From 7489cf6effece4e08ddc2bb2dc274278766472e5 Mon Sep 17 00:00:00 2001
From: nabyla <31042612+nabyla@users.noreply.github.com>
Date: Fri, 27 Oct 2017 10:46:29 +0100
Subject: [PATCH] PR Bouncycastle article (#2882)

* Add bouncycastle depedencies

* Add certificate and private key to resources folder

* add bouncycastle code sample

* Add bouncycastle test
---
 libraries/pom.xml                             |  15 +++
 .../bouncycastle/BouncyCastleCrypto.java      | 111 ++++++++++++++++++
 libraries/src/main/resources/Baeldung.cer     |  20 ++++
 libraries/src/main/resources/Baeldung.p12     | Bin 0 -> 2502 bytes
 .../bouncycastle/BouncyCastleLiveTest.java    |  53 +++++++++
 5 files changed, 199 insertions(+)
 create mode 100644 libraries/src/main/java/com/baeldung/bouncycastle/BouncyCastleCrypto.java
 create mode 100644 libraries/src/main/resources/Baeldung.cer
 create mode 100644 libraries/src/main/resources/Baeldung.p12
 create mode 100644 libraries/src/test/java/com/baeldung/bouncycastle/BouncyCastleLiveTest.java

diff --git a/libraries/pom.xml b/libraries/pom.xml
index b519b9cd53..409b4df08d 100644
--- a/libraries/pom.xml
+++ b/libraries/pom.xml
@@ -600,6 +600,21 @@
             <artifactId>caffeine</artifactId>
             <version>${caffeine.version}</version>
         </dependency>
+	<dependency>
+	    <groupId>org.bouncycastle</groupId>
+	    <artifactId>bcprov-jdk15on</artifactId>
+	    <version>1.58</version>
+	</dependency>
+	<dependency>
+	    <groupId>org.bouncycastle</groupId>
+	    <artifactId>bcprov-jdk15on</artifactId>
+	    <version>1.58</version>
+        </dependency>
+	<dependency>
+	    <groupId>org.bouncycastle</groupId>
+	    <artifactId>bcpkix-jdk15on</artifactId>
+	    <version>1.58</version>
+	</dependency>
     </dependencies>
     <repositories>
         <repository>
diff --git a/libraries/src/main/java/com/baeldung/bouncycastle/BouncyCastleCrypto.java b/libraries/src/main/java/com/baeldung/bouncycastle/BouncyCastleCrypto.java
new file mode 100644
index 0000000000..5d8a7a6643
--- /dev/null
+++ b/libraries/src/main/java/com/baeldung/bouncycastle/BouncyCastleCrypto.java
@@ -0,0 +1,111 @@
+package com.baeldung.bouncycastle;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaCertStore;
+import org.bouncycastle.cms.CMSAlgorithm;
+import org.bouncycastle.cms.CMSEnvelopedData;
+import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSSignedDataGenerator;
+import org.bouncycastle.cms.CMSTypedData;
+import org.bouncycastle.cms.KeyTransRecipientInformation;
+import org.bouncycastle.cms.RecipientInformation;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
+import org.bouncycastle.cms.jcajce.JceKeyTransRecipient;
+import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.OutputEncryptor;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.bouncycastle.util.Store;
+
+public class BouncyCastleCrypto {
+
+    public static byte[] signData(byte[] data, final X509Certificate signingCertificate, final PrivateKey signingKey)
+            throws CertificateEncodingException, OperatorCreationException, CMSException, IOException {
+        byte[] signedMessage = null;
+        List<X509Certificate> certList = new ArrayList<X509Certificate>();
+        CMSTypedData cmsData = new CMSProcessableByteArray(data);
+        certList.add(signingCertificate);
+        Store certs = new JcaCertStore(certList);
+        CMSSignedDataGenerator cmsGenerator = new CMSSignedDataGenerator();
+        ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA").build(signingKey);
+        cmsGenerator.addSignerInfoGenerator(
+                new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
+                        .build(contentSigner, signingCertificate));
+        cmsGenerator.addCertificates(certs);
+        CMSSignedData cms = cmsGenerator.generate(cmsData, true);
+        signedMessage = cms.getEncoded();
+        return signedMessage;
+    }
+
+    public static boolean verifSignData(final byte[] signedData)
+            throws CMSException, IOException, OperatorCreationException, CertificateException {
+        ByteArrayInputStream bIn = new ByteArrayInputStream(signedData);
+        ASN1InputStream aIn = new ASN1InputStream(bIn);
+        CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
+        aIn.close();
+        bIn.close();
+        Store certs = s.getCertificates();
+        SignerInformationStore signers = s.getSignerInfos();
+        Collection<SignerInformation> c = signers.getSigners();
+        SignerInformation signer = c.iterator().next();
+        Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());
+        Iterator<X509CertificateHolder> certIt = certCollection.iterator();
+        X509CertificateHolder certHolder = certIt.next();
+        boolean verifResult = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));
+        if (!verifResult) {
+            return false;
+        }
+        return true;
+    }
+
+    public static byte[] encryptData(final byte[] data, X509Certificate encryptionCertificate)
+            throws CertificateEncodingException, CMSException, IOException {
+        byte[] encryptedData = null;
+        if (null != data && null != encryptionCertificate) {
+            CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
+            JceKeyTransRecipientInfoGenerator jceKey = new JceKeyTransRecipientInfoGenerator(encryptionCertificate);
+            cmsEnvelopedDataGenerator.addRecipientInfoGenerator(jceKey);
+            CMSTypedData msg = new CMSProcessableByteArray(data);
+            OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider("BC")
+                    .build();
+            CMSEnvelopedData cmsEnvelopedData = cmsEnvelopedDataGenerator.generate(msg, encryptor);
+            encryptedData = cmsEnvelopedData.getEncoded();
+        }
+        return encryptedData;
+    }
+
+    public static byte[] decryptData(final byte[] encryptedData, final PrivateKey decryptionKey) throws CMSException {
+        byte[] decryptedData = null;
+        if (null != encryptedData && null != decryptionKey) {
+            CMSEnvelopedData envelopedData = new CMSEnvelopedData(encryptedData);
+            Collection<RecipientInformation> recip = envelopedData.getRecipientInfos().getRecipients();
+            KeyTransRecipientInformation recipientInfo = (KeyTransRecipientInformation) recip.iterator().next();
+            JceKeyTransRecipient recipient = new JceKeyTransEnvelopedRecipient(decryptionKey);
+            decryptedData = recipientInfo.getContent(recipient);
+        }
+        return decryptedData;
+    }
+}
diff --git a/libraries/src/main/resources/Baeldung.cer b/libraries/src/main/resources/Baeldung.cer
new file mode 100644
index 0000000000..72d0918424
--- /dev/null
+++ b/libraries/src/main/resources/Baeldung.cer
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiagAwIBAgIJAPvd1gx14C3CMA0GCSqGSIb3DQEBBQUAMEcxCzAJBgNV
+BAYTAk1BMRAwDgYDVQQIEwdNb3JvY2NvMRMwEQYDVQQHEwpDYXNhYmxhbmNhMREw
+DwYDVQQDEwhCYWVsZHVuZzAeFw0xNzEwMTIxMDQzMTRaFw0yNzEwMTMxMDQzMTRa
+MEcxCzAJBgNVBAYTAk1BMRAwDgYDVQQIEwdNb3JvY2NvMRMwEQYDVQQHEwpDYXNh
+YmxhbmNhMREwDwYDVQQDEwhCYWVsZHVuZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMyi5GmOeN4QaH/CP5gSOyHX8znb5TDHWV8wc+ZT7kNU8zt5tGMh
+jozK6hax155/6tOsBDR0rSYBhL+Dm/+uCVS7qOlRHhf6cNGtzGF1gnNJB2WjI8oM
+AYm24xpLj1WphKUwKrn3nTMPnQup5OoNAMYl99flANrRYVjjxrLQvDZDUio6Iujr
+CZ2TtXGM0g/gP++28KT7g1KlUui3xtB0u33wx7UN8Fix3JmjOaPHGwxGpwP3VGSj
+fs8cuhqVwRQaZpCOoHU/P8wpXKw80sSdhz+SRueMPtVYqK0CiLL5/O0h0Y3le4IV
+whgg3KG1iTGOWn60UMFn1EYmQ18k5Nsma6UCAwEAAaMtMCswCQYDVR0TBAIwADAR
+BglghkgBhvhCAQEEBAMCBPAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4IB
+AQC8DDBmJ3p4xytxBiE0s4p1715WT6Dm/QJHp0XC0hkSoyZKDh+XVmrzm+J3SiW1
+vpswb5hLgPo040YX9jnDmgOD+TpleTuKHxZRYj92UYWmdjkWLVtFMcvOh+gxBiAP
+pHIqZsqo8lfcyAuh8Jx834IXbknfCUtERDLG/rU9P/3XJhrM2GC5qPQznrW4EYhU
+CGPyIJXmvATMVvXMWCtfogAL+n42vjYXQXZoAWomHhLHoNbSJUErnNdWDOh4WoJt
+XJCxA6U5LSBplqb3wB2hUTqw+0admKltvmy+KA1PD7OxoGiY7V544zeGqJam1qxU
+ia7y5BL6uOa/4ShSV8pcJDYz
+-----END CERTIFICATE-----
diff --git a/libraries/src/main/resources/Baeldung.p12 b/libraries/src/main/resources/Baeldung.p12
new file mode 100644
index 0000000000000000000000000000000000000000..65ec8bc8fec33120b2c11276883dde5dad7a3ea6
GIT binary patch
literal 2502
zcmY+Ec{CJ^8pg-W7-KiSAxm~&AvE}qeF<ZiEyP4)%aW}!(I8{bzK$hh36aQ7pX@OV
zDI#P~Lt`B~Ww~|Ez4yEKkLSGSJkNWc|DGQLN8b&k0U>bou@HKRX#MCzW*R!0LL7Y%
z7)Sr`m+g<hf$9E<AcZ*45dsI=1JVF~osEAI8pK5i!@nDtXdnm{Ftq3R`&uxvH3kTT
z0-oSNoq`&}g}f`*O`H}Rh5-C>30_7yeFjs-&~fCI+{-yx;|%9MeT2(tgQ10!G4XA2
zkG>wSErwX=^nQsIu&jb*uF4fhJf{o`c{-h8IOQJ-3P1FiZ<rm;YaH<O+>j0wRF6K9
z8mc&Zv?tvBj9P!Y^4uoj2G=6#18%wBeI!8jBRU|{P+P>0Aj=k375X=>QV+%oS<OTR
zz2e)j%Ga)Ln4$8c`QyXv>!bk}+lJ+=1;z2pF||>sP$r3B<!g@o%@3~m@=c^O>rd~;
zK)4%I2x>Ka+<;kKSK~)>L|uxGz&8_NxTGL2SC%Ui58tY=@-RCRhmrcaiO=Kg3VLao
zL4POxN4d@n*d5|D3|P>OiNs!L2y3}V91S9g=+MPm2z2B)8SfIlps2SxADFc?et7bp
zX$NVVRh<~4WzxjUvYD%W)wYw9O8Brp^L0RcbZ~X#<mefKsG7c=Kkqz+Iya`6>P4;$
zj@d^cTmNv5A?VBUvx?k4kPIs2@lgJ*dzk-y`e;r~_tMcguyihj(WZx;W7st6eU1^p
zA%3;BP+|V=UsgnMa<u@qI&*-0veLY-D9d!g+I+vTPNYL^j?m3f?&)bB+>P2xR9<LS
z6w%a#FxT8g?enU+?Pk6-H9yN;<}#`P%BhZVGxV1o7Q56@sDep*<hQ&2I?m|zJI2cK
z^dqG98rt~5cDfYhL9+ZEU#v<#nr#Q<&~7!m6h}SsxKteu8hQQE9qjxxTeg#$2wE+&
z_@<Z)D+sVwhKshPYmX~t94p^1C3m4QUcdy0TIA$vOuKDSBMcN~=9(Ss5XZZir+IOp
zC6RIZVR4IN3necduZ3_&SIH}2&~R4??_H5MD9UT&XOHz7;1e|&%=1Y*8tYp?ul6Lx
zsl2ydMzYy!)SRvAA2y7#>K<luvm8#R{R1H}Ub!4&sa<6GD%p1sD}pUAH~a3Zs+Wn8
z7`XR<YnOxM=(@z;-GzfUec#F}nO;^GIr{pE4<$(C6S^TUCR{JPTh$~QZzOLcndZ+Q
z?NZqY^am=w6R34v4cwY7BRbUb`wT+`d;JczzFlbYOh|ewQ9Z2M;?cgQwRs?x#@ULM
zeF0qe3z$-U47qsX33C=9T=P31CbP{yFtJE^rXyCZ73vdOkCxIjpRd}QishmlWG{*e
zup`1#v*|5Dt`5~JNxm)0=knNY+8(<9ROhqWqS%B(@;cN~mW}4FcT<T@S?ZOv#-NRF
zeC_H7vDi5syt=noMP{EZYpLsVvP>?kLwyMXM~nWS!589aEx|ZivtPE+FCig}|Cv7n
z4X_Xg-u#7*)&HXc=r<L@@XH1YIWGFYsQ|`-`^6=ew34>v2DY6l{514xv{C2smp+M*
z0HVF+G4qecX9^nOQ_20k2BM02$9dQ593Rq`jJUz%jT<!FyUo9_ZMC`Ebnd%^xA-Zb
zmfkU9KaWzR69M_2*Iwt|V+Siu@ueCbn_(juII>p%B$M|BdRc91;W`+2m}mmXL+cwS
z-&0lg5an|f6il`kXk#vPZhK2Z{$$;;@;0;b_10a*B5Rf5vKBR^@uJW`WS*}TZ=JLU
zrj7F9)-nOh*HW4C!Otz_FqYnEa!4nC@x0Wy?`_DN=c%fjkhTs@U^UB&)l0w$4n{K*
zxd<xFaK5dhu+c)HwlvL|`zSk5^v!lh^3BP!rkGphP*^~LtdF!$C^;Gi9)T`3@=MKt
zvM^3B-kgz)@W?ZkO}sGb_Mf7gx7XrKaFAun$NMv3E+%&+7<nz%H3|LWwte^i5PwvB
zrC8de-yq@fD0?*fFrMk2kpCPr+A9hAv;X<(d$9{%UO%s?{ODiovk5xsK-aTXD5!S+
zRZ$ltXFX&ERV=|5FW7g~(qd;hnlQlh68p>;D}W@$I_F{l@h(sB)s*Iz+sw{FOEa8&
z#EfydGU+EgJ3m#S4b&`TTCBfC)eJ1M>U(%yKc+7F3lI-0X##xff#=dtmj;cWs@*(1
zZXS(tbGXP@?braN#P>=GxwN^xFqQBRSvZbJniMWr*lo`MXc=JWLQ&?yr)-$(Q$h^t
zmmrKH?`t%wDk~pX1aJ^CbU%HXCAh@rR6?f`m^|7yVOF)+`(Y=4B-tto(B<>E=#QYq
z&@RDn^M$lUwdx-1I4h;lvzUX6)HqThjqi4SlgM#nYG;nAtd-nO%TPn)KA9c{jep;9
z<JN8)aTt6Wjw#T0g4y-B;mpZ&PoqGB$A)ncFCM(>v79sQ{V`P{aJuEBb+8(|yi8}R
z6hXIAFE*35l(toZR?k^d;kDRbp0Bi3D0P+;?`sW)yZdU2IS(8r-PlbgD6J2GLhODl
zx^Ea<V9*P*-s!rA88y!syEDo1ruN52r8p9bMYY!`@D=91R1+whJ#fCeBTtEVqRLIK
zHiqQ^RP5w_R_z;94mH#9VM3bl;`V1-2T^K3?9gN5{^&Yvlg!b6b5Zz8ZFy|z{J_hb
zT|QFLCW`AkSc+E)y|vrt(p&cTeAkji8t2k9PWM71hQgF!lgFwk#r>$kiSoZQ1qd#$
zrw<*y{e#y|n++B0#ujM&wp!KoH<8<j^v!w+sp&HJ0jPtHsIj5xrI91M*9!eLtdlAm
zPf`z*cW4<lzI&XiWC<(?CL3s^rS2OQ!Q}WKXHslWZ9FtmBDsemUSLD<DcSFa2wSA}
zj;{1kZslm7doJ5JS9_-*BbvnGtZAmHVj_Y_3NPhk@e4#22=Q)p2TrkX==RVWzJ8S+
zERGC$;ub_wnEtdpW_L4^v#+~$vDINTz>hT7JB{RiW`47kpL%2BP;hRkV5E^;HN+5b
za*HI=nMx7`*nucDb(iCuuCi`KplQ=xzr^Ya{l%oz=!5s?{M_rv@Zq3;FGnmok06!C
z!iZ>7b}M(R4R=#t|6J8<y~)UScTDJcPS5d2FBd8huFr2_Xp{UZi@Fjy{8_;==SD(W
zH4q}BhY<KL9qHjR?EGv1ZNMFXE5IAz0(c1U0k|VX{(0b#;RM6Ypx)A4D=vS|JSd6o
z3tJ<3aq2lEWDr6KdI;?m77&n!7667H8zqOy@L2i!`11*v)xIS5F;5V{PzT3oAMJJd
IXTLG}FUG~4GXMYp

literal 0
HcmV?d00001

diff --git a/libraries/src/test/java/com/baeldung/bouncycastle/BouncyCastleLiveTest.java b/libraries/src/test/java/com/baeldung/bouncycastle/BouncyCastleLiveTest.java
new file mode 100644
index 0000000000..3965eeecd4
--- /dev/null
+++ b/libraries/src/test/java/com/baeldung/bouncycastle/BouncyCastleLiveTest.java
@@ -0,0 +1,53 @@
+package com.baeldung.bouncycastle;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.junit.Test;
+
+public class BouncyCastleLiveTest {
+
+    String certificatePath = "src/main/resources/Baeldung.cer";
+    String privateKeyPath = "src/main/resources/Baeldung.p12";
+    char[] p12Password = "password".toCharArray();
+    char[] keyPassword = "password".toCharArray();
+
+    @Test
+    public void givenCryptographicResource_whenOperationSuccess_returnTrue()
+            throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, IOException,
+            KeyStoreException, UnrecoverableKeyException, CMSException, OperatorCreationException {
+        Security.addProvider(new BouncyCastleProvider());
+
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BC");
+        X509Certificate certificate = (X509Certificate) certFactory
+                .generateCertificate(new FileInputStream(certificatePath));
+        KeyStore keystore = KeyStore.getInstance("PKCS12");
+        keystore.load(new FileInputStream(privateKeyPath), p12Password);
+        PrivateKey privateKey = (PrivateKey) keystore.getKey("baeldung", keyPassword);
+        String secretMessage = "My password is 123456Seven";
+        System.out.println("Original Message : " + secretMessage);
+        byte[] stringToEncrypt = secretMessage.getBytes();
+        byte[] encryptedData = BouncyCastleCrypto.encryptData(stringToEncrypt, certificate);
+        byte[] rawData = BouncyCastleCrypto.decryptData(encryptedData, privateKey);
+        String decryptedMessage = new String(rawData);
+        assertTrue(decryptedMessage.equals(secretMessage));
+        byte[] signedData = BouncyCastleCrypto.signData(rawData, certificate, privateKey);
+        Boolean check = BouncyCastleCrypto.verifSignData(signedData);
+        assertTrue(check);
+    }
+}