Example 6 with ECParameterSpec
use of com.github.zhenwei.provider.jce.spec.ECParameterSpec in project LinLong-Java by zhenwei1108.
the class CertBuilder method generateCertificate.
/**
* @param [dn, publicKey, privateKey]
* @return java.security.cert.Certificate
* @author zhangzhenwei
* @description 生成证书
* todo just support sm2
* @date 2022/3/15 9:09 下午
* @since: 1.0.0
*/
public static byte[] generateCertificate(String subjectDn, String issuerDn, PublicKey publicKey, PrivateKey privateKey, SignAlgEnum signAlgEnum, int time, TimeUnit timeUnit) throws WeGooCryptoException {
try {
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
// SubjectPublicKeyInfo publicKeyInfo = (SubjectPublicKeyInfo)publicKey;
X500Name subject = new X500Name(subjectDn);
X500Name issuer = new X500Name(issuerDn);
byte[] bytes = new byte[15];
Random random = new Random();
random.nextBytes(bytes);
byte[] bytes1 = ByteArrayUtil.mergeBytes("9".getBytes(StandardCharsets.UTF_8), bytes);
BigInteger sn = new BigInteger(bytes1);
Date notBefore = DateUtil.now();
int max = Math.max(1, (int) timeUnit.toDays(time));
Date notAfter = DateUtil.nowPlusDays(max);
BcX509ExtensionUtils x509ExtensionUtils = new BcX509ExtensionUtils();
// 密钥用途: 签名和不可抵赖
int usage = KeyUsage.digitalSignature | KeyUsage.nonRepudiation;
// 使用者标识符
SubjectKeyIdentifier subjectKeyIdentifier = x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo);
// 授权者标识符
AuthorityKeyIdentifier authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
// 判断是否签发根证书
if (subject.toString().equals(subject.toString())) {
// 根证书 颁发者标识符
authorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(publicKeyInfo);
// 补充证书签名用途
usage = usage | KeyUsage.keyCertSign;
}
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(issuer, sn, notBefore, notAfter, subject, publicKeyInfo);
// 增加扩展项
Extension keyUsage = new Extension(Extension.keyUsage, false, new KeyUsage(usage).getEncoded());
Extension subjectKeyId = new Extension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier.getEncoded());
Extension authorityKeyId = new Extension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier.getEncoded());
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signAlgEnum.getOid());
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(signAlgEnum.getDigestAlgEnum().getOid());
builder.addExtension(keyUsage);
builder.addExtension(subjectKeyId);
builder.addExtension(authorityKeyId);
X509CertificateHolder holder;
BcContentSignerBuilder signerBuilder;
AsymmetricKeyParameter keyParameters;
if (publicKey.getAlgorithm().equals("EC")) {
signerBuilder = new BcECContentSignerBuilder(sigAlgId, digAlgId);
BCECPrivateKey key = (BCECPrivateKey) privateKey;
ECParameterSpec parameters = key.getParameters();
ECDomainParameters params = new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN());
keyParameters = new ECPrivateKeyParameters(key.getD(), params);
holder = builder.build(signerBuilder.build(keyParameters));
} else {
BCRSAPrivateKey key = (BCRSAPrivateKey) privateKey;
signerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
keyParameters = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent());
holder = builder.build(signerBuilder.build(keyParameters));
}
return holder.toASN1Structure().getEncoded();
} catch (Exception e) {
throw new WeGooCryptoException(CryptoExceptionMassageEnum.generate_cert_err, e);
}
}
Also used :
ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters)
BCRSAPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey)
X500Name(com.github.zhenwei.core.asn1.x500.X500Name)
RSAKeyParameters(com.github.zhenwei.core.crypto.params.RSAKeyParameters)
BcRSAContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcRSAContentSignerBuilder)
Random(java.util.Random)
BcContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcContentSignerBuilder)
Date(java.util.Date)
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
BCECPrivateKey(com.github.zhenwei.provider.jcajce.provider.asymmetric.ec.BCECPrivateKey)
ECPrivateKeyParameters(com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)
WeGooCryptoException(com.github.zhenwei.core.exception.WeGooCryptoException)
AsymmetricKeyParameter(com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter)
X509v3CertificateBuilder(com.github.zhenwei.pkix.cert.X509v3CertificateBuilder)
ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec)
X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
BcX509ExtensionUtils(com.github.zhenwei.pkix.cert.bc.BcX509ExtensionUtils)
BcECContentSignerBuilder(com.github.zhenwei.pkix.operator.bc.BcECContentSignerBuilder)
Example 7 with ECParameterSpec
use of com.github.zhenwei.provider.jce.spec.ECParameterSpec in project LinLong-Java by zhenwei1108.
the class KeyPairGeneratorSpi method initialize.
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof GOST3410ParameterSpec) {
GOST3410ParameterSpec gostParams = (GOST3410ParameterSpec) params;
init(gostParams, random);
} else if (params instanceof ECParameterSpec) {
ECParameterSpec p = (ECParameterSpec) params;
this.ecParams = params;
param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()), random);
engine.init(param);
initialised = true;
} else if (params instanceof java.security.spec.ECParameterSpec) {
java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec) params;
this.ecParams = params;
ECCurve curve = EC5Util.convertCurve(p.getCurve());
ECPoint g = EC5Util.convertPoint(curve, p.getGenerator());
param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
engine.init(param);
initialised = true;
} else if (params instanceof ECGenParameterSpec || params instanceof ECNamedCurveGenParameterSpec) {
String curveName;
if (params instanceof ECGenParameterSpec) {
curveName = ((ECGenParameterSpec) params).getName();
} else {
curveName = ((ECNamedCurveGenParameterSpec) params).getName();
}
init(new GOST3410ParameterSpec(curveName), random);
} else if (params == null && WeGooProvider.CONFIGURATION.getEcImplicitlyCa() != null) {
ECParameterSpec p = WeGooProvider.CONFIGURATION.getEcImplicitlyCa();
this.ecParams = params;
param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()), random);
engine.init(param);
initialised = true;
} else if (params == null && WeGooProvider.CONFIGURATION.getEcImplicitlyCa() == null) {
throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set");
} else {
throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec: " + params.getClass().getName());
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters)
ECGenParameterSpec(java.security.spec.ECGenParameterSpec)
ECNamedCurveGenParameterSpec(com.github.zhenwei.provider.jce.spec.ECNamedCurveGenParameterSpec)
ECPoint(com.github.zhenwei.core.math.ec.ECPoint)
ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec)
ECCurve(com.github.zhenwei.core.math.ec.ECCurve)
GOST3410ParameterSpec(com.github.zhenwei.provider.jcajce.spec.GOST3410ParameterSpec)
ECKeyGenerationParameters(com.github.zhenwei.core.crypto.params.ECKeyGenerationParameters)
Example 8 with ECParameterSpec
use of com.github.zhenwei.provider.jce.spec.ECParameterSpec in project LinLong-Java by zhenwei1108.
the class KeyPairGeneratorSpi method initialize.
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof ECParameterSpec) {
ECParameterSpec p = (ECParameterSpec) params;
this.ecParams = params;
param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()), random);
engine.init(param);
initialised = true;
} else if (params instanceof java.security.spec.ECParameterSpec) {
java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec) params;
this.ecParams = params;
ECCurve curve = EC5Util.convertCurve(p.getCurve());
ECPoint g = EC5Util.convertPoint(curve, p.getGenerator());
if (p instanceof DSTU4145ParameterSpec) {
DSTU4145ParameterSpec dstuSpec = (DSTU4145ParameterSpec) p;
param = new ECKeyGenerationParameters(new DSTU4145Parameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), dstuSpec.getDKE()), random);
} else {
param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
}
engine.init(param);
initialised = true;
} else if (params instanceof ECGenParameterSpec || params instanceof ECNamedCurveGenParameterSpec) {
String curveName;
if (params instanceof ECGenParameterSpec) {
curveName = ((ECGenParameterSpec) params).getName();
} else {
curveName = ((ECNamedCurveGenParameterSpec) params).getName();
}
// ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName);
ECDomainParameters ecP = DSTU4145NamedCurves.getByOID(new ASN1ObjectIdentifier(curveName));
if (ecP == null) {
throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
}
this.ecParams = new ECNamedCurveSpec(curveName, ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed());
java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec) ecParams;
ECCurve curve = EC5Util.convertCurve(p.getCurve());
ECPoint g = EC5Util.convertPoint(curve, p.getGenerator());
param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
engine.init(param);
initialised = true;
} else if (params == null && WeGooProvider.CONFIGURATION.getEcImplicitlyCa() != null) {
ECParameterSpec p = WeGooProvider.CONFIGURATION.getEcImplicitlyCa();
this.ecParams = params;
param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN(), p.getH()), random);
engine.init(param);
initialised = true;
} else if (params == null && WeGooProvider.CONFIGURATION.getEcImplicitlyCa() == null) {
throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set");
} else {
throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec: " + params.getClass().getName());
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters)
ECGenParameterSpec(java.security.spec.ECGenParameterSpec)
ECNamedCurveGenParameterSpec(com.github.zhenwei.provider.jce.spec.ECNamedCurveGenParameterSpec)
DSTU4145ParameterSpec(com.github.zhenwei.provider.jcajce.spec.DSTU4145ParameterSpec)
ECPoint(com.github.zhenwei.core.math.ec.ECPoint)
ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec)
ECCurve(com.github.zhenwei.core.math.ec.ECCurve)
DSTU4145Parameters(com.github.zhenwei.core.crypto.params.DSTU4145Parameters)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
ECKeyGenerationParameters(com.github.zhenwei.core.crypto.params.ECKeyGenerationParameters)
ECNamedCurveSpec(com.github.zhenwei.provider.jce.spec.ECNamedCurveSpec)
Example 9 with ECParameterSpec
use of com.github.zhenwei.provider.jce.spec.ECParameterSpec in project LinLong-Java by zhenwei1108.
the class ECUtil method generatePrivateKeyParameter.
public static AsymmetricKeyParameter generatePrivateKeyParameter(PrivateKey key) throws InvalidKeyException {
if (key instanceof ECPrivateKey) {
ECPrivateKey k = (ECPrivateKey) key;
ECParameterSpec s = k.getParameters();
if (s == null) {
s = WeGooProvider.CONFIGURATION.getEcImplicitlyCa();
}
if (k.getParameters() instanceof ECNamedCurveParameterSpec) {
String name = ((ECNamedCurveParameterSpec) k.getParameters()).getName();
return new ECPrivateKeyParameters(k.getD(), new ECNamedDomainParameters(ECNamedCurveTable.getOID(name), s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
} else {
return new ECPrivateKeyParameters(k.getD(), new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
}
} else if (key instanceof java.security.interfaces.ECPrivateKey) {
java.security.interfaces.ECPrivateKey privKey = (java.security.interfaces.ECPrivateKey) key;
ECParameterSpec s = EC5Util.convertSpec(privKey.getParams());
return new ECPrivateKeyParameters(privKey.getS(), new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
} else {
// see if we can build a key from key.getEncoded()
try {
byte[] bytes = key.getEncoded();
if (bytes == null) {
throw new InvalidKeyException("no encoding for EC private key");
}
PrivateKey privateKey = WeGooProvider.getPrivateKey(PrivateKeyInfo.getInstance(bytes));
if (privateKey instanceof java.security.interfaces.ECPrivateKey) {
return ECUtil.generatePrivateKeyParameter(privateKey);
}
} catch (Exception e) {
throw new InvalidKeyException("cannot identify EC private key: " + e.toString());
}
}
throw new InvalidKeyException("can't identify EC private key.");
}
Also used :
ECPrivateKey(com.github.zhenwei.provider.jce.interfaces.ECPrivateKey)
ECPrivateKey(com.github.zhenwei.provider.jce.interfaces.ECPrivateKey)
PrivateKey(java.security.PrivateKey)
ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters)
ECNamedDomainParameters(com.github.zhenwei.core.crypto.params.ECNamedDomainParameters)
InvalidKeyException(java.security.InvalidKeyException)
InvalidKeyException(java.security.InvalidKeyException)
ECPrivateKeyParameters(com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)
ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec)
ECNamedCurveParameterSpec(com.github.zhenwei.provider.jce.spec.ECNamedCurveParameterSpec)
Example 10 with ECParameterSpec
use of com.github.zhenwei.provider.jce.spec.ECParameterSpec in project LinLong-Java by zhenwei1108.
the class ECUtil method generatePublicKeyParameter.
public static AsymmetricKeyParameter generatePublicKeyParameter(PublicKey key) throws InvalidKeyException {
if (key instanceof ECPublicKey) {
ECPublicKey k = (ECPublicKey) key;
ECParameterSpec s = k.getParameters();
return new ECPublicKeyParameters(k.getQ(), new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
} else if (key instanceof java.security.interfaces.ECPublicKey) {
java.security.interfaces.ECPublicKey pubKey = (java.security.interfaces.ECPublicKey) key;
ECParameterSpec s = EC5Util.convertSpec(pubKey.getParams());
return new ECPublicKeyParameters(EC5Util.convertPoint(pubKey.getParams(), pubKey.getW()), new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
} else {
// see if we can build a key from key.getEncoded()
try {
byte[] bytes = key.getEncoded();
if (bytes == null) {
throw new InvalidKeyException("no encoding for EC public key");
}
PublicKey publicKey = WeGooProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes));
if (publicKey instanceof java.security.interfaces.ECPublicKey) {
return ECUtil.generatePublicKeyParameter(publicKey);
}
} catch (Exception e) {
throw new InvalidKeyException("cannot identify EC public key: " + e.toString());
}
}
throw new InvalidKeyException("cannot identify EC public key.");
}
Also used :
ECPublicKey(com.github.zhenwei.provider.jce.interfaces.ECPublicKey)
ECDomainParameters(com.github.zhenwei.core.crypto.params.ECDomainParameters)
ECParameterSpec(com.github.zhenwei.provider.jce.spec.ECParameterSpec)
PublicKey(java.security.PublicKey)
ECPublicKey(com.github.zhenwei.provider.jce.interfaces.ECPublicKey)
InvalidKeyException(java.security.InvalidKeyException)
ECPublicKeyParameters(com.github.zhenwei.core.crypto.params.ECPublicKeyParameters)
InvalidKeyException(java.security.InvalidKeyException)
Aggregations
ECParameterSpec (com.github.zhenwei.provider.jce.spec.ECParameterSpec)10
ECDomainParameters (com.github.zhenwei.core.crypto.params.ECDomainParameters)7
ECPrivateKeyParameters (com.github.zhenwei.core.crypto.params.ECPrivateKeyParameters)5
ECPublicKeyParameters (com.github.zhenwei.core.crypto.params.ECPublicKeyParameters)5
AsymmetricCipherKeyPair (com.github.zhenwei.core.crypto.AsymmetricCipherKeyPair)3
ECKeyGenerationParameters (com.github.zhenwei.core.crypto.params.ECKeyGenerationParameters)3
ECCurve (com.github.zhenwei.core.math.ec.ECCurve)3
ECPoint (com.github.zhenwei.core.math.ec.ECPoint)3
ECNamedCurveGenParameterSpec (com.github.zhenwei.provider.jce.spec.ECNamedCurveGenParameterSpec)3
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
KeyPair (java.security.KeyPair)3
ECGenParameterSpec (java.security.spec.ECGenParameterSpec)3
GOST3410ParameterSpec (com.github.zhenwei.provider.jcajce.spec.GOST3410ParameterSpec)2
InvalidKeyException (java.security.InvalidKeyException)2
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1
X500Name (com.github.zhenwei.core.asn1.x500.X500Name)1
AsymmetricKeyParameter (com.github.zhenwei.core.crypto.params.AsymmetricKeyParameter)1
DSTU4145Parameters (com.github.zhenwei.core.crypto.params.DSTU4145Parameters)1
ECNamedDomainParameters (com.github.zhenwei.core.crypto.params.ECNamedDomainParameters)1
RSAKeyParameters (com.github.zhenwei.core.crypto.params.RSAKeyParameters)1
