Example 16 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class BcPKCS12PBEInputDecryptorProviderBuilder method build.
public InputDecryptorProvider build(final char[] password) {
return new InputDecryptorProvider() {
public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) {
final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm());
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());
CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password);
engine.init(false, params);
return new InputDecryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algorithmIdentifier;
}
public InputStream getInputStream(InputStream input) {
return new CipherInputStream(input, engine);
}
public GenericKey getKey() {
return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
}
};
}
};
}
Also used :
CipherParameters(com.github.zhenwei.core.crypto.CipherParameters)
PaddedBufferedBlockCipher(com.github.zhenwei.core.crypto.paddings.PaddedBufferedBlockCipher)
InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider)
CipherInputStream(com.github.zhenwei.core.crypto.io.CipherInputStream)
InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
CipherInputStream(com.github.zhenwei.core.crypto.io.CipherInputStream)
InputStream(java.io.InputStream)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 17 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class BcPKCS12PBEOutputEncryptorBuilder method build.
public OutputEncryptor build(final char[] password) {
if (random == null) {
random = new SecureRandom();
}
final byte[] salt = new byte[20];
random.nextBytes(salt);
final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount);
CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password);
engine.init(true, params);
return new OutputEncryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(algorithm, pbeParams);
}
public OutputStream getOutputStream(OutputStream out) {
return new CipherOutputStream(out, engine);
}
public GenericKey getKey() {
return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
}
};
}
Also used :
CipherParameters(com.github.zhenwei.core.crypto.CipherParameters)
CipherOutputStream(com.github.zhenwei.core.crypto.io.CipherOutputStream)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
OutputStream(java.io.OutputStream)
CipherOutputStream(com.github.zhenwei.core.crypto.io.CipherOutputStream)
SecureRandom(java.security.SecureRandom)
GenericKey(com.github.zhenwei.pkix.operator.GenericKey)
OutputEncryptor(com.github.zhenwei.pkix.operator.OutputEncryptor)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 18 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class PKCS12KeyStoreSpi method unwrapKey.
protected PrivateKey unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException {
ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
try {
if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), validateIterationCount(pbeParams.getIterations()));
Cipher cipher = helper.createCipher(algorithm.getId());
PKCS12Key key = new PKCS12Key(password, wrongPKCS12Zero);
cipher.init(Cipher.UNWRAP_MODE, key, defParams);
// we pass "" as the key algorithm type as it is unknown at this point
return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
} else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
Cipher cipher = createCipher(Cipher.UNWRAP_MODE, password, algId);
// we pass "" as the key algorithm type as it is unknown at this point
return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
}
} catch (Exception e) {
throw new IOException("exception unwrapping private key - " + e.toString());
}
throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm);
}
Also used :
PrivateKey(java.security.PrivateKey)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
Cipher(javax.crypto.Cipher)
PKCS12Key(com.github.zhenwei.provider.jcajce.PKCS12Key)
IOException(java.io.IOException)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 19 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class PKCS12PfxPdu method isMacValid.
/**
* Verify the MacData attached to the PFX is consistent with what is expected.
*
* @param macCalcProviderBuilder provider builder for the calculator for the MAC
* @param password password to use
* @return true if mac data is valid, false otherwise.
* @throws PKCSException if there is a problem evaluating the MAC.
* @throws IllegalStateException if no MAC is actually present
*/
public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password) throws PKCSException {
if (hasMac()) {
MacData pfxmData = pfx.getMacData();
MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue()))));
try {
MacData mData = mdGen.build(password, ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets());
return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded());
} catch (IOException e) {
throw new PKCSException("unable to process AuthSafe: " + e.getMessage());
}
}
throw new IllegalStateException("no MAC present on PFX");
}
Also used :
MacData(com.github.zhenwei.core.asn1.pkcs.MacData)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
IOException(java.io.IOException)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 20 with PKCS12PBEParams
use of com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams in project LinLong-Java by zhenwei1108.
the class JceOpenSSLPKCS8DecryptorProviderBuilder method build.
public InputDecryptorProvider build(final char[] password) throws OperatorCreationException {
return new InputDecryptorProvider() {
public InputDecryptor get(final AlgorithmIdentifier algorithm) throws OperatorCreationException {
final Cipher cipher;
try {
if (PEMUtilities.isPKCS5Scheme2(algorithm.getAlgorithm())) {
PBES2Parameters params = PBES2Parameters.getInstance(algorithm.getParameters());
KeyDerivationFunc func = params.getKeyDerivationFunc();
EncryptionScheme scheme = params.getEncryptionScheme();
PBKDF2Params defParams = (PBKDF2Params) func.getParameters();
int iterationCount = defParams.getIterationCount().intValue();
byte[] salt = defParams.getSalt();
String oid = scheme.getAlgorithm().getId();
SecretKey key;
if (PEMUtilities.isHmacSHA1(defParams.getPrf())) {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount);
} else {
key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(helper, oid, password, salt, iterationCount, defParams.getPrf());
}
cipher = helper.createCipher(oid);
AlgorithmParameters algParams = helper.createAlgorithmParameters(oid);
algParams.init(scheme.getParameters().toASN1Primitive().getEncoded());
cipher.init(Cipher.DECRYPT_MODE, key, algParams);
} else if (PEMUtilities.isPKCS12(algorithm.getAlgorithm())) {
PKCS12PBEParams params = PKCS12PBEParams.getInstance(algorithm.getParameters());
cipher = helper.createCipher(algorithm.getAlgorithm().getId());
cipher.init(Cipher.DECRYPT_MODE, new PKCS12KeyWithParameters(password, params.getIV(), params.getIterations().intValue()));
} else if (PEMUtilities.isPKCS5Scheme1(algorithm.getAlgorithm())) {
PBEParameter params = PBEParameter.getInstance(algorithm.getParameters());
cipher = helper.createCipher(algorithm.getAlgorithm().getId());
cipher.init(Cipher.DECRYPT_MODE, new PBKDF1KeyWithParameters(password, new CharToByteConverter() {
public String getType() {
return "ASCII";
}
public byte[] convert(char[] password) {
// just drop hi-order byte.
return Strings.toByteArray(password);
}
}, params.getSalt(), params.getIterationCount().intValue()));
} else {
throw new PEMException("Unknown algorithm: " + algorithm.getAlgorithm());
}
return new InputDecryptor() {
public AlgorithmIdentifier getAlgorithmIdentifier() {
return algorithm;
}
public InputStream getInputStream(InputStream encIn) {
return new CipherInputStream(encIn, cipher);
}
};
} catch (IOException e) {
throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e);
}
}
};
}
Also used :
PBEParameter(com.github.zhenwei.core.asn1.pkcs.PBEParameter)
PBES2Parameters(com.github.zhenwei.core.asn1.pkcs.PBES2Parameters)
EncryptionScheme(com.github.zhenwei.core.asn1.pkcs.EncryptionScheme)
CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream)
InputDecryptor(com.github.zhenwei.pkix.operator.InputDecryptor)
CipherInputStream(com.github.zhenwei.provider.jcajce.io.CipherInputStream)
InputStream(java.io.InputStream)
PBKDF1KeyWithParameters(com.github.zhenwei.provider.jcajce.PBKDF1KeyWithParameters)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
CharToByteConverter(com.github.zhenwei.core.crypto.CharToByteConverter)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
SecretKey(javax.crypto.SecretKey)
InputDecryptorProvider(com.github.zhenwei.pkix.operator.InputDecryptorProvider)
PKCS12PBEParams(com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)
PEMException(com.github.zhenwei.pkix.openssl.PEMException)
KeyDerivationFunc(com.github.zhenwei.core.asn1.pkcs.KeyDerivationFunc)
PBKDF2Params(com.github.zhenwei.core.asn1.pkcs.PBKDF2Params)
Cipher(javax.crypto.Cipher)
OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException)
PKCS12KeyWithParameters(com.github.zhenwei.provider.jcajce.PKCS12KeyWithParameters)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
PKCS12PBEParams (com.github.zhenwei.core.asn1.pkcs.PKCS12PBEParams)13
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)11
IOException (java.io.IOException)11
Cipher (javax.crypto.Cipher)10
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)10
KeyStoreException (java.security.KeyStoreException)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
UnrecoverableKeyException (java.security.UnrecoverableKeyException)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
CertificateException (java.security.cert.CertificateException)9
SecretKey (javax.crypto.SecretKey)7
SecretKeyFactory (javax.crypto.SecretKeyFactory)7
PBEKeySpec (javax.crypto.spec.PBEKeySpec)7
GenericKey (com.github.zhenwei.pkix.operator.GenericKey)6
PKCS12PBEParams (org.bouncycastle.asn1.pkcs.PKCS12PBEParams)6
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)5
OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)5
PrivateKey (java.security.PrivateKey)5
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)5
DEROctetString (org.bouncycastle.asn1.DEROctetString)5
