use of com.github.zhenwei.core.asn1.bc.PbkdMacIntegrityCheck in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineLoad.
public void engineLoad(InputStream inputStream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
// reset any current values
entries.clear();
privateKeyCache.clear();
lastModifiedDate = creationDate = null;
hmacAlgorithm = null;
if (inputStream == null) {
// initialise defaults
lastModifiedDate = creationDate = new Date();
verificationKey = null;
validator = null;
// basic initialisation
hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, 512 / 8);
return;
}
ASN1InputStream aIn = new ASN1InputStream(inputStream);
ObjectStore store;
try {
store = ObjectStore.getInstance(aIn.readObject());
} catch (Exception e) {
throw new IOException(e.getMessage());
}
ObjectStoreIntegrityCheck integrityCheck = store.getIntegrityCheck();
AlgorithmIdentifier integrityAlg;
if (integrityCheck.getType() == ObjectStoreIntegrityCheck.PBKD_MAC_CHECK) {
PbkdMacIntegrityCheck pbkdMacIntegrityCheck = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
hmacAlgorithm = pbkdMacIntegrityCheck.getMacAlgorithm();
hmacPkbdAlgorithm = pbkdMacIntegrityCheck.getPbkdAlgorithm();
integrityAlg = hmacAlgorithm;
try {
verifyMac(store.getStoreData().toASN1Primitive().getEncoded(), pbkdMacIntegrityCheck, password);
} catch (NoSuchProviderException e) {
throw new IOException(e.getMessage());
}
} else if (integrityCheck.getType() == ObjectStoreIntegrityCheck.SIG_CHECK) {
SignatureCheck sigCheck = SignatureCheck.getInstance(integrityCheck.getIntegrityCheck());
integrityAlg = sigCheck.getSignatureAlgorithm();
try {
com.github.zhenwei.core.asn1.x509.Certificate[] certificates = sigCheck.getCertificates();
if (validator != null) {
if (certificates == null) {
throw new IOException("validator specified but no certifcates in store");
}
CertificateFactory certFact = helper.createCertificateFactory("X.509");
X509Certificate[] certs = new X509Certificate[certificates.length];
for (int i = 0; i != certs.length; i++) {
certs[i] = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(certificates[i].getEncoded()));
}
if (validator.isValid(certs)) {
verifySig(store.getStoreData(), sigCheck, certs[0].getPublicKey());
} else {
throw new IOException("certificate chain in key store signature not valid");
}
} else {
verifySig(store.getStoreData(), sigCheck, verificationKey);
}
} catch (GeneralSecurityException e) {
throw new IOException("error verifying signature: " + e.getMessage(), e);
}
} else {
throw new IOException("BCFKS KeyStore unable to recognize integrity check.");
}
ASN1Encodable sData = store.getStoreData();
ObjectStoreData storeData;
if (sData instanceof EncryptedObjectStoreData) {
EncryptedObjectStoreData encryptedStoreData = (EncryptedObjectStoreData) sData;
AlgorithmIdentifier protectAlgId = encryptedStoreData.getEncryptionAlgorithm();
storeData = ObjectStoreData.getInstance(decryptData("STORE_ENCRYPTION", protectAlgId, password, encryptedStoreData.getEncryptedContent().getOctets()));
} else {
storeData = ObjectStoreData.getInstance(sData);
}
try {
creationDate = storeData.getCreationDate().getDate();
lastModifiedDate = storeData.getLastModifiedDate().getDate();
} catch (ParseException e) {
throw new IOException("BCFKS KeyStore unable to parse store data information.");
}
if (!storeData.getIntegrityAlgorithm().equals(integrityAlg)) {
throw new IOException("BCFKS KeyStore storeData integrity algorithm does not match store integrity algorithm.");
}
for (Iterator it = storeData.getObjectDataSequence().iterator(); it.hasNext(); ) {
ObjectData objData = ObjectData.getInstance(it.next());
entries.put(objData.getIdentifier(), objData);
}
}
use of com.github.zhenwei.core.asn1.bc.PbkdMacIntegrityCheck in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineStore.
public void engineStore(OutputStream outputStream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
if (creationDate == null) {
throw new IOException("KeyStore not initialized");
}
EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(hmacAlgorithm, password);
// update the salt
if (MiscObjectIdentifiers.id_scrypt.equals(hmacPkbdAlgorithm.getAlgorithm())) {
ScryptParams sParams = ScryptParams.getInstance(hmacPkbdAlgorithm.getParameters());
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, sParams.getKeyLength().intValue());
} else {
PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(hmacPkbdAlgorithm.getParameters());
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(hmacPkbdAlgorithm, pbkdf2Params.getKeyLength().intValue());
}
byte[] mac;
try {
mac = calculateMac(encStoreData.getEncoded(), hmacAlgorithm, hmacPkbdAlgorithm, password);
} catch (NoSuchProviderException e) {
throw new IOException("cannot calculate mac: " + e.getMessage());
}
ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(new PbkdMacIntegrityCheck(hmacAlgorithm, hmacPkbdAlgorithm, mac)));
outputStream.write(store.getEncoded());
outputStream.flush();
}
Aggregations