Skip to content

Replace sun.security.pkc packages in JarSigner #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
codeanticode opened this issue Jan 3, 2021 · 3 comments
Closed

Replace sun.security.pkc packages in JarSigner #627

codeanticode opened this issue Jan 3, 2021 · 3 comments
Labels
enhancement mode

Comments

@codeanticode
Copy link
Contributor

codeanticode commented Jan 3, 2021
edited
Loading

These create trouble building the library using Java 11 and targeting Java 8. A possible replacement is the Bouncy Castle libraries, used by APDE for example:

import org.spongycastle.asn1.x509.X509Name;
import org.spongycastle.jce.X509Principal;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.x509.X509V3CertificateGenerator;

...
  protected void writeKey(File keystoreFile, char[] keystorePassword, String alias, char[] password, int validity, String name, String orgUnit, String org, String city, String state, String country) {
  try {
    Security.addProvider(new BouncyCastleProvider());
			
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
    keyGen.initialize(1024, random);
    KeyPair pair = keyGen.generateKeyPair();
			
    X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();			
    X509Principal principal = new X509Principal("CN=" + formatDN(name) + ", OU=" + formatDN(orgUnit) + ", O=" + formatDN(org) + ", L=" + formatDN(city) + ", ST=" + formatDN(state) + ", C=" + formatDN(country));
			
    int serial = new SecureRandom().nextInt();
			
    v3CertGen.setSerialNumber(BigInteger.valueOf(serial < 0 ? -1 * serial : serial));
    v3CertGen.setIssuerDN(principal);
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * validity))); //TODO Doesn't take leap days / years into account...
    v3CertGen.setSubjectDN(principal);
    v3CertGen.setPublicKey(pair.getPublic());
    v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
			
    X509Certificate pkCertificate = v3CertGen.generateX509Certificate(pair.getPrivate());
			
    keystore.setKeyEntry(alias, pair.getPrivate(), password, new Certificate[] {pkCertificate});
			
    //Write the new key to the keystore
    writeKeystore(keystoreFile, keystorePassword);
			
    //Reload the keystore so that the new key will appear
    loadAliases((ArrayList<String>) loadKeystore(keystoreFile, keystorePassword).extra());
  } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
  } catch (KeyStoreException e) {
    e.printStackTrace();
  } catch (InvalidKeyException e) {
    e.printStackTrace();
  } catch (SecurityException e) {
    e.printStackTrace();
  } catch (SignatureException e) {
    e.printStackTrace();
    }
  }
@codeanticode codeanticode mentioned this issue Jan 3, 2021
Open
@kartikeysaran
Copy link

Can i work on this issue

@ranaaditya
Copy link
Member

ranaaditya commented Mar 29, 2021
edited
Loading

Can i work on this issue

Hi @kartikeysaran its great that you are interested in this project !

Yes you can start the working on this issue.

Please have a look on #625 , Andres have explained here what all errors he got while doing this.

@rupeshkumar22 rupeshkumar22 mentioned this issue Apr 4, 2021
Closed
@codeanticode
Copy link
Contributor Author

No longer relevant as we do package signing through gradle

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement mode
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codeanticode @ranaaditya @kartikeysaran