Search in sources :

Example 1 with BCFKSStoreParameter

use of com.github.zhenwei.provider.jcajce.BCFKSStoreParameter in project LinLong-Java by zhenwei1108.

the class BcFKSKeyStoreSpi method engineStore.

public void engineStore(KeyStore.LoadStoreParameter parameter) throws CertificateException, NoSuchAlgorithmException, IOException {
    if (parameter == null) {
        throw new IllegalArgumentException("'parameter' arg cannot be null");
    }
    if (parameter instanceof BCFKSStoreParameter) {
        BCFKSStoreParameter bcParam = (BCFKSStoreParameter) parameter;
        char[] password = ParameterUtil.extractPassword(parameter);
        hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
        engineStore(bcParam.getOutputStream(), password);
    } else if (parameter instanceof BCFKSLoadStoreParameter) {
        BCFKSLoadStoreParameter bcParam = (BCFKSLoadStoreParameter) parameter;
        if (bcParam.getStoreSignatureKey() != null) {
            signatureAlgorithm = generateSignatureAlgId(bcParam.getStoreSignatureKey(), bcParam.getStoreSignatureAlgorithm());
            hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
            if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
            } else {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
            }
            if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
                hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
            } else {
                hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
            }
            char[] password = ParameterUtil.extractPassword(bcParam);
            EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(signatureAlgorithm, password);
            try {
                Signature sig = helper.createSignature(signatureAlgorithm.getAlgorithm().getId());
                sig.initSign((PrivateKey) bcParam.getStoreSignatureKey());
                sig.update(encStoreData.getEncoded());
                SignatureCheck signatureCheck;
                X509Certificate[] certs = bcParam.getStoreCertificates();
                if (certs != null) {
                    com.github.zhenwei.core.asn1.x509.Certificate[] certificates = new com.github.zhenwei.core.asn1.x509.Certificate[certs.length];
                    for (int i = 0; i != certificates.length; i++) {
                        certificates[i] = com.github.zhenwei.core.asn1.x509.Certificate.getInstance(certs[i].getEncoded());
                    }
                    signatureCheck = new SignatureCheck(signatureAlgorithm, certificates, sig.sign());
                } else {
                    signatureCheck = new SignatureCheck(signatureAlgorithm, sig.sign());
                }
                ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(signatureCheck));
                bcParam.getOutputStream().write(store.getEncoded());
                bcParam.getOutputStream().flush();
            } catch (GeneralSecurityException e) {
                throw new IOException("error creating signature: " + e.getMessage(), e);
            }
        } else {
            char[] password = ParameterUtil.extractPassword(bcParam);
            hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
            if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
            } else {
                storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
            }
            if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
                hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
            } else {
                hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
            }
            engineStore(bcParam.getOutputStream(), password);
        }
    } else if (parameter instanceof BCLoadStoreParameter) {
        BCLoadStoreParameter bcParam = (BCLoadStoreParameter) parameter;
        engineStore(bcParam.getOutputStream(), ParameterUtil.extractPassword(parameter));
    } else {
        throw new IllegalArgumentException("no support for 'parameter' of type " + parameter.getClass().getName());
    }
}
Also used : ObjectStore(com.github.zhenwei.core.asn1.bc.ObjectStore) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) BCFKSStoreParameter(com.github.zhenwei.provider.jcajce.BCFKSStoreParameter) EncryptedObjectStoreData(com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData) IOException(java.io.IOException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) SignatureCheck(com.github.zhenwei.core.asn1.bc.SignatureCheck) Signature(java.security.Signature) BCFKSLoadStoreParameter(com.github.zhenwei.provider.jcajce.BCFKSLoadStoreParameter) BCLoadStoreParameter(com.github.zhenwei.provider.jcajce.BCLoadStoreParameter) ObjectStoreIntegrityCheck(com.github.zhenwei.core.asn1.bc.ObjectStoreIntegrityCheck)

Aggregations

EncryptedObjectStoreData (com.github.zhenwei.core.asn1.bc.EncryptedObjectStoreData)1 ObjectStore (com.github.zhenwei.core.asn1.bc.ObjectStore)1 ObjectStoreIntegrityCheck (com.github.zhenwei.core.asn1.bc.ObjectStoreIntegrityCheck)1 SignatureCheck (com.github.zhenwei.core.asn1.bc.SignatureCheck)1 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)1 BCFKSLoadStoreParameter (com.github.zhenwei.provider.jcajce.BCFKSLoadStoreParameter)1 BCFKSStoreParameter (com.github.zhenwei.provider.jcajce.BCFKSStoreParameter)1 BCLoadStoreParameter (com.github.zhenwei.provider.jcajce.BCLoadStoreParameter)1 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 PrivateKey (java.security.PrivateKey)1 Signature (java.security.Signature)1