use of com.github.zhenwei.provider.jcajce.BCLoadStoreParameter in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineLoad.
public void engineLoad(KeyStore.LoadStoreParameter parameter) throws CertificateException, NoSuchAlgorithmException, IOException {
if (parameter == null) {
engineLoad(null, null);
} else if (parameter instanceof BCFKSLoadStoreParameter) {
BCFKSLoadStoreParameter bcParam = (BCFKSLoadStoreParameter) parameter;
char[] password = ParameterUtil.extractPassword(bcParam);
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
} else {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
}
if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
} else {
hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
}
this.verificationKey = (PublicKey) bcParam.getStoreSignatureKey();
this.validator = bcParam.getCertChainValidator();
this.signatureAlgorithm = generateSignatureAlgId(verificationKey, bcParam.getStoreSignatureAlgorithm());
AlgorithmIdentifier presetHmacAlgorithm = hmacAlgorithm;
ASN1ObjectIdentifier presetStoreEncryptionAlgorithm = storeEncryptionAlgorithm;
InputStream inputStream = bcParam.getInputStream();
engineLoad(inputStream, password);
if (inputStream != null) {
if (// !presetHmacAlgorithm.equals(hmacAlgorithm)
!isSimilarHmacPbkd(bcParam.getStorePBKDFConfig(), hmacPkbdAlgorithm) || !presetStoreEncryptionAlgorithm.equals(storeEncryptionAlgorithm)) {
throw new IOException("configuration parameters do not match existing store");
}
}
} else if (parameter instanceof BCLoadStoreParameter) {
BCLoadStoreParameter bcParam = (BCLoadStoreParameter) parameter;
engineLoad(bcParam.getInputStream(), ParameterUtil.extractPassword(parameter));
} else {
throw new IllegalArgumentException("no support for 'parameter' of type " + parameter.getClass().getName());
}
}
use of com.github.zhenwei.provider.jcajce.BCLoadStoreParameter in project LinLong-Java by zhenwei1108.
the class BcFKSKeyStoreSpi method engineStore.
public void engineStore(KeyStore.LoadStoreParameter parameter) throws CertificateException, NoSuchAlgorithmException, IOException {
if (parameter == null) {
throw new IllegalArgumentException("'parameter' arg cannot be null");
}
if (parameter instanceof BCFKSStoreParameter) {
BCFKSStoreParameter bcParam = (BCFKSStoreParameter) parameter;
char[] password = ParameterUtil.extractPassword(parameter);
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
engineStore(bcParam.getOutputStream(), password);
} else if (parameter instanceof BCFKSLoadStoreParameter) {
BCFKSLoadStoreParameter bcParam = (BCFKSLoadStoreParameter) parameter;
if (bcParam.getStoreSignatureKey() != null) {
signatureAlgorithm = generateSignatureAlgId(bcParam.getStoreSignatureKey(), bcParam.getStoreSignatureAlgorithm());
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
} else {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
}
if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
} else {
hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
}
char[] password = ParameterUtil.extractPassword(bcParam);
EncryptedObjectStoreData encStoreData = getEncryptedObjectStoreData(signatureAlgorithm, password);
try {
Signature sig = helper.createSignature(signatureAlgorithm.getAlgorithm().getId());
sig.initSign((PrivateKey) bcParam.getStoreSignatureKey());
sig.update(encStoreData.getEncoded());
SignatureCheck signatureCheck;
X509Certificate[] certs = bcParam.getStoreCertificates();
if (certs != null) {
com.github.zhenwei.core.asn1.x509.Certificate[] certificates = new com.github.zhenwei.core.asn1.x509.Certificate[certs.length];
for (int i = 0; i != certificates.length; i++) {
certificates[i] = com.github.zhenwei.core.asn1.x509.Certificate.getInstance(certs[i].getEncoded());
}
signatureCheck = new SignatureCheck(signatureAlgorithm, certificates, sig.sign());
} else {
signatureCheck = new SignatureCheck(signatureAlgorithm, sig.sign());
}
ObjectStore store = new ObjectStore(encStoreData, new ObjectStoreIntegrityCheck(signatureCheck));
bcParam.getOutputStream().write(store.getEncoded());
bcParam.getOutputStream().flush();
} catch (GeneralSecurityException e) {
throw new IOException("error creating signature: " + e.getMessage(), e);
}
} else {
char[] password = ParameterUtil.extractPassword(bcParam);
hmacPkbdAlgorithm = generatePkbdAlgorithmIdentifier(bcParam.getStorePBKDFConfig(), 512 / 8);
if (bcParam.getStoreEncryptionAlgorithm() == BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_CCM) {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_CCM;
} else {
storeEncryptionAlgorithm = NISTObjectIdentifiers.id_aes256_wrap_pad;
}
if (bcParam.getStoreMacAlgorithm() == BCFKSLoadStoreParameter.MacAlgorithm.HmacSHA512) {
hmacAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);
} else {
hmacAlgorithm = new AlgorithmIdentifier(NISTObjectIdentifiers.id_hmacWithSHA3_512, DERNull.INSTANCE);
}
engineStore(bcParam.getOutputStream(), password);
}
} else if (parameter instanceof BCLoadStoreParameter) {
BCLoadStoreParameter bcParam = (BCLoadStoreParameter) parameter;
engineStore(bcParam.getOutputStream(), ParameterUtil.extractPassword(parameter));
} else {
throw new IllegalArgumentException("no support for 'parameter' of type " + parameter.getClass().getName());
}
}
Aggregations