Example 6 with SafeBag
use of com.mindbright.security.pkcs12.SafeBag in project core by jcryptool.
the class AbstractImportKeyStoreEntryHandler method performImportAction.
protected void performImportAction(IImportDescriptor descriptor, Object importedObject) throws IllegalArgumentException {
if (descriptor.getKeyStoreEntryType().equals(KeyType.SECRETKEY)) {
if (importedObject instanceof SecretKey) {
// $NON-NLS-1$
LogUtil.logInfo("importing secret key");
addSecretKey(descriptor, (SecretKey) importedObject);
} else {
throw new IllegalArgumentException("Parameter is not as expected an instance of SecretKey");
}
} else if (descriptor.getKeyStoreEntryType().equals(KeyType.KEYPAIR)) {
if (importedObject instanceof PFX) {
// $NON-NLS-1$
LogUtil.logInfo("importing pfx");
PFX pfx = (PFX) importedObject;
try {
char[] password = promptPassword();
if (password == null)
return;
SafeBag safeBag = pfx.getAuthSafe().getSafeContents(0).getSafeBag(0);
PKCS8ShroudedKeyBag kBag = (PKCS8ShroudedKeyBag) safeBag.getBagValue();
PrivateKey privKey = kBag.getPrivateKey(password);
SafeBag certBag = pfx.getAuthSafe().getSafeContents(1, password).getSafeBag(0);
CertBag cBag = (CertBag) certBag.getBagValue();
PublicKey pubKey = cBag.getCertificate().getPublicKey();
int keySize = -1;
if (pubKey instanceof RSAPublicKey)
keySize = ((RSAPublicKey) pubKey).getN().bitLength();
else if (pubKey instanceof DSAPublicKey)
keySize = ((DSAPublicKey) pubKey).getParameters().getP().bitLength();
// TODO: Add keySize calculation for the remaining
// algorithms.
ImportDescriptor newDescriptor = new ImportDescriptor(descriptor.getContactName(), privKey.getAlgorithm(), KeyType.KEYPAIR, descriptor.getFileName(), descriptor.getPassword(), descriptor.getProvider(), keySize);
addKeyPair(newDescriptor, privKey, pubKey);
} catch (ASN1Exception e) {
LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "error while importing key pair", e, true);
} catch (IOException e) {
LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "error while importing key pair", e, false);
} catch (GeneralSecurityException e) {
LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "error while importing key pair", e, true);
}
} else {
throw new IllegalArgumentException("Parameter is not an instance of PFX, as expected");
}
} else if (descriptor.getKeyStoreEntryType().equals(KeyType.PUBLICKEY)) {
if (importedObject instanceof Certificate) {
// $NON-NLS-1$
LogUtil.logInfo("importing certificate");
addCertificate(descriptor, (Certificate) importedObject);
} else {
throw new IllegalArgumentException("Parameter is not an instance of Certificate, as expected");
}
}
}
Also used :
PKCS8ShroudedKeyBag(codec.pkcs12.PKCS8ShroudedKeyBag)
PFX(codec.pkcs12.PFX)
PrivateKey(java.security.PrivateKey)
RSAPublicKey(de.flexiprovider.core.rsa.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
DSAPublicKey(de.flexiprovider.core.dsa.interfaces.DSAPublicKey)
ASN1Exception(codec.asn1.ASN1Exception)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
SafeBag(codec.pkcs12.SafeBag)
DSAPublicKey(de.flexiprovider.core.dsa.interfaces.DSAPublicKey)
SecretKey(javax.crypto.SecretKey)
CertBag(codec.pkcs12.CertBag)
RSAPublicKey(de.flexiprovider.core.rsa.interfaces.RSAPublicKey)
IImportDescriptor(org.jcryptool.crypto.keystore.descriptors.interfaces.IImportDescriptor)
ImportDescriptor(org.jcryptool.crypto.keystore.descriptors.ImportDescriptor)
Certificate(java.security.cert.Certificate)
Example 7 with SafeBag
use of com.mindbright.security.pkcs12.SafeBag in project OpenAM by OpenRock.
the class SecureLogHelperJSSImpl method AddToSecretStore.
/**
* Adds secret information to the secret Storage.
* @param cryptoMaterial : The data to be added
*/
private SEQUENCE AddToSecretStore(byte[] cryptoMaterial, String DataType) throws Exception {
SEQUENCE encSafeContents = new SEQUENCE();
ASN1Value data = new OCTET_STRING(cryptoMaterial);
byte[] localKeyId = createLocalKeyId(cryptoMaterial);
SET keyAttrs = createBagAttrs(DataType, localKeyId);
// attributes: user friendly name, Local Key ID
SafeBag keyBag = new SafeBag(SafeBag.SECRET_BAG, data, keyAttrs);
encSafeContents.addElement(keyBag);
return encSafeContents;
}
Also used :
ASN1Value(org.mozilla.jss.asn1.ASN1Value)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
SET(org.mozilla.jss.asn1.SET)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
SafeBag(org.mozilla.jss.pkcs12.SafeBag)
Example 8 with SafeBag
use of com.mindbright.security.pkcs12.SafeBag in project OpenAM by OpenRock.
the class SecureLogHelperJSSImpl method readFromSecretStore.
/**
* Returns matched secret data from from the secret Storage.
* At a time there are only 3 things in logger's secure store file
* - initialkey, currentkey and current signature
* In the verifier secure store file there is just the initial key of the
* logger and the currentKey
* @param filename file for secret storage
* @param dataType The kind of data to be read, whether it is a
* signature or a key
* @param password password for the file
* @return secure data that is matched with dataType
* @throws Exception if it fails to read secret data from secret store
*/
byte[] readFromSecretStore(String filename, String dataType, AMPassword password) throws Exception {
// open input file for reading
FileInputStream infile = null;
infile = new FileInputStream(filename);
// Decode the P12 file
PFX.Template pfxt = new PFX.Template();
PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(infile, 2048));
// Verify the MAC on the PFX. This is important to be sure
// it hasn't been tampered with.
StringBuffer reason = new StringBuffer();
MessageDigest md = MessageDigest.getInstance("SHA");
Password jssPasswd = new Password(new String(md.digest(password.getByteCopy()), "UTF-8").toCharArray());
md.reset();
if (!pfx.verifyAuthSafes(jssPasswd, reason)) {
throw new Exception("AuthSafes failed to verify because: " + reason.toString());
}
AuthenticatedSafes authSafes = pfx.getAuthSafes();
SEQUENCE safeContentsSequence = authSafes.getSequence();
byte[] cryptoData = null;
// Loop over contents of the authenticated safes
for (int i = 0; i < safeContentsSequence.size(); i++) {
// The safeContents may or may not be encrypted. We always send
// the password in. It will get used if it is needed. If the
// decryption of the safeContents fails for some reason (like
// a bad password), then this method will throw an exception
SEQUENCE safeContents = authSafes.getSafeContentsAt(jssPasswd, i);
SafeBag safeBag = null;
ASN1Value val = null;
// Go through all the bags in this SafeContents
for (int j = 0; j < safeContents.size(); j++) {
safeBag = (SafeBag) safeContents.elementAt(j);
// look for bag attributes and then choose the key
SET attribs = safeBag.getBagAttributes();
if (attribs == null) {
Debug.error("Bag has no attributes");
} else {
for (int b = 0; b < attribs.size(); b++) {
Attribute a = (Attribute) attribs.elementAt(b);
if (a.getType().equals(SafeBag.FRIENDLY_NAME)) {
// the friendly name attribute is a nickname
BMPString bs = (BMPString) ((ANY) a.getValues().elementAt(0)).decodeWith(BMPString.getTemplate());
if (dataType.equals(bs.toString())) {
// look at the contents of the bag
val = safeBag.getInterpretedBagContent();
break;
}
}
}
}
}
if (val instanceof ANY)
cryptoData = ((ANY) val).getContents();
}
// Close the file
infile.close();
return cryptoData;
}
Also used :
PFX(org.mozilla.jss.pkcs12.PFX)
SET(org.mozilla.jss.asn1.SET)
Attribute(org.mozilla.jss.pkix.primitive.Attribute)
BMPString(org.mozilla.jss.asn1.BMPString)
SafeBag(org.mozilla.jss.pkcs12.SafeBag)
ANY(org.mozilla.jss.asn1.ANY)
FileInputStream(java.io.FileInputStream)
AuthenticatedSafes(org.mozilla.jss.pkcs12.AuthenticatedSafes)
ASN1Value(org.mozilla.jss.asn1.ASN1Value)
BufferedInputStream(java.io.BufferedInputStream)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
MessageDigest(java.security.MessageDigest)
BMPString(org.mozilla.jss.asn1.BMPString)
AMPassword(com.sun.identity.security.keystore.AMPassword)
Password(org.mozilla.jss.util.Password)
Example 9 with SafeBag
use of com.mindbright.security.pkcs12.SafeBag in project jss by dogtagpki.
the class PKCS12Util method getCertInfos.
public void getCertInfos(PKCS12 pkcs12, PFX pfx, Password password) throws Exception {
logger.debug("Loading certificates:");
AuthenticatedSafes safes = pfx.getAuthSafes();
for (int i = 0; i < safes.getSize(); i++) {
SEQUENCE contents = safes.getSafeContentsAt(password, i);
for (int j = 0; j < contents.size(); j++) {
SafeBag bag = (SafeBag) contents.elementAt(j);
OBJECT_IDENTIFIER oid = bag.getBagType();
if (!oid.equals(SafeBag.CERT_BAG))
continue;
logger.debug(" - Certificate:");
PKCS12CertInfo certInfo = getCertInfo(bag);
pkcs12.addCertInfo(certInfo, true);
}
}
}
Also used :
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER)
SafeBag(org.mozilla.jss.pkcs12.SafeBag)
AuthenticatedSafes(org.mozilla.jss.pkcs12.AuthenticatedSafes)
Aggregations
SafeBag (org.mozilla.jss.pkcs12.SafeBag)7
ASN1Value (org.mozilla.jss.asn1.ASN1Value)5
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)5
SET (org.mozilla.jss.asn1.SET)5
AuthenticatedSafes (org.mozilla.jss.pkcs12.AuthenticatedSafes)4
ANY (org.mozilla.jss.asn1.ANY)3
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)3
BufferedInputStream (java.io.BufferedInputStream)2
FileInputStream (java.io.FileInputStream)2
IOException (java.io.IOException)2
CryptoToken (org.mozilla.jss.crypto.CryptoToken)2
CertBag (org.mozilla.jss.pkcs12.CertBag)2
ASN1Exception (codec.asn1.ASN1Exception)1
CertBag (codec.pkcs12.CertBag)1
PFX (codec.pkcs12.PFX)1
PKCS8ShroudedKeyBag (codec.pkcs12.PKCS8ShroudedKeyBag)1
SafeBag (codec.pkcs12.SafeBag)1
ASN1CharString (com.mindbright.asn1.ASN1CharString)1
ASN1DER (com.mindbright.asn1.ASN1DER)1
ASN1OctetString (com.mindbright.asn1.ASN1OctetString)1
