org.bouncycastle.crypto.CryptoServicesRegistrar Java Examples
The following examples show how to use
org.bouncycastle.crypto.CryptoServicesRegistrar.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: FIPSTest.java From snowflake-kafka-connector with Apache License 2.0 | 6 votes |
@Test public void testFips() throws IOException, OperatorCreationException { PrivateKey key = InternalUtils.parsePrivateKey(TestUtils.getKeyString()); String password = "sfdsfs1312AAAFDSf121!!!"; String AESKey = generateAESKey(key, password.toCharArray()); //since bc-fips doesn't support encrypt rsa private key with DES, //load test key from test profile String DESKey = TestUtils.getDesRsaKey(); //all key works by default EncryptionUtils.parseEncryptedPrivateKey(AESKey, password); EncryptionUtils.parseEncryptedPrivateKey(DESKey, password); //turn on approved only mode CryptoServicesRegistrar.setApprovedOnlyMode(true); //AES works EncryptionUtils.parseEncryptedPrivateKey(AESKey, password); //DES doesn't work TestUtils.assertError(SnowflakeErrors.ERROR_0018, () -> EncryptionUtils.parseEncryptedPrivateKey(DESKey, password)); }
Example #2
Source File: GenericCryptoModule.java From fido2 with GNU Lesser General Public License v2.1 | 5 votes |
/** * Constructor for the class. * * @param cryptomodule - The hardware cryptographic module */ public GenericCryptoModule(CryptoModule cryptomodule) { Security.addProvider(new BouncyCastleFipsProvider()); if (fipsmode) { CryptoServicesRegistrar.setApprovedOnlyMode(true); } this.cryptomodule = cryptomodule; }
Example #3
Source File: GenericCryptoModule.java From fido2 with GNU Lesser General Public License v2.1 | 5 votes |
/** * Constructor for the class. * * @param cryptomodule - The hardware cryptographic module * @param fipsmode - The fipsmode to set */ public GenericCryptoModule(CryptoModule cryptomodule, Boolean fipsmode) { Security.addProvider(new BouncyCastleFipsProvider()); if (fipsmode) { CryptoServicesRegistrar.setApprovedOnlyMode(true); } this.cryptomodule = cryptomodule; }
Example #4
Source File: ECDSASigner.java From web3sdk with Apache License 2.0 | 4 votes |
protected SecureRandom initSecureRandom(boolean needed, SecureRandom provided) { return !needed ? null : (provided != null) ? provided : CryptoServicesRegistrar.getSecureRandom(); }
Example #5
Source File: ConnectionFipsIT.java From snowflake-jdbc with Apache License 2.0 | 4 votes |
@BeforeClass public static void setup() throws Exception { System.setProperty("javax.net.debug", "ssl"); // get keystore types for BouncyCastle libraries JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE); JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE); // set keystore types for BouncyCastle libraries System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE, JCE_KEYSTORE_BOUNCY_CASTLE); System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE, JCE_KEYSTORE_JKS); // remove Java's standard encryption and SSL providers List<Provider> providers = Arrays.asList(Security.getProviders()); JCE_PROVIDER_SUN_JCE_PROVIDER_VALUE = Security.getProvider(JCE_PROVIDER_SUN_JCE); JCE_PROVIDER_SUN_JCE_PROVIDER_POSITION = providers.indexOf(JCE_PROVIDER_SUN_JCE_PROVIDER_VALUE); JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_VALUE = Security.getProvider(JCE_PROVIDER_SUN_RSA_SIGN); JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_POSITION = providers.indexOf(JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_VALUE); Security.removeProvider(JCE_PROVIDER_SUN_JCE); Security.removeProvider(JCE_PROVIDER_SUN_RSA_SIGN); // workaround to connect to accounts.google.com over HTTPS, which consists // of disabling TLS 1.3 and disabling default SSL cipher suites that are // using CHACHA20_POLY1305 algorithms JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS); JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES); System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS, SSL_ENABLED_PROTOCOLS); System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES, SSL_ENABLED_CIPHERSUITES); /* * Insert BouncyCastle's FIPS-compliant encryption and SSL providers. */ BouncyCastleFipsProvider bcFipsProvider = new BouncyCastleFipsProvider(BOUNCY_CASTLE_RNG_HYBRID_MODE); /* * We remove BCFIPS provider pessimistically. This is a no-op if provider * does not exist. This is necessary to always add it to the first * position when calling insertProviderAt. * * JavaDoc for insertProviderAt states: * "A provider cannot be added if it is already installed." */ Security.removeProvider(JCE_PROVIDER_BOUNCY_CASTLE_FIPS); Security.insertProviderAt(bcFipsProvider, 1); if (!CryptoServicesRegistrar.isInApprovedOnlyMode()) { if (FipsStatus.isReady()) { CryptoServicesRegistrar.setApprovedOnlyMode(true); } else { throw new RuntimeException("FIPS is not ready to be enabled and FIPS " + "mode is required for this test to run"); } } // attempts an SSL connection to Google connectToGoogle(); }
Example #6
Source File: CredHubApp.java From credhub with Apache License 2.0 | 4 votes |
public static void main(final String[] args) { CryptoServicesRegistrar.setApprovedOnlyMode(true); SpringApplication.run(CredHubApp.class, args); }