Package com.browserup.bup.mitm.tools

Class BouncyCastleSecurityProviderTool

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      CertificateAndKey createCARootCertificate​(CertificateInfo certificateInfo, java.security.KeyPair keyPair, java.lang.String messageDigest)
      Creates a new self-signed CA root certificate, suitable for use signing new server certificates.
      java.security.KeyStore createRootCertificateKeyStore​(java.lang.String keyStoreType, CertificateAndKey rootCertificateAndKey, java.lang.String privateKeyAlias, java.lang.String password)
      Assembles a Java KeyStore containing a CA root certificate and its private key.
      CertificateAndKey createServerCertificate​(CertificateInfo certificateInfo, java.security.cert.X509Certificate caRootCertificate, java.security.PrivateKey caPrivateKey, java.security.KeyPair serverKeyPair, java.lang.String messageDigest)
      Creates a new server X.509 certificate using the serverKeyPair.
      java.security.KeyStore createServerKeyStore​(java.lang.String keyStoreType, CertificateAndKey serverCertificateAndKey, java.security.cert.X509Certificate rootCertificate, java.lang.String privateKeyAlias, java.lang.String password)
      Assembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create an SSLContext.
      java.security.cert.X509Certificate decodePemEncodedCertificate​(java.io.Reader certificateReader)
      Decodes a PEM-encoded X.509 Certificate into a X509Certificate.
      java.security.PrivateKey decodePemEncodedPrivateKey​(java.io.Reader privateKeyReader, java.lang.String password)
      Decodes a PEM-encoded private key into a PrivateKey.
      java.lang.String encodeCertificateAsPem​(java.security.cert.Certificate certificate)
      Encodes a certificate in PEM format.
      java.lang.String encodePrivateKeyAsPem​(java.security.PrivateKey privateKey, java.lang.String passwordForPrivateKey, java.lang.String encryptionAlgorithm)
      Encodes a private key in PEM format, encrypting it with the specified password.
      javax.net.ssl.KeyManager[] getKeyManagers​(java.security.KeyStore keyStore, java.lang.String keyStorePassword)
      Retrieve the KeyManagers for the specified KeyStore.
      java.security.KeyStore loadKeyStore​(java.io.File file, java.lang.String keyStoreType, java.lang.String password)
      Loads a Java KeyStore object from a file.
      void saveKeyStore​(java.io.File file, java.security.KeyStore keyStore, java.lang.String keystorePassword)
      Saves a Java KeyStore to a file, protecting it with the specified password.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • BouncyCastleSecurityProviderTool

        public BouncyCastleSecurityProviderTool()

    • Method Detail

      • createServerCertificate

        public CertificateAndKey createServerCertificate​(CertificateInfo certificateInfo,
                                                 java.security.cert.X509Certificate caRootCertificate,
                                                 java.security.PrivateKey caPrivateKey,
                                                 java.security.KeyPair serverKeyPair,
                                                 java.lang.String messageDigest)
        Description copied from interface: SecurityProviderTool
        Creates a new server X.509 certificate using the serverKeyPair. The new certificate will be populated with information from the specified certificateInfo and will be signed using the specified caPrivateKey and messageDigest.
        Specified by:
        createServerCertificate in interface SecurityProviderTool
        Parameters:
        certificateInfo - basic X.509 certificate info that will be used to create the server certificate
        caRootCertificate - root certificate that will be used to populate the issuer field of the server certificate
        caPrivateKey - root certificate private key that will be used to sign the server certificate
        serverKeyPair - server's public and private keys
        messageDigest - message digest to use when signing the server certificate, such as SHA512
        Returns:
        a new server certificate and its private key

      • createServerKeyStore

        public java.security.KeyStore createServerKeyStore​(java.lang.String keyStoreType,
                                                   CertificateAndKey serverCertificateAndKey,
                                                   java.security.cert.X509Certificate rootCertificate,
                                                   java.lang.String privateKeyAlias,
                                                   java.lang.String password)
        Description copied from interface: SecurityProviderTool
        Assembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create an SSLContext.
        Specified by:
        createServerKeyStore in interface SecurityProviderTool
        Parameters:
        keyStoreType - the KeyStore type, such as JKS or PKCS12
        serverCertificateAndKey - certificate and private key for the server, which will be placed in the KeyStore
        rootCertificate - CA root certificate of the private key that signed the server certificate
        privateKeyAlias - alias to assign the private key (with accompanying certificate chain) to in the KeyStore
        password - password for the new KeyStore and private key
        Returns:
        a new KeyStore with the server's certificate and password-protected private key

      • createRootCertificateKeyStore

        public java.security.KeyStore createRootCertificateKeyStore​(java.lang.String keyStoreType,
                                                            CertificateAndKey rootCertificateAndKey,
                                                            java.lang.String privateKeyAlias,
                                                            java.lang.String password)
        Description copied from interface: SecurityProviderTool
        Assembles a Java KeyStore containing a CA root certificate and its private key.
        Specified by:
        createRootCertificateKeyStore in interface SecurityProviderTool
        Parameters:
        keyStoreType - the KeyStore type, such as JKS or PKCS12
        rootCertificateAndKey - certification authority's root certificate and private key, which will be placed in the KeyStore
        privateKeyAlias - alias to assign the private key (with accompanying certificate chain) to in the KeyStore
        password - password for the new KeyStore and private key
        Returns:
        a new KeyStore with the root certificate and password-protected private key

      • createCARootCertificate

        public CertificateAndKey createCARootCertificate​(CertificateInfo certificateInfo,
                                                 java.security.KeyPair keyPair,
                                                 java.lang.String messageDigest)
        Description copied from interface: SecurityProviderTool
        Creates a new self-signed CA root certificate, suitable for use signing new server certificates.
        Specified by:
        createCARootCertificate in interface SecurityProviderTool
        Parameters:
        certificateInfo - certificate info to populate in the new root cert
        keyPair - root certificate's public and private keys
        messageDigest - digest to use when signing the new root certificate, such as SHA512
        Returns:
        a new root certificate and private key

      • encodePrivateKeyAsPem

        public java.lang.String encodePrivateKeyAsPem​(java.security.PrivateKey privateKey,
                                              java.lang.String passwordForPrivateKey,
                                              java.lang.String encryptionAlgorithm)
        Description copied from interface: SecurityProviderTool
        Encodes a private key in PEM format, encrypting it with the specified password. The private key will be encrypted using the specified algorithm.
        Specified by:
        encodePrivateKeyAsPem in interface SecurityProviderTool
        Parameters:
        privateKey - private key to encode
        passwordForPrivateKey - password to protect the private key
        encryptionAlgorithm - algorithm to use to encrypt the private key
        Returns:
        PEM-encoded private key as a String

      • encodeCertificateAsPem

        public java.lang.String encodeCertificateAsPem​(java.security.cert.Certificate certificate)
        Description copied from interface: SecurityProviderTool
        Encodes a certificate in PEM format.
        Specified by:
        encodeCertificateAsPem in interface SecurityProviderTool
        Parameters:
        certificate - certificate to encode
        Returns:
        PEM-encoded certificate as a String

      • decodePemEncodedPrivateKey

        public java.security.PrivateKey decodePemEncodedPrivateKey​(java.io.Reader privateKeyReader,
                                                           java.lang.String password)
        Description copied from interface: SecurityProviderTool
        Decodes a PEM-encoded private key into a PrivateKey. The password may be null if the PEM-encoded private key is not password-encrypted.
        Specified by:
        decodePemEncodedPrivateKey in interface SecurityProviderTool
        Parameters:
        privateKeyReader - a reader for a PEM-encoded private key
        password - password protecting the private key @return the decoded private key
        Returns:
        PrivateKey

      • decodePemEncodedCertificate

        public java.security.cert.X509Certificate decodePemEncodedCertificate​(java.io.Reader certificateReader)
        Description copied from interface: SecurityProviderTool
        Decodes a PEM-encoded X.509 Certificate into a X509Certificate.
        Specified by:
        decodePemEncodedCertificate in interface SecurityProviderTool
        Parameters:
        certificateReader - a reader for a PEM-encoded certificate
        Returns:
        the decoded X.509 certificate

      • loadKeyStore

        public java.security.KeyStore loadKeyStore​(java.io.File file,
                                           java.lang.String keyStoreType,
                                           java.lang.String password)
        Description copied from interface: SecurityProviderTool
        Loads a Java KeyStore object from a file.
        Specified by:
        loadKeyStore in interface SecurityProviderTool
        Parameters:
        file - KeyStore file to load
        keyStoreType - KeyStore type (PKCS12, JKS, etc.)
        password - the KeyStore password
        Returns:
        an initialized Java KeyStore object

      • saveKeyStore

        public void saveKeyStore​(java.io.File file,
                         java.security.KeyStore keyStore,
                         java.lang.String keystorePassword)
        Description copied from interface: SecurityProviderTool
        Saves a Java KeyStore to a file, protecting it with the specified password.
        Specified by:
        saveKeyStore in interface SecurityProviderTool
        Parameters:
        file - file to save the KeyStore to
        keyStore - KeyStore to save
        keystorePassword - password for the KeyStore

      • getKeyManagers

        public javax.net.ssl.KeyManager[] getKeyManagers​(java.security.KeyStore keyStore,
                                                 java.lang.String keyStorePassword)
        Description copied from interface: SecurityProviderTool
        Retrieve the KeyManagers for the specified KeyStore.
        Specified by:
        getKeyManagers in interface SecurityProviderTool
        Parameters:
        keyStore - the KeyStore to retrieve KeyManagers from
        keyStorePassword - the KeyStore password
        Returns:
        KeyManagers for the specified KeyStore