Search in sources :

Example 6 with EncryptedPrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineGetKey.

public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException {
    ObjectData ent = (ObjectData) entries.get(alias);
    if (ent != null) {
        if (ent.getType().equals(PRIVATE_KEY) || ent.getType().equals(PROTECTED_PRIVATE_KEY)) {
            PrivateKey cachedKey = (PrivateKey) privateKeyCache.get(alias);
            if (cachedKey != null) {
                return cachedKey;
            }
            EncryptedPrivateKeyData encPrivData = EncryptedPrivateKeyData.getInstance(ent.getData());
            EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.getInstance(encPrivData.getEncryptedPrivateKeyInfo());
            try {
                PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(decryptData("PRIVATE_KEY_ENCRYPTION", encInfo.getEncryptionAlgorithm(), password, encInfo.getEncryptedData()));
                KeyFactory kFact = helper.createKeyFactory(getPublicKeyAlg(pInfo.getPrivateKeyAlgorithm().getAlgorithm()));
                PrivateKey privateKey = kFact.generatePrivate(new PKCS8EncodedKeySpec(pInfo.getEncoded()));
                // check that the key pair and the certificate public key are consistent
                // TODO: new ConsistentKeyPair(engineGetCertificate(alias).getPublicKey(), privateKey);
                privateKeyCache.put(alias, privateKey);
                return privateKey;
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + alias + "): " + e.getMessage());
            }
        } else if (ent.getType().equals(SECRET_KEY) || ent.getType().equals(PROTECTED_SECRET_KEY)) {
            EncryptedSecretKeyData encKeyData = EncryptedSecretKeyData.getInstance(ent.getData());
            try {
                SecretKeyData keyData = SecretKeyData.getInstance(decryptData("SECRET_KEY_ENCRYPTION", encKeyData.getKeyEncryptionAlgorithm(), password, encKeyData.getEncryptedKeyData()));
                SecretKeyFactory kFact = helper.createSecretKeyFactory(keyData.getKeyAlgorithm().getId());
                return kFact.generateSecret(new SecretKeySpec(keyData.getKeyBytes(), keyData.getKeyAlgorithm().getId()));
            } catch (Exception e) {
                throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): " + e.getMessage());
            }
        } else {
            throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): type not recognized");
        }
    }
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) SecretKeyData(com.github.zhenwei.core.asn1.bc.SecretKeyData) EncryptedSecretKeyData(com.github.zhenwei.core.asn1.bc.EncryptedSecretKeyData) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ParseException(java.text.ParseException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncryptedSecretKeyData(com.github.zhenwei.core.asn1.bc.EncryptedSecretKeyData) SecretKeySpec(javax.crypto.spec.SecretKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo) SecretKeyFactory(javax.crypto.SecretKeyFactory) EncryptedPrivateKeyData(com.github.zhenwei.core.asn1.bc.EncryptedPrivateKeyData) EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo) PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo) SecretKeyFactory(javax.crypto.SecretKeyFactory) KeyFactory(java.security.KeyFactory)

Example 7 with EncryptedPrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineSetKeyEntry.

public void engineSetKeyEntry(String alias, byte[] keyBytes, Certificate[] chain) throws KeyStoreException {
    Date creationDate = new Date();
    Date lastEditDate = creationDate;
    ObjectData entry = (ObjectData) entries.get(alias);
    if (entry != null) {
        creationDate = extractCreationDate(entry, creationDate);
    }
    if (chain != null) {
        EncryptedPrivateKeyInfo encInfo;
        try {
            encInfo = EncryptedPrivateKeyInfo.getInstance(keyBytes);
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore private key encoding must be an EncryptedPrivateKeyInfo.", e);
        }
        try {
            privateKeyCache.remove(alias);
            entries.put(alias, new ObjectData(PROTECTED_PRIVATE_KEY, alias, creationDate, lastEditDate, createPrivateKeySequence(encInfo, chain).getEncoded(), null));
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
        }
    } else {
        try {
            entries.put(alias, new ObjectData(PROTECTED_SECRET_KEY, alias, creationDate, lastEditDate, keyBytes, null));
        } catch (Exception e) {
            throw new ExtKeyStoreException("BCFKS KeyStore exception storing protected private key: " + e.toString(), e);
        }
    }
    lastModifiedDate = lastEditDate;
}
Also used : ObjectData(com.github.zhenwei.core.asn1.bc.ObjectData) EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo) Date(java.util.Date) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ParseException(java.text.ParseException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 8 with EncryptedPrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.

the class WeGooKeyProtector method recover.

public Key recover(EncryptedPrivateKeyInfo var1) throws UnrecoverableKeyException {
    AlgorithmId var7 = var1.getAlgorithm();
    if (!var7.getOID().toString().equals("1.3.6.1.4.1.42.2.17.1.1")) {
        throw new UnrecoverableKeyException("Unsupported key protection algorithm");
    } else {
        byte[] var8 = var1.getEncryptedData();
        byte[] var9 = new byte[20];
        System.arraycopy(var8, 0, var9, 0, 20);
        int var6 = var8.length - 20 - 20;
        int var4 = var6 / 20;
        if (var6 % 20 != 0) {
            ++var4;
        }
        byte[] var10 = new byte[var6];
        System.arraycopy(var8, 20, var10, 0, var6);
        byte[] var11 = new byte[var10.length];
        int var2 = 0;
        int var5 = 0;
        byte[] var3;
        for (var3 = var9; var2 < var4; var5 += 20) {
            this.md.update(this.passwdBytes);
            this.md.update(var3);
            var3 = this.md.digest();
            this.md.reset();
            if (var2 < var4 - 1) {
                System.arraycopy(var3, 0, var11, var5, var3.length);
            } else {
                System.arraycopy(var3, 0, var11, var5, var11.length - var5);
            }
            ++var2;
        }
        byte[] var12 = new byte[var10.length];
        for (var2 = 0; var2 < var12.length; ++var2) {
            var12[var2] = (byte) (var10[var2] ^ var11[var2]);
        }
        this.md.update(this.passwdBytes);
        Arrays.fill(this.passwdBytes, (byte) 0);
        this.passwdBytes = null;
        this.md.update(var12);
        var3 = this.md.digest();
        this.md.reset();
        for (var2 = 0; var2 < var3.length; ++var2) {
            if (var3[var2] != var8[20 + var6 + var2]) {
                throw new UnrecoverableKeyException("Cannot recover key");
            }
        }
        try {
            // return PKCS8Key.parseKey(new DerValue(var12));
            PrivateKeyInfo info = PrivateKeyInfo.getInstance(var12);
            if (info == null) {
                throw new UnrecoverableKeyException("Recover key can not null");
            }
            KeyPairAlgEnum algEnum = KeyPairAlgEnum.match(info.getPrivateKeyAlgorithm().getAlgorithm());
            PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(var12);
            KeyFactory factory = KeyFactory.getInstance(algEnum.getAlg(), new WeGooProvider());
            return factory.generatePrivate(spec);
        } catch (Exception var14) {
            throw new UnrecoverableKeyException(var14.getMessage());
        }
    }
}
Also used : AlgorithmId(sun.security.x509.AlgorithmId) KeyPairAlgEnum(com.github.zhenwei.core.enums.KeyPairAlgEnum) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) WeGooProvider(com.github.zhenwei.provider.jce.provider.WeGooProvider) EncryptedPrivateKeyInfo(sun.security.pkcs.EncryptedPrivateKeyInfo) PrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo) IOException(java.io.IOException)

Example 9 with EncryptedPrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.

the class EncryptedValueBuilder method build.

/**
 * Build an EncryptedValue structure containing the private key contained in the passed info
 * structure.
 *
 * @param privateKeyInfo a PKCS#8 private key info structure.
 * @return an EncryptedValue containing an EncryptedPrivateKeyInfo structure.
 * @throws CRMFException on a failure to encrypt the data, or wrap the symmetric key for this
 *                       value.
 */
public EncryptedValue build(PrivateKeyInfo privateKeyInfo) throws CRMFException {
    PKCS8EncryptedPrivateKeyInfoBuilder encInfoBldr = new PKCS8EncryptedPrivateKeyInfoBuilder(privateKeyInfo);
    AlgorithmIdentifier intendedAlg = privateKeyInfo.getPrivateKeyAlgorithm();
    AlgorithmIdentifier symmAlg = encryptor.getAlgorithmIdentifier();
    DERBitString encSymmKey;
    try {
        PKCS8EncryptedPrivateKeyInfo encInfo = encInfoBldr.build(encryptor);
        encSymmKey = new DERBitString(wrapper.generateWrappedKey(encryptor.getKey()));
        AlgorithmIdentifier keyAlg = wrapper.getAlgorithmIdentifier();
        ASN1OctetString valueHint = null;
        return new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint, new DERBitString(encInfo.getEncryptedData()));
    } catch (IllegalStateException e) {
        throw new CRMFException("cannot encode key: " + e.getMessage(), e);
    } catch (OperatorException e) {
        throw new CRMFException("cannot wrap key: " + e.getMessage(), e);
    }
}
Also used : ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) PKCS8EncryptedPrivateKeyInfoBuilder(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder) DERBitString(com.github.zhenwei.core.asn1.DERBitString) PKCS8EncryptedPrivateKeyInfo(com.github.zhenwei.pkix.pkcs.PKCS8EncryptedPrivateKeyInfo) EncryptedValue(com.github.zhenwei.pkix.util.asn1.crmf.EncryptedValue) OperatorException(com.github.zhenwei.pkix.operator.OperatorException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 10 with EncryptedPrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo in project LinLong-Java by zhenwei1108.

the class PKCS8EncryptedPrivateKeyInfoBuilder method build.

public PKCS8EncryptedPrivateKeyInfo build(OutputEncryptor encryptor) {
    try {
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        OutputStream cOut = encryptor.getOutputStream(bOut);
        cOut.write(privateKeyInfo.getEncoded());
        cOut.close();
        return new PKCS8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo(encryptor.getAlgorithmIdentifier(), bOut.toByteArray()));
    } catch (IOException e) {
        throw new IllegalStateException("cannot encode privateKeyInfo");
    }
}
Also used : OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) EncryptedPrivateKeyInfo(com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException)

Aggregations

IOException (java.io.IOException)8 EncryptedPrivateKeyInfo (com.github.zhenwei.core.asn1.pkcs.EncryptedPrivateKeyInfo)5 GeneralSecurityException (java.security.GeneralSecurityException)5 InvalidKeyException (java.security.InvalidKeyException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 PrivateKey (java.security.PrivateKey)4 CertificateEncodingException (java.security.cert.CertificateEncodingException)4 CertificateException (java.security.cert.CertificateException)4 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)4 EncryptedPrivateKeyInfo (org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)4 ObjectData (com.github.zhenwei.core.asn1.bc.ObjectData)3 KeyFactory (java.security.KeyFactory)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchProviderException (java.security.NoSuchProviderException)3 UnrecoverableKeyException (java.security.UnrecoverableKeyException)3 ParseException (java.text.ParseException)3 BadPaddingException (javax.crypto.BadPaddingException)3 Cipher (javax.crypto.Cipher)3 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)3 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)3