001// Copyright (C) 2002 IAIK 002// https://sic.tech/ 003// 004// Copyright (C) 2003 - 2025 Stiftung Secure Information and 005// Communication Technologies SIC 006// https://sic.tech/ 007// 008// All rights reserved. 009// 010// This source is provided for inspection purposes and recompilation only, 011// unless specified differently in a contract with IAIK. This source has to 012// be kept in strict confidence and must not be disclosed to any third party 013// under any circumstances. Redistribution in source and binary forms, with 014// or without modification, are <not> permitted in any case! 015// 016// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 017// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 018// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 019// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 020// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 021// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 022// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 023// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 024// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 025// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 026// SUCH DAMAGE. 027// 028// $Header: /IAIK-CMS/current/src/demo/cms/ecc/keystore/SetupCMSEccKeyStore.java 29 12.02.25 17:58 Dbratko $ 029// $Revision: 29 $ 030// 031 032package demo.cms.ecc.keystore; 033 034import java.io.BufferedReader; 035import java.io.File; 036import java.io.FileInputStream; 037import java.io.FileOutputStream; 038import java.io.IOException; 039import java.io.InputStreamReader; 040import java.math.BigInteger; 041import java.security.InvalidKeyException; 042import java.security.KeyPair; 043import java.security.KeyPairGenerator; 044import java.security.KeyStore; 045import java.security.KeyStoreException; 046import java.security.NoSuchAlgorithmException; 047import java.security.NoSuchProviderException; 048import java.security.PrivateKey; 049import java.security.PublicKey; 050import java.security.Security; 051import java.security.cert.CertificateException; 052import java.security.spec.AlgorithmParameterSpec; 053import java.util.Calendar; 054import java.util.GregorianCalendar; 055import java.util.Random; 056 057import demo.DemoUtil; 058import demo.cms.ecc.ECCDemoUtil; 059import iaik.asn1.CodingException; 060import iaik.asn1.ObjectID; 061import iaik.asn1.structures.AlgorithmID; 062import iaik.asn1.structures.GeneralName; 063import iaik.asn1.structures.GeneralNames; 064import iaik.asn1.structures.Name; 065import iaik.asn1.structures.PolicyInformation; 066import iaik.asn1.structures.PolicyQualifierInfo; 067import iaik.cms.CMSAlgorithmID; 068import iaik.cms.SecurityProvider; 069import iaik.x509.SimpleChainVerifier; 070import iaik.x509.X509Certificate; 071import iaik.x509.X509ExtensionException; 072import iaik.x509.extensions.AuthorityKeyIdentifier; 073import iaik.x509.extensions.BasicConstraints; 074import iaik.x509.extensions.CertificatePolicies; 075import iaik.x509.extensions.KeyUsage; 076import iaik.x509.extensions.SubjectAltName; 077import iaik.x509.extensions.SubjectKeyIdentifier; 078 079/** 080 * Creates a test KeyStore ("cmsecc.keystore") in the current working directory. 081 * These keys are used by the ECC demos included in IAIK-CMS. 082 * The aliases and the password for accessing the keys and 083 * certificates can be found in {@link CMSEccKeyStoreConstants 084 * CMSEccKeyStoreConstants}. 085 * 086 * @see CMSEccKeyStoreConstants 087 * @see CMSEccKeyStore 088 */ 089public class SetupCMSEccKeyStore implements CMSEccKeyStoreConstants { 090 091 // the key length of the CA certificate 092 private final static int CA_KEYLENGTH = 256; 093 094 // the key store to create 095 KeyStore key_store; 096 // the file where the key store shall be saved 097 String keystore_file; 098 // takes the existing keys from the KeyStore and only creates new certificates 099 boolean create_only_certificates = true; 100 101 KeyPair ca_ecdsa = null; 102 KeyPair ecdsa192 = null; 103 KeyPair ecdsa224 = null; 104 KeyPair ecdsa256 = null; 105 KeyPair ecdsa384 = null; 106 KeyPair ecdsa521 = null; 107 KeyPair ecdh192_1 = null; 108 KeyPair ecdh192_2 = null; 109 KeyPair ecdh224_1 = null; 110 KeyPair ecdh224_2 = null; 111 KeyPair ecdh256_1 = null; 112 KeyPair ecdh256_2 = null; 113 KeyPair ecdh384_1 = null; 114 KeyPair ecdh384_2 = null; 115 KeyPair ecdh521_1 = null; 116 KeyPair ecdh521_2 = null; 117 118 KeyPair ecdsa_brainpool_192 = null; 119 KeyPair ecdsa_brainpool_224 = null; 120 KeyPair ecdsa_brainpool_256 = null; 121 KeyPair ecdsa_brainpool_384 = null; 122 KeyPair ecdsa_brainpool_512 = null; 123 KeyPair ecdh_brainpool_192_1 = null; 124 KeyPair ecdh_brainpool_192_2 = null; 125 KeyPair ecdh_brainpool_224_1 = null; 126 KeyPair ecdh_brainpool_224_2 = null; 127 KeyPair ecdh_brainpool_256_1 = null; 128 KeyPair ecdh_brainpool_256_2 = null; 129 KeyPair ecdh_brainpool_384_1 = null; 130 KeyPair ecdh_brainpool_384_2 = null; 131 KeyPair ecdh_brainpool_512_1 = null; 132 KeyPair ecdh_brainpool_512_2 = null; 133 134 KeyPair eddsa25519 = null; 135 KeyPair eddsa448 = null; 136 137 KeyPair ecdhx25519 = null; 138 KeyPair ecdhx448 = null; 139 140 // create ECDSA keys and certificates 141 boolean create_ecdsa; 142 // create ECDH keys and certificates 143 boolean create_ecdh; 144 //create EDDSA keys and certificates 145 boolean create_eddsa; 146 //create ecdh X25518, x448 keys and certificates 147 boolean create_ecdh_x25519_x448; 148 // create keys and certificates with Brainpool curves 149 boolean create_brainpool; 150 151 152 /** 153 * Default Constructor. 154 */ 155 public SetupCMSEccKeyStore() { 156 create_ecdsa = true; 157 create_ecdh = true; 158 create_eddsa = true; 159 create_ecdh_x25519_x448 = true; 160 create_brainpool = true; 161 double eccelerateVersion = ECCDemoUtil.getECCelerateVersion(); 162 if (eccelerateVersion < 4.02) { 163 create_eddsa = false; 164 create_ecdh_x25519_x448 = false; 165 } 166 } 167 168 /** 169 * Generates a key pair for a curve with a certain name 170 * 171 * @param algorithm the key algorithm 172 * @param bitLength the length of the key (in bits). 173 * 174 * @return the generated key pair 175 * 176 * @throws NoSuchAlgorithmException if ECDSA KeyPairGenerator is not available 177 * @throws NoSuchProviderException if provider IAIK_ECC is not installed 178 */ 179 public KeyPair generateKeyPair(String algorithm, int bitLength) 180 throws NoSuchAlgorithmException, NoSuchProviderException { 181 String providerName = "IAIK ECCelerate"; 182 if (Security.getProvider(providerName) == null) { 183 providerName = "IAIK_ECC"; 184 } 185 KeyPairGenerator kpg = KeyPairGenerator.getInstance(algorithm, providerName); 186 kpg.initialize(bitLength); 187 return kpg.generateKeyPair(); 188 189 } 190 191 /** 192 * Generates an ECC key pair for a curve with a certain name 193 * 194 * @param algorithm the key algorithm 195 * @param curveName the name of the curve to be used. 196 * 197 * @return the generated key pair 198 * 199 * @throws Exception if the KeyPair cannot be generated 200 */ 201 public static KeyPair generateEccKeyPair(String algorithm, String curveName) throws Exception { 202 203 KeyPair kp = null; 204 AlgorithmParameterSpec paramSpec = ECCDemoUtil.createParamSpec(curveName); 205 if (paramSpec == null) { 206 throw new Exception("Curve " + curveName + " not supported!"); 207 } 208 String providerName = "IAIK ECCelerate"; 209 if (Security.getProvider(providerName) == null) { 210 providerName = "IAIK_ECC"; 211 } 212 KeyPairGenerator kpg = KeyPairGenerator.getInstance(algorithm, providerName); 213 kpg.initialize(paramSpec); 214 return kpg.generateKeyPair(); 215 } 216 217 218 219 /** 220 * Creates a certificate from the given values. 221 * 222 * @param subject the subject of the certificate 223 * @param publicKey the public key to include 224 * @param issuer the issuer of the certificate 225 * @param privateKey the private key for signing the certificate 226 * @param algorithm the signature algorithm to use 227 * @param keyID the key id for the AuthotityKeyIdentifier extension 228 * @param forSigning if the certificate to be created shall be used for signing or encryption 229 * 230 * @return the certificate just created 231 */ 232 public static X509Certificate createCertificate(Name subject, PublicKey publicKey, 233 Name issuer, PrivateKey privateKey, AlgorithmID algorithm, byte[] keyID, boolean forSigning) { 234 235 // create a new certificate 236 X509Certificate cert = new X509Certificate(); 237 238 try { 239 // set the values 240 cert.setSerialNumber(new BigInteger(20, new Random())); 241 cert.setSubjectDN(subject); 242 cert.setPublicKey(publicKey); 243 cert.setIssuerDN(issuer); 244 245 GregorianCalendar date = new GregorianCalendar(); 246 // not before now 247 cert.setValidNotBefore(date.getTime()); 248 249 if (issuer.equals(subject)) { 250 // ca certificate 251 date.add(Calendar.YEAR, 10); 252 BasicConstraints basicConstraints = new BasicConstraints(true); 253 cert.addExtension(basicConstraints); 254 KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign); 255 cert.addExtension(keyUsage); 256 } else { 257 // end user certificate 258 date.add(Calendar.YEAR, 9); 259 KeyUsage keyUsage = null; 260 if (forSigning) { 261 keyUsage = new KeyUsage(KeyUsage.digitalSignature | 262 KeyUsage.nonRepudiation); 263 } else { 264 keyUsage = new KeyUsage(KeyUsage.keyAgreement) ; 265 } 266 cert.addExtension(keyUsage); 267 AuthorityKeyIdentifier authID = new AuthorityKeyIdentifier(); 268 authID.setKeyIdentifier(keyID); 269 cert.addExtension(authID); 270 GeneralNames generalNames = new GeneralNames(); 271 generalNames.addName(new GeneralName(GeneralName.rfc822Name, "smimetest@iaik.tugraz.at")); 272 SubjectAltName subjectAltName = new SubjectAltName(generalNames); 273 cert.addExtension(subjectAltName); 274 } 275 String explicitText = "This certificate only may be used for test purposes"; 276 PolicyQualifierInfo policyQualifier = new PolicyQualifierInfo(null, null, explicitText); 277 PolicyInformation[] policyInformations = 278 { new PolicyInformation(new ObjectID("1.3.6.1.4.1.2706.2.2.4.1.1.1.1"), 279 new PolicyQualifierInfo[] { policyQualifier }) }; 280 CertificatePolicies certPolicies = new CertificatePolicies(policyInformations); 281 282 SubjectKeyIdentifier subjectKeyID = new SubjectKeyIdentifier(cert.getPublicKey()); 283 cert.addExtension(subjectKeyID); 284 285 cert.addExtension(certPolicies); 286 cert.setValidNotAfter(date.getTime()); 287 // and sign the certificate 288 ECCDemoUtil.signCertificate(cert, algorithm, privateKey); 289 } catch (CertificateException ex) { 290 throw new RuntimeException("Error creating the certificate: "+ex.getMessage()); 291 } catch (InvalidKeyException ex) { 292 throw new RuntimeException("Error creating the certificate: "+ex.getMessage()); 293 } catch (NoSuchAlgorithmException ex) { 294 throw new RuntimeException("Error creating the certificate: "+ex.getMessage()); 295 } catch (X509ExtensionException ex) { 296 throw new RuntimeException("Error adding extension: "+ex.getMessage()); 297 } catch (CodingException ex) { 298 throw new RuntimeException("Error adding SubjectKeyIdentifier extension: "+ex.getMessage()); 299 } 300 return cert; 301 } 302 303 /** 304 * Loads or creates a KeyStore and initializes it. 305 */ 306 private void initializeKeyStore() { 307 308 BufferedReader reader = null; 309 if (!DemoUtil.CREATE_DEMO_KEYSTORE_AUTOMATICAllY) { 310 reader = new BufferedReader(new InputStreamReader(System.in)); 311 } 312 String line; 313 314 try { 315 // default directory is the current user dir 316 String keystore_dir = System.getProperty("user.dir"); 317 File ks = new File(keystore_dir, KS_FILENAME); 318 319 // KeyStore does already exist 320 if (ks.exists()) { 321 keystore_file = ks.getAbsolutePath(); 322 if (create_only_certificates) { 323 System.out.println("Create only new certificates from already existing keys!"); 324 } 325 else { 326 System.out.println("Existing KeyStore will be deleted!"); 327 } 328 System.out.println("KeyStore: "+keystore_file); 329 } 330 else { 331 // there is no KeyStore -> create also new keys 332 create_only_certificates = false; 333 if (!DemoUtil.CREATE_DEMO_KEYSTORE_AUTOMATICAllY) { 334 while (true) { 335 System.out.print("Create new KeyStore in directory: "+keystore_dir+" [y]"); 336 line = readLine(reader); 337 if (line.length() == 0 || line.equals("y")) { 338 ks = new File(keystore_dir, KS_FILENAME); 339 keystore_file = ks.getAbsolutePath(); 340 System.out.println("KeyStore will be saved to: "+keystore_file); 341 break; 342 } 343 System.out.print("Enter directory: "); 344 keystore_dir = readLine(reader); 345 } 346 } else { 347 System.out.print("Create new KeyStore in directory: "+keystore_dir+" ..."); 348 ks = new File(keystore_dir, KS_FILENAME); 349 keystore_file = ks.getAbsolutePath(); 350 System.out.println("KeyStore will be saved to: "+keystore_file); 351 } 352 } 353 354 // get a new KeyStore object 355 key_store = SecurityProvider.getSecurityProvider().getKeyStore("IAIKKeyStore"); 356 357 if (create_only_certificates) { 358 // take private keys from existing KeyStore 359 FileInputStream ksStream = null; 360 try { 361 ksStream = new FileInputStream(ks); 362 key_store.load(ksStream, KS_PASSWORD); 363 } finally { 364 if (ksStream != null) { 365 try { 366 ksStream.close(); 367 } catch (IOException e) { 368 // ignore 369 } 370 } 371 } 372 } 373 else { 374 // create a new KeyStore 375 key_store.load(null, null); 376 } 377 378 } catch (Exception ex) { 379 System.out.println("Error creating new IAIK KeyStore!"); 380 throw new RuntimeException("Error creating new KeyStore: "+ex.toString()); 381 } 382 } 383 384 /** 385 * Saves the KeyStore to disk. 386 */ 387 private void saveKeyStore() { 388 FileOutputStream os = null; 389 try { 390 // write the KeyStore to disk 391 os = new FileOutputStream(keystore_file); 392 key_store.store(os, KS_PASSWORD); 393 394 } catch (Exception ex) { 395 System.out.println("Error saving KeyStore!"); 396 ex.printStackTrace(); 397 } finally { 398 if (os != null) { 399 try { 400 os.close(); 401 } catch (IOException e) { 402 // ignore 403 } 404 } 405 } 406 } 407 408 /** 409 * Adds the private key and the certificate chain to the key store. 410 * 411 * @param keyPair the key pair with the private key to be added 412 * @param chain the certificate chain to be added 413 * @param alias the alias for the keystore entry 414 * 415 * @throws KeyStoreException if an error occurs when trying to add the key 416 */ 417 public void addToKeyStore(KeyPair keyPair, X509Certificate[] chain, String alias) throws KeyStoreException { 418 key_store.setKeyEntry(alias, keyPair.getPrivate(), KS_PASSWORD, chain); 419 } 420 421 /** 422 * Returns a KeyPair form the KeyStore. 423 * 424 * @param type the type (e.g. {@link CMSEccKeyStoreConstants#ECDSA_192 "ECDSA.192"} 425 * of the requested key pair 426 * 427 * @return the KeyPair of the given type 428 * 429 * @throws Exception if some error occurs 430 */ 431 private KeyPair getKeyPair(String type) throws Exception { 432 PrivateKey privKey = (PrivateKey)key_store.getKey(type, KS_PASSWORD); 433 PublicKey pubKey = key_store.getCertificateChain(type)[0].getPublicKey(); 434 return new KeyPair(pubKey, privKey); 435 } 436 437 /** 438 * Get all private keys from the KeyStore. 439 */ 440 private void getPrivateKeys() { 441 try { 442 ca_ecdsa = getKeyPair(CA_ECDSA); 443 } catch (Exception ex) { 444 System.out.println("Unable to get ECDSA CA key from KeyStore."); 445 ex.printStackTrace(); 446 } 447 448 // ECDSA 449 try { 450 ecdsa192 = getKeyPair(ECDSA_192); 451 ecdsa224 = getKeyPair(ECDSA_224); 452 ecdsa256 = getKeyPair(ECDSA_256); 453 ecdsa384 = getKeyPair(ECDSA_384); 454 ecdsa521 = getKeyPair(ECDSA_521); 455 } catch (Exception ex) { 456 System.out.println("Unable to get ECDSA keys from KeyStore."); 457 ex.printStackTrace(); 458 create_ecdsa = false; 459 } 460 // ECDH 461 try { 462 ecdh192_1 = getKeyPair(ECDH_192_1); 463 ecdh192_2 = getKeyPair(ECDH_192_2); 464 ecdh224_1 = getKeyPair(ECDH_224_1); 465 ecdh224_2 = getKeyPair(ECDH_224_2); 466 ecdh256_1 = getKeyPair(ECDH_256_1); 467 ecdh256_2 = getKeyPair(ECDH_256_2); 468 ecdh384_1 = getKeyPair(ECDH_384_1); 469 ecdh384_2 = getKeyPair(ECDH_384_2); 470 ecdh521_1 = getKeyPair(ECDH_521_1); 471 ecdh521_2 = getKeyPair(ECDH_521_2); 472 } catch (Exception ex) { 473 System.out.println("Unable to get ECDH keys from KeyStore."); 474 ex.printStackTrace(); 475 create_ecdh = false; 476 } 477 478 // EDDSA 479 try { 480 eddsa25519 = getKeyPair(EDDSA_ED25519); 481 eddsa448 = getKeyPair(EDDSA_ED448); 482 } catch (Exception ex) { 483 System.out.println("Unable to get EDDSA keys from KeyStore."); 484 ex.printStackTrace(); 485 create_eddsa = false; 486 } 487 488 // ECDH x25519, x448 489 try { 490 ecdhx25519 = getKeyPair(ECDH_X25519); 491 ecdhx448 = getKeyPair(ECDH_X448); 492 } catch (Exception ex) { 493 System.out.println("Unable to get EDDSA keys from KeyStore."); 494 ex.printStackTrace(); 495 create_ecdh_x25519_x448 = false; 496 } 497 498 // Brainpool 499 // ECDSA 500 try { 501 ecdsa_brainpool_192 = getKeyPair(ECDSA_BRAINPOOL_192); 502 ecdsa_brainpool_224 = getKeyPair(ECDSA_BRAINPOOL_224); 503 ecdsa_brainpool_256 = getKeyPair(ECDSA_BRAINPOOL_256); 504 ecdsa_brainpool_384 = getKeyPair(ECDSA_BRAINPOOL_384); 505 ecdsa_brainpool_512 = getKeyPair(ECDSA_BRAINPOOL_512); 506 } catch (Exception ex) { 507 System.out.println("Unable to get ECDSA Brainpool keys from KeyStore."); 508 ex.printStackTrace(); 509 create_brainpool = false; 510 } 511 // ECDH 512 try { 513 ecdh_brainpool_192_1 = getKeyPair(ECDH_BRAINPOOL_192_1); 514 ecdh_brainpool_192_2 = getKeyPair(ECDH_BRAINPOOL_192_2); 515 ecdh_brainpool_224_1 = getKeyPair(ECDH_BRAINPOOL_224_1); 516 ecdh_brainpool_224_2 = getKeyPair(ECDH_BRAINPOOL_224_2); 517 ecdh_brainpool_256_1 = getKeyPair(ECDH_BRAINPOOL_256_1); 518 ecdh_brainpool_256_2 = getKeyPair(ECDH_BRAINPOOL_256_2); 519 ecdh_brainpool_384_1 = getKeyPair(ECDH_BRAINPOOL_384_1); 520 ecdh_brainpool_384_2 = getKeyPair(ECDH_BRAINPOOL_384_2); 521 ecdh_brainpool_512_1 = getKeyPair(ECDH_BRAINPOOL_512_1); 522 ecdh_brainpool_512_2 = getKeyPair(ECDH_BRAINPOOL_512_2); 523 } catch (Exception ex) { 524 System.out.println("Unable to get ECDH Brainpool keys from KeyStore."); 525 ex.printStackTrace(); 526 create_brainpool = false; 527 } 528 529 } 530 531 /** 532 * Generates new prviate keys. 533 */ 534 private void generatePrivateKeys() { 535 try { 536 // CA certificate 537 try { 538 System.out.println("generate ECDSA KeyPair for CA certificate..."); 539 ca_ecdsa = generateKeyPair("EC", CA_KEYLENGTH); 540 } catch (NoSuchAlgorithmException ex) { 541 System.out.println("No implementation for DSA! DSA CA keys not created!\n"); 542 } 543 544 if (create_ecdsa) { 545 try { 546 System.out.println("generate ECDSA KeyPair for a test certificate [192 bits]..."); 547 ecdsa192 = generateKeyPair("EC", 192); 548 System.out.println("generate ECDSA KeyPair for a test certificate [224 bits]..."); 549 ecdsa224 = generateKeyPair("EC", 224); 550 System.out.println("generate ECDSA KeyPair for a test certificate [256 bits]..."); 551 ecdsa256 = generateKeyPair("EC", 256); 552 System.out.println("generate ECDSA KeyPair for a test certificate [384 bits]..."); 553 ecdsa384 = generateKeyPair("EC", 384); 554 System.out.println("generate ECDSA KeyPair for a test certificate [521 bits]..."); 555 ecdsa521 = generateKeyPair("EC", 521); 556 557 // Brainpool curves 558 if (create_brainpool) { 559 try { 560 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [192 bits]..."); 561 ecdsa_brainpool_192 = generateEccKeyPair("EC", "brainpoolP192r1"); 562 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [224 bits]..."); 563 ecdsa_brainpool_224 = generateEccKeyPair("EC", "brainpoolP224r1"); 564 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [256 bits]..."); 565 ecdsa_brainpool_256 = generateEccKeyPair("EC", "brainpoolP256r1"); 566 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [384 bits]..."); 567 ecdsa_brainpool_384 = generateEccKeyPair("EC", "brainpoolP384r1"); 568 System.out.println("generate ECDSA Brainpool KeyPair for a test certificate [521 bits]..."); 569 ecdsa_brainpool_512 = generateEccKeyPair("EC", "brainpoolP512r1"); 570 } catch (Exception ex) { 571 create_brainpool = false; 572 System.out.println("No implementation for Brainpool curves! Brainpool keys are not created!\n"); 573 } 574 } 575 } catch (NoSuchAlgorithmException ex) { 576 create_ecdsa = false; 577 System.out.println("No implementation for ECDSA! ECDSA keys are not created!\n"); 578 } 579 } 580 581 if (create_ecdh) { 582 try { 583 System.out.println("generate ECDH KeyPair for a test certificate [192 bits]..."); 584 ecdh192_1 = generateKeyPair("EC", 192); 585 System.out.println("generate second ECDH KeyPair for a test certificate [192 bits]..."); 586 ecdh192_2 = generateKeyPair("EC", 192); 587 System.out.println("generate ECDH KeyPair for a test certificate [224 bits]..."); 588 ecdh224_1 = generateKeyPair("EC", 224); 589 System.out.println("generate second ECDH KeyPair for a test certificate [224 bits]..."); 590 ecdh224_2 = generateKeyPair("EC", 224); 591 System.out.println("generate ECDH KeyPair for a test certificate [256 bits]..."); 592 ecdh256_1 = generateKeyPair("EC", 256); 593 System.out.println("generate second ECDH KeyPair for a test certificate [256 bits]..."); 594 ecdh256_2 = generateKeyPair("EC", 256); 595 System.out.println("generate ECDH KeyPair for a test certificate [384 bits]..."); 596 ecdh384_1 = generateKeyPair("EC", 384); 597 System.out.println("generate second ECDH KeyPair for a test certificate [384 bits]..."); 598 ecdh384_2 = generateKeyPair("EC", 384); 599 System.out.println("generate ECDH KeyPair for a test certificate [521 bits]..."); 600 ecdh521_1 = generateKeyPair("EC", 521); 601 System.out.println("generate second ECDH KeyPair for a test certificate [521 bits]..."); 602 ecdh521_2 = generateKeyPair("EC", 521); 603 604 // Brainpool curves 605 if (create_brainpool) { 606 try { 607 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [192 bits]..."); 608 ecdh_brainpool_192_1 = generateEccKeyPair("EC", "brainpoolP192r1"); 609 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [192 bits]..."); 610 ecdh_brainpool_192_2 = generateEccKeyPair("EC", "brainpoolP192r1"); 611 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [224 bits]..."); 612 ecdh_brainpool_224_1 = generateEccKeyPair("EC", "brainpoolP224r1"); 613 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [224 bits]..."); 614 ecdh_brainpool_224_2 = generateEccKeyPair("EC", "brainpoolP224r1"); 615 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [256 bits]..."); 616 ecdh_brainpool_256_1 = generateEccKeyPair("EC", "brainpoolP256r1"); 617 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [256 bits]..."); 618 ecdh_brainpool_256_2 = generateEccKeyPair("EC", "brainpoolP256r1"); 619 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [384 bits]..."); 620 ecdh_brainpool_384_1 = generateEccKeyPair("EC", "brainpoolP384r1"); 621 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [384 bits]..."); 622 ecdh_brainpool_384_2 = generateEccKeyPair("EC", "brainpoolP384r1"); 623 System.out.println("generate ECDH Brainpool KeyPair for a test certificate [521 bits]..."); 624 ecdh_brainpool_512_1 = generateEccKeyPair("EC", "brainpoolP512r1"); 625 System.out.println("generate second ECDH Brainpool KeyPair for a test certificate [521 bits]..."); 626 ecdh_brainpool_512_2 = generateEccKeyPair("EC", "brainpoolP512r1"); 627 } catch (Exception ex) { 628 create_brainpool = false; 629 System.out.println("No implementation for Brainpool curves! Brainpool keys are not created!\n"); 630 } 631 } 632 } catch (NoSuchAlgorithmException ex) { 633 create_ecdh = false; 634 System.out.println("No implementation for ECDH! ECDH keys are not created!\n"); 635 } 636 } 637 638 if (create_eddsa) { 639 try { 640 System.out.println("generate Ed25519 KeyPair for a test certificate [256 bits]..."); 641 eddsa25519 = generateKeyPair("Ed25519", 256); 642 System.out.println("generate Ed448 KeyPair for a test certificate [456 bits]..."); 643 eddsa448 = generateKeyPair("EdDSA448", 456); 644 } catch (NoSuchAlgorithmException ex) { 645 create_ecdh = false; 646 System.out.println("No implementation for EdDSA! EdDSA keys are not created!\n"); 647 } 648 } 649 650 if (create_ecdh_x25519_x448) { 651 try { 652 System.out.println("generate ECDH x25519 KeyPair for a test certificate [256 bits]..."); 653 ecdhx25519 = generateKeyPair("X25519", 256); 654 System.out.println("generate ECDH x448 KeyPair for a test certificate [456 bits]..."); 655 ecdhx448 = generateKeyPair("X448", 448); 656 } catch (NoSuchAlgorithmException ex) { 657 create_ecdh = false; 658 System.out.println("No implementation for ECDH x25519/x448! ECDH x25519/x448 keys are not created!\n"); 659 } 660 } 661 662 } catch (Exception ex) { 663 System.out.println("Exception: "+ex); 664 } 665 } 666 667 /** 668 * Generates the certificates. 669 */ 670 public void generateCertificates() { 671 672 try { 673 674 // Now create the certificates 675 Name issuer = new Name(); 676 issuer.addRDN(ObjectID.country, "AT"); 677 issuer.addRDN(ObjectID.organization ,"IAIK"); 678 issuer.addRDN(ObjectID.organizationalUnit ,"JavaSecurity"); 679 680 Name subject = new Name(); 681 subject.addRDN(ObjectID.country, "AT"); 682 subject.addRDN(ObjectID.organization ,"IAIK"); 683 subject.addRDN(ObjectID.organizationalUnit ,"JavaSecurity"); 684 685 // 686 // create self signed CA certs 687 // 688 X509Certificate caECDSA = null; 689 X509Certificate[] chain = new X509Certificate[1]; 690 // for verifying the created certificates 691 SimpleChainVerifier verifier = new SimpleChainVerifier(); 692 AlgorithmID signatureAlgorithm = (AlgorithmID)CMSAlgorithmID.ecdsa_With_SHA256.clone(); 693 694 issuer.addRDN(ObjectID.commonName ,"IAIK CMS-ECC Test ECDSA CA"); 695 System.out.println("create self signed ECDSA CA certificate..."); 696 caECDSA = createCertificate(issuer, ca_ecdsa.getPublic(), 697 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), null, true); 698 // verify the self signed certificate 699 caECDSA.verify(); 700 // set the CA cert as trusted root 701 verifier.addTrustedCertificate(caECDSA); 702 chain[0] = caECDSA; 703 addToKeyStore(ca_ecdsa, chain, CA_ECDSA); 704 705 // 706 // create certificates 707 // 708 chain = new X509Certificate[2]; 709 710 // create a ECDSA test certificates 711 if (create_ecdsa) { 712 // 192 713 subject.addRDN(ObjectID.commonName ,"ECDSA 192 bit Demo Certificate"); 714 System.out.println("create 192 bit ECDSA demo certificate..."); 715 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 716 chain[0] = createCertificate(subject, ecdsa192.getPublic(), 717 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 718 chain[1] = caECDSA; 719 verifier.verifyChain(chain); 720 721 addToKeyStore(ecdsa192, chain, ECDSA_192); 722 subject.removeRDN(ObjectID.commonName); 723 724 725 // 224 726 subject.addRDN(ObjectID.commonName ,"ECDSA 224 bit Demo Certificate"); 727 System.out.println("create 224 bit ECDSA demo certificate..."); 728 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 729 chain[0] = createCertificate(subject, ecdsa224.getPublic(), 730 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 731 chain[1] = caECDSA; 732 verifier.verifyChain(chain); 733 734 addToKeyStore(ecdsa224, chain, ECDSA_224); 735 subject.removeRDN(ObjectID.commonName); 736 737 738 // 256 739 subject.addRDN(ObjectID.commonName ,"ECDSA 256 bit Demo Certificate"); 740 System.out.println("create 256 bit ECDSA demo certificate..."); 741 chain[0] = createCertificate(subject, ecdsa256.getPublic(), 742 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 743 chain[1] = caECDSA; 744 verifier.verifyChain(chain); 745 addToKeyStore(ecdsa256, chain, ECDSA_256); 746 subject.removeRDN(ObjectID.commonName); 747 748 749 // 384 750 subject.addRDN(ObjectID.commonName ,"ECDSA 384 bit Demo Certificate"); 751 System.out.println("create 384 bit ECDSA demo certificate..."); 752 chain[0] = createCertificate(subject, ecdsa384.getPublic(), 753 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 754 chain[1] = caECDSA; 755 verifier.verifyChain(chain); 756 addToKeyStore(ecdsa384, chain, ECDSA_384); 757 subject.removeRDN(ObjectID.commonName); 758 759 760 // 521 761 subject.addRDN(ObjectID.commonName ,"ECDSA 521 bit Demo Certificate"); 762 System.out.println("create 521 bit ECDSA demo certificate..."); 763 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 764 chain[0] = createCertificate(subject, ecdsa521.getPublic(), 765 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 766 chain[1] = caECDSA; 767 verifier.verifyChain(chain); 768 769 addToKeyStore(ecdsa521, chain, ECDSA_521); 770 subject.removeRDN(ObjectID.commonName); 771 772 773 } 774 775 // create a ECDH test certificates 776 if (create_ecdh) { 777 // 192 778 subject.addRDN(ObjectID.commonName ,"ECDH 192 bit Demo Certificate 1"); 779 System.out.println("create 192 bit ECDH demo certificate..."); 780 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 781 chain[0] = createCertificate(subject, ecdh192_1.getPublic(), 782 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 783 chain[1] = caECDSA; 784 verifier.verifyChain(chain); 785 addToKeyStore(ecdh192_1, chain, ECDH_192_1); 786 subject.removeRDN(ObjectID.commonName); 787 788 // 192 789 subject.addRDN(ObjectID.commonName ,"ECDH 192 bit Demo Certificate 2"); 790 System.out.println("create 192 bit ECDH demo certificate..."); 791 chain[0] = createCertificate(subject, ecdh192_2.getPublic(), 792 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 793 chain[1] = caECDSA; 794 verifier.verifyChain(chain); 795 addToKeyStore(ecdh192_2, chain, ECDH_192_2); 796 subject.removeRDN(ObjectID.commonName); 797 798 // 224 799 subject.addRDN(ObjectID.commonName ,"ECDH 224 bit Demo Certificate 1"); 800 System.out.println("create 224 bit ECDH demo certificate..."); 801 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 802 chain[0] = createCertificate(subject, ecdh224_1.getPublic(), 803 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 804 chain[1] = caECDSA; 805 verifier.verifyChain(chain); 806 addToKeyStore(ecdh224_1, chain, ECDH_224_1); 807 subject.removeRDN(ObjectID.commonName); 808 809 // 224 810 subject.addRDN(ObjectID.commonName ,"ECDH 224 bit Demo Certificate 2"); 811 System.out.println("create 224 bit ECDH demo certificate..."); 812 chain[0] = createCertificate(subject, ecdh224_2.getPublic(), 813 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 814 chain[1] = caECDSA; 815 verifier.verifyChain(chain); 816 addToKeyStore(ecdh224_2, chain, ECDH_224_2); 817 subject.removeRDN(ObjectID.commonName); 818 819 // 256 820 subject.addRDN(ObjectID.commonName ,"ECDH 256 bit Demo Certificate 1"); 821 System.out.println("create 256 bit ECDH demo certificate..."); 822 chain[0] = createCertificate(subject, ecdh256_1.getPublic(), 823 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 824 subject.removeRDN(ObjectID.commonName); 825 chain[1] = caECDSA; 826 verifier.verifyChain(chain); 827 addToKeyStore(ecdh256_1, chain, ECDH_256_1); 828 829 // 256 830 subject.addRDN(ObjectID.commonName ,"ECDH 256 bit Demo Certificate 2"); 831 System.out.println("create 256 bit ECDH demo certificate..."); 832 chain[0] = createCertificate(subject, ecdh256_2.getPublic(), 833 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 834 subject.removeRDN(ObjectID.commonName); 835 chain[1] = caECDSA; 836 verifier.verifyChain(chain); 837 addToKeyStore(ecdh256_2, chain, ECDH_256_2); 838 839 840 // 384 841 subject.addRDN(ObjectID.commonName ,"ECDH 384 bit Demo Certificate 1"); 842 System.out.println("create 384 bit ECDH demo certificate..."); 843 chain[0] = createCertificate(subject, ecdh384_1.getPublic(), 844 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 845 subject.removeRDN(ObjectID.commonName); 846 chain[1] = caECDSA; 847 verifier.verifyChain(chain); 848 addToKeyStore(ecdh384_1, chain, ECDH_384_1); 849 850 851 // 384 852 subject.addRDN(ObjectID.commonName ,"ECDH 384 bit Demo Certificate 2"); 853 System.out.println("create 384 bit ECDH demo certificate..."); 854 chain[0] = createCertificate(subject, ecdh384_2.getPublic(), 855 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 856 subject.removeRDN(ObjectID.commonName); 857 chain[1] = caECDSA; 858 verifier.verifyChain(chain); 859 addToKeyStore(ecdh384_2, chain, ECDH_384_2); 860 861 // 521 862 subject.addRDN(ObjectID.commonName ,"ECDH 521 bit Demo Certificate 1"); 863 System.out.println("create 521 bit ECDH demo certificate..."); 864 chain[0] = createCertificate(subject, ecdh521_1.getPublic(), 865 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 866 subject.removeRDN(ObjectID.commonName); 867 chain[1] = caECDSA; 868 verifier.verifyChain(chain); 869 addToKeyStore(ecdh521_1, chain, ECDH_521_1); 870 871 872 // 521 873 subject.addRDN(ObjectID.commonName ,"ECDH 521 bit Demo Certificate 2"); 874 System.out.println("create 521 bit ECDH demo certificate..."); 875 chain[0] = createCertificate(subject, ecdh521_2.getPublic(), 876 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 877 subject.removeRDN(ObjectID.commonName); 878 chain[1] = caECDSA; 879 verifier.verifyChain(chain); 880 addToKeyStore(ecdh521_2, chain, ECDH_521_2); 881 } 882 883 // create a EdDSA test certificates 884 if (create_eddsa) { 885 // Ed25519 886 subject.addRDN(ObjectID.commonName ,"Ed25519 bit Demo Certificate"); 887 System.out.println("create Ed25519 demo certificate..."); 888 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 889 chain[0] = createCertificate(subject, eddsa25519.getPublic(), 890 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 891 chain[1] = caECDSA; 892 verifier.verifyChain(chain); 893 894 addToKeyStore(eddsa25519, chain, EDDSA_ED25519); 895 subject.removeRDN(ObjectID.commonName); 896 897 898 // Ed448 899 subject.addRDN(ObjectID.commonName ,"Ed448 bit Demo Certificate"); 900 System.out.println("create Ed448 demo certificate..."); 901 chain[0] = createCertificate(subject, eddsa448.getPublic(), 902 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 903 chain[1] = caECDSA; 904 verifier.verifyChain(chain); 905 906 addToKeyStore(eddsa448, chain, EDDSA_ED448); 907 subject.removeRDN(ObjectID.commonName); 908 909 } 910 911 // create a ECDH x25519, x448 test certificates 912 if (create_ecdh_x25519_x448) { 913 // x25519 914 subject.addRDN(ObjectID.commonName ,"ECDH x25519 bit Demo Certificate"); 915 System.out.println("create ECDH x25519 demo certificate..."); 916 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 917 chain[0] = createCertificate(subject, ecdhx25519.getPublic(), 918 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 919 chain[1] = caECDSA; 920 verifier.verifyChain(chain); 921 922 addToKeyStore(ecdhx25519, chain, ECDH_X25519); 923 subject.removeRDN(ObjectID.commonName); 924 925 926 // x448 927 subject.addRDN(ObjectID.commonName ,"Ed448 bit Demo Certificate"); 928 System.out.println("create ECDH x448 demo certificate..."); 929 chain[0] = createCertificate(subject, ecdhx448.getPublic(), 930 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 931 chain[1] = caECDSA; 932 verifier.verifyChain(chain); 933 934 addToKeyStore(ecdhx448, chain, ECDH_X448); 935 subject.removeRDN(ObjectID.commonName); 936 937 } 938 939 // create a Brainpool test certificates 940 if (create_brainpool) { 941 // ECDSA 942 // 192 943 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-192 Demo Certificate"); 944 System.out.println("create ECDSA Brainpool P-192 demo certificate..."); 945 SubjectKeyIdentifier subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 946 chain[0] = createCertificate(subject, ecdsa_brainpool_192.getPublic(), 947 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 948 chain[1] = caECDSA; 949 verifier.verifyChain(chain); 950 951 addToKeyStore(ecdsa_brainpool_192, chain, ECDSA_BRAINPOOL_192); 952 subject.removeRDN(ObjectID.commonName); 953 954 955 // 224 956 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-224 Demo Certificate"); 957 System.out.println("create ECDSA Brainpool P-224 demo certificate..."); 958 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 959 chain[0] = createCertificate(subject, ecdsa_brainpool_224.getPublic(), 960 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 961 chain[1] = caECDSA; 962 verifier.verifyChain(chain); 963 964 addToKeyStore(ecdsa_brainpool_224, chain, ECDSA_BRAINPOOL_224); 965 subject.removeRDN(ObjectID.commonName); 966 967 968 // 256 969 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-256 Demo Certificate"); 970 System.out.println("create ECDSA Brainpool P-256 demo certificate..."); 971 chain[0] = createCertificate(subject, ecdsa_brainpool_256.getPublic(), 972 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 973 chain[1] = caECDSA; 974 verifier.verifyChain(chain); 975 addToKeyStore(ecdsa_brainpool_256, chain, ECDSA_BRAINPOOL_256); 976 subject.removeRDN(ObjectID.commonName); 977 978 979 // 384 980 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-384 Demo Certificate"); 981 System.out.println("create ECDSA Brainpool P-384 demo certificate..."); 982 chain[0] = createCertificate(subject, ecdsa_brainpool_384.getPublic(), 983 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 984 chain[1] = caECDSA; 985 verifier.verifyChain(chain); 986 addToKeyStore(ecdsa_brainpool_384, chain, ECDSA_BRAINPOOL_384); 987 subject.removeRDN(ObjectID.commonName); 988 989 990 // 512 991 subject.addRDN(ObjectID.commonName ,"ECDSA Brainpool P-512 Demo Certificate"); 992 System.out.println("create ECDSA Brainpool P-512 demo certificate..."); 993 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 994 chain[0] = createCertificate(subject, ecdsa_brainpool_512.getPublic(), 995 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), true); 996 chain[1] = caECDSA; 997 verifier.verifyChain(chain); 998 999 addToKeyStore(ecdsa_brainpool_512, chain, ECDSA_BRAINPOOL_512); 1000 subject.removeRDN(ObjectID.commonName); 1001 1002 1003 //ECDH 1004 1005 // 192 1006 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-192 Demo Certificate 1"); 1007 System.out.println("create ECDH Brainpool P-192 demo certificate..."); 1008 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 1009 chain[0] = createCertificate(subject, ecdh_brainpool_192_1.getPublic(), 1010 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1011 chain[1] = caECDSA; 1012 verifier.verifyChain(chain); 1013 addToKeyStore(ecdh_brainpool_192_1, chain, ECDH_BRAINPOOL_192_1); 1014 subject.removeRDN(ObjectID.commonName); 1015 1016 // 192 1017 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-192 Demo Certificate 2"); 1018 System.out.println("create ECDH Brainpool P-192 demo certificate..."); 1019 chain[0] = createCertificate(subject, ecdh_brainpool_192_2.getPublic(), 1020 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1021 chain[1] = caECDSA; 1022 verifier.verifyChain(chain); 1023 addToKeyStore(ecdh_brainpool_192_2, chain, ECDH_BRAINPOOL_192_2); 1024 subject.removeRDN(ObjectID.commonName); 1025 1026 // 224 1027 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-224 Demo Certificate 1"); 1028 System.out.println("create ECDH Brainpool P-224 demo certificate..."); 1029 subjectKeyID = (SubjectKeyIdentifier)caECDSA.getExtension(SubjectKeyIdentifier.oid); 1030 chain[0] = createCertificate(subject, ecdh_brainpool_224_1.getPublic(), 1031 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1032 chain[1] = caECDSA; 1033 verifier.verifyChain(chain); 1034 addToKeyStore(ecdh_brainpool_224_1, chain, ECDH_BRAINPOOL_224_1); 1035 subject.removeRDN(ObjectID.commonName); 1036 1037 // 224 1038 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-224 Demo Certificate 2"); 1039 System.out.println("create ECDH Brainpool P-224 demo certificate..."); 1040 chain[0] = createCertificate(subject, ecdh_brainpool_224_2.getPublic(), 1041 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1042 chain[1] = caECDSA; 1043 verifier.verifyChain(chain); 1044 addToKeyStore(ecdh_brainpool_224_2, chain, ECDH_BRAINPOOL_224_2); 1045 subject.removeRDN(ObjectID.commonName); 1046 1047 // 256 1048 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-256 Demo Certificate 1"); 1049 System.out.println("create ECDH Brainpool P-256 demo certificate..."); 1050 chain[0] = createCertificate(subject, ecdh_brainpool_256_1.getPublic(), 1051 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1052 subject.removeRDN(ObjectID.commonName); 1053 chain[1] = caECDSA; 1054 verifier.verifyChain(chain); 1055 addToKeyStore(ecdh_brainpool_256_1, chain, ECDH_BRAINPOOL_256_1); 1056 1057 // 256 1058 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-256 Demo Certificate 2"); 1059 System.out.println("create ECDH Brainpool P-256 demo certificate..."); 1060 chain[0] = createCertificate(subject, ecdh_brainpool_256_2.getPublic(), 1061 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1062 subject.removeRDN(ObjectID.commonName); 1063 chain[1] = caECDSA; 1064 verifier.verifyChain(chain); 1065 addToKeyStore(ecdh_brainpool_256_2, chain, ECDH_BRAINPOOL_256_2); 1066 1067 1068 // 384 1069 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-384 Demo Certificate 1"); 1070 System.out.println("create ECDH Brainpool P-384 ECDH demo certificate..."); 1071 chain[0] = createCertificate(subject, ecdh_brainpool_384_1.getPublic(), 1072 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1073 subject.removeRDN(ObjectID.commonName); 1074 chain[1] = caECDSA; 1075 verifier.verifyChain(chain); 1076 addToKeyStore(ecdh_brainpool_384_1, chain, ECDH_BRAINPOOL_384_1); 1077 1078 1079 // 384 1080 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-384 Demo Certificate 2"); 1081 System.out.println("create ECDH Brainpool P-384 demo certificate..."); 1082 chain[0] = createCertificate(subject, ecdh_brainpool_384_2.getPublic(), 1083 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1084 subject.removeRDN(ObjectID.commonName); 1085 chain[1] = caECDSA; 1086 verifier.verifyChain(chain); 1087 addToKeyStore(ecdh_brainpool_384_2, chain, ECDH_BRAINPOOL_384_2); 1088 1089 // 512 1090 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-512 Demo Certificate 1"); 1091 System.out.println("create ECDH Brainpool P-512 demo certificate..."); 1092 chain[0] = createCertificate(subject, ecdh_brainpool_512_1.getPublic(), 1093 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1094 subject.removeRDN(ObjectID.commonName); 1095 chain[1] = caECDSA; 1096 verifier.verifyChain(chain); 1097 addToKeyStore(ecdh_brainpool_512_1, chain, ECDH_BRAINPOOL_512_1); 1098 1099 1100 // 512 1101 subject.addRDN(ObjectID.commonName ,"ECDH Brainpool P-512 Demo Certificate 2"); 1102 System.out.println("create ECDH Brainpool P-512 demo certificate..."); 1103 chain[0] = createCertificate(subject, ecdh_brainpool_512_2.getPublic(), 1104 issuer, ca_ecdsa.getPrivate(), (AlgorithmID)signatureAlgorithm.clone(), subjectKeyID.get(), false); 1105 subject.removeRDN(ObjectID.commonName); 1106 chain[1] = caECDSA; 1107 verifier.verifyChain(chain); 1108 addToKeyStore(ecdh_brainpool_512_2, chain, ECDH_BRAINPOOL_512_2); 1109 1110 1111 } 1112 1113 System.out.println("\nCertificates created!"); 1114 1115 } catch (Exception ex) { 1116 System.out.println("Exception: "+ex); 1117 } 1118 } 1119 1120 /** 1121 * Reads the next line from the given BufferedReader. 1122 * 1123 * @param reader the reader from which to read the line 1124 * 1125 * @return the line just read 1126 * 1127 * @throws IOException if an I/O error occurs 1128 */ 1129 private final static String readLine(BufferedReader reader) throws IOException { 1130 String line = reader.readLine(); 1131 if (line != null) { 1132 line = line.trim(); 1133 } else { 1134 line = ""; 1135 } 1136 return line; 1137 } 1138 1139 /** 1140 * Starts the keystore setup. 1141 */ 1142 public static void start() { 1143 SetupCMSEccKeyStore suks = new SetupCMSEccKeyStore(); 1144 suks.initializeKeyStore(); 1145 if (suks.create_only_certificates) { 1146 suks.getPrivateKeys(); 1147 } 1148 else { 1149 suks.generatePrivateKeys(); 1150 } 1151 suks.generateCertificates(); 1152 suks.saveKeyStore(); 1153 } 1154 1155 /** 1156 * Creates the test certificates. 1157 */ 1158 public static void main(String arg[]) throws IOException { 1159 1160 DemoUtil.initDemos(); 1161 try { 1162 ECCDemoUtil.installIaikEccProvider(); 1163 } catch (Exception e) { 1164 System.out.println(e.getMessage()); 1165 e.printStackTrace(); 1166 System.exit(1); 1167 } 1168 start(); 1169 1170 } 1171}