Examples with Key java.security.Key used on opensource projects

Example 76 with Key

use of java.security.Key in project jdk8u_jdk by JetBrains.

the class SignatureTest method main.

public static void main(String[] args) throws Exception {
    String testAlg = args[0];
    int testSize = Integer.parseInt(args[1]);
    byte[] data = new byte[100];
    RandomFactory.getRandom().nextBytes(data);
    // create a key pair
    KeyPair kpair = generateKeys(KEYALG, testSize);
    Key[] privs = manipulateKey(PRIVATE_KEY, kpair.getPrivate());
    Key[] pubs = manipulateKey(PUBLIC_KEY, kpair.getPublic());
    // For signature algorithm, create and verify a signature
    Arrays.stream(privs).forEach(priv -> Arrays.stream(pubs).forEach(pub -> {
        try {
            checkSignature(data, (PublicKey) pub, (PrivateKey) priv, testAlg);
        } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | NoSuchProviderException ex) {
            throw new RuntimeException(ex);
        }
    }));
}

Example 77 with Key

use of java.security.Key in project jdk8u_jdk by JetBrains.

the class RSAEncryptDecrypt method main.

public static void main(String[] args) throws Exception {
    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SunMSCAPI");
    KeyPair keyPair = generator.generateKeyPair();
    Key publicKey = keyPair.getPublic();
    Key privateKey = keyPair.getPrivate();
    Cipher cipher = null;
    try {
        cipher = Cipher.getInstance("RSA", "SunMSCAPI");
    } catch (GeneralSecurityException e) {
        System.out.println("Cipher not supported by provider, skipping...");
        return;
    }
    cipher.init(Cipher.ENCRYPT_MODE, publicKey);
    displayBytes("Plaintext data:", PLAINTEXT);
    byte[] data = cipher.doFinal(PLAINTEXT);
    displayBytes("Encrypted data:", data);
    cipher.init(Cipher.DECRYPT_MODE, privateKey);
    data = cipher.doFinal(data);
    displayBytes("Decrypted data:", data);
}

Example 78 with Key

use of java.security.Key in project nhin-d by DirectProject.

the class CertificatesController method toCertDataFormat.

/*
	 * Converts an incoming P12 format to an appropriate format to be store in the config store.  If a keystore protection manager
	 * has been configured, then the private key is wrapped before sending to the config store.
	 */
private byte[] toCertDataFormat(byte[] certOrP12Bytes, byte[] privateKeyBytes, PrivateKeyType privKeyType) throws CryptoException {
    try {
        // if there is no private key, then just return the encoded certificate
        if (privKeyType == PrivateKeyType.NONE)
            return certOrP12Bytes;
        final CertContainer cont = CertUtils.toCertContainer(certOrP12Bytes);
        // if this is a PKCS12 format, then either return the bytes as is, or if there is keystore manager, wrap the private keys
        if (privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE | privKeyType == PrivateKeyType.PKCS_12_UNPROTECTED) {
            // as PKCS12 file
            if (this.keyManager == null) {
                this.log.info("Storing PKCS12 file in PKCS12 unprotected format");
                return certOrP12Bytes;
            } else {
                this.log.info("Storing PKCS12 file in wrapped format");
                // now wrap the private key
                final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), cont.getKey());
                // return the wrapped key format
                return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
            }
        } else // when there is private key file, then either turn into a PKCS12 file (if there is no key manager), or wrap the key.
        {
            // cert and wrapped key format
            if (privKeyType == PrivateKeyType.PKCS8_WRAPPED) {
                this.log.info("Storing already wrapped PKCS8 file");
                return CertUtils.certAndWrappedKeyToRawByteFormat(privateKeyBytes, cont.getCert());
            }
            // get a private key object, the private key is normalized at this point into an unencrypted format
            final KeyFactory kf = KeyFactory.getInstance("RSA", CertUtils.getJCEProviderName());
            final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(privateKeyBytes);
            final Key privKey = kf.generatePrivate(keysp);
            if (this.keyManager == null) {
                this.log.info("Storing PKCS8 private key in PKCS12 unprotected format");
                // if there is no keystore manager, we can't wrap the keys, so we'll just send them over the wire
                // as PKCS12 file.  need to turn this into a PKCS12 format
                final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CertUtils.getJCEProviderName());
                localKeyStore.load(null, null);
                localKeyStore.setKeyEntry("privCert", privKey, "".toCharArray(), new java.security.cert.Certificate[] { cont.getCert() });
                final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
                localKeyStore.store(outStr, "".toCharArray());
                try {
                    return outStr.toByteArray();
                } finally {
                    IOUtils.closeQuietly(outStr);
                }
            } else {
                this.log.info("Storing PKCS8 private key in wrapped format");
                // wrap the key and turn the stream in the wrapped key format
                final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), privKey);
                return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
            }
        }
    } catch (Exception e) {
        throw new CryptoException("Failed to conver certificate and key to cert data format: " + e.getMessage(), e);
    }
}

Example 79 with Key

use of java.security.Key in project nhin-d by DirectProject.

the class DNSController method toCertContainer.

public CertContainer toCertContainer(byte[] data) throws Exception {
    CertContainer certContainer = null;
    try {
        ByteArrayInputStream bais = new ByteArrayInputStream(data);
        // lets try this a as a PKCS12 data stream first
        try {
            final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
            localKeyStore.load(bais, "".toCharArray());
            final Enumeration<String> aliases = localKeyStore.aliases();
            // we are really expecting only one alias
            if (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
                // check if there is private key
                final Key key = localKeyStore.getKey(alias, "".toCharArray());
                if (key != null && key instanceof PrivateKey) {
                    certContainer = new CertContainer(cert, key);
                }
            }
        } catch (Exception e) {
        // must not be a PKCS12 stream, go on to next step
        }
        if (certContainer == null) {
            //try X509 certificate factory next
            bais.reset();
            bais = new ByteArrayInputStream(data);
            X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
            certContainer = new CertContainer(cert, null);
        }
        bais.close();
    } catch (Exception e) {
        throw new ConfigurationServiceException("Data cannot be converted to a valid X.509 Certificate", e);
    }
    return certContainer;
}

Example 80 with Key

use of java.security.Key in project nhin-d by DirectProject.

the class CertificateServiceImpl method toCertContainer.

public CertContainer toCertContainer(byte[] data) throws ConfigurationServiceException {
    CertContainer certContainer = null;
    try {
        ByteArrayInputStream bais = new ByteArrayInputStream(data);
        // lets try this a as a PKCS12 data stream first
        try {
            KeyStore localKeyStore = KeyStore.getInstance("PKCS12", Certificate.getJCEProviderName());
            localKeyStore.load(bais, "".toCharArray());
            Enumeration<String> aliases = localKeyStore.aliases();
            // we are really expecting only one alias 
            if (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
                // check if there is private key
                Key key = localKeyStore.getKey(alias, "".toCharArray());
                if (key != null && key instanceof PrivateKey) {
                    certContainer = new CertContainer(cert, key);
                }
            }
        } catch (Exception e) {
        // must not be a PKCS12 stream, go on to next step
        }
        if (certContainer == null) {
            //try X509 certificate factory next       
            bais.reset();
            bais = new ByteArrayInputStream(data);
            X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
            certContainer = new CertContainer(cert, null);
        }
        bais.close();
    } catch (Exception e) {
        throw new ConfigurationServiceException("Data cannot be converted to a valid X.509 Certificate", e);
    }
    return certContainer;
}