Example 6 with EncryptedPrivateKeyInfo
use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineGetKey.
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException {
ObjectData ent = (ObjectData) entries.get(alias);
if (ent != null) {
if (ent.getType().equals(PRIVATE_KEY) || ent.getType().equals(PROTECTED_PRIVATE_KEY)) {
PrivateKey cachedKey = (PrivateKey) privateKeyCache.get(alias);
if (cachedKey != null) {
return cachedKey;
}
EncryptedPrivateKeyData encPrivData = EncryptedPrivateKeyData.getInstance(ent.getData());
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.getInstance(encPrivData.getEncryptedPrivateKeyInfo());
try {
PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(decryptData("PRIVATE_KEY_ENCRYPTION", encInfo.getEncryptionAlgorithm(), password, encInfo.getEncryptedData()));
KeyFactory kFact = helper.createKeyFactory(getPublicKeyAlg(pInfo.getPrivateKeyAlgorithm().getAlgorithm()));
PrivateKey privateKey = kFact.generatePrivate(new PKCS8EncodedKeySpec(pInfo.getEncoded()));
// check that the key pair and the certificate public key are consistent
// TODO: new ConsistentKeyPair(engineGetCertificate(alias).getPublicKey(), privateKey);
privateKeyCache.put(alias, privateKey);
return privateKey;
} catch (Exception e) {
throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + alias + "): " + e.getMessage());
}
} else if (ent.getType().equals(SECRET_KEY) || ent.getType().equals(PROTECTED_SECRET_KEY)) {
EncryptedSecretKeyData encKeyData = EncryptedSecretKeyData.getInstance(ent.getData());
try {
SecretKeyData keyData = SecretKeyData.getInstance(decryptData("SECRET_KEY_ENCRYPTION", encKeyData.getKeyEncryptionAlgorithm(), password, encKeyData.getEncryptedKeyData()));
SecretKeyFactory kFact = helper.createSecretKeyFactory(keyData.getKeyAlgorithm().getId());
return kFact.generateSecret(new SecretKeySpec(keyData.getKeyBytes(), keyData.getKeyAlgorithm().getId()));
} catch (Exception e) {
throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): " + e.getMessage());
}
} else {
throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): type not recognized");
}
}
return null;
}
Also used :
PrivateKey(java.security.PrivateKey)
ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData)
SecretKeyData(com.github.zhenwei.core.asn1.bc.SecretKeyData)
EncryptedSecretKeyData(com.github.zhenwei.core.asn1.bc.EncryptedSecretKeyData)
KeyStoreException(java.security.KeyStoreException)
GeneralSecurityException(java.security.GeneralSecurityException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
ParseException(java.text.ParseException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchProviderException(java.security.NoSuchProviderException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
EncryptedSecretKeyData(com.github.zhenwei.core.asn1.bc.EncryptedSecretKeyData)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
EncryptedPrivateKeyData(com.github.zhenwei.core.asn1.bc.EncryptedPrivateKeyData)
EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo)
PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyFactory(java.security.KeyFactory)
Example 7 with EncryptedPrivateKeyInfo
use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineSetKeyEntry.
public void engineSetKeyEntry(String alias, byte[] keyBytes, Certificate[] chain) throws KeyStoreException {
Date creationDate = new Date();
Date lastEditDate = creationDate;
ObjectData entry = (ObjectData) entries.get(alias);
if (entry != null) {
creationDate = extractCreationDate(entry, creationDate);
}
if (chain != null) {
EncryptedPrivateKeyInfo encInfo;
try {
encInfo = EncryptedPrivateKeyInfo.getInstance(keyBytes);
} catch (Exception e) {
throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e);
}
try {
privateKeyCache.remove(alias);
entries.put(alias, new ObjectData(PROTECTED_PRIVATE_KEY, alias, creationDate, lastEditDate, createPrivateKeySequence(encInfo, chain).getEncoded(), null));
} catch (Exception e) {
throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
}
} else {
try {
entries.put(alias, new ObjectData(PROTECTED_SECRET_KEY, alias, creationDate, lastEditDate, keyBytes, null));
} catch (Exception e) {
throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
}
}
lastModifiedDate = lastEditDate;
}
Also used :
ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData)
EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo)
Date(java.util.Date)
KeyStoreException(java.security.KeyStoreException)
GeneralSecurityException(java.security.GeneralSecurityException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
ParseException(java.text.ParseException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 8 with EncryptedPrivateKeyInfo
use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class WeGooKeyProtector method recover.
public Key recover(EncryptedPrivateKeyInfo var1) throws UnrecoverableKeyException {
AlgorithmId var7 = var1.getAlgorithm();
if (!var7.getOID().toString().equals("1.3.6.1.4.1.42.2.17.1.1")) {
throw new UnrecoverableKeyException("Unsupported key protection algorithm");
} else {
byte[] var8 = var1.getEncryptedData();
byte[] var9 = new byte[20];
System.arraycopy(var8, 0, var9, 0, 20);
int var6 = var8.length - 20 - 20;
int var4 = var6 / 20;
if (var6 % 20 != 0) {
++var4;
}
byte[] var10 = new byte[var6];
System.arraycopy(var8, 20, var10, 0, var6);
byte[] var11 = new byte[var10.length];
int var2 = 0;
int var5 = 0;
byte[] var3;
for (var3 = var9; var2 < var4; var5 += 20) {
this.md.update(this.passwdBytes);
this.md.update(var3);
var3 = this.md.digest();
this.md.reset();
if (var2 < var4 - 1) {
System.arraycopy(var3, 0, var11, var5, var3.length);
} else {
System.arraycopy(var3, 0, var11, var5, var11.length - var5);
}
++var2;
}
byte[] var12 = new byte[var10.length];
for (var2 = 0; var2 < var12.length; ++var2) {
var12[var2] = (byte) (var10[var2] ^ var11[var2]);
}
this.md.update(this.passwdBytes);
Arrays.fill(this.passwdBytes, (byte) 0);
this.passwdBytes = null;
this.md.update(var12);
var3 = this.md.digest();
this.md.reset();
for (var2 = 0; var2 < var3.length; ++var2) {
if (var3[var2] != var8[20 + var6 + var2]) {
throw new UnrecoverableKeyException("Cannot recover key");
}
}
try {
// return PKCS8Key.parseKey(new DerValue(var12));
PrivateKeyInfo info = PrivateKeyInfo.getInstance(var12);
if (info == null) {
throw new UnrecoverableKeyException("Recover key can not null");
}
KeyPairAlgEnum algEnum = KeyPairAlgEnum.match(info.getPrivateKeyAlgorithm().getAlgorithm());
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(var12);
KeyFactory factory = KeyFactory.getInstance(algEnum.getAlg(), new WeGooProvider());
return factory.generatePrivate(spec);
} catch (Exception var14) {
throw new UnrecoverableKeyException(var14.getMessage());
}
}
}
Also used :
AlgorithmId(sun.security.x509.AlgorithmId)
KeyPairAlgEnum(com.github.zhenwei.core.enums.KeyPairAlgEnum)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
WeGooProvider(com.github.zhenwei.provider.jce.provider.WeGooProvider)
EncryptedPrivateKeyInfo(sun.security.pkcs.EncryptedPrivateKeyInfo)
PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo)
IOException(java.io.IOException)
Example 9 with EncryptedPrivateKeyInfo
use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class EncryptedValueBuilder method build.
/**
* Build an EncryptedValue structure containing the private key contained in the passed info
* structure.
*
* @param privateKeyInfo a PKCS#8 private key info structure.
* @return an EncryptedValue containing an EncryptedPrivateKeyInfo structure.
* @throws CRMFException on a failure to encrypt the data, or wrap the symmetric key for this
* value.
*/
public EncryptedValue build(PrivateKeyInfo privateKeyInfo) throws CRMFException {
PKCS8EncryptedPrivateKeyInfoBuilder encInfoBldr = new PKCS8EncryptedPrivateKeyInfoBuilder(privateKeyInfo);
AlgorithmIdentifier intendedAlg = privateKeyInfo.getPrivateKeyAlgorithm();
AlgorithmIdentifier symmAlg = encryptor.getAlgorithmIdentifier();
DERBitString encSymmKey;
try {
PKCS8EncryptedPrivateKeyInfo encInfo = encInfoBldr.build(encryptor);
encSymmKey = new DERBitString(wrapper.generateWrappedKey(encryptor.getKey()));
AlgorithmIdentifier keyAlg = wrapper.getAlgorithmIdentifier();
ASN1OctetString valueHint = null;
return new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint, new DERBitString(encInfo.getEncryptedData()));
} catch (IllegalStateException e) {
throw new CRMFException("cannot encode key: " + e.getMessage(), e);
} catch (OperatorException e) {
throw new CRMFException("cannot wrap key: " + e.getMessage(), e);
}
}
Also used :
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
PKCS8EncryptedPrivateKeyInfoBuilder(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo)
EncryptedValue(com.github.zhenwei.pkix.util.asn1.crmf.EncryptedValue)
OperatorException(com.github.zhenwei.pkix.operator.OperatorException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 10 with EncryptedPrivateKeyInfo
use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class PKCS8EncryptedPrivateKeyInfoBuilder method build.
public PKCS8EncryptedPrivateKeyInfo build(OutputEncryptor encryptor) {
try {
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream cOut = encryptor.getOutputStream(bOut);
cOut.write(privateKeyInfo.getEncoded());
cOut.close();
return new PKCS8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo(encryptor.getAlgorithmIdentifier(), bOut.toByteArray()));
} catch (IOException e) {
throw new IllegalStateException("cannot encode privateKeyInfo");
}
}
Also used :
OutputStream(java.io.OutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
Aggregations
IOException (java.io.IOException)8
EncryptedPrivateKeyInfo (com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo)5
GeneralSecurityException (java.security.GeneralSecurityException)5
InvalidKeyException (java.security.InvalidKeyException)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
PrivateKey (java.security.PrivateKey)4
CertificateEncodingException (java.security.cert.CertificateEncodingException)4
CertificateException (java.security.cert.CertificateException)4
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)4
EncryptedPrivateKeyInfo (org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)4
ObjectData (com.github.zhenwei.core.asn1.bc.ObjectData)3
KeyFactory (java.security.KeyFactory)3
KeyStoreException (java.security.KeyStoreException)3
NoSuchProviderException (java.security.NoSuchProviderException)3
UnrecoverableKeyException (java.security.UnrecoverableKeyException)3
ParseException (java.text.ParseException)3
BadPaddingException (javax.crypto.BadPaddingException)3
Cipher (javax.crypto.Cipher)3
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)3
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)3
