Examples with EncryptedObjectStoreData com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData used on opensource projects

Search in sources :

Example 1 with EncryptedObjectStoreData

use of com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineLoad.

public void engineLoad(InputStream inputStream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
    // reset any current values
    entries.clear();
    privateKeyCache.clear();
    lastModifiedDate = creationDate = null;
    hmacAlgorithm = null;
    if (inputStream == null) {
        // initialise defaults
        lastModifiedDate = creationDate = new Date();
        verificationKey = null;
        validator = null;
        // basic initialisation
        hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
        hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, 512 / 8);
        return;
    }
    ASN1InputStream aIn = new ASN1InputStream(inputStream);
    ObjectStore store;
    try {
        store = ObjectStore.getInstance(aIn.readObject());
    } catch (Exception e) {
        throw new IOException(e.getMessage());
    }
    ObjectStoreIntegrityCheck integrityCheck = store.getIntegrityCheck();
    AlgorithmIdentifier integrityAlg;
    if (integrityCheck.getType() == ObjectStoreIntegrityCheck.PBKD_MAC_CHECK) {
        PbkdMacIntegrityCheck pbkdMacIntegrityCheck = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
        hmacAlgorithm = pbkdMacIntegrityCheck.getMacAlgorithm();
        hmacPkbdAlgorithm = pbkdMacIntegrityCheck.getPbkdAlgorithm();
        integrityAlg = hmacAlgorithm;
        try {
            verifyMac(store.getStoreData().toASN1Primitive().getEncoded(), pbkdMacIntegrityCheck, password);
        } catch (NoSuchProviderException e) {
            throw new IOException(e.getMessage());
        }
    } else if (integrityCheck.getType() == ObjectStoreIntegrityCheck.SIG_CHECK) {
        SignatureCheck sigCheck = SignatureCheck.getInstance(integrityCheck.getIntegrityCheck());
        integrityAlg = sigCheck.getSignatureAlgorithm();
        try {
            com.github.zhenwei.core.asn1.x509.Certificate[] certificates = sigCheck.getCertificates();
            if (validator != null) {
                if (certificates == null) {
                    throw new IOException("validator specified but no certifcates in store");
                }
                CertificateFactory certFact = helper.createCertificateFactory("X.509");
                X509Certificate[] certs = new X509Certificate[certificates.length];
                for (int i = 0; i != certs.length; i++) {
                    certs[i] = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(certificates[i].getEncoded()));
                }
                if (validator.isValid(certs)) {
                    verifySig(store.getStoreData(), sigCheck, certs[0].getPublicKey());
                } else {
                    throw new IOException("certificate chain in key store signature not valid");
                }
            } else {
                verifySig(store.getStoreData(), sigCheck, verificationKey);
            }
        } catch (GeneralSecurityException e) {
            throw new IOException("error verifying signature: " + e.getMessage(), e);
        }
    } else {
        throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
    }
    ASN1Encodable sData = store.getStoreData();
    ObjectStoreData storeData;
    if (sData instanceof EncryptedObjectStoreData) {
        EncryptedObjectStoreData encryptedStoreData = (EncryptedObjectStoreData) sData;
        AlgorithmIdentifier protectAlgId = encryptedStoreData.getEncryptionAlgorithm();
        storeData = ObjectStoreData.getInstance(decryptData("STORE_ENCRYPTION", protectAlgId, password, encryptedStoreData.getEncryptedContent().getOctets()));
    } else {
        storeData = ObjectStoreData.getInstance(sData);
    }
    try {
        creationDate = storeData.getCreationDate().getDate();
        lastModifiedDate = storeData.getLastModifiedDate().getDate();
    } catch (ParseException e) {
        throw new IOException("BCFKS KeyStore unable to parse store data information.");
    }
    if (!storeData.getIntegrityAlgorithm().equals(integrityAlg)) {
        throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
    }
    for (Iterator it = storeData.getObjectDataSequence().iterator(); it.hasNext(); ) {
        ObjectData objData = ObjectData.getInstance(it.next());
        entries.put(objData.getIdentifier(), objData);
    }
}
Also used : PbkdMacIntegrityCheck(com.github.zhenwei.core.asn1.bc.PbkdMacIntegrityCheck) ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream) ObjectStore(com.github.zhenwei.core.asn1.bc.ObjectStore) GeneralSecurityException(java.security.GeneralSecurityException) ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) IOException(java.io.IOException) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) CertificateFactory(java.security.cert.CertificateFactory) Date(java.util.Date) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ParseException(java.text.ParseException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SignatureCheck(com.github.zhenwei.core.asn1.bc.SignatureCheck) ByteArrayInputStream(java.io.ByteArrayInputStream) Iterator(java.util.Iterator) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) ParseException(java.text.ParseException) NoSuchProviderException(java.security.NoSuchProviderException) ObjectStoreData(com.github.zhenwei.core.asn1.bc.ObjectStoreData) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) ObjectStoreIntegrityCheck(com.github.zhenwei.core.asn1.bc.ObjectStoreIntegrityCheck)

Example 2 with EncryptedObjectStoreData

use of com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineStore.

public void engineStore(OutputStream outputStream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
    if (creationDate == null) {
        throw new IOException("KeyStore not initialized");
    }
    EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(hmacAlgorithm, password);
    // update the salt
    if (MiscObjectIdentifiers.id_scrypt.equals(hmacPkbdAlgorithm.getAlgorithm())) {
        ScryptParams sParams = ScryptParams.getInstance(hmacPkbdAlgorithm.getParameters());
        hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, sParams.getKeyLength().intValue());
    } else {
        PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(hmacPkbdAlgorithm.getParameters());
        hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, pbkdf2Params.getKeyLength().intValue());
    }
    byte[] mac;
    try {
        mac = calculateMac(encStoreData.getEncoded(), hmacAlgorithm, hmacPkbdAlgorithm, password);
    } catch (NoSuchProviderException e) {
        throw new IOException("cannot calculate mac: " + e.getMessage());
    }
    ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(hmacAlgorithm, hmacPkbdAlgorithm, mac)));
    outputStream.write(store.getEncoded());
    outputStream.flush();
}
Also used : PbkdMacIntegrityCheck(com.github.zhenwei.core.asn1.bc.PbkdMacIntegrityCheck) ObjectStore(com.github.zhenwei.core.asn1.bc.ObjectStore) PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params) IOException(java.io.IOException) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) NoSuchProviderException(java.security.NoSuchProviderException) ScryptParams(com.github.zhenwei.core.asn1.misc.ScryptParams) ObjectStoreIntegrityCheck(com.github.zhenwei.core.asn1.bc.ObjectStoreIntegrityCheck)

Example 3 with EncryptedObjectStoreData

use of com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method getEncryptedObjectStoreData.

private EncryptedObjectStoreData getEncryptedObjectStoreData(AlgorithmIdentifier integrityAlgorithm, char[] password) throws IOException, NoSuchAlgorithmException {
    ObjectData[] dataArray = (ObjectData[]) entries.values().toArray(new ObjectData[entries.size()]);
    KeyDerivationFunc pbkdAlgId = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, 256 / 8);
    byte[] keyBytes = generateKey(pbkdAlgId, "STORE_ENCRYPTION", ((password != null) ? password : new char[0]), 256 / 8);
    ObjectStoreData storeData = new ObjectStoreData(integrityAlgorithm, creationDate, lastModifiedDate, new ObjectDataSequence(dataArray), null);
    EncryptedObjectStoreData encStoreData;
    try {
        if (storeEncryptionAlgorithm.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
            Cipher c = createCipher("AES/CCM/NoPadding", keyBytes);
            byte[] encOut = c.doFinal(storeData.getEncoded());
            AlgorithmParameters algorithmParameters = c.getParameters();
            PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_CCM, CCMParameters.getInstance(algorithmParameters.getEncoded())));
            encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
        } else {
            Cipher c = createCipher("AESKWP", keyBytes);
            byte[] encOut = c.doFinal(storeData.getEncoded());
            PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_wrap_pad));
            encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
        }
    } catch (NoSuchPaddingException e) {
        throw new NoSuchAlgorithmException(e.toString());
    } catch (BadPaddingException e) {
        throw new IOException(e.toString());
    } catch (IllegalBlockSizeException e) {
        throw new IOException(e.toString());
    } catch (InvalidKeyException e) {
        throw new IOException(e.toString());
    } catch (NoSuchProviderException e) {
        throw new IOException(e.toString());
    }
    return encStoreData;
}
Also used : PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) ObjectDataSequence(com.github.zhenwei.core.asn1.bc.ObjectDataSequence) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) Cipher(javax.crypto.Cipher) ObjectStoreData(com.github.zhenwei.core.asn1.bc.ObjectStoreData) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) NoSuchProviderException(java.security.NoSuchProviderException) AlgorithmParameters(java.security.AlgorithmParameters)

Example 4 with EncryptedObjectStoreData

use of com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineStore.

public void engineStore(KeyStore.LoadStoreParameter parameter) throws CertificateException, NoSuchAlgorithmException, IOException {
    if (parameter == null) {
        throw new IllegalArgumentException("'parameter' arg cannot be null");
    }
    if (parameter instanceof BCFKSStoreParameter) {
        BCFKSStoreParameter bcParam = (BCFKSStoreParameter) parameter;
        char[] password = ParameterUtil.extractPassword(parameter);
        hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
        engineStore(bcParam.getOutputStream(), password);
    } else if (parameter instanceof BCFKSLoadStoreParameter) {
        BCFKSLoadStoreParameter bcParam = (BCFKSLoadStoreParameter) parameter;
        if (bcParam.getStoreSignatureKey() != null) {
            signatureAlgorithm = generateSignatureAlgId(bcParam.getStoreSignatureKey(), bcParam.getStoreSignatureAlgorithm());
            hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
            if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
            } else {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
            }
            if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
                hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
            } else {
                hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
            }
            char[] password = ParameterUtil.extractPassword(bcParam);
            EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(signatureAlgorithm, password);
            try {
                Signature sig = helper.createSignature(signatureAlgorithm.getAlgorithm().getId());
                sig.initSign((PrivateKey) bcParam.getStoreSignatureKey());
                sig.update(encStoreData.getEncoded());
                SignatureCheck signatureCheck;
                X509Certificate[] certs = bcParam.getStoreCertificates();
                if (certs != null) {
                    com.github.zhenwei.core.asn1.x509.Certificate[] certificates = new com.github.zhenwei.core.asn1.x509.Certificate[certs.length];
                    for (int i = 0; i != certificates.length; i++) {
                        certificates[i] = com.github.zhenwei.core.asn1.x509.Certificate.getInstance(certs[i].getEncoded());
                    }
                    signatureCheck = new SignatureCheck(signatureAlgorithm, certificates, sig.sign());
                } else {
                    signatureCheck = new SignatureCheck(signatureAlgorithm, sig.sign());
                }
                ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(signatureCheck));
                bcParam.getOutputStream().write(store.getEncoded());
                bcParam.getOutputStream().flush();
            } catch (GeneralSecurityException e) {
                throw new IOException("error creating signature: " + e.getMessage(), e);
            }
        } else {
            char[] password = ParameterUtil.extractPassword(bcParam);
            hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
            if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
            } else {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
            }
            if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
                hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
            } else {
                hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
            }
            engineStore(bcParam.getOutputStream(), password);
        }
    } else if (parameter instanceof BCLoadStoreParameter) {
        BCLoadStoreParameter bcParam = (BCLoadStoreParameter) parameter;
        engineStore(bcParam.getOutputStream(), ParameterUtil.extractPassword(parameter));
    } else {
        throw new IllegalArgumentException("no support for 'parameter' of type " + parameter.getClass().getName());
    }
}
Also used : ObjectStore(com.github.zhenwei.core.asn1.bc.ObjectStore) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) BCFKSStoreParameter(com.github.zhenwei.provider.jcajce.BCFKSStoreParameter) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) IOException(java.io.IOException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SignatureCheck(com.github.zhenwei.core.asn1.bc.SignatureCheck) Signature(java.security.Signature) BCFKSLoadStoreParameter(com.github.zhenwei.provider.jcajce.BCFKSLoadStoreParameter) BCLoadStoreParameter(com.github.zhenwei.provider.jcajce.BCLoadStoreParameter) ObjectStoreIntegrityCheck(com.github.zhenwei.core.asn1.bc.ObjectStoreIntegrityCheck)

Aggregations

EncryptedObjectStoreData (com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData)4 IOException (java.io.IOException)4 ObjectStore (com.github.zhenwei.core.asn1.bc.ObjectStore)3 ObjectStoreIntegrityCheck (com.github.zhenwei.core.asn1.bc.ObjectStoreIntegrityCheck)3 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)3 NoSuchProviderException (java.security.NoSuchProviderException)3 ObjectData (com.github.zhenwei.core.asn1.bc.ObjectData)2 ObjectStoreData (com.github.zhenwei.core.asn1.bc.ObjectStoreData)2 PbkdMacIntegrityCheck (com.github.zhenwei.core.asn1.bc.PbkdMacIntegrityCheck)2 SignatureCheck (com.github.zhenwei.core.asn1.bc.SignatureCheck)2 GeneralSecurityException (java.security.GeneralSecurityException)2 InvalidKeyException (java.security.InvalidKeyException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 BadPaddingException (javax.crypto.BadPaddingException)2 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)2 ASN1Encodable (com.github.zhenwei.core.asn1.ASN1Encodable)1 ASN1InputStream (com.github.zhenwei.core.asn1.ASN1InputStream)1 ObjectDataSequence (com.github.zhenwei.core.asn1.bc.ObjectDataSequence)1 ScryptParams (com.github.zhenwei.core.asn1.misc.ScryptParams)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial