Example 6 with ASN1DER
use of com.mindbright.asn1.ASN1DER in project SpringRemote by HaleyWang.
the class NetscapeKeyStore method engineGetKey.
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException {
KeyEntry keyEntry = getKeyEntry(alias);
if (!passwordCheck(password)) {
throw new UnrecoverableKeyException("Invalid password");
}
if (keyEntry != null) {
try {
EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo();
ASN1DER ber = new ASN1DER();
ByteArrayInputStream ba = new ByteArrayInputStream(keyEntry.encryptedKey);
ber.decode(ba, epki);
byte[] enc = epki.encryptedData.getRaw();
byte[] dec = new byte[enc.length];
do3DESCipher(Cipher.DECRYPT_MODE, password, enc, 0, enc.length, dec, globalSalt(), keyEntry.salt);
ba = new ByteArrayInputStream(dec);
return PKCS12KeyStore.extractPrivateKey(dec);
} catch (IOException e) {
throw new UnrecoverableKeyException(e.getMessage());
}
}
return null;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ASN1DER(com.mindbright.asn1.ASN1DER)
ByteArrayInputStream(java.io.ByteArrayInputStream)
EncryptedPrivateKeyInfo(com.mindbright.security.pkcs8.EncryptedPrivateKeyInfo)
IOException(java.io.IOException)
Example 7 with ASN1DER
use of com.mindbright.asn1.ASN1DER in project SpringRemote by HaleyWang.
the class SSH2KeyPairFile method writeKeyPair.
public static byte[] writeKeyPair(ASCIIArmour armour, String password, SecureRandom random, KeyPair keyPair) throws SSH2FatalException {
ASN1Object pem;
PublicKey publicKey = keyPair.getPublic();
int headType;
if (publicKey instanceof DSAPublicKey) {
DSAPublicKey pubKey = (DSAPublicKey) keyPair.getPublic();
DSAPrivateKey prvKey = (DSAPrivateKey) keyPair.getPrivate();
DSAParams params = pubKey.getParams();
pem = new PEMDSAPrivate(0, params.getP(), params.getQ(), params.getG(), pubKey.getY(), prvKey.getX());
headType = TYPE_PEM_DSA;
} else if (publicKey instanceof RSAPublicKey) {
RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateCrtKey prvKey = (RSAPrivateCrtKey) keyPair.getPrivate();
pem = new PEMRSAPrivate(0, pubKey.getModulus(), pubKey.getPublicExponent(), prvKey.getPrivateExponent(), prvKey.getPrimeP(), prvKey.getPrimeQ(), prvKey.getCrtCoefficient());
headType = TYPE_PEM_RSA;
} else if (publicKey instanceof ECPublicKey) {
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey prvKey = (ECPrivateKey) keyPair.getPrivate();
pem = new PEMECPrivate(pubKey, prvKey);
headType = TYPE_PEM_EC;
} else {
throw new SSH2FatalException("Unsupported key type: " + publicKey);
}
armour.setHeaderLine(BEGIN_PRV_KEY[headType]);
armour.setTailLine(END_PRV_KEY[headType]);
ByteArrayOutputStream enc = new ByteArrayOutputStream(128);
ASN1DER der = new ASN1DER();
try {
der.encode(enc, pem);
} catch (IOException e) {
throw new SSH2FatalException("Error while DER encoding");
}
byte[] keyBlob = enc.toByteArray();
if (password != null && password.length() > 0) {
byte[] iv = new byte[16];
random.setSeed(keyBlob);
for (int i = 0; i < iv.length; i++) {
byte[] r = new byte[1];
do {
random.nextBytes(r);
iv[i] = r[0];
} while (iv[i] == 0x00);
}
armour.setHeaderField(PRV_PROCTYPE, "4,ENCRYPTED");
armour.setHeaderField(PRV_DEKINFO, "AES-128-CBC," + HexDump.toString(iv).toUpperCase());
int encLen = (16 - (keyBlob.length % 16)) + keyBlob.length;
byte[] encBuf = new byte[encLen];
doCipher(Cipher.ENCRYPT_MODE, "AES/CBC/PKCS5Padding", password, keyBlob, keyBlob.length, encBuf, iv);
keyBlob = encBuf;
}
return keyBlob;
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey)
ASN1DER(com.mindbright.asn1.ASN1DER)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
DSAParams(java.security.interfaces.DSAParams)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
ASN1Object(com.mindbright.asn1.ASN1Object)
Example 8 with ASN1DER
use of com.mindbright.asn1.ASN1DER in project SpringRemote by HaleyWang.
the class SSH2KeyPairFile method readKeyPair.
public static KeyPair readKeyPair(ASCIIArmour armour, byte[] keyBlob, String password) throws SSH2Exception {
String procType = armour.getHeaderField(PRV_PROCTYPE);
if (procType != null && password != null) {
String dekInfo = armour.getHeaderField(PRV_DEKINFO);
if (dekInfo == null || !(dekInfo.startsWith("DES-EDE3-CBC,") || dekInfo.startsWith("AES-128-CBC,"))) {
throw new SSH2FatalException("Proc type not supported: " + procType);
}
boolean isdes = dekInfo.startsWith("DES");
dekInfo = dekInfo.substring(dekInfo.indexOf(',') + 1);
BigInteger dekI = new BigInteger(dekInfo, 16);
byte[] iv = dekI.toByteArray();
if (isdes) {
if (iv.length > 8) {
byte[] tmp = iv;
iv = new byte[8];
System.arraycopy(tmp, 1, iv, 0, 8);
}
} else {
if (iv.length > 16) {
byte[] tmp = iv;
iv = new byte[16];
System.arraycopy(tmp, 1, iv, 0, 16);
}
}
doCipher(Cipher.DECRYPT_MODE, isdes ? "DESEDE/CBC/PKCS5Padding" : "AES/CBC/PKCS5Padding", password, keyBlob, keyBlob.length, keyBlob, iv);
}
ByteArrayInputStream enc = new ByteArrayInputStream(keyBlob);
ASN1DER der = new ASN1DER();
KeySpec prvSpec = null;
KeySpec pubSpec = null;
String keyFactType = null;
String head = armour.getHeaderLine();
if (head.indexOf("DSA") != -1) {
keyFactType = "DSA";
} else if (head.indexOf("RSA") != -1) {
keyFactType = "RSA";
} else if (head.indexOf("EC") != -1) {
keyFactType = "EC";
}
try {
if ("DSA".equals(keyFactType)) {
PEMDSAPrivate dsa = new PEMDSAPrivate();
der.decode(enc, dsa);
BigInteger p, q, g, x, y;
p = dsa.p.getValue();
q = dsa.q.getValue();
g = dsa.g.getValue();
y = dsa.y.getValue();
x = dsa.x.getValue();
prvSpec = new DSAPrivateKeySpec(x, p, q, g);
pubSpec = new DSAPublicKeySpec(y, p, q, g);
} else if ("RSA".equals(keyFactType)) {
PEMRSAPrivate rsa = new PEMRSAPrivate();
der.decode(enc, rsa);
BigInteger n, e, d, p, q, pe, qe, u;
n = rsa.modulus.getValue();
e = rsa.publicExponent.getValue();
d = rsa.privateExponent.getValue();
p = rsa.prime1.getValue();
q = rsa.prime2.getValue();
pe = rsa.exponent1.getValue();
qe = rsa.exponent2.getValue();
u = rsa.coefficient.getValue();
prvSpec = new RSAPrivateCrtKeySpec(n, e, d, p, q, pe, qe, u);
pubSpec = new RSAPublicKeySpec(n, e);
} else if ("EC".equals(keyFactType)) {
PEMECPrivate ec = new PEMECPrivate();
der.decode(enc, ec);
String curve;
String curveid = ec.curveid.getString();
if (curveid.equals(EC_CURVE_SECP256R1_OID)) {
curve = EC_CURVE_SECP256R1_NAME;
} else if (curveid.equals(EC_CURVE_SECP384R1_OID)) {
curve = EC_CURVE_SECP384R1_NAME;
} else {
curve = EC_CURVE_SECP521R1_NAME;
}
ECParameterSpec ecspec = SSH2ECDSASHA2NIST.getParamsForCurve(curve);
byte[] privraw = ec.privateKey.getRaw();
byte[] privb = new byte[privraw.length + 1];
System.arraycopy(privraw, 0, privb, 1, privraw.length);
prvSpec = new ECPrivateKeySpec(new BigInteger(privb), ecspec);
byte[] pubb = ec.publicKey.getBitArray();
pubSpec = new ECPublicKeySpec(SSH2KEXECDHSHA2NIST.frombytes(pubb, ecspec.getCurve()), ecspec);
} else {
throw new SSH2FatalException("Unsupported key type: " + keyFactType);
}
} catch (IOException e) {
throw new SSH2AccessDeniedException("Invalid password or corrupt key blob");
}
try {
KeyFactory keyFact = Crypto.getKeyFactory(keyFactType);
return new KeyPair(keyFact.generatePublic(pubSpec), keyFact.generatePrivate(prvSpec));
} catch (Exception e) {
throw new SSH2FatalException("Error in readKeyPair: " + e);
}
}
Also used :
RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec)
KeyPair(java.security.KeyPair)
ECPrivateKeySpec(java.security.spec.ECPrivateKeySpec)
ASN1DER(com.mindbright.asn1.ASN1DER)
ECPublicKeySpec(java.security.spec.ECPublicKeySpec)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeySpec(java.security.spec.KeySpec)
DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec)
ECPrivateKeySpec(java.security.spec.ECPrivateKeySpec)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec)
ASN1BitString(com.mindbright.asn1.ASN1BitString)
ASN1OctetString(com.mindbright.asn1.ASN1OctetString)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
IOException(java.io.IOException)
ECPublicKeySpec(java.security.spec.ECPublicKeySpec)
GeneralSecurityException(java.security.GeneralSecurityException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ECParameterSpec(java.security.spec.ECParameterSpec)
BigInteger(java.math.BigInteger)
KeyFactory(java.security.KeyFactory)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Example 9 with ASN1DER
use of com.mindbright.asn1.ASN1DER in project SpringRemote by HaleyWang.
the class SSH2ECDSASHA2NIST method sign.
public byte[] sign(byte[] data) throws SSH2SignatureException {
try {
signature.update(data);
byte[] sigRaw = signature.sign();
try {
SSH2DSS.DSASIG sign = new SSH2DSS.DSASIG();
ASN1DER der = new ASN1DER();
ByteArrayInputStream dec = new ByteArrayInputStream(sigRaw);
der.decode(dec, sign);
SSH2DataBuffer buf = new SSH2DataBuffer(256);
buf.writeBigInt(sign.r.getValue());
buf.writeBigInt(sign.s.getValue());
sigRaw = buf.readRestRaw();
} catch (IOException ioe) {
throw new SSH2SignatureException("DER decode failed: " + ioe.getMessage());
}
return encodeSignature(sigRaw);
} catch (SignatureException e) {
throw new SSH2SignatureException("Error in " + algorithm + " sign: " + e.getMessage());
}
}
Also used :
ASN1DER(com.mindbright.asn1.ASN1DER)
ByteArrayInputStream(java.io.ByteArrayInputStream)
IOException(java.io.IOException)
SignatureException(java.security.SignatureException)
Example 10 with ASN1DER
use of com.mindbright.asn1.ASN1DER in project SpringRemote by HaleyWang.
the class SSH2DSS method sign.
public byte[] sign(byte[] data) throws SSH2SignatureException {
try {
signature.update(data);
byte[] sigRaw = signature.sign();
try {
DSASIG sign = new DSASIG();
ASN1DER der = new ASN1DER();
ByteArrayInputStream dec = new ByteArrayInputStream(sigRaw);
der.decode(dec, sign);
sigRaw = new byte[40];
byte[] tmp = unsignedBigIntToBytes(sign.r.getValue(), 20);
System.arraycopy(tmp, 0, sigRaw, 0, 20);
tmp = unsignedBigIntToBytes(sign.s.getValue(), 20);
System.arraycopy(tmp, 0, sigRaw, 20, 20);
} catch (IOException ioe) {
throw new SSH2SignatureException("DER decode failed: " + ioe.getMessage());
}
return encodeSignature(sigRaw);
} catch (SignatureException e) {
throw new SSH2SignatureException("Error in " + algorithm + " sign: " + e.getMessage());
}
}
Also used :
ASN1DER(com.mindbright.asn1.ASN1DER)
ByteArrayInputStream(java.io.ByteArrayInputStream)
IOException(java.io.IOException)
SignatureException(java.security.SignatureException)
Aggregations
ASN1DER (com.mindbright.asn1.ASN1DER)15
IOException (java.io.IOException)13
ByteArrayInputStream (java.io.ByteArrayInputStream)10
BigInteger (java.math.BigInteger)7
ASN1OctetString (com.mindbright.asn1.ASN1OctetString)5
SignatureException (java.security.SignatureException)5
ASN1CharString (com.mindbright.asn1.ASN1CharString)4
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
EncryptedPrivateKeyInfo (com.mindbright.security.pkcs8.EncryptedPrivateKeyInfo)3
KeyFactory (java.security.KeyFactory)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
DSAParams (java.security.interfaces.DSAParams)3
ASN1Object (com.mindbright.asn1.ASN1Object)2
PKCS12PbeParams (com.mindbright.security.pkcs12.PKCS12PbeParams)2
GeneralSecurityException (java.security.GeneralSecurityException)2
InvalidKeyException (java.security.InvalidKeyException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
CertificateException (java.security.cert.CertificateException)2
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)2
DSAPublicKey (java.security.interfaces.DSAPublicKey)2
