Example 21 with RSAKey
use of java.security.interfaces.RSAKey in project nhin-d by DirectProject.
the class ConfigServiceDNSStore method processCERTRecordRequest.
/**
* Processes all DNS CERT requests.
* @param name The record name. In many cases this a email address.
* @return Returns a set of record responses to the request.
* @throws DNSException
*/
@SuppressWarnings("unused")
protected RRset processCERTRecordRequest(String name) throws DNSException {
if (name.endsWith("."))
name = name.substring(0, name.length() - 1);
Certificate[] certs;
// use the certificate configuration service
try {
certs = proxy.getCertificatesForOwner(name, null);
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
}
if (certs == null || certs.length == 0) {
// unless the call above was for an org level cert, it will probably always fail because the
// "name" parameter has had all instances of "@" replaced with ".". The certificate service
// stores owners using "@".
// This is horrible, but try hitting the cert service replacing each "." with "@" one by one.
// Start at the beginning of the address because this is more than likely where the "@" character
// will be.
int previousIndex = 0;
int replaceIndex = 0;
while ((replaceIndex = name.indexOf(".", previousIndex)) > -1) {
char[] chars = name.toCharArray();
chars[replaceIndex] = '@';
try {
certs = proxy.getCertificatesForOwner(String.copyValueOf(chars), null);
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
}
if (certs != null && certs.length > 0)
break;
if (replaceIndex >= (name.length() - 1))
break;
previousIndex = replaceIndex + 1;
}
}
if (certs == null || certs.length == 0)
return null;
if (!name.endsWith("."))
name += ".";
RRset retVal = new RRset();
try {
for (Certificate cert : certs) {
int certRecordType = CERTRecord.PKIX;
byte[] retData = null;
X509Certificate xCert = null;
try {
// need to convert to cert container because this might be
// a certificate with wrapped private key data
final CertUtils.CertContainer cont = CertUtils.toCertContainer(cert.getData());
xCert = cont.getCert();
// check if this is a compliant certificate with the configured policy... if not, move on
if (!isCertCompliantWithPolicy(xCert))
continue;
retData = xCert.getEncoded();
} catch (CertificateConversionException e) {
// probably not a Certificate... might be a URL
}
if (xCert == null) {
// see if it's a URL
try {
retData = cert.getData();
URL url = new URL(new String(retData));
certRecordType = CERTRecord.URI;
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
}
}
int keyTag = 0;
int alg = 0;
if (xCert != null && xCert.getPublicKey() instanceof RSAKey) {
RSAKey key = (RSAKey) xCert.getPublicKey();
byte[] modulus = key.getModulus().toByteArray();
keyTag = (modulus[modulus.length - 2] << 8) & 0xFF00;
keyTag |= modulus[modulus.length - 1] & 0xFF;
alg = 5;
}
CERTRecord rec = new CERTRecord(Name.fromString(name), DClass.IN, 86400L, certRecordType, keyTag, alg, /*public key alg, RFC 4034*/
retData);
retVal.addRR(rec);
}
} catch (Exception e) {
throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
}
// resulting in an empty RR set
return (retVal.size() == 0) ? null : retVal;
}
Also used :
RSAKey(java.security.interfaces.RSAKey)
RRset(org.xbill.DNS.RRset)
CertificateConversionException(org.nhindirect.config.model.exceptions.CertificateConversionException)
CertificateConversionException(org.nhindirect.config.model.exceptions.CertificateConversionException)
X509Certificate(java.security.cert.X509Certificate)
URL(java.net.URL)
ConfigServiceURL(org.nhindirect.dns.annotation.ConfigServiceURL)
CertUtils(org.nhindirect.config.model.utils.CertUtils)
CERTRecord(org.xbill.DNS.CERTRecord)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.nhind.config.Certificate)
Example 22 with RSAKey
use of java.security.interfaces.RSAKey in project jdk8u_jdk by JetBrains.
the class AccessKeyStore method displayEntry.
private static void displayEntry(KeyStore keyStore, String alias, int index) throws KeyStoreException, NoSuchAlgorithmException {
if (keyStore.isKeyEntry(alias)) {
System.out.println("[" + index + "]\n " + alias + " [key-entry]\n");
try {
Key key = keyStore.getKey(alias, null);
if (key instanceof RSAKey) {
System.out.println(" Key type: " + key.getAlgorithm() + " (" + ((RSAKey) key).getModulus().bitLength() + " bit)\n");
} else {
System.out.println(" Key type: " + key.getAlgorithm() + "\n");
}
} catch (UnrecoverableKeyException e) {
System.out.println(" Key type: Unknown\n");
}
Certificate[] chain = keyStore.getCertificateChain(alias);
if (chain != null) {
System.out.println(" Certificate chain: ");
for (int i = 0; i < chain.length; i++) {
System.out.println(" [" + (i + 1) + "]");
displayCert(chain[i], " ");
}
}
} else {
System.out.println("[" + index + "]\n " + alias + " [trusted-cert-entry]\n");
Certificate[] chain = keyStore.getCertificateChain(alias);
if (chain != null) {
System.out.println(" Certificate chain: ");
for (int i = 0; i < chain.length; i++) {
System.out.println(" [" + (i + 1) + "]");
displayCert(chain[i], " ");
}
}
}
System.out.println("-------------------------------------------------");
}
Also used :
RSAKey(java.security.interfaces.RSAKey)
RSAKey(java.security.interfaces.RSAKey)
Certificate(java.security.cert.Certificate)
Example 23 with RSAKey
use of java.security.interfaces.RSAKey in project jdk8u_jdk by JetBrains.
the class KeySizeTest method sizeTest.
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
Also used :
RSAKey(java.security.interfaces.RSAKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Example 24 with RSAKey
use of java.security.interfaces.RSAKey in project nhin-d by DirectProject.
the class DNSRecordUtils method createX509CERTRecord.
/**
* Creates a DNS CERT record containing an X509 public certificate.
* @param address The name or address corresponding to the certificate.
* @param ttl The time to live in seconds.
* @param cert The X509 public certificate to be stored with the name/address.
* @return A DNSRecord representing a CERT type record.
* @throws ConfigurationStoreException
*/
public static DNSRecord createX509CERTRecord(String address, long ttl, X509Certificate cert) throws ConfigurationStoreException {
if (!address.endsWith("."))
address = address + ".";
try {
int keyTag = 0;
if (cert.getPublicKey() instanceof RSAKey) {
RSAKey key = (RSAKey) cert.getPublicKey();
byte[] modulus = key.getModulus().toByteArray();
keyTag = (modulus[modulus.length - 2] << 8) & 0xFF00;
keyTag |= modulus[modulus.length - 1] & 0xFF;
}
CERTRecord rec = new CERTRecord(Name.fromString(address), DClass.IN, ttl, CERTRecord.PKIX, keyTag, 5, /*public key alg, RFC 4034*/
cert.getEncoded());
return DNSRecord.fromWire(rec.toWireCanonical());
} catch (Exception e) {
throw new ConfigurationStoreException("Failed to create DNS CERT record: " + e.getMessage(), e);
}
}
Also used :
RSAKey(java.security.interfaces.RSAKey)
CERTRecord(org.xbill.DNS.CERTRecord)
ConfigurationStoreException(org.nhindirect.config.store.ConfigurationStoreException)
IOException(java.io.IOException)
ConfigurationStoreException(org.nhindirect.config.store.ConfigurationStoreException)
Example 25 with RSAKey
use of java.security.interfaces.RSAKey in project nhin-d by DirectProject.
the class SubjectPublicKeySizeField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
int retVal = 0;
this.certificate = value;
final PublicKey pubKey = this.certificate.getPublicKey();
if (pubKey instanceof RSAKey) {
retVal = ((RSAKey) pubKey).getModulus().bitLength();
} else if (pubKey instanceof DSAKey) {
retVal = ((DSAKey) pubKey).getParams().getP().bitLength();
} else {
// undertermined
retVal = 0;
}
this.policyValue = PolicyValueFactory.getInstance(retVal);
}Aggregations
RSAKey (java.security.interfaces.RSAKey)30
PublicKey (java.security.PublicKey)17
ECKey (java.security.interfaces.ECKey)17
PrivateKey (java.security.PrivateKey)15
KeyFactory (java.security.KeyFactory)14
SecretKey (javax.crypto.SecretKey)11
Key (java.security.Key)10
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)10
RSAPublicKey (java.security.interfaces.RSAPublicKey)8
X509Certificate (java.security.cert.X509Certificate)7
Certificate (java.security.cert.Certificate)6
ExportResult (android.security.keymaster.ExportResult)5
ByteArrayInputStream (java.io.ByteArrayInputStream)5
CertificateFactory (java.security.cert.CertificateFactory)5
ECPublicKey (java.security.interfaces.ECPublicKey)5
RSAKeyGenParameterSpec (java.security.spec.RSAKeyGenParameterSpec)5
IOException (java.io.IOException)4
BigInteger (java.math.BigInteger)4
CERTRecord (org.xbill.DNS.CERTRecord)4
DSAKey (java.security.interfaces.DSAKey)3
