use of java.security.interfaces.RSAKey in project nhin-d by DirectProject.
the class ConfigServiceDNSStore method processCERTRecordRequest.
/**
* Processes all DNS CERT requests.
* @param name The record name. In many cases this a email address.
* @return Returns a set of record responses to the request.
* @throws DNSException
*/
@SuppressWarnings("unused")
protected RRset processCERTRecordRequest(String name) throws DNSException {
if (name.endsWith("."))
name = name.substring(0, name.length() - 1);
Certificate[] certs;
// use the certificate configuration service
try {
certs = proxy.getCertificatesForOwner(name, null);
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
}
if (certs == null || certs.length == 0) {
// unless the call above was for an org level cert, it will probably always fail because the
// "name" parameter has had all instances of "@" replaced with ".". The certificate service
// stores owners using "@".
// This is horrible, but try hitting the cert service replacing each "." with "@" one by one.
// Start at the beginning of the address because this is more than likely where the "@" character
// will be.
int previousIndex = 0;
int replaceIndex = 0;
while ((replaceIndex = name.indexOf(".", previousIndex)) > -1) {
char[] chars = name.toCharArray();
chars[replaceIndex] = '@';
try {
certs = proxy.getCertificatesForOwner(String.copyValueOf(chars), null);
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
}
if (certs != null && certs.length > 0)
break;
if (replaceIndex >= (name.length() - 1))
break;
previousIndex = replaceIndex + 1;
}
}
if (certs == null || certs.length == 0)
return null;
if (!name.endsWith("."))
name += ".";
RRset retVal = new RRset();
try {
for (Certificate cert : certs) {
int certRecordType = CERTRecord.PKIX;
byte[] retData = null;
X509Certificate xCert = null;
try {
// need to convert to cert container because this might be
// a certificate with wrapped private key data
final CertUtils.CertContainer cont = CertUtils.toCertContainer(cert.getData());
xCert = cont.getCert();
// check if this is a compliant certificate with the configured policy... if not, move on
if (!isCertCompliantWithPolicy(xCert))
continue;
retData = xCert.getEncoded();
} catch (CertificateConversionException e) {
// probably not a Certificate... might be a URL
}
if (xCert == null) {
// see if it's a URL
try {
retData = cert.getData();
URL url = new URL(new String(retData));
certRecordType = CERTRecord.URI;
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
}
}
int keyTag = 0;
int alg = 0;
if (xCert != null && xCert.getPublicKey() instanceof RSAKey) {
RSAKey key = (RSAKey) xCert.getPublicKey();
byte[] modulus = key.getModulus().toByteArray();
keyTag = (modulus[modulus.length - 2] << 8) & 0xFF00;
keyTag |= modulus[modulus.length - 1] & 0xFF;
alg = 5;
}
CERTRecord rec = new CERTRecord(Name.fromString(name), DClass.IN, 86400L, certRecordType, keyTag, alg, /*public key alg, RFC 4034*/
retData);
retVal.addRR(rec);
}
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
}
// resulting in an empty RR set
return (retVal.size() == 0) ? null : retVal;
}
use of java.security.interfaces.RSAKey in project jdk8u_jdk by JetBrains.
the class AccessKeyStore method displayEntry.
private static void displayEntry(KeyStore keyStore, String alias, int index) throws KeyStoreException, NoSuchAlgorithmException {
if (keyStore.isKeyEntry(alias)) {
System.out.println("[" + index + "]\n " + alias + " [key-entry]\n");
try {
Key key = keyStore.getKey(alias, null);
if (key instanceof RSAKey) {
System.out.println(" Key type: " + key.getAlgorithm() + " (" + ((RSAKey) key).getModulus().bitLength() + " bit)\n");
} else {
System.out.println(" Key type: " + key.getAlgorithm() + "\n");
}
} catch (UnrecoverableKeyException e) {
System.out.println(" Key type: Unknown\n");
}
Certificate[] chain = keyStore.getCertificateChain(alias);
if (chain != null) {
System.out.println(" Certificate chain: ");
for (int i = 0; i < chain.length; i++) {
System.out.println(" [" + (i + 1) + "]");
displayCert(chain[i], " ");
}
}
} else {
System.out.println("[" + index + "]\n " + alias + " [trusted-cert-entry]\n");
Certificate[] chain = keyStore.getCertificateChain(alias);
if (chain != null) {
System.out.println(" Certificate chain: ");
for (int i = 0; i < chain.length; i++) {
System.out.println(" [" + (i + 1) + "]");
displayCert(chain[i], " ");
}
}
}
System.out.println("-------------------------------------------------");
}
use of java.security.interfaces.RSAKey in project jdk8u_jdk by JetBrains.
the class KeySizeTest method sizeTest.
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
use of java.security.interfaces.RSAKey in project nhin-d by DirectProject.
the class DNSRecordUtils method createX509CERTRecord.
/**
* Creates a DNS CERT record containing an X509 public certificate.
* @param address The name or address corresponding to the certificate.
* @param ttl The time to live in seconds.
* @param cert The X509 public certificate to be stored with the name/address.
* @return A DNSRecord representing a CERT type record.
* @throws ConfigurationStoreException
*/
public static DNSRecord createX509CERTRecord(String address, long ttl, X509Certificate cert) throws ConfigurationStoreException {
if (!address.endsWith("."))
address = address + ".";
try {
int keyTag = 0;
if (cert.getPublicKey() instanceof RSAKey) {
RSAKey key = (RSAKey) cert.getPublicKey();
byte[] modulus = key.getModulus().toByteArray();
keyTag = (modulus[modulus.length - 2] << 8) & 0xFF00;
keyTag |= modulus[modulus.length - 1] & 0xFF;
}
CERTRecord rec = new CERTRecord(Name.fromString(address), DClass.IN, ttl, CERTRecord.PKIX, keyTag, 5, /*public key alg, RFC 4034*/
cert.getEncoded());
return DNSRecord.fromWire(rec.toWireCanonical());
} catch (Exception e) {
throw new ConfigurationStoreException("Failed to create DNS CERT record: " + e.getMessage(), e);
}
}
use of java.security.interfaces.RSAKey in project nhin-d by DirectProject.
the class SubjectPublicKeySizeField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
int retVal = 0;
this.certificate = value;
final PublicKey pubKey = this.certificate.getPublicKey();
if (pubKey instanceof RSAKey) {
retVal = ((RSAKey) pubKey).getModulus().bitLength();
} else if (pubKey instanceof DSAKey) {
retVal = ((DSAKey) pubKey).getParams().getP().bitLength();
} else {
// undertermined
retVal = 0;
}
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Aggregations