicConstraints);
284 KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
285 cert.addExtension(keyUsage);
286 } else {
287 // end user certificate
288 date.add(Calendar.YEAR, 9);
289 KeyUsage keyUsage = null;
290 if (forSigning) {
291 keyUsage = new KeyUsage(KeyUsage.digitalSignature |
292 KeyUsage.nonRepudiation);
293 } else {
294 keyUsage = new KeyUsage(KeyUsage.keyAgreement) ;
295 }
296 cert.addExtension(keyUsage);
297 AuthorityKeyIdentifier authID = new AuthorityKeyIdentifier();
298 authID.setKeyIdentifier(keyID);
299 cert.addExtension(authID);
300 GeneralNames generalNames = new GeneralNames();
301 generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.tugraz.at"));
302 SubjectAltName subjectAltName = new SubjectAltName(generalNames);
303 cert.addExtension(subjectAltName);
304 }
305 String explicitText = "This certificate only may be used for test purposes";
306 PolicyQualifierInfo policyQualifier = new PolicyQualifierInfo(null, null, explicitText);
307 PolicyInformation[] policyInformations =
308 { new PolicyInformation(new ObjectID("1.3.6.1.4.1.2706.2.2.4.1.1.1.1"),
309 new PolicyQualifierInfo[] { policyQualifier }) };
310 CertificatePolicies certPolicies = new CertificatePolicies(policyInformations);
311
312 SubjectKeyIdentifier subjectKeyID = new SubjectKeyIdentifier(cert.getPublicKey());
313 cert.addExtension(subjectKeyID);
314
315 cert.addExtension(certPolicies);
316 cert.setValidNotAfter(date.getTime());
317 // and sign the certificate
318 ECCDemoUtil.signCertificate(cert, algorithm, privateKey);
319 } catch (CertificateException ex) {
320 throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
321 } catch (InvalidKeyException ex) {
322 throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
323 } catch (NoSuchAlgorithmException ex) {
324 throw new RuntimeException("Error creating the certificate: "+ex.getMessage());
325 } catch (X509ExtensionException ex) {
326 throw new RuntimeException("Error adding extension: "+ex.getMessage());
327 } catch (CodingException ex) {
328 throw new RuntimeException("Error adding SubjectKeyIdentifier extension: "+ex.getMessage());
329 }
330 return cert;
331 }
332
333 /**
334 * Loads or creates a KeyStore and initializes it.
335 */
336 private void initializeKeyStore() {
337
338 BufferedReader reader = null;
339 if (!DemoUtil.CREATE_DEMO_KEYSTORE_AUTOMATICAllY) {
340 reader = new BufferedReader(new InputStreamReader(System.in));
341 }
342 String line;
343
344 try {
345 // default directory is the current user dir
346 String keystore_dir = System.getProperty("user.dir");
347 File ks = new File(keystore_dir, KS_FILENAME);
348
349 // KeyStore does already exist
350 if (ks.exists()) {
351 keystore_file = ks.getAbsolutePath();
352 if (create_only_certificates) {
353 System.out.println("Create only new certificates from already existing keys!");
354 }
355 else {
356 System.out.println("Existing KeyStore will be deleted!");
357 }
358 System.out.println("KeyStore: "+keystore_file);
359 }
360 else {
361 // there is no KeyStore -> create also new keys
362 create_only_certificates = false;
363 if (!DemoUtil.CREATE_DEMO_KEYSTORE_AUTOMATICAllY) {
364 while (true) {
365 System.out.print("Create new KeyStore in directory: "+keystore_dir+" [y]");
366 line = readLine(reader);
367 if (line.length() == 0 || line.equals("y")) {
368 ks = new File(keystore_dir, KS_FILENAME);
369 keystore_file = ks.getAbsolutePath();
370 System.out.println("KeyStore will be saved to: "+keystore_file);
371 break;
372 }
373 System.out.print("Enter directory: ");
374 keystore_dir = readLine(reader);
375 }
376 } else {
377 System.out.print("Create new KeyStore in directory: "+keystore_dir+" ...");
378 ks = new File(keystore_dir, KS_FILENAME);
379 keystore_file = ks.getAbsolutePath();
380 System.out.println("KeyStore will be saved to: "+keystore_file);
381 }
382 }
383
384 // get a new KeyStore object
385 key_store = SecurityProvider.getSecurityProvider().getKeyStore("IAIKKeyStore");
386
387 if (create_only_certificates) {
388 // take private keys from existing KeyStore
389 FileInputStream ksStream = null;
390 try {
391 ksStream = new FileInputStream(ks);
392 key_store.load(ksStream, KS_PASSWORD);
393 } finally {
394 if (ksStream != null) {
395 try {
396 ksStream.close();
397 } catch (IOException e) {
398 // ignore
399 }
400 }
401 }
402 }
403 else {
404 // create a new KeyStore
405 key_store.load(null, null);
406 }
407
408 } catch (Exception ex) {
409 System.out.println("Error creating new IAIK KeyStore!");
410 throw new RuntimeException("Error creating new KeyStore: "+ex.toString());
411 }
412 }
413
414 /**
415 * Saves the KeyStore to disk.
416 */
417 private void saveKeyStore() {
418 FileOutputStream os = null;
419 try {
420 // write the KeyStore to disk
421 os = new FileOutputStream(keystore_file);
422 key_store.store(os, KS_PASSWORD);
423
424 } catch (Exception ex) {
425 System.out.println("Error saving KeyStore!");
426 ex.printStackTrace();
427 } finally {
428 if (os != null) {
429 try {
430 os.close();
431 } catch (IOException e) {
432 // ignore
433 }
434 }
435 }
436 }
437
438 /**
439 * Adds the private key and the certificate chain to the key store.
440 *
441 * @param keyPair the key pair with the private key to be added
442 * @param chain the certificate chain to be added
443 * @param alias the alias for the keystore entry
444 *
445 * @throws KeyStoreException if an error occurs when trying to add the key
446 */
447 public void addToKeyStore(KeyPair keyPair, X509Certificate[] chain, String alias) throws KeyStoreException {
448 key_store.setKeyEntry(alias, keyPair.getPrivate(), KS_PASSWORD, chain);
449 }
450
451 /**
452 * Returns a KeyPair form the KeyStore.
453 *
454 * @param type the type (e.g. {@link CMSEccKeyStoreConstants#ECDSA_192 "ECDSA.192"}
455 * of the requested key pair
456 *
457 * @return the KeyPair of the given type
458 *
459 * @throws Exception if some error occurs
460 */
461 private KeyPair getKeyPair(String type) throws Exception {
462 PrivateKey privKey = (PrivateKey)key_store.getKey(type, KS_PASSWORD);
463 PublicKey pubKey = key_store.getCertificateChain(type)[0].getPublicKey();
464 return new KeyPair(pubKey, privKey);
465 }
466
467 /**
468 * Get all private keys from the KeyStore.
469 */
470 private void getPrivateKeys() {
471 try {
472 ca_ecdsa = getKeyPair(CA_ECDSA);
473 } catch (Exception ex) {
474 System.out.println("Unable to get ECDSA CA key from KeyStore.");
475 ex.printStackTrace();
476 }
477
478 // ECDSA
479 try {
480 ecdsa192 = getKeyPair(ECDSA_192);
481 ecdsa224 = getKeyPair(ECDSA_224);
482 ecdsa256 = getKeyPair(ECDSA_256);
483 ecdsa384 = getKeyPair(ECDSA_384);
484 ecdsa521 = getKeyPair(ECDSA_521);
485 } catch (Exception ex) {
486 System.out.println("Unable to get ECDSA keys from KeyStore.");
487 ex.printStackTrace();
488 create_ecdsa = false;
489 }
490 // ECDH
491 try {
492 ecdh192_1 = getKeyPair(ECDH_192_1);
493 ecdh192_2 = getKeyPair(ECDH_192_2);
494 ecdh224_1 = getKeyPair(ECDH_224_1);
495 ecdh224_2 = getKeyPair(ECDH_224_2);
496 ecdh256_1 = getKeyPair(ECDH_256_1);
497 ecdh256_2 = getKeyPair(ECDH_256_2);
498 ecdh384_1 = getKeyPair(ECDH_384_1);
499 ecdh384_2 = getKeyPair(ECDH_384_2);
500 ecdh521_1 = getKeyPair(ECDH_521_1);
501 ecdh521_2 = getKeyPair(ECDH_521_2);
502 } catch (Exception ex) {
503 System.out.println("Unable to get ECDH keys from KeyStore.");
504 ex.printStackTrace();
505 create_ecdh = false;
506 }
507
508 // EDDSA
509 try {
510 eddsa25519 = getKeyPair(EDDSA_ED25519);
511 eddsa448 = getKeyPair(EDDSA_ED448);
512 } catch (Exception ex) {
513 System.out.println("Unable to get EDDSA keys from KeyStore.");
514 ex.printStackTrace();
515 create_eddsa = false;
516 }
517
518 // ECDH x25519, x448
519 try {
520 ecdhx25519 = getKeyPair(ECDH_X25519);
521 ecdhx448 = getKeyPair(ECDH_X448);
522 } catch (Exception ex) {
523 System.out.println("Unable to get EDDSA keys from KeyStore.");
524 ex.printStackTrace();
525 create_ecdh_x25519_x448 = false;
526 }
527
528 // Brainpool
529 // ECDSA
530 try {
531 ecdsa_brainpool_192 = getKeyPair(ECDSA_BRAINPOOL_192);
532 ecdsa_brainpool_224 = getKeyPair(ECDSA_BRAINPOOL_224);
533 ecdsa_brainpool_256 = getKeyPair(ECDSA_BRAINPOOL_256);
534 ecdsa_brainpool_384 = getKeyPair(ECDSA_BRAINPOOL_384);
535 ecdsa_brainpool_512 = getKeyPair(ECDSA_BRAINPOOL_512);
536 } catch (Exception ex) {
537 System.out.println("Unable to get ECDSA Brainpool keys from KeyStore.");
538 ex.printStackTrace();
539 create_brainpool = false;
540 }
541 // ECDH
542 try {
543 ecdh_brainpool_192_1 = getKeyPair(ECDH_BRAINPOOL_192_1);
544 ecdh_brainpool_192_2 = getKeyPair(ECDH_BRAINPOOL_192_2);
545 ecdh_brainpool_224_1 = getKeyPair(ECDH_BRAINPOOL_224_1);
546 ecdh_brainpool_224_2 = getKeyPair(ECDH_BRAINPOOL_224_2);
547 ecdh_brainpool_256_1 = getKeyPair(ECDH_BRAINPOOL_256_1);
548 ecdh_brainpool_256_2 = getKeyPair(ECDH_BRAINPOOL_256_2);
549 ecdh_brainpool_384_1 = getKeyPair(ECDH_BRAINPOOL_384_1);
550 ecdh_brainpool_384_2 = getKeyPair(ECDH_BRAINPOOL_384_2);
551 ecdh_brainpool_512_1 = getKeyPair(ECDH_BRAINPOOL_512_1);
552 ecdh_brainpool_512_2 = getKeyPair(ECDH_BRAINPOOL_512_2);
553 } catch (Exception ex) {
554 System.out.println("Unable to get ECDH Brainpool keys from KeyStore.");
555 ex.printStackTrace();
556 create_brainpool = false;
557 }
558
559 }
560
561 /**
562 * Generates new prviate keys.
563 */
564 private void generatePrivateKeys() {
565 try {
566 // CA certificate
567 try {
568 System.out.println("generate ECDSA KeyPair for CA certificate...");
569 ca_ecdsa = generateKeyPair("EC", CA_KEYLENGTH);
570 } catch (NoSuchAlgorithmException ex) {
571 System.out.println("No implementation for DSA! DSA CA keys not created!\n");
572 }
573
574 if (create_ecdsa) {
575 try {
576 System.out.println("generate ECDSA KeyPair for a test certificate [192 bits]...");
577 ecdsa192 = generateKeyPair("EC", 192);
578 System.out.println("generate ECDSA KeyPair for a test certificate [224 bits]...");
579 ecdsa224 = generateKeyPair("EC", 224);
580 System.out.println("generate ECDSA KeyPair for a test certificate [256 bits]...");
581 ecdsa256 = generateKeyPair("EC", 256);
582 System.out.println("generate ECDSA KeyPair for a test certificate [384 bits]...");
583 ecdsa384 = generateKeyPair("EC", 384);
584 System.out.println("generate ECDSA KeyPair for a test certificate [521 bits]...");
585 ecdsa521 = generateKeyPair("EC", 521);
586
587 // Brainpool curves
588 if (create_brainpool) {
589 try {
590 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [192 bits]...");
591 ecdsa_brainpool_192 = generateEccKeyPair("EC", "brainpoolP192r1");
592 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [224 bits]...");
593 ecdsa_brainpool_224 = generateEccKeyPair("EC", "brainpoolP224r1");
594 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [256 bits]...");
595 ecdsa_brainpool_256 = generateEccKeyPair("EC", "brainpoolP256r1");
596 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [384 bits]...");
597 ecdsa_brainpool_384 = generateEccKeyPair("EC", "brainpoolP384r1");
598 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [521 bits]...");
599 ecdsa_brainpool_512 = generateEccKeyPair("EC", "brainpoolP512r1");
600 } catch (Exception ex) {
601 create_brainpool = false;
602 System.out.println("No implementation for Brainpool curves! Brainpool keys are not created!\n");
603 }
604 }
605 } catch (NoSuchAlgorithmException ex) {
606 create_ecdsa = false;
607 System.out.println("No implementation for ECDSA! ECDSA keys are not created!\n");
608 }
609 }
610
611 if (create_ecdh) {
612 try {
613 System.out.println("generate ECDH KeyPair for a test certificate [192 bits]...");
614 ecdh192_1 = generateKeyPair("EC", 192);
615 System.out.println("generate second ECDH KeyPair for a test certificate [192 bits]...");
616 ecdh192_2 = generateKeyPair("EC", 192);
617 System.out.println("generate ECDH KeyPair for a test certificate [224 bits]...");
618 ecdh224_1 = generateKeyPair("EC", 224);
619 System.out.println("generate second ECDH KeyPair for a test certificate [224 bits]...");
620 ecdh224_2 = generateKeyPair("EC", 224);
621 System.out.println("generate ECDH KeyPair for a test certificate [256 bits]...");
622 ecdh256_1 = generateKeyPair("EC", 256);
623 System.out.println("generate second ECDH KeyPair for a test certificate [256 bits]...");
624 ecdh256_2 = generateKeyPair("EC", 256);
625 System.out.println("generate ECDH KeyPair for a test certificate [384 bits]...");
626 ecdh384_1 = generateKeyPair("EC", 384);
627 System.out.println("generate second ECDH KeyPair for a test certificate [384 bits]...");
628 ecdh384_2 = generateKeyPair("EC", 384);
629 System.out.println("generate ECDH KeyPair for a test certificate [521 bits]...");
630 ecdh521_1 = generateKeyPair("EC", 521);
631 System.out.println("generate second ECDH KeyPair for a test certificate [521 bits]...");
632 ecdh521_2 = generateKeyPair("EC", 521);
633
634 // Brainpool curves
635 if (create_brainpool) {
636 try {
637 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [192 bits]...");
638 ecdh_brainpool_192_1 = generateEccKeyPair("EC", "brainpoolP192r1");
639 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [192 bits]...");
640 ecdh_brainpool_192_2 = generateEccKeyPair("EC", "brainpoolP192r1");
641 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [224 bits]...");
642 ecdh_brainpool_224_1 = generateEccKeyPair("EC", "brainpoolP224r1");
643 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [224 bits]...");
644 ecdh_brainpool_224_2 = generateEccKeyPair("EC", "brainpoolP224r1");
645 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [256 bits]...");
646 ecdh_brainpool_256_1 = generateEccKeyPair("EC", "brainpoolP256r1");
647 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [256 bits]...");
648 ecdh_brainpool_256_2 = generateEccKeyPair("EC", "brainpoolP256r1");
649 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [384 bits]...");
650 ecdh_brainpool_384_1 = generateEccKeyPair("EC", "brainpoolP384r1");
651 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [384 bits]...");
652 ecdh_brainpool_384_2 = generateEccKeyPair("EC", "brainpoolP384r1");
653 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [521 bits]...");
654 ecdh_brainpool_512_1 = generateEccKeyPair("EC", "brainpoolP512r1");
655 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [521 bits]...");
656 ecdh_brainpool_512_2 = generateEccKeyPair("EC", "brainpoolP512r1");
657 } catch (Exception ex) {
658 create_brainpool = false;
659 System.out.println("No implementation for Brainpool curves! Brainpool keys are not created!\n");
660 }
661 }
662 } catch (NoSuchAlgorithmException ex) {
663 create_ecdh = false;
664 System.out.println("No implementation for ECDH! ECDH keys are not created!\n");
665 }
666 }
667
668 if (create_eddsa) {
669 try {
670 System.out.println("generate Ed25519 KeyPair for a test certificate [256 bits]...");
671 eddsa25519 = generateKeyPair("Ed25519", 256);
672 System.out.println("generate Ed448 KeyPair for a test certificate [456 bits]...");
673 eddsa448 = generateKeyPair("EdDSA448", 456);
674 } catch (NoSuchAlgorithmException ex) {
675 create_ecdh = false;
676 System.out.println("No implementation for EdDSA! EdDSA keys are not created!\n");
677 }
678 }
679
680 if (create_ecdh_x25519_x448) {
681 try {
682 System.out.println("generate ECDH x25519 KeyPair for a test certificate [256 bits]...");
683 ecdhx25519 = generateKeyPair("X25519", 256);
684 System.out.println("generate ECDH x448 KeyPair for a test certificate [456 bits]...");
685 ecdhx448 = generateKeyPair("X448", 448);
686 } catch (NoSuchAlgorithmException ex) {
687 create_ecdh = false;
688 System.out.println("No implementation for ECDH x25519/x448! ECDH x25519/x448 keys are not created!\n");
689 }
690 }
691
692 } catch (Exception ex) {
693 System.out.println("Exception: "+ex);
694 }
695 }
696
697 /**
698 * Generates the certificates.
699 */
700 public void generateCertificates() {
701
702 try {
703
704 // Now create the certificates
705 Name issuer = new Name();
706 issuer.addRDN(ObjectID.country, "AT");
707 issuer.addRDN(ObjectID.organization ,"IAIK");
708 issuer.addRDN(ObjectID.organizationalUnit ,"JavaSecurity");
709
710 Name subject = new Name();
711 subject.addRDN(ObjectID.country, "AT");
712 subject.addRDN(ObjectID.organization ,"IAIK");
713 subject.addRDN(ObjectID.organizationalUnit ,"JavaSecurity");
714
715 //
716 // create self signed CA certs
717 //
718 X509Certificate caECDSA = null;
719 X509Certificate[] chain = new X509Certificate[1];
720 // for verifying the created certificates
721 SimpleChainVerifier verifier = new SimpleChainVerifier();
722 AlgorithmID signatureAlgorithm = (AlgorithmID)CMSAlgorithmID.ecdsa_With_SHA256.clone();
723
724 issuer.addRDN(ObjectID.commonName ,"IAIK CMS-ECC Test ECDSA CA");
725 System.out.println("create self signed ECDSA CA certificate...");
726 caECDSA = createCertificate(issuer, ca_ecdsa.getPublic(),
727 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), null, true);
728 // verify the self signed certificate
729 caECDSA.verify();
730 // set the CA cert as trusted root
731 verifier.addTrustedCertificate(caECDSA);
732 chain[0] = caECDSA;
733 addToKeyStore(ca_ecdsa, chain, CA_ECDSA);
734
735 //
736 // create certificates
737 //
738 chain = new X509Certificate[2];
739
740 // create a ECDSA test certificates
741 if (create_ecdsa) {
742 // 192
743 subject.addRDN(ObjectID.commonName ,"ECDSA 192 bit Demo Certificate");
744 System.out.println("create 192 bit ECDSA demo certificate...");
745 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
746 chain[0] = createCertificate(subject, ecdsa192.getPublic(),
747 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
748 chain[1] = caECDSA;
749 verifier.verifyChain(chain);
750
751 addToKeyStore(ecdsa192, chain, ECDSA_192);
752 subject.removeRDN(ObjectID.commonName);
753
754
755 // 224
756 subject.addRDN(ObjectID.commonName ,"ECDSA 224 bit Demo Certificate");
757 System.out.println("create 224 bit ECDSA demo certificate...");
758 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
759 chain[0] = createCertificate(subject, ecdsa224.getPublic(),
760 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
761 chain[1] = caECDSA;
762 verifier.verifyChain(chain);
763
764 addToKeyStore(ecdsa224, chain, ECDSA_224);
765 subject.removeRDN(ObjectID.commonName);
766
767
768 // 256
769 subject.addRDN(ObjectID.commonName ,"ECDSA 256 bit Demo Certificate");
770 System.out.println("create 256 bit ECDSA demo certificate...");
771 chain[0] = createCertificate(subject, ecdsa256.getPublic(),
772 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
773 chain[1] = caECDSA;
774 verifier.verifyChain(chain);
775 addToKeyStore(ecdsa256, chain, ECDSA_256);
776 subject.removeRDN(ObjectID.commonName);
777
778
779 // 384
780 subject.addRDN(ObjectID.commonName ,"ECDSA 384 bit Demo Certificate");
781 System.out.println("create 384 bit ECDSA demo certificate...");
782 chain[0] = createCertificate(subject, ecdsa384.getPublic(),
783 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
784 chain[1] = caECDSA;
785 verifier.verifyChain(chain);
786 addToKeyStore(ecdsa384, chain, ECDSA_384);
787 subject.removeRDN(ObjectID.commonName);
788
789
790 // 521
791 subject.addRDN(ObjectID.commonName ,"ECDSA 521 bit Demo Certificate");
792 System.out.println("create 521 bit ECDSA demo certificate...");
793 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
794 chain[0] = createCertificate(subject, ecdsa521.getPublic(),
795 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
796 chain[1] = caECDSA;
797 verifier.verifyChain(chain);
798
799 addToKeyStore(ecdsa521, chain, ECDSA_521);
800 subject.removeRDN(ObjectID.commonName);
801
802
803 }
804
805 // create a ECDH test certificates
806 if (create_ecdh) {
807 // 192
808 subject.addRDN(ObjectID.commonName ,"ECDH 192 bit Demo Certificate 1");
809 System.out.println("create 192 bit ECDH demo certificate...");
810 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
811 chain[0] = createCertificate(subject, ecdh192_1.getPublic(),
812 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
813 chain[1] = caECDSA;
814 verifier.verifyChain(chain);
815 addToKeyStore(ecdh192_1, chain, ECDH_192_1);
816 subject.removeRDN(ObjectID.commonName);
817
818 // 192
819 subject.addRDN(ObjectID.commonName ,"ECDH 192 bit Demo Certificate 2");
820 System.out.println("create 192 bit ECDH demo certificate...");
821 chain[0] = createCertificate(subject, ecdh192_2.getPublic(),
822 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
823 chain[1] = caECDSA;
824 verifier.verifyChain(chain);
825 addToKeyStore(ecdh192_2, chain, ECDH_192_2);
826 subject.removeRDN(ObjectID.commonName);
827
828 // 224
829 subject.addRDN(ObjectID.commonName ,"ECDH 224 bit Demo Certificate 1");
830 System.out.println("create 224 bit ECDH demo certificate...");
831 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
832 chain[0] = createCertificate(subject, ecdh224_1.getPublic(),
833 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
834 chain[1] = caECDSA;
835 verifier.verifyChain(chain);
836 addToKeyStore(ecdh224_1, chain, ECDH_224_1);
837 subject.removeRDN(ObjectID.commonName);
838
839 // 224
840 subject.addRDN(ObjectID.commonName ,"ECDH 224 bit Demo Certificate 2");
841 System.out.println("create 224 bit ECDH demo certificate...");
842 chain[0] = createCertificate(subject, ecdh224_2.getPublic(),
843 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
844 chain[1] = caECDSA;
845 verifier.verifyChain(chain);
846 addToKeyStore(ecdh224_2, chain, ECDH_224_2);
847 subject.removeRDN(ObjectID.commonName);
848
849 // 256
850 subject.addRDN(ObjectID.commonName ,"ECDH 256 bit Demo Certificate 1");
851 System.out.println("create 256 bit ECDH demo certificate...");
852 chain[0] = createCertificate(subject, ecdh256_1.getPublic(),
853 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
854 subject.removeRDN(ObjectID.commonName);
855 chain[1] = caECDSA;
856 verifier.verifyChain(chain);
857 addToKeyStore(ecdh256_1, chain, ECDH_256_1);
858
859 // 256
860 subject.addRDN(ObjectID.commonName ,"ECDH 256 bit Demo Certificate 2");
861 System.out.println("create 256 bit ECDH demo certificate...");
862 chain[0] = createCertificate(subject, ecdh256_2.getPublic(),
863 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
864 subject.removeRDN(ObjectID.commonName);
865 chain[1] = caECDSA;
866 verifier.verifyChain(chain);
867 addToKeyStore(ecdh256_2, chain, ECDH_256_2);
868
869
870 // 384
871 subject.addRDN(ObjectID.commonName ,"ECDH 384 bit Demo Certificate 1");
872 System.out.println("create 384 bit ECDH demo certificate...");
873 chain[0] = createCertificate(subject, ecdh384_1.getPublic(),
874 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
875 subject.removeRDN(ObjectID.commonName);
876 chain[1] = caECDSA;
877 verifier.verifyChain(chain);
878 addToKeyStore(ecdh384_1, chain, ECDH_384_1);
879
880
881 // 384
882 subject.addRDN(ObjectID.commonName ,"ECDH 384 bit Demo Certificate 2");
883 System.out.println("create 384 bit ECDH demo certificate...");
884 chain[0] = createCertificate(subject, ecdh384_2.getPublic(),
885 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
886 subject.removeRDN(ObjectID.commonName);
887 chain[1] = caECDSA;
888 verifier.verifyChain(chain);
889 addToKeyStore(ecdh384_2, chain, ECDH_384_2);
890
891 // 521
892 subject.addRDN(ObjectID.commonName ,"ECDH 521 bit Demo Certificate 1");
893 System.out.println("create 521 bit ECDH demo certificate...");
894 chain[0] = createCertificate(subject, ecdh521_1.getPublic(),
895 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
896 subject.removeRDN(ObjectID.commonName);
897 chain[1] = caECDSA;
898 verifier.verifyChain(chain);
899 addToKeyStore(ecdh521_1, chain, ECDH_521_1);
900
901
902 // 521
903 subject.addRDN(ObjectID.commonName ,"ECDH 521 bit Demo Certificate 2");
904 System.out.println("create 521 bit ECDH demo certificate...");
905 chain[0] = createCertificate(subject, ecdh521_2.getPublic(),
906 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
907 subject.removeRDN(ObjectID.commonName);
908 chain[1] = caECDSA;
909 verifier.verifyChain(chain);
910 addToKeyStore(ecdh521_2, chain, ECDH_521_2);
911 }
912
913 // create a EdDSA test certificates
914 if (create_eddsa) {
915 // Ed25519
916 subject.addRDN(ObjectID.commonName ,"Ed25519 bit Demo Certificate");
917 System.out.println("create Ed25519 demo certificate...");
918 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
919 chain[0] = createCertificate(subject, eddsa25519.getPublic(),
920 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
921 chain[1] = caECDSA;
922 verifier.verifyChain(chain);
923
924 addToKeyStore(eddsa25519, chain, EDDSA_ED25519);
925 subject.removeRDN(ObjectID.commonName);
926
927
928 // Ed448
929 subject.addRDN(ObjectID.commonName ,"Ed448 bit Demo Certificate");
930 System.out.println("create Ed448 demo certificate...");
931 chain[0] = createCertificate(subject, eddsa448.getPublic(),
932 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
933 chain[1] = caECDSA;
934 verifier.verifyChain(chain);
935
936 addToKeyStore(eddsa448, chain, EDDSA_ED448);
937 subject.removeRDN(ObjectID.commonName);
938
939 }
940
941 // create a ECDH x25519, x448 test certificates
942 if (create_ecdh_x25519_x448) {
943 // x25519
944 subject.addRDN(ObjectID.commonName ,"ECDH x25519 bit Demo Certificate");
945 System.out.println("create ECDH x25519 demo certificate...");
946 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
947 chain[0] = createCertificate(subject, ecdhx25519.getPublic(),
948 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
949 chain[1] = caECDSA;
950 verifier.verifyChain(chain);
951
952 addToKeyStore(ecdhx25519, chain, ECDH_X25519);
953 subject.removeRDN(ObjectID.commonName);
954
955
956 // x448
957 subject.addRDN(ObjectID.commonName ,"Ed448 bit Demo Certificate");
958 System.out.println("create ECDH x448 demo certificate...");
959 chain[0] = createCertificate(subject, ecdhx448.getPublic(),
960 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
961 chain[1] = caECDSA;
962 verifier.verifyChain(chain);
963
964 addToKeyStore(ecdhx448, chain, ECDH_X448);
965 subject.removeRDN(ObjectID.commonName);
966
967 }
968
969 // create a Brainpool test certificates
970 if (create_brainpool) {
971 // ECDSA
972 // 192
973 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-192 Demo Certificate");
974 System.out.println("create ECDSA Brainpool P-192 demo certificate...");
975 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
976 chain[0] = createCertificate(subject, ecdsa_brainpool_192.getPublic(),
977 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
978 chain[1] = caECDSA;
979 verifier.verifyChain(chain);
980
981 addToKeyStore(ecdsa_brainpool_192, chain, ECDSA_BRAINPOOL_192);
982 subject.removeRDN(ObjectID.commonName);
983
984
985 // 224
986 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-224 Demo Certificate");
987 System.out.println("create ECDSA Brainpool P-224 demo certificate...");
988 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
989 chain[0] = createCertificate(subject, ecdsa_brainpool_224.getPublic(),
990 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
991 chain[1] = caECDSA;
992 verifier.verifyChain(chain);
993
994 addToKeyStore(ecdsa_brainpool_224, chain, ECDSA_BRAINPOOL_224);
995 subject.removeRDN(ObjectID.commonName);
996
997
998 // 256
999 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-256 Demo Certificate");
1000 System.out.println("create ECDSA Brainpool P-256 demo certificate...");
1001 chain[0] = createCertificate(subject, ecdsa_brainpool_256.getPublic(),
1002 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
1003 chain[1] = caECDSA;
1004 verifier.verifyChain(chain);
1005 addToKeyStore(ecdsa_brainpool_256, chain, ECDSA_BRAINPOOL_256);
1006 subject.removeRDN(ObjectID.commonName);
1007
1008
1009 // 384
1010 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-384 Demo Certificate");
1011 System.out.println("create ECDSA Brainpool P-384 demo certificate...");
1012 chain[0] = createCertificate(subject, ecdsa_brainpool_384.getPublic(),
1013 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
1014 chain[1] = caECDSA;
1015 verifier.verifyChain(chain);
1016 addToKeyStore(ecdsa_brainpool_384, chain, ECDSA_BRAINPOOL_384);
1017 subject.removeRDN(ObjectID.commonName);
1018
1019
1020 // 512
1021 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-512 Demo Certificate");
1022 System.out.println("create ECDSA Brainpool P-512 demo certificate...");
1023 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
1024 chain[0] = createCertificate(subject, ecdsa_brainpool_512.getPublic(),
1025 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true);
1026 chain[1] = caECDSA;
1027 verifier.verifyChain(chain);
1028
1029 addToKeyStore(ecdsa_brainpool_512, chain, ECDSA_BRAINPOOL_512);
1030 subject.removeRDN(ObjectID.commonName);
1031
1032
1033 //ECDH
1034
1035 // 192
1036 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-192 Demo Certificate 1");
1037 System.out.println("create ECDH Brainpool P-192 demo certificate...");
1038 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
1039 chain[0] = createCertificate(subject, ecdh_brainpool_192_1.getPublic(),
1040 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1041 chain[1] = caECDSA;
1042 verifier.verifyChain(chain);
1043 addToKeyStore(ecdh_brainpool_192_1, chain, ECDH_BRAINPOOL_192_1);
1044 subject.removeRDN(ObjectID.commonName);
1045
1046 // 192
1047 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-192 Demo Certificate 2");
1048 System.out.println("create ECDH Brainpool P-192 demo certificate...");
1049 chain[0] = createCertificate(subject, ecdh_brainpool_192_2.getPublic(),
1050 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1051 chain[1] = caECDSA;
1052 verifier.verifyChain(chain);
1053 addToKeyStore(ecdh_brainpool_192_2, chain, ECDH_BRAINPOOL_192_2);
1054 subject.removeRDN(ObjectID.commonName);
1055
1056 // 224
1057 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-224 Demo Certificate 1");
1058 System.out.println("create ECDH Brainpool P-224 demo certificate...");
1059 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid);
1060 chain[0] = createCertificate(subject, ecdh_brainpool_224_1.getPublic(),
1061 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1062 chain[1] = caECDSA;
1063 verifier.verifyChain(chain);
1064 addToKeyStore(ecdh_brainpool_224_1, chain, ECDH_BRAINPOOL_224_1);
1065 subject.removeRDN(ObjectID.commonName);
1066
1067 // 224
1068 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-224 Demo Certificate 2");
1069 System.out.println("create ECDH Brainpool P-224 demo certificate...");
1070 chain[0] = createCertificate(subject, ecdh_brainpool_224_2.getPublic(),
1071 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1072 chain[1] = caECDSA;
1073 verifier.verifyChain(chain);
1074 addToKeyStore(ecdh_brainpool_224_2, chain, ECDH_BRAINPOOL_224_2);
1075 subject.removeRDN(ObjectID.commonName);
1076
1077 // 256
1078 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-256 Demo Certificate 1");
1079 System.out.println("create ECDH Brainpool P-256 demo certificate...");
1080 chain[0] = createCertificate(subject, ecdh_brainpool_256_1.getPublic(),
1081 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1082 subject.removeRDN(ObjectID.commonName);
1083 chain[1] = caECDSA;
1084 verifier.verifyChain(chain);
1085 addToKeyStore(ecdh_brainpool_256_1, chain, ECDH_BRAINPOOL_256_1);
1086
1087 // 256
1088 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-256 Demo Certificate 2");
1089 System.out.println("create ECDH Brainpool P-256 demo certificate...");
1090 chain[0] = createCertificate(subject, ecdh_brainpool_256_2.getPublic(),
1091 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1092 subject.removeRDN(ObjectID.commonName);
1093 chain[1] = caECDSA;
1094 verifier.verifyChain(chain);
1095 addToKeyStore(ecdh_brainpool_256_2, chain, ECDH_BRAINPOOL_256_2);
1096
1097
1098 // 384
1099 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-384 Demo Certificate 1");
1100 System.out.println("create ECDH Brainpool P-384 ECDH demo certificate...");
1101 chain[0] = createCertificate(subject, ecdh_brainpool_384_1.getPublic(),
1102 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1103 subject.removeRDN(ObjectID.commonName);
1104 chain[1] = caECDSA;
1105 verifier.verifyChain(chain);
1106 addToKeyStore(ecdh_brainpool_384_1, chain, ECDH_BRAINPOOL_384_1);
1107
1108
1109 // 384
1110 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-384 Demo Certificate 2");
1111 System.out.println("create ECDH Brainpool P-384 demo certificate...");
1112 chain[0] = createCertificate(subject, ecdh_brainpool_384_2.getPublic(),
1113 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1114 subject.removeRDN(ObjectID.commonName);
1115 chain[1] = caECDSA;
1116 verifier.verifyChain(chain);
1117 addToKeyStore(ecdh_brainpool_384_2, chain, ECDH_BRAINPOOL_384_2);
1118
1119 // 512
1120 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-512 Demo Certificate 1");
1121 System.out.println("create ECDH Brainpool P-512 demo certificate...");
1122 chain[0] = createCertificate(subject, ecdh_brainpool_512_1.getPublic(),
1123 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1124 subject.removeRDN(ObjectID.commonName);
1125 chain[1] = caECDSA;
1126 verifier.verifyChain(chain);
1127 addToKeyStore(ecdh_brainpool_512_1, chain, ECDH_BRAINPOOL_512_1);
1128
1129
1130 // 512
1131 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-512 Demo Certificate 2");
1132 System.out.println("create ECDH Brainpool P-512 demo certificate...");
1133 chain[0] = createCertificate(subject, ecdh_brainpool_512_2.getPublic(),
1134 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false);
1135 subject.removeRDN(ObjectID.commonName);
1136 chain[1] = caECDSA;
1137 verifier.verifyChain(chain);
1138 addToKeyStore(ecdh_brainpool_512_2, chain, ECDH_BRAINPOOL_512_2);
1139
1140
1141 }
1142
1143 System.out.println("\nCertificates created!");
1144
1145 } catch (Exception ex) {
1146 System.out.println("Exception: "+ex);
1147 }
1148 }
1149
1150 /**
1151 * Reads the next line from the given BufferedReader.
1152 *
1153 * @param reader the reader from which to read the line
1154 *
1155 * @return the line just read
1156 *
1157 * @throws IOException if an I/O error occurs
1158 */
1159 private final static String readLine(BufferedReader reader) throws IOException {
1160 String line = reader.readLine();
1161 if (line != null) {
1162 line = line.trim();
1163 } else {
1164 line = "";
1165 }
1166 return line;
1167 }
1168
1169 /**
1170 * Starts the keystore setup.
1171 */
1172 public static void start() {
1173 SetupCMSEccKeyStore suks = new SetupCMSEccKeyStore();
1174 suks.initializeKeyStore();
1175 if (suks.create_only_certificates) {
1176 suks.getPrivateKeys();
1177 }
1178 else {
1179 suks.generatePrivateKeys();
1180 }
1181 suks.generateCertificates();
1182 suks.saveKeyStore();
1183 }
1184
1185 /**
1186 * Creates the test certificates.
1187 */
1188 public static void main(String arg[]) throws IOException {
1189
1190 DemoUtil.initDemos();
1191 try {
1192 ECCDemoUtil.installIaikEccProvider();
1193 } catch (Exception e) {
1194 System.out.println(e.getMessage());
1195 e.printStackTrace();
1196 System.exit(1);
1197 }
1198 start();
1199
1200 }
1201 }