Examples with ObjectData com.github.zhenwei.core.asn1.bc.ObjectData used on opensource projects

Example 1 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineLoad.

public void engineLoad(InputStream inputStream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
    // reset any current values
    entries.clear();
    privateKeyCache.clear();
    lastModifiedDate = creationDate = null;
    hmacAlgorithm = null;
    if (inputStream == null) {
        // initialise defaults
        lastModifiedDate = creationDate = new Date();
        verificationKey = null;
        validator = null;
        // basic initialisation
        hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
        hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, 512 / 8);
        return;
    }
    ASN1InputStream aIn = new ASN1InputStream(inputStream);
    ObjectStore store;
    try {
        store = ObjectStore.getInstance(aIn.readObject());
    } catch (Exception e) {
        throw new IOException(e.getMessage());
    }
    ObjectStoreIntegrityCheck integrityCheck = store.getIntegrityCheck();
    AlgorithmIdentifier integrityAlg;
    if (integrityCheck.getType() == ObjectStoreIntegrityCheck.PBKD_MAC_CHECK) {
        PbkdMacIntegrityCheck pbkdMacIntegrityCheck = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
        hmacAlgorithm = pbkdMacIntegrityCheck.getMacAlgorithm();
        hmacPkbdAlgorithm = pbkdMacIntegrityCheck.getPbkdAlgorithm();
        integrityAlg = hmacAlgorithm;
        try {
            verifyMac(store.getStoreData().toASN1Primitive().getEncoded(), pbkdMacIntegrityCheck, password);
        } catch (NoSuchProviderException e) {
            throw new IOException(e.getMessage());
        }
    } else if (integrityCheck.getType() == ObjectStoreIntegrityCheck.SIG_CHECK) {
        SignatureCheck sigCheck = SignatureCheck.getInstance(integrityCheck.getIntegrityCheck());
        integrityAlg = sigCheck.getSignatureAlgorithm();
        try {
            com.github.zhenwei.core.asn1.x509.Certificate[] certificates = sigCheck.getCertificates();
            if (validator != null) {
                if (certificates == null) {
                    throw new IOException("validator specified but no certifcates in store");
                }
                CertificateFactory certFact = helper.createCertificateFactory("X.509");
                X509Certificate[] certs = new X509Certificate[certificates.length];
                for (int i = 0; i != certs.length; i++) {
                    certs[i] = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(certificates[i].getEncoded()));
                }
                if (validator.isValid(certs)) {
                    verifySig(store.getStoreData(), sigCheck, certs[0].getPublicKey());
                } else {
                    throw new IOException("certificate chain in key store signature not valid");
                }
            } else {
                verifySig(store.getStoreData(), sigCheck, verificationKey);
            }
        } catch (GeneralSecurityException e) {
            throw new IOException("error verifying signature: " + e.getMessage(), e);
        }
    } else {
        throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
    }
    ASN1Encodable sData = store.getStoreData();
    ObjectStoreData storeData;
    if (sData instanceof EncryptedObjectStoreData) {
        EncryptedObjectStoreData encryptedStoreData = (EncryptedObjectStoreData) sData;
        AlgorithmIdentifier protectAlgId = encryptedStoreData.getEncryptionAlgorithm();
        storeData = ObjectStoreData.getInstance(decryptData("STORE_ENCRYPTION", protectAlgId, password, encryptedStoreData.getEncryptedContent().getOctets()));
    } else {
        storeData = ObjectStoreData.getInstance(sData);
    }
    try {
        creationDate = storeData.getCreationDate().getDate();
        lastModifiedDate = storeData.getLastModifiedDate().getDate();
    } catch (ParseException e) {
        throw new IOException("BCFKS KeyStore unable to parse store data information.");
    }
    if (!storeData.getIntegrityAlgorithm().equals(integrityAlg)) {
        throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
    }
    for (Iterator it = storeData.getObjectDataSequence().iterator(); it.hasNext(); ) {
        ObjectData objData = ObjectData.getInstance(it.next());
        entries.put(objData.getIdentifier(), objData);
    }
}

Example 2 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineSetKeyEntry.

public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException {
    Date creationDate = new Date();
    Date lastEditDate = creationDate;
    ObjectData entry = (ObjectData) entries.get(alias);
    if (entry != null) {
        creationDate = extractCreationDate(entry, creationDate);
    }
    privateKeyCache.remove(alias);
    if (key instanceof PrivateKey) {
        if (chain == null) {
            throw new KeyStoreException("BCFKS KeyStore requires a certificate chain for private key storage.");
        }
        try {
            // check that the key pair and the certificate public are consistent
            // TODO: new ConsistentKeyPair(chain[0].getPublicKey(), (PrivateKey)key);
            byte[] encodedKey = key.getEncoded();
            KeyDerivationFunc pbkdAlgId = generatePkbdAlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, 256 / 8);
            byte[] keyBytes = generateKey(pbkdAlgId, "PRIVATE_KEY_ENCRYPTION", ((password != null) ? password : new char[0]), 32);
            EncryptedPrivateKeyInfo keyInfo;
            if (storeEncryptionAlgorithm.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
                Cipher c = createCipher("AES/CCM/NoPadding", keyBytes);
                byte[] encryptedKey = c.doFinal(encodedKey);
                AlgorithmParameters algParams = c.getParameters();
                PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_CCM, CCMParameters.getInstance(algParams.getEncoded())));
                keyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encryptedKey);
            } else {
                Cipher c = createCipher("AESKWP", keyBytes);
                byte[] encryptedKey = c.doFinal(encodedKey);
                PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_wrap_pad));
                keyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encryptedKey);
            }
            EncryptedPrivateKeyData keySeq = createPrivateKeySequence(keyInfo, chain);
            entries.put(alias, new ObjectData(PRIVATE_KEY, alias, creationDate, lastEditDate, keySeq.getEncoded(), null));
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
        }
    } else if (key instanceof SecretKey) {
        if (chain != null) {
            throw new KeyStoreException("BCFKS KeyStore cannot store certificate chain with secret key.");
        }
        try {
            byte[] encodedKey = key.getEncoded();
            KeyDerivationFunc pbkdAlgId = generatePkbdAlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, 256 / 8);
            byte[] keyBytes = generateKey(pbkdAlgId, "SECRET_KEY_ENCRYPTION", ((password != null) ? password : new char[0]), 32);
            String keyAlg = Strings.toUpperCase(key.getAlgorithm());
            SecretKeyData secKeyData;
            if (keyAlg.indexOf("AES") > -1) {
                secKeyData = new SecretKeyData(NISTObjectIdentifiers.aes, encodedKey);
            } else {
                ASN1ObjectIdentifier algOid = (ASN1ObjectIdentifier) oidMap.get(keyAlg);
                if (algOid != null) {
                    secKeyData = new SecretKeyData(algOid, encodedKey);
                } else {
                    algOid = (ASN1ObjectIdentifier) oidMap.get(keyAlg + "." + (encodedKey.length * 8));
                    if (algOid != null) {
                        secKeyData = new SecretKeyData(algOid, encodedKey);
                    } else {
                        throw new KeyStoreException("BCFKS KeyStore cannot recognize secret key (" + keyAlg + ") for storage.");
                    }
                }
            }
            EncryptedSecretKeyData keyData;
            if (storeEncryptionAlgorithm.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
                Cipher c = createCipher("AES/CCM/NoPadding", keyBytes);
                byte[] encryptedKey = c.doFinal(secKeyData.getEncoded());
                AlgorithmParameters algParams = c.getParameters();
                PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_CCM, CCMParameters.getInstance(algParams.getEncoded())));
                keyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encryptedKey);
            } else {
                Cipher c = createCipher("AESKWP", keyBytes);
                byte[] encryptedKey = c.doFinal(secKeyData.getEncoded());
                PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_wrap_pad));
                keyData = new EncryptedSecretKeyData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encryptedKey);
            }
            entries.put(alias, new ObjectData(SECRET_KEY, alias, creationDate, lastEditDate, keyData.getEncoded(), null));
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore exception storing private key: " + e.toString(), e);
        }
    } else {
        throw new KeyStoreException("BCFKS KeyStore unable to recognize key.");
    }
    lastModifiedDate = lastEditDate;
}

Example 3 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineGetKey.

public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException {
    ObjectData ent = (ObjectData) entries.get(alias);
    if (ent != null) {
        if (ent.getType().equals(PRIVATE_KEY) || ent.getType().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey cachedKey = (PrivateKey) privateKeyCache.get(alias);
            if (cachedKey != null) {
                return cachedKey;
            }
            EncryptedPrivateKeyData encPrivData = EncryptedPrivateKeyData.getInstance(ent.getData());
            EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.getInstance(encPrivData.getEncryptedPrivateKeyInfo());
            try {
                PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(decryptData("PRIVATE_KEY_ENCRYPTION", encInfo.getEncryptionAlgorithm(), password, encInfo.getEncryptedData()));
                KeyFactory kFact = helper.createKeyFactory(getPublicKeyAlg(pInfo.getPrivateKeyAlgorithm().getAlgorithm()));
                PrivateKey privateKey = kFact.generatePrivate(new PKCS8EncodedKeySpec(pInfo.getEncoded()));
                // check that the key pair and the certificate public key are consistent
                // TODO: new ConsistentKeyPair(engineGetCertificate(alias).getPublicKey(), privateKey);
                privateKeyCache.put(alias, privateKey);
                return privateKey;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + alias + "): " + e.getMessage());
            }
        } else if (ent.getType().equals(SECRET_KEY) || ent.getType().equals(PROTECTED_SECRET_KEY)) {
            EncryptedSecretKeyData encKeyData = EncryptedSecretKeyData.getInstance(ent.getData());
            try {
                SecretKeyData keyData = SecretKeyData.getInstance(decryptData("SECRET_KEY_ENCRYPTION", encKeyData.getKeyEncryptionAlgorithm(), password, encKeyData.getEncryptedKeyData()));
                SecretKeyFactory kFact = helper.createSecretKeyFactory(keyData.getKeyAlgorithm().getId());
                return kFact.generateSecret(new SecretKeySpec(keyData.getKeyBytes(), keyData.getKeyAlgorithm().getId()));
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): " + e.getMessage());
            }
        } else {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): type not recognized");
        }
    }
    return null;
}

Example 4 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineSetKeyEntry.

public void engineSetKeyEntry(String alias, byte[] keyBytes, Certificate[] chain) throws KeyStoreException {
    Date creationDate = new Date();
    Date lastEditDate = creationDate;
    ObjectData entry = (ObjectData) entries.get(alias);
    if (entry != null) {
        creationDate = extractCreationDate(entry, creationDate);
    }
    if (chain != null) {
        EncryptedPrivateKeyInfo encInfo;
        try {
            encInfo = EncryptedPrivateKeyInfo.getInstance(keyBytes);
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e);
        }
        try {
            privateKeyCache.remove(alias);
            entries.put(alias, new ObjectData(PROTECTED_PRIVATE_KEY, alias, creationDate, lastEditDate, createPrivateKeySequence(encInfo, chain).getEncoded(), null));
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
        }
    } else {
        try {
            entries.put(alias, new ObjectData(PROTECTED_SECRET_KEY, alias, creationDate, lastEditDate, keyBytes, null));
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
        }
    }
    lastModifiedDate = lastEditDate;
}

Example 5 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineSetCertificateEntry.

public void engineSetCertificateEntry(String alias, Certificate certificate) throws KeyStoreException {
    ObjectData entry = (ObjectData) entries.get(alias);
    Date creationDate = new Date();
    Date lastEditDate = creationDate;
    if (entry != null) {
        if (!entry.getType().equals(CERTIFICATE)) {
            throw new KeyStoreException("BCFKS KeyStore already has a key entry with alias " + alias);
        }
        creationDate = extractCreationDate(entry, creationDate);
    }
    try {
        entries.put(alias, new ObjectData(CERTIFICATE, alias, creationDate, lastEditDate, certificate.getEncoded(), null));
    } catch (CertificateEncodingException e) {
        throw new ExtKeyStoreException("BCFKS KeyStore unable to handle certificate: " + e.getMessage(), e);
    }
    lastModifiedDate = lastEditDate;
}