use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class JcaPKIXIdentityBuilder method build.
/**
* Build an identity from the passed in key and certificate stream in PEM format.
*
* @param keyStream the PEM stream containing the key
* @param certificateStream the PEM stream containing the certificate
* @return an identity object.
* @throws IOException on a general parsing error.
* @throws CertificateException on a certificate parsing error.
*/
public JcaPKIXIdentity build(InputStream keyStream, InputStream certificateStream) throws IOException, CertificateException {
PEMParser keyParser = new PEMParser(new InputStreamReader(keyStream));
PrivateKey privKey;
Object keyObj = keyParser.readObject();
if (keyObj instanceof PEMKeyPair) {
PEMKeyPair kp = (PEMKeyPair) keyObj;
privKey = keyConverter.getPrivateKey(kp.getPrivateKeyInfo());
} else if (keyObj instanceof PrivateKeyInfo) {
privKey = keyConverter.getPrivateKey((PrivateKeyInfo) keyObj);
} else {
// TODO: handle encrypted private keys
throw new IOException("unrecognised private key file");
}
PEMParser certParser = new PEMParser(new InputStreamReader(certificateStream));
List certs = new ArrayList();
Object certObj;
while ((certObj = certParser.readObject()) != null) {
certs.add(certConverter.getCertificate((X509CertificateHolder) certObj));
}
return new JcaPKIXIdentity(privKey, (X509Certificate[]) certs.toArray(new X509Certificate[certs.size()]));
}
use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class MiscPEMGenerator method createPemObject.
private PemObject createPemObject(Object o) throws IOException {
String type;
byte[] encoding;
if (o instanceof PemObject) {
return (PemObject) o;
}
if (o instanceof PemObjectGenerator) {
return ((PemObjectGenerator) o).generate();
}
if (o instanceof X509CertificateHolder) {
type = "CERTIFICATE";
encoding = ((X509CertificateHolder) o).getEncoded();
} else if (o instanceof X509CRLHolder) {
type = "X509 CRL";
encoding = ((X509CRLHolder) o).getEncoded();
} else if (o instanceof X509TrustedCertificateBlock) {
type = "TRUSTED CERTIFICATE";
encoding = ((X509TrustedCertificateBlock) o).getEncoded();
} else if (o instanceof PrivateKeyInfo) {
PrivateKeyInfo info = (PrivateKeyInfo) o;
ASN1ObjectIdentifier algOID = info.getPrivateKeyAlgorithm().getAlgorithm();
if (algOID.equals(PKCSObjectIdentifiers.rsaEncryption)) {
type = "RSA PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else if (algOID.equals(dsaOids[0]) || algOID.equals(dsaOids[1])) {
type = "DSA PRIVATE KEY";
DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new ASN1Integer(0));
v.add(new ASN1Integer(p.getP()));
v.add(new ASN1Integer(p.getQ()));
v.add(new ASN1Integer(p.getG()));
BigInteger x = ASN1Integer.getInstance(info.parsePrivateKey()).getValue();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new ASN1Integer(y));
v.add(new ASN1Integer(x));
encoding = new DERSequence(v).getEncoded();
} else if (algOID.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
type = "EC PRIVATE KEY";
encoding = info.parsePrivateKey().toASN1Primitive().getEncoded();
} else {
type = "PRIVATE KEY";
encoding = info.getEncoded();
}
} else if (o instanceof SubjectPublicKeyInfo) {
type = "PUBLIC KEY";
encoding = ((SubjectPublicKeyInfo) o).getEncoded();
} else if (o instanceof X509AttributeCertificateHolder) {
type = "ATTRIBUTE CERTIFICATE";
encoding = ((X509AttributeCertificateHolder) o).getEncoded();
} else if (o instanceof com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequest) {
type = "CERTIFICATE REQUEST";
encoding = ((PKCS10CertificationRequest) o).getEncoded();
} else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
type = "ENCRYPTED PRIVATE KEY";
encoding = ((PKCS8EncryptedPrivateKeyInfo) o).getEncoded();
} else if (o instanceof ContentInfo) {
type = "PKCS7";
encoding = ((ContentInfo) o).getEncoded();
} else {
throw new PemGenerationException("unknown object passed - can't encode.");
}
if (encryptor != null) {
String dekAlgName = Strings.toUpperCase(encryptor.getAlgorithm());
// Note: For backward compatibility
if (dekAlgName.equals("DESEDE")) {
dekAlgName = "DES-EDE3-CBC";
}
byte[] iv = encryptor.getIV();
byte[] encData = encryptor.encrypt(encoding);
List headers = new ArrayList(2);
headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
return new PemObject(type, headers, encData);
}
return new PemObject(type, encoding);
}
use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class EncKeyWithID method toASN1Primitive.
/**
* <pre>
* EncKeyWithID ::= SEQUENCE {
* privateKey PrivateKeyInfo,
* identifier CHOICE {
* string UTF8String,
* generalName GeneralName
* } OPTIONAL
* }
* </pre>
*
* @return an ASN.1 primitive composition of this EncKeyWithID.
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(privKeyInfo);
if (identifier != null) {
v.add(identifier);
}
return new DERSequence(v);
}
use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineGetKey.
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException {
ObjectData ent = (ObjectData) entries.get(alias);
if (ent != null) {
if (ent.getType().equals(PRIVATE_KEY) || ent.getType().equals(PROTECTED_PRIVATE_KEY)) {
PrivateKey cachedKey = (PrivateKey) privateKeyCache.get(alias);
if (cachedKey != null) {
return cachedKey;
}
EncryptedPrivateKeyData encPrivData = EncryptedPrivateKeyData.getInstance(ent.getData());
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.getInstance(encPrivData.getEncryptedPrivateKeyInfo());
try {
PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(decryptData("PRIVATE_KEY_ENCRYPTION", encInfo.getEncryptionAlgorithm(), password, encInfo.getEncryptedData()));
KeyFactory kFact = helper.createKeyFactory(getPublicKeyAlg(pInfo.getPrivateKeyAlgorithm().getAlgorithm()));
PrivateKey privateKey = kFact.generatePrivate(new PKCS8EncodedKeySpec(pInfo.getEncoded()));
// check that the key pair and the certificate public key are consistent
// TODO: new ConsistentKeyPair(engineGetCertificate(alias).getPublicKey(), privateKey);
privateKeyCache.put(alias, privateKey);
return privateKey;
} catch (Exception e) {
throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover private key (" + alias + "): " + e.getMessage());
}
} else if (ent.getType().equals(SECRET_KEY) || ent.getType().equals(PROTECTED_SECRET_KEY)) {
EncryptedSecretKeyData encKeyData = EncryptedSecretKeyData.getInstance(ent.getData());
try {
SecretKeyData keyData = SecretKeyData.getInstance(decryptData("SECRET_KEY_ENCRYPTION", encKeyData.getKeyEncryptionAlgorithm(), password, encKeyData.getEncryptedKeyData()));
SecretKeyFactory kFact = helper.createSecretKeyFactory(keyData.getKeyAlgorithm().getId());
return kFact.generateSecret(new SecretKeySpec(keyData.getKeyBytes(), keyData.getKeyAlgorithm().getId()));
} catch (Exception e) {
throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): " + e.getMessage());
}
} else {
throw new UnrecoverableKeyException("BCFKS KeyStore unable to recover secret key (" + alias + "): type not recognized");
}
}
return null;
}
use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project LinLong-Java by zhenwei1108.
the class McElieceKeyFactorySpi method engineGeneratePrivate.
/**
* Converts, if possible, a key specification into a {@link BCMcEliecePrivateKey}.
*
* @param keySpec the key specification
* @return the McEliece private key
* @throws InvalidKeySpecException if the KeySpec is not supported.
*/
protected PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
if (keySpec instanceof PKCS8EncodedKeySpec) {
// get the DER-encoded Key according to PKCS#8 from the spec
byte[] encKey = ((PKCS8EncodedKeySpec) keySpec).getEncoded();
// decode the PKCS#8 data structure to the pki object
PrivateKeyInfo pki;
try {
pki = PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey));
} catch (IOException e) {
throw new InvalidKeySpecException("Unable to decode PKCS8EncodedKeySpec: " + e);
}
try {
if (PQCObjectIdentifiers.mcEliece.equals(pki.getPrivateKeyAlgorithm().getAlgorithm())) {
McEliecePrivateKey key = McEliecePrivateKey.getInstance(pki.parsePrivateKey());
return new BCMcEliecePrivateKey(new McEliecePrivateKeyParameters(key.getN(), key.getK(), key.getField(), key.getGoppaPoly(), key.getP1(), key.getP2(), key.getSInv()));
} else {
throw new InvalidKeySpecException("Unable to recognise OID in McEliece private key");
}
} catch (IOException cce) {
throw new InvalidKeySpecException("Unable to decode PKCS8EncodedKeySpec.");
}
}
throw new InvalidKeySpecException("Unsupported key specification: " + keySpec.getClass() + ".");
}
Aggregations