1   /*
2    * $Id: GenerateTestKeyrings.java 7963 2007-08-21 08:53:15Z dirk.olmes $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.extras.pgp;
12  
13  import java.io.FileOutputStream;
14  import java.io.IOException;
15  import java.security.KeyPair;
16  import java.security.KeyPairGenerator;
17  import java.security.KeyStoreException;
18  import java.security.NoSuchAlgorithmException;
19  import java.security.Principal;
20  import java.security.PrivateKey;
21  import java.security.PublicKey;
22  import java.security.SecureRandom;
23  import java.security.cert.Certificate;
24  import java.security.cert.CertificateException;
25  
26  import cryptix.openpgp.PGPKeyBundle;
27  import cryptix.pki.CertificateBuilder;
28  import cryptix.pki.ExtendedKeyStore;
29  import cryptix.pki.KeyBundleException;
30  import cryptix.pki.KeyBundleFactory;
31  import cryptix.pki.PrincipalBuilder;
32  import cryptix.pki.PrincipalException;
33  
34  public class GenerateTestKeyrings
35  {
36      private static PGPKeyBundle serverPublicKey, serverPrivateKey;
37      private static PGPKeyBundle clientPublicKey, clientPrivateKey;
38  
39      public static void generateServerKey()
40      {
41  
42          SecureRandom sr = new SecureRandom();
43  
44          try
45          {
46  
47              KeyBundleFactory kbf = KeyBundleFactory.getInstance("OpenPGP");
48  
49              serverPublicKey = (PGPKeyBundle)kbf.generateEmptyKeyBundle();
50              serverPrivateKey = (PGPKeyBundle)kbf.generateEmptyKeyBundle();
51  
52          }
53          catch (NoSuchAlgorithmException nsae)
54          {
55              System.err.println("Cannot find the OpenPGP KeyBundleFactory. "
56                                 + "This usually means that the Cryptix OpenPGP provider is not "
57                                 + "installed correctly.");
58              nsae.printStackTrace();
59              System.exit(-1);
60          }
61          catch (KeyBundleException kbe)
62          {
63              System.err.println("Generating an empty KeyBundle failed.");
64              kbe.printStackTrace();
65              System.exit(-1);
66          }
67  
68          // **********************************************************************
69          // Now generate the signing key.
70          //
71          // We'll use a 1024 bit DSA key here. You can use other algorithms if
72          // you want, by using for example:
73          // kpg = KeyPairGenerator.getInstance("OpenPGP/Signing/RSA");
74          // kpg = KeyPairGenerator.getInstance("OpenPGP/Signing/ElGamal");
75          //
76          // (Note that ElGamal signature were not supported yet at the time of
77          // writing this example class.)
78          // **********************************************************************
79          KeyPairGenerator kpg = null;
80  
81          try
82          {
83  
84              kpg = KeyPairGenerator.getInstance("OpenPGP/Signing/RSA");
85  
86          }
87          catch (NoSuchAlgorithmException nsae)
88          {
89              System.err.println("Cannot find the OpenPGP KeyPairGenerator. "
90                                 + "This usually means that the Cryptix OpenPGP provider is not "
91                                 + "installed correctly.");
92              nsae.printStackTrace();
93              System.exit(-1);
94          }
95  
96          kpg.initialize(1024, sr);
97          KeyPair kp = kpg.generateKeyPair();
98  
99          PublicKey pubkey = kp.getPublic();
100         PrivateKey privkey = kp.getPrivate();
101 
102         // **********************************************************************
103         // Now build the primary userid for this key.
104         // **********************************************************************
105         Principal userid = null;
106 
107         try
108         {
109 
110             PrincipalBuilder princbuilder = PrincipalBuilder.getInstance("OpenPGP/UserID");
111 
112             userid = princbuilder.build("Mule server <mule_server@mule.com>");
113 
114         }
115         catch (NoSuchAlgorithmException nsae)
116         {
117             System.err.println("Cannot find the OpenPGP PrincipalBuilder. "
118                                + "This usually means that the Cryptix OpenPGP provider is not "
119                                + "installed correctly.");
120             nsae.printStackTrace();
121             System.exit(-1);
122         }
123         catch (PrincipalException pe)
124         {
125             System.err.println("Generating the user id failed.");
126             pe.printStackTrace();
127             System.exit(-1);
128         }
129 
130         // **********************************************************************
131         // We need to sign the generated user id with our key, which will
132         // bring us a so called 'certificate'.
133         //
134         // This btw is a self-signed certificate, you can also have certificates
135         // signed by other people. See the ReadAndSignKey example for that.
136         // **********************************************************************
137         Certificate cert = null;
138 
139         try
140         {
141 
142             CertificateBuilder certbuilder = CertificateBuilder.getInstance("OpenPGP/Self");
143 
144             cert = certbuilder.build(pubkey, userid, privkey, sr);
145 
146         }
147         catch (NoSuchAlgorithmException nsae)
148         {
149             System.err.println("Cannot find the OpenPGP CertificateBuilder. "
150                                + "This usually means that the Cryptix OpenPGP provider is not "
151                                + "installed correctly.");
152             nsae.printStackTrace();
153             System.exit(-1);
154         }
155         catch (CertificateException ce)
156         {
157             System.err.println("Generating the self certification sig failed.");
158             ce.printStackTrace();
159             System.exit(-1);
160         }
161 
162         // **********************************************************************
163         // Building up the keybundle is easy now. We only need to add the
164         // certificate, as this will automagically add the public key and the
165         // user id to the keybundle.
166         // **********************************************************************
167         try
168         {
169 
170             serverPublicKey.addCertificate(cert);
171             serverPrivateKey.addCertificate(cert);
172 
173         }
174         catch (KeyBundleException kbe)
175         {
176             System.err.println("Adding the self certificate to the keybundle failed.");
177             kbe.printStackTrace();
178             System.exit(-1);
179         }
180 
181         // **********************************************************************
182         // Of course we still need to add the private key to the private
183         // keybundle, while encrypting it with a passphrase.
184         // **********************************************************************
185         try
186         {
187 
188             serverPrivateKey.addPrivateKey(privkey, pubkey, "TestingPassphrase".toCharArray(), sr);
189 
190         }
191         catch (KeyBundleException kbe)
192         {
193             System.err.println("Adding the private key to the keybundle failed.");
194             kbe.printStackTrace();
195             System.exit(-1);
196         }
197 
198     }
199 
200     public static void generateClientKey()
201     {
202 
203         SecureRandom sr = new SecureRandom();
204 
205         try
206         {
207 
208             KeyBundleFactory kbf = KeyBundleFactory.getInstance("OpenPGP");
209 
210             clientPublicKey = (PGPKeyBundle)kbf.generateEmptyKeyBundle();
211             clientPrivateKey = (PGPKeyBundle)kbf.generateEmptyKeyBundle();
212 
213         }
214         catch (NoSuchAlgorithmException nsae)
215         {
216             System.err.println("Cannot find the OpenPGP KeyBundleFactory. "
217                                + "This usually means that the Cryptix OpenPGP provider is not "
218                                + "installed correctly.");
219             nsae.printStackTrace();
220             System.exit(-1);
221         }
222         catch (KeyBundleException kbe)
223         {
224             System.err.println("Generating an empty KeyBundle failed.");
225             kbe.printStackTrace();
226             System.exit(-1);
227         }
228 
229         // **********************************************************************
230         // Now generate the signing key.
231         //
232         // We'll use a 1024 bit DSA key here. You can use other algorithms if
233         // you want, by using for example:
234         // kpg = KeyPairGenerator.getInstance("OpenPGP/Signing/RSA");
235         // kpg = KeyPairGenerator.getInstance("OpenPGP/Signing/ElGamal");
236         //
237         // (Note that ElGamal signature were not supported yet at the time of
238         // writing this example class.)
239         // **********************************************************************
240         KeyPairGenerator kpg = null;
241 
242         try
243         {
244 
245             kpg = KeyPairGenerator.getInstance("OpenPGP/Signing/RSA");
246 
247         }
248         catch (NoSuchAlgorithmException nsae)
249         {
250             System.err.println("Cannot find the OpenPGP KeyPairGenerator. "
251                                + "This usually means that the Cryptix OpenPGP provider is not "
252                                + "installed correctly.");
253             nsae.printStackTrace();
254             System.exit(-1);
255         }
256 
257         kpg.initialize(1024, sr);
258         KeyPair kp = kpg.generateKeyPair();
259 
260         PublicKey pubkey = kp.getPublic();
261         PrivateKey privkey = kp.getPrivate();
262 
263         // **********************************************************************
264         // Now build the primary userid for this key.
265         // **********************************************************************
266         Principal userid = null;
267 
268         try
269         {
270 
271             PrincipalBuilder princbuilder = PrincipalBuilder.getInstance("OpenPGP/UserID");
272 
273             userid = princbuilder.build("Mule client <mule_client@mule.com>");
274 
275         }
276         catch (NoSuchAlgorithmException nsae)
277         {
278             System.err.println("Cannot find the OpenPGP PrincipalBuilder. "
279                                + "This usually means that the Cryptix OpenPGP provider is not "
280                                + "installed correctly.");
281             nsae.printStackTrace();
282             System.exit(-1);
283         }
284         catch (PrincipalException pe)
285         {
286             System.err.println("Generating the user id failed.");
287             pe.printStackTrace();
288             System.exit(-1);
289         }
290 
291         // **********************************************************************
292         // We need to sign the generated user id with our key, which will
293         // bring us a so called 'certificate'.
294         //
295         // This btw is a self-signed certificate, you can also have certificates
296         // signed by other people. See the ReadAndSignKey example for that.
297         // **********************************************************************
298         Certificate cert = null;
299 
300         try
301         {
302 
303             CertificateBuilder certbuilder = CertificateBuilder.getInstance("OpenPGP/Self");
304 
305             cert = certbuilder.build(pubkey, userid, privkey, sr);
306 
307         }
308         catch (NoSuchAlgorithmException nsae)
309         {
310             System.err.println("Cannot find the OpenPGP CertificateBuilder. "
311                                + "This usually means that the Cryptix OpenPGP provider is not "
312                                + "installed correctly.");
313             nsae.printStackTrace();
314             System.exit(-1);
315         }
316         catch (CertificateException ce)
317         {
318             System.err.println("Generating the self certification sig failed.");
319             ce.printStackTrace();
320             System.exit(-1);
321         }
322 
323         // **********************************************************************
324         // Building up the keybundle is easy now. We only need to add the
325         // certificate, as this will automagically add the public key and the
326         // user id to the keybundle.
327         // **********************************************************************
328         try
329         {
330 
331             clientPublicKey.addCertificate(cert);
332             clientPrivateKey.addCertificate(cert);
333 
334         }
335         catch (KeyBundleException kbe)
336         {
337             System.err.println("Adding the self certificate to the keybundle failed.");
338             kbe.printStackTrace();
339             System.exit(-1);
340         }
341 
342         // **********************************************************************
343         // Of course we still need to add the private key to the private
344         // keybundle, while encrypting it with a passphrase.
345         // **********************************************************************
346         try
347         {
348 
349             clientPrivateKey.addPrivateKey(privkey, pubkey, "TestingPassphrase".toCharArray(), sr);
350 
351         }
352         catch (KeyBundleException kbe)
353         {
354             System.err.println("Adding the private key to the keybundle failed.");
355             kbe.printStackTrace();
356             System.exit(-1);
357         }
358 
359     }
360 
361     public static void writeKeyrings()
362     {
363         ExtendedKeyStore clientPubRing = null;
364         ExtendedKeyStore clientPrivRing = null;
365         ExtendedKeyStore serverPubRing = null;
366         ExtendedKeyStore serverPrivRing = null;
367 
368         try
369         {
370 
371             clientPubRing = (ExtendedKeyStore)ExtendedKeyStore.getInstance("OpenPGP/KeyRing");
372             clientPrivRing = (ExtendedKeyStore)ExtendedKeyStore.getInstance("OpenPGP/KeyRing");
373             serverPubRing = (ExtendedKeyStore)ExtendedKeyStore.getInstance("OpenPGP/KeyRing");
374             serverPrivRing = (ExtendedKeyStore)ExtendedKeyStore.getInstance("OpenPGP/KeyRing");
375 
376         }
377         catch (KeyStoreException kse)
378         {
379             System.err.println("KeyStoreException on creating a keyring. "
380                                + "This means that the KeyStore implementation could not be "
381                                + "found and that there is potentially a problem with the " + "provider");
382             kse.printStackTrace();
383             System.exit(-1);
384         }
385 
386         // **********************************************************************
387         // Before using them, KeyStore objects have to be initialized.
388         // Because we want to create empty keystores, we are going to
389         // initialize them with null arguments.
390         // Unfortunately we have to catch all sorts of exceptions that are
391         // impossible to happen.
392         // **********************************************************************
393 
394         try
395         {
396 
397             clientPubRing.load(null, null);
398             clientPrivRing.load(null, null);
399             serverPubRing.load(null, null);
400             serverPrivRing.load(null, null);
401 
402         }
403         catch (IOException ioe)
404         {
405             System.err.println("KeyStoreException on keyring init. "
406                                + "There should be no way for this exception to turn up.");
407             ioe.printStackTrace();
408             System.exit(-1);
409         }
410         catch (NoSuchAlgorithmException nsae)
411         {
412             System.err.println("NoSuchAlgorithmException on keyring init. "
413                                + "There should be no way for this exception to turn up.");
414             nsae.printStackTrace();
415             System.exit(-1);
416         }
417         catch (CertificateException ce)
418         {
419             System.err.println("CertificateException on keyring init. "
420                                + "There should be no way for this exception to turn up.");
421             ce.printStackTrace();
422             System.exit(-1);
423         }
424 
425         // **********************************************************************
426         // Filling up the keyrings is pretty easy now. Just add the right
427         // keybundles to the rings.
428         // **********************************************************************
429 
430         try
431         {
432 
433             clientPubRing.setKeyBundleEntry(clientPublicKey);
434             clientPubRing.setKeyBundleEntry(serverPublicKey);
435 
436             clientPrivRing.setKeyBundleEntry(clientPrivateKey);
437 
438             serverPubRing.setKeyBundleEntry(clientPublicKey);
439             serverPubRing.setKeyBundleEntry(serverPublicKey);
440 
441             serverPrivRing.setKeyBundleEntry(serverPrivateKey);
442 
443         }
444         catch (KeyStoreException kse)
445         {
446             System.err.println("KeyStoreException on adding a key.");
447             kse.printStackTrace();
448             System.exit(-1);
449         }
450 
451         // **********************************************************************
452         // Now we're going to write the keyring files.
453         // The second argument of the store method is a passphrase. Because
454         // PGP keyrings are stored unencrypted, a 'null' value has to be
455         // provided here.
456         // **********************************************************************
457         FileOutputStream out;
458 
459         try
460         {
461 
462             out = new FileOutputStream("clientPublic.gpg"); // pkr = public key
463             // ring
464             clientPubRing.store(out, null);
465             out.close();
466 
467             out = new FileOutputStream("clientPrivate.gpg"); // skr = secret
468             // key ring
469             clientPrivRing.store(out, null);
470             out.close();
471 
472             out = new FileOutputStream("serverPublic.gpg");
473             serverPubRing.store(out, null);
474             out.close();
475 
476             out = new FileOutputStream("serverPrivate.gpg");
477             serverPrivRing.store(out, null);
478             out.close();
479 
480         }
481         catch (IOException ioe)
482         {
483             System.err.println("IOException on writing a keyring.");
484             ioe.printStackTrace();
485             System.exit(-1);
486         }
487         catch (NoSuchAlgorithmException nsae)
488         {
489             System.err.println("NoSuchAlgorithmException on writing a keyring."
490                                + " Given that no encryption is used while writing the keystore, "
491                                + "this should not happen!");
492             nsae.printStackTrace();
493             System.exit(-1);
494         }
495         catch (CertificateException ce)
496         {
497             System.err.println("CertificateException on writing a keyring.");
498             ce.printStackTrace();
499             System.exit(-1);
500         }
501         catch (KeyStoreException kse)
502         {
503             System.err.println("KeyStoreException on writing a keyring.");
504             kse.printStackTrace();
505             System.exit(-1);
506         }
507 
508     }
509 
510     public static void main(String[] args)
511     {
512         java.security.Security.addProvider(new cryptix.jce.provider.CryptixCrypto());
513         java.security.Security.addProvider(new cryptix.openpgp.provider.CryptixOpenPGP());
514 
515         generateServerKey();
516         generateClientKey();
517 
518         writeKeyrings();
519     }
520 }