Search in sources :

Example 56 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class PKIPublicationInfo method encode.

@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
    SEQUENCE seq = new SEQUENCE();
    seq.addElement(new INTEGER(action));
    seq.addElement(pubInfos);
    seq.encode(implicitTag, ostream);
}
Also used : SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) INTEGER(org.mozilla.jss.asn1.INTEGER)

Example 57 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class EncryptedPrivateKeyInfo method createPBES2.

/**
 * Export a private key in PBES2 format, using a random PBKDF2 salt.
 *
 * Token must support the CKM_PKCS5_PBKD2 mechanism.
 *
 * @param saltLen Length of salt in bytes (default: 16)
 * @param kdfIterations PBKDF2 iterations (default: 2000)
 * @param encAlg The symmetric encryption algorithm for enciphering the
 *               private key.  Determines the size of derived key.
 * @param pwd Password
 * @param charToByteConverter The mechanism for converting the characters
 *      in the password into bytes.  If null, the default mechanism
 *      will be used, which is UTF8.
 * @param privateKeyInfo The encoded PrivateKeyInfo to be encrypted and
 *                       stored in the EncryptedContentInfo.
 */
public static EncryptedPrivateKeyInfo createPBES2(int saltLen, int kdfIterations, EncryptionAlgorithm encAlg, Password pwd, KeyGenerator.CharToByteConverter charToByteConverter, PrivateKeyInfo privateKeyInfo) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
    if (encAlg == null)
        throw new IllegalArgumentException("encAlg cannot be null");
    if (pwd == null)
        throw new IllegalArgumentException("pwd cannot be null");
    if (privateKeyInfo == null)
        throw new IllegalArgumentException("privateKeyInfo cannot be null");
    if (kdfIterations < 1)
        kdfIterations = 2000;
    if (saltLen < 1)
        saltLen = 16;
    try {
        // generate random PBKDF2 salt
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[saltLen];
        random.nextBytes(salt);
        // derive symmetric key from passphrase using PBKDF2
        CryptoManager cm = CryptoManager.getInstance();
        CryptoToken token = cm.getInternalCryptoToken();
        KeyGenerator kg = token.getKeyGenerator(PBEAlgorithm.PBE_PKCS5_PBKDF2);
        PBEKeyGenParams pbekgParams = new PBEKeyGenParams(pwd.getChars(), salt, kdfIterations, encAlg);
        if (charToByteConverter != null)
            kg.setCharToByteConverter(charToByteConverter);
        kg.initialize(pbekgParams);
        SymmetricKey sk = kg.generate();
        // encrypt PrivateKeyInfo
        byte[] iv = new byte[encAlg.getBlockSize()];
        random.nextBytes(iv);
        Cipher cipher = token.getCipherContext(encAlg);
        cipher.initEncrypt(sk, new IVParameterSpec(iv));
        byte[] encData = cipher.doFinal(ASN1Util.encode(privateKeyInfo));
        // construct KDF AlgorithmIdentifier
        SEQUENCE paramsKdf = new SEQUENCE();
        paramsKdf.addElement(new OCTET_STRING(salt));
        paramsKdf.addElement(new INTEGER(kdfIterations));
        paramsKdf.addElement(new INTEGER(sk.getLength()));
        AlgorithmIdentifier algIdKdf = new AlgorithmIdentifier(PBEAlgorithm.PBE_PKCS5_PBKDF2.toOID(), paramsKdf);
        // construct encryption AlgorithmIdentifier
        AlgorithmIdentifier algIdEnc = new AlgorithmIdentifier(encAlg.toOID(), new OCTET_STRING(iv));
        // construct "composite" PBES2 AlgorithmIdentifier
        SEQUENCE paramsPBES2 = new SEQUENCE();
        paramsPBES2.addElement(algIdKdf);
        paramsPBES2.addElement(algIdEnc);
        AlgorithmIdentifier algIdPBES2 = new AlgorithmIdentifier(PBEAlgorithm.PBE_PKCS5_PBES2.toOID(), paramsPBES2);
        // construct EncryptedPrivateKeyInfo
        return new EncryptedPrivateKeyInfo(algIdPBES2, new OCTET_STRING(encData));
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo.createPBES2: " + e.getMessage(), e);
    } catch (BadPaddingException e) {
        throw new RuntimeException("BadPaddingException in EncryptedContentInfo.createPBES2: " + e.getMessage(), e);
    }
}
Also used : CryptoToken(org.mozilla.jss.crypto.CryptoToken) IVParameterSpec(org.mozilla.jss.crypto.IVParameterSpec) SecureRandom(java.security.SecureRandom) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) IllegalBlockSizeException(org.mozilla.jss.crypto.IllegalBlockSizeException) CryptoManager(org.mozilla.jss.CryptoManager) BadPaddingException(javax.crypto.BadPaddingException) PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) Cipher(org.mozilla.jss.crypto.Cipher) KeyGenerator(org.mozilla.jss.crypto.KeyGenerator) INTEGER(org.mozilla.jss.asn1.INTEGER)

Example 58 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class KeyFactorySpi1_2 method engineGeneratePrivate.

/**
 * We don't support RSAPrivateKeySpec because it doesn't have enough
 * information. You need to provide an RSAPrivateCrtKeySpec.
 */
@Override
protected java.security.PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
    try {
        if (keySpec instanceof RSAPrivateCrtKeySpec) {
            // 
            // PKCS #1 RSAPrivateKey
            // 
            RSAPrivateCrtKeySpec spec = (RSAPrivateCrtKeySpec) keySpec;
            SEQUENCE privKey = new SEQUENCE();
            // version
            privKey.addElement(new INTEGER(0));
            privKey.addElement(new INTEGER(spec.getModulus()));
            privKey.addElement(new INTEGER(spec.getPublicExponent()));
            privKey.addElement(new INTEGER(spec.getPrivateExponent()));
            privKey.addElement(new INTEGER(spec.getPrimeP()));
            privKey.addElement(new INTEGER(spec.getPrimeQ()));
            privKey.addElement(new INTEGER(spec.getPrimeExponentP()));
            privKey.addElement(new INTEGER(spec.getPrimeExponentQ()));
            privKey.addElement(new INTEGER(spec.getCrtCoefficient()));
            AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.RSA.toOID(), null);
            OCTET_STRING encodedPrivKey = new OCTET_STRING(ASN1Util.encode(privKey));
            PrivateKeyInfo pki = new PrivateKeyInfo(// version
            new INTEGER(0), algID, encodedPrivKey, // OPTIONAL SET OF Attribute
            (SET) null);
            return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken());
        } else if (keySpec instanceof DSAPrivateKeySpec) {
            DSAPrivateKeySpec spec = (DSAPrivateKeySpec) keySpec;
            SEQUENCE pqgParams = new SEQUENCE();
            pqgParams.addElement(new INTEGER(spec.getP()));
            pqgParams.addElement(new INTEGER(spec.getQ()));
            pqgParams.addElement(new INTEGER(spec.getG()));
            AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.DSA.toOID(), pqgParams);
            OCTET_STRING privateKey = new OCTET_STRING(ASN1Util.encode(new INTEGER(spec.getX())));
            PrivateKeyInfo pki = new PrivateKeyInfo(// version
            new INTEGER(0), algID, privateKey, // OPTIONAL SET OF Attribute
            null);
            // Derive the public key from the private key
            BigInteger y = spec.getG().modPow(spec.getX(), spec.getP());
            byte[] yBA = y.toByteArray();
            // we need to chop off a leading zero byte
            if (y.bitLength() % 8 == 0) {
                byte[] newBA = new byte[yBA.length - 1];
                assert (newBA.length >= 0);
                System.arraycopy(yBA, 1, newBA, 0, newBA.length);
                yBA = newBA;
            }
            return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken(), yBA);
        } else if (keySpec instanceof PKCS8EncodedKeySpec) {
            return PK11PrivKey.fromPrivateKeyInfo((PKCS8EncodedKeySpec) keySpec, TokenSupplierManager.getTokenSupplier().getThreadToken());
        }
        throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
    } catch (TokenException te) {
        StringWriter sw = new StringWriter();
        PrintWriter pw = new PrintWriter(sw);
        te.printStackTrace(pw);
        throw new InvalidKeySpecException("TokenException: " + sw.toString());
    }
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier) DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) StringWriter(java.io.StringWriter) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) TokenException(org.mozilla.jss.crypto.TokenException) BigInteger(java.math.BigInteger) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PrivateKeyInfo(org.mozilla.jss.pkix.primitive.PrivateKeyInfo) INTEGER(org.mozilla.jss.asn1.INTEGER) PrintWriter(java.io.PrintWriter)

Example 59 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class CertRequest method encode.

/**
 * This method is not yet supported.
 */
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
    // Assert.notYetImplemented("CertRequest encoding");
    SEQUENCE sequence = new SEQUENCE();
    sequence.addElement(certReqId);
    sequence.addElement(certTemplate);
    if (controls != null)
        sequence.addElement(controls);
    sequence.encode(implicit, ostream);
}
Also used : SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)

Example 60 with Sequence

use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.

the class SignerInfo method createDigestInfo.

private SEQUENCE createDigestInfo(byte[] data, boolean doDigest) throws NoSuchAlgorithmException {
    if (data == null || data.length == 0) {
        throw new IllegalArgumentException("Data to digest must be supplied");
    }
    SEQUENCE digestInfo = new SEQUENCE();
    digestInfo.addElement(this.digestAlgorithm);
    byte[] digest;
    if (doDigest) {
        MessageDigest md = MessageDigest.getInstance(DigestAlgorithm.fromOID(this.digestAlgorithm.getOID()).toString());
        digest = md.digest(data);
    } else {
        digest = data;
    }
    digestInfo.addElement(new OCTET_STRING(digest));
    return digestInfo;
}
Also used : OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) MessageDigest(java.security.MessageDigest)

Aggregations

SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)50 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)16 Sequence (org.sbolstandard.core2.Sequence)11 SET (org.mozilla.jss.asn1.SET)9 ANY (org.mozilla.jss.asn1.ANY)8 InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)8 OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8 URI (java.net.URI)7 BMPString (org.mozilla.jss.asn1.BMPString)7 CryptoToken (org.mozilla.jss.crypto.CryptoToken)7 ASN1Value (org.mozilla.jss.asn1.ASN1Value)6 INTEGER (org.mozilla.jss.asn1.INTEGER)6 AuthenticatedSafes (org.mozilla.jss.pkcs12.AuthenticatedSafes)6 FileOutputStream (java.io.FileOutputStream)5 IOException (java.io.IOException)5 SignatureException (java.security.SignatureException)5 EXPLICIT (org.mozilla.jss.asn1.EXPLICIT)5 SafeBag (org.mozilla.jss.pkcs12.SafeBag)5 Certificate (org.mozilla.jss.pkix.cert.Certificate)5 ComponentDefinition (org.sbolstandard.core2.ComponentDefinition)5