use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class PKIPublicationInfo method encode.
@Override
public void encode(Tag implicitTag, OutputStream ostream) throws IOException {
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(action));
seq.addElement(pubInfos);
seq.encode(implicitTag, ostream);
}
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class EncryptedPrivateKeyInfo method createPBES2.
/**
* Export a private key in PBES2 format, using a random PBKDF2 salt.
*
* Token must support the CKM_PKCS5_PBKD2 mechanism.
*
* @param saltLen Length of salt in bytes (default: 16)
* @param kdfIterations PBKDF2 iterations (default: 2000)
* @param encAlg The symmetric encryption algorithm for enciphering the
* private key. Determines the size of derived key.
* @param pwd Password
* @param charToByteConverter The mechanism for converting the characters
* in the password into bytes. If null, the default mechanism
* will be used, which is UTF8.
* @param privateKeyInfo The encoded PrivateKeyInfo to be encrypted and
* stored in the EncryptedContentInfo.
*/
public static EncryptedPrivateKeyInfo createPBES2(int saltLen, int kdfIterations, EncryptionAlgorithm encAlg, Password pwd, KeyGenerator.CharToByteConverter charToByteConverter, PrivateKeyInfo privateKeyInfo) throws NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, CharConversionException {
if (encAlg == null)
throw new IllegalArgumentException("encAlg cannot be null");
if (pwd == null)
throw new IllegalArgumentException("pwd cannot be null");
if (privateKeyInfo == null)
throw new IllegalArgumentException("privateKeyInfo cannot be null");
if (kdfIterations < 1)
kdfIterations = 2000;
if (saltLen < 1)
saltLen = 16;
try {
// generate random PBKDF2 salt
SecureRandom random = new SecureRandom();
byte[] salt = new byte[saltLen];
random.nextBytes(salt);
// derive symmetric key from passphrase using PBKDF2
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = cm.getInternalCryptoToken();
KeyGenerator kg = token.getKeyGenerator(PBEAlgorithm.PBE_PKCS5_PBKDF2);
PBEKeyGenParams pbekgParams = new PBEKeyGenParams(pwd.getChars(), salt, kdfIterations, encAlg);
if (charToByteConverter != null)
kg.setCharToByteConverter(charToByteConverter);
kg.initialize(pbekgParams);
SymmetricKey sk = kg.generate();
// encrypt PrivateKeyInfo
byte[] iv = new byte[encAlg.getBlockSize()];
random.nextBytes(iv);
Cipher cipher = token.getCipherContext(encAlg);
cipher.initEncrypt(sk, new IVParameterSpec(iv));
byte[] encData = cipher.doFinal(ASN1Util.encode(privateKeyInfo));
// construct KDF AlgorithmIdentifier
SEQUENCE paramsKdf = new SEQUENCE();
paramsKdf.addElement(new OCTET_STRING(salt));
paramsKdf.addElement(new INTEGER(kdfIterations));
paramsKdf.addElement(new INTEGER(sk.getLength()));
AlgorithmIdentifier algIdKdf = new AlgorithmIdentifier(PBEAlgorithm.PBE_PKCS5_PBKDF2.toOID(), paramsKdf);
// construct encryption AlgorithmIdentifier
AlgorithmIdentifier algIdEnc = new AlgorithmIdentifier(encAlg.toOID(), new OCTET_STRING(iv));
// construct "composite" PBES2 AlgorithmIdentifier
SEQUENCE paramsPBES2 = new SEQUENCE();
paramsPBES2.addElement(algIdKdf);
paramsPBES2.addElement(algIdEnc);
AlgorithmIdentifier algIdPBES2 = new AlgorithmIdentifier(PBEAlgorithm.PBE_PKCS5_PBES2.toOID(), paramsPBES2);
// construct EncryptedPrivateKeyInfo
return new EncryptedPrivateKeyInfo(algIdPBES2, new OCTET_STRING(encData));
} catch (IllegalBlockSizeException e) {
throw new RuntimeException("IllegalBlockSizeException in EncryptedContentInfo.createPBES2: " + e.getMessage(), e);
} catch (BadPaddingException e) {
throw new RuntimeException("BadPaddingException in EncryptedContentInfo.createPBES2: " + e.getMessage(), e);
}
}
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class KeyFactorySpi1_2 method engineGeneratePrivate.
/**
* We don't support RSAPrivateKeySpec because it doesn't have enough
* information. You need to provide an RSAPrivateCrtKeySpec.
*/
@Override
protected java.security.PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
try {
if (keySpec instanceof RSAPrivateCrtKeySpec) {
//
// PKCS #1 RSAPrivateKey
//
RSAPrivateCrtKeySpec spec = (RSAPrivateCrtKeySpec) keySpec;
SEQUENCE privKey = new SEQUENCE();
// version
privKey.addElement(new INTEGER(0));
privKey.addElement(new INTEGER(spec.getModulus()));
privKey.addElement(new INTEGER(spec.getPublicExponent()));
privKey.addElement(new INTEGER(spec.getPrivateExponent()));
privKey.addElement(new INTEGER(spec.getPrimeP()));
privKey.addElement(new INTEGER(spec.getPrimeQ()));
privKey.addElement(new INTEGER(spec.getPrimeExponentP()));
privKey.addElement(new INTEGER(spec.getPrimeExponentQ()));
privKey.addElement(new INTEGER(spec.getCrtCoefficient()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.RSA.toOID(), null);
OCTET_STRING encodedPrivKey = new OCTET_STRING(ASN1Util.encode(privKey));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, encodedPrivKey, // OPTIONAL SET OF Attribute
(SET) null);
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken());
} else if (keySpec instanceof DSAPrivateKeySpec) {
DSAPrivateKeySpec spec = (DSAPrivateKeySpec) keySpec;
SEQUENCE pqgParams = new SEQUENCE();
pqgParams.addElement(new INTEGER(spec.getP()));
pqgParams.addElement(new INTEGER(spec.getQ()));
pqgParams.addElement(new INTEGER(spec.getG()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.DSA.toOID(), pqgParams);
OCTET_STRING privateKey = new OCTET_STRING(ASN1Util.encode(new INTEGER(spec.getX())));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, privateKey, // OPTIONAL SET OF Attribute
null);
// Derive the public key from the private key
BigInteger y = spec.getG().modPow(spec.getX(), spec.getP());
byte[] yBA = y.toByteArray();
// we need to chop off a leading zero byte
if (y.bitLength() % 8 == 0) {
byte[] newBA = new byte[yBA.length - 1];
assert (newBA.length >= 0);
System.arraycopy(yBA, 1, newBA, 0, newBA.length);
yBA = newBA;
}
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken(), yBA);
} else if (keySpec instanceof PKCS8EncodedKeySpec) {
return PK11PrivKey.fromPrivateKeyInfo((PKCS8EncodedKeySpec) keySpec, TokenSupplierManager.getTokenSupplier().getThreadToken());
}
throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
} catch (TokenException te) {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
te.printStackTrace(pw);
throw new InvalidKeySpecException("TokenException: " + sw.toString());
}
}
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class CertRequest method encode.
/**
* This method is not yet supported.
*/
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
// Assert.notYetImplemented("CertRequest encoding");
SEQUENCE sequence = new SEQUENCE();
sequence.addElement(certReqId);
sequence.addElement(certTemplate);
if (controls != null)
sequence.addElement(controls);
sequence.encode(implicit, ostream);
}
use of com.google.showcase.v1beta1.Sequence in project jss by dogtagpki.
the class SignerInfo method createDigestInfo.
private SEQUENCE createDigestInfo(byte[] data, boolean doDigest) throws NoSuchAlgorithmException {
if (data == null || data.length == 0) {
throw new IllegalArgumentException("Data to digest must be supplied");
}
SEQUENCE digestInfo = new SEQUENCE();
digestInfo.addElement(this.digestAlgorithm);
byte[] digest;
if (doDigest) {
MessageDigest md = MessageDigest.getInstance(DigestAlgorithm.fromOID(this.digestAlgorithm.getOID()).toString());
digest = md.digest(data);
} else {
digest = data;
}
digestInfo.addElement(new OCTET_STRING(digest));
return digestInfo;
}
Aggregations