Search in sources :

Example 6 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineGetCertificateChain.

public Certificate[] engineGetCertificateChain(String alias) {
    ObjectData ent = (ObjectData) entries.get(alias);
    if (ent != null) {
        if (ent.getType().equals(PRIVATE_KEY) || ent.getType().equals(PROTECTED_PRIVATE_KEY)) {
            EncryptedPrivateKeyData encPrivData = EncryptedPrivateKeyData.getInstance(ent.getData());
            com.github.zhenwei.core.asn1.x509.Certificate[] certificates = encPrivData.getCertificateChain();
            Certificate[] chain = new X509Certificate[certificates.length];
            for (int i = 0; i != chain.length; i++) {
                chain[i] = decodeCertificate(certificates[i]);
            }
            return chain;
        }
    }
    return null;
}
Also used : ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) EncryptedPrivateKeyData(com.github.zhenwei.core.asn1.bc.EncryptedPrivateKeyData) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 7 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineGetCertificateAlias.

public String engineGetCertificateAlias(Certificate certificate) {
    if (certificate == null) {
        return null;
    }
    byte[] encodedCert;
    try {
        encodedCert = certificate.getEncoded();
    } catch (CertificateEncodingException e) {
        return null;
    }
    for (Iterator<String> it = entries.keySet().iterator(); it.hasNext(); ) {
        String alias = (String) it.next();
        ObjectData ent = (ObjectData) entries.get(alias);
        if (ent.getType().equals(CERTIFICATE)) {
            if (Arrays.areEqual(ent.getData(), encodedCert)) {
                return alias;
            }
        } else if (ent.getType().equals(PRIVATE_KEY) || ent.getType().equals(PROTECTED_PRIVATE_KEY)) {
            try {
                EncryptedPrivateKeyData encPrivData = EncryptedPrivateKeyData.getInstance(ent.getData());
                if (Arrays.areEqual(encPrivData.getCertificateChain()[0].toASN1Primitive().getEncoded(), encodedCert)) {
                    return alias;
                }
            } catch (IOException e) {
            // ignore - this should never happen
            }
        }
    }
    return null;
}
Also used : ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) EncryptedPrivateKeyData(com.github.zhenwei.core.asn1.bc.EncryptedPrivateKeyData)

Example 8 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineGetCertificate.

public Certificate engineGetCertificate(String s) {
    ObjectData ent = (ObjectData) entries.get(s);
    if (ent != null) {
        if (ent.getType().equals(PRIVATE_KEY) || ent.getType().equals(PROTECTED_PRIVATE_KEY)) {
            EncryptedPrivateKeyData encPrivData = EncryptedPrivateKeyData.getInstance(ent.getData());
            com.github.zhenwei.core.asn1.x509.Certificate[] certificates = encPrivData.getCertificateChain();
            return decodeCertificate(certificates[0]);
        } else if (ent.getType().equals(CERTIFICATE)) {
            return decodeCertificate(ent.getData());
        }
    }
    return null;
}
Also used : ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) EncryptedPrivateKeyData(com.github.zhenwei.core.asn1.bc.EncryptedPrivateKeyData) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 9 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineDeleteEntry.

public void engineDeleteEntry(String alias) throws KeyStoreException {
    ObjectData entry = (ObjectData) entries.get(alias);
    if (entry == null) {
        return;
    }
    privateKeyCache.remove(alias);
    entries.remove(alias);
    lastModifiedDate = new Date();
}
Also used : ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) Date(java.util.Date)

Example 10 with ObjectData

use of com.github.zhenwei.core.asn1.bc.ObjectData in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method getEncryptedObjectStoreData.

private EncryptedObjectStoreData getEncryptedObjectStoreData(AlgorithmIdentifier integrityAlgorithm, char[] password) throws IOException, NoSuchAlgorithmException {
    ObjectData[] dataArray = (ObjectData[]) entries.values().toArray(new ObjectData[entries.size()]);
    KeyDerivationFunc pbkdAlgId = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, 256 / 8);
    byte[] keyBytes = generateKey(pbkdAlgId, "STORE_ENCRYPTION", ((password != null) ? password : new char[0]), 256 / 8);
    ObjectStoreData storeData = new ObjectStoreData(integrityAlgorithm, creationDate, lastModifiedDate, new ObjectDataSequence(dataArray), null);
    EncryptedObjectStoreData encStoreData;
    try {
        if (storeEncryptionAlgorithm.equals(NISTObjectIdentifiers.id_aes256_CCM)) {
            Cipher c = createCipher("AES/CCM/NoPadding", keyBytes);
            byte[] encOut = c.doFinal(storeData.getEncoded());
            AlgorithmParameters algorithmParameters = c.getParameters();
            PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_CCM, CCMParameters.getInstance(algorithmParameters.getEncoded())));
            encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
        } else {
            Cipher c = createCipher("AESKWP", keyBytes);
            byte[] encOut = c.doFinal(storeData.getEncoded());
            PBES2Parameters pbeParams = new PBES2Parameters(pbkdAlgId, new EncryptionScheme(NISTObjectIdentifiers.id_aes256_wrap_pad));
            encStoreData = new EncryptedObjectStoreData(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, pbeParams), encOut);
        }
    } catch (NoSuchPaddingException e) {
        throw new NoSuchAlgorithmException(e.toString());
    } catch (BadPaddingException e) {
        throw new IOException(e.toString());
    } catch (IllegalBlockSizeException e) {
        throw new IOException(e.toString());
    } catch (InvalidKeyException e) {
        throw new IOException(e.toString());
    } catch (NoSuchProviderException e) {
        throw new IOException(e.toString());
    }
    return encStoreData;
}
Also used : PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters) EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme) ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) ObjectDataSequence(com.github.zhenwei.core.asn1.bc.ObjectDataSequence) KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc) Cipher(javax.crypto.Cipher) ObjectStoreData(com.github.zhenwei.core.asn1.bc.ObjectStoreData) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) NoSuchProviderException(java.security.NoSuchProviderException) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

ObjectData (com.github.zhenwei.core.asn1.bc.ObjectData)10 IOException (java.io.IOException)6 CertificateEncodingException (java.security.cert.CertificateEncodingException)6 EncryptedPrivateKeyData (com.github.zhenwei.core.asn1.bc.EncryptedPrivateKeyData)5 InvalidKeyException (java.security.InvalidKeyException)5 KeyStoreException (java.security.KeyStoreException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 NoSuchProviderException (java.security.NoSuchProviderException)5 Date (java.util.Date)5 BadPaddingException (javax.crypto.BadPaddingException)5 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)5 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)5 GeneralSecurityException (java.security.GeneralSecurityException)4 UnrecoverableKeyException (java.security.UnrecoverableKeyException)4 CertificateException (java.security.cert.CertificateException)4 ParseException (java.text.ParseException)4 EncryptedPrivateKeyInfo (com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo)3 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)3 X509Certificate (java.security.cert.X509Certificate)3 EncryptedObjectStoreData (com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData)2