View Javadoc

1   package keygen;
2   
3   import com.atlassian.asap.core.SecurityProvider;
4   import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
5   
6   import java.io.File;
7   import java.io.FileWriter;
8   import java.io.IOException;
9   import java.security.KeyPair;
10  import java.security.KeyPairGenerator;
11  import java.security.Provider;
12  import java.security.SecureRandom;
13  import java.security.spec.ECGenParameterSpec;
14  
15  import static com.atlassian.asap.api.AlgorithmType.ECDSA;
16  import static com.atlassian.asap.api.AlgorithmType.RSA;
17  
18  /**
19   * A program that generates key pairs.
20   * Use RSA keys with the RSxxx and PSxxx family of JWT Algorithms.
21   * Use EC keys with the ESxxx family of algorithms.
22   */
23  public class KeyGen {
24      private static final File RSA_PRIVATE_KEY_PEM_FILE = new File("rsa-private-key.pem");
25      private static final File RSA_PUBLIC_KEY_PEM_FILE = new File("rsa-public-key.pem");
26      private static final File EC256_PRIVATE_KEY_PEM_FILE = new File("es256-private-key.pem");
27      private static final File EC256_PUBLIC_KEY_PEM_FILE = new File("es256-public-key.pem");
28      private static final File EC384_PRIVATE_KEY_PEM_FILE = new File("es384-private-key.pem");
29      private static final File EC384_PUBLIC_KEY_PEM_FILE = new File("es384-public-key.pem");
30      private static final File EC512_PRIVATE_KEY_PEM_FILE = new File("es512-private-key.pem");
31      private static final File EC512_PUBLIC_KEY_PEM_FILE = new File("es512-public-key.pem");
32  
33      private static final int KEY_SIZE = 2048;
34      private static final String EC_CURVE_256 = "P-256"; // the curve used with ES256, see JWA specification, sect 3.1
35      private static final String EC_CURVE_384 = "P-384"; // the curve used with ES384, see JWA specification, sect 3.1
36      private static final String EC_CURVE_512 = "P-521"; // the curve used with ES512, see JWA specification, sect 3.1
37  
38      public static void main(String[] args) throws Exception {
39          final Provider securityProvider = SecurityProvider.getProvider();
40  
41          // RSA key pair
42          KeyPairGenerator rsaGenerator = KeyPairGenerator.getInstance(RSA.algorithmName(), securityProvider);
43          rsaGenerator.initialize(KEY_SIZE);
44          KeyPair rsaKeyPair = rsaGenerator.generateKeyPair();
45          writePem(rsaKeyPair.getPrivate(), RSA_PRIVATE_KEY_PEM_FILE);
46          writePem(rsaKeyPair.getPublic(), RSA_PUBLIC_KEY_PEM_FILE);
47  
48          // EC key pair
49          ECGenParameterSpec ecGenSpec = new ECGenParameterSpec(EC_CURVE_256);
50          KeyPairGenerator ecGenerator = KeyPairGenerator.getInstance(ECDSA.algorithmName(), securityProvider);
51  
52          ecGenerator.initialize(ecGenSpec, new SecureRandom());
53          KeyPair es256KeyPair = ecGenerator.generateKeyPair();
54          writePem(es256KeyPair.getPrivate(), EC256_PRIVATE_KEY_PEM_FILE);
55          writePem(es256KeyPair.getPublic(), EC256_PUBLIC_KEY_PEM_FILE);
56  
57          ecGenerator.initialize(new ECGenParameterSpec(EC_CURVE_384), new SecureRandom());
58          KeyPair es384KeyPair = ecGenerator.generateKeyPair();
59          writePem(es384KeyPair.getPrivate(), EC384_PRIVATE_KEY_PEM_FILE);
60          writePem(es384KeyPair.getPublic(), EC384_PUBLIC_KEY_PEM_FILE);
61  
62          ecGenerator.initialize(new ECGenParameterSpec(EC_CURVE_512), new SecureRandom());
63          KeyPair es512KeyPair = ecGenerator.generateKeyPair();
64          writePem(es512KeyPair.getPrivate(), EC512_PRIVATE_KEY_PEM_FILE);
65          writePem(es512KeyPair.getPublic(), EC512_PUBLIC_KEY_PEM_FILE);
66  
67      }
68  
69      private static void writePem(Object keyObject, File file) throws IOException {
70          System.out.println("Writing " + file);
71          try (JcaPEMWriter ecPublicKeyWriter = new JcaPEMWriter(new FileWriter(file))) {
72              ecPublicKeyWriter.writeObject(keyObject);
73          }
74      }
75  }