use of java.security.Key in project jdk8u_jdk by JetBrains.
the class SignatureTest method main.
public static void main(String[] args) throws Exception {
String testAlg = args[0];
int testSize = Integer.parseInt(args[1]);
byte[] data = new byte[100];
RandomFactory.getRandom().nextBytes(data);
// create a key pair
KeyPair kpair = generateKeys(KEYALG, testSize);
Key[] privs = manipulateKey(PRIVATE_KEY, kpair.getPrivate());
Key[] pubs = manipulateKey(PUBLIC_KEY, kpair.getPublic());
// For signature algorithm, create and verify a signature
Arrays.stream(privs).forEach(priv -> Arrays.stream(pubs).forEach(pub -> {
try {
checkSignature(data, (PublicKey) pub, (PrivateKey) priv, testAlg);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | NoSuchProviderException ex) {
throw new RuntimeException(ex);
}
}));
}
use of java.security.Key in project jdk8u_jdk by JetBrains.
the class RSAEncryptDecrypt method main.
public static void main(String[] args) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "SunMSCAPI");
KeyPair keyPair = generator.generateKeyPair();
Key publicKey = keyPair.getPublic();
Key privateKey = keyPair.getPrivate();
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA", "SunMSCAPI");
} catch (GeneralSecurityException e) {
System.out.println("Cipher not supported by provider, skipping...");
return;
}
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
displayBytes("Plaintext data:", PLAINTEXT);
byte[] data = cipher.doFinal(PLAINTEXT);
displayBytes("Encrypted data:", data);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
data = cipher.doFinal(data);
displayBytes("Decrypted data:", data);
}
use of java.security.Key in project nhin-d by DirectProject.
the class CertificatesController method toCertDataFormat.
/*
* Converts an incoming P12 format to an appropriate format to be store in the config store. If a keystore protection manager
* has been configured, then the private key is wrapped before sending to the config store.
*/
private byte[] toCertDataFormat(byte[] certOrP12Bytes, byte[] privateKeyBytes, PrivateKeyType privKeyType) throws CryptoException {
try {
// if there is no private key, then just return the encoded certificate
if (privKeyType == PrivateKeyType.NONE)
return certOrP12Bytes;
final CertContainer cont = CertUtils.toCertContainer(certOrP12Bytes);
// if this is a PKCS12 format, then either return the bytes as is, or if there is keystore manager, wrap the private keys
if (privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE | privKeyType == PrivateKeyType.PKCS_12_UNPROTECTED) {
// as PKCS12 file
if (this.keyManager == null) {
this.log.info("Storing PKCS12 file in PKCS12 unprotected format");
return certOrP12Bytes;
} else {
this.log.info("Storing PKCS12 file in wrapped format");
// now wrap the private key
final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), cont.getKey());
// return the wrapped key format
return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
}
} else // when there is private key file, then either turn into a PKCS12 file (if there is no key manager), or wrap the key.
{
// cert and wrapped key format
if (privKeyType == PrivateKeyType.PKCS8_WRAPPED) {
this.log.info("Storing already wrapped PKCS8 file");
return CertUtils.certAndWrappedKeyToRawByteFormat(privateKeyBytes, cont.getCert());
}
// get a private key object, the private key is normalized at this point into an unencrypted format
final KeyFactory kf = KeyFactory.getInstance("RSA", CertUtils.getJCEProviderName());
final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(privateKeyBytes);
final Key privKey = kf.generatePrivate(keysp);
if (this.keyManager == null) {
this.log.info("Storing PKCS8 private key in PKCS12 unprotected format");
// if there is no keystore manager, we can't wrap the keys, so we'll just send them over the wire
// as PKCS12 file. need to turn this into a PKCS12 format
final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CertUtils.getJCEProviderName());
localKeyStore.load(null, null);
localKeyStore.setKeyEntry("privCert", privKey, "".toCharArray(), new java.security.cert.Certificate[] { cont.getCert() });
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
localKeyStore.store(outStr, "".toCharArray());
try {
return outStr.toByteArray();
} finally {
IOUtils.closeQuietly(outStr);
}
} else {
this.log.info("Storing PKCS8 private key in wrapped format");
// wrap the key and turn the stream in the wrapped key format
final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), privKey);
return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
}
}
} catch (Exception e) {
throw new CryptoException("Failed to conver certificate and key to cert data format: " + e.getMessage(), e);
}
}
use of java.security.Key in project nhin-d by DirectProject.
the class DNSController method toCertContainer.
public CertContainer toCertContainer(byte[] data) throws Exception {
CertContainer certContainer = null;
try {
ByteArrayInputStream bais = new ByteArrayInputStream(data);
// lets try this a as a PKCS12 data stream first
try {
final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
localKeyStore.load(bais, "".toCharArray());
final Enumeration<String> aliases = localKeyStore.aliases();
// we are really expecting only one alias
if (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
// check if there is private key
final Key key = localKeyStore.getKey(alias, "".toCharArray());
if (key != null && key instanceof PrivateKey) {
certContainer = new CertContainer(cert, key);
}
}
} catch (Exception e) {
// must not be a PKCS12 stream, go on to next step
}
if (certContainer == null) {
//try X509 certificate factory next
bais.reset();
bais = new ByteArrayInputStream(data);
X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
certContainer = new CertContainer(cert, null);
}
bais.close();
} catch (Exception e) {
throw new ConfigurationServiceException("Data cannot be converted to a valid X.509 Certificate", e);
}
return certContainer;
}
use of java.security.Key in project nhin-d by DirectProject.
the class CertificateServiceImpl method toCertContainer.
public CertContainer toCertContainer(byte[] data) throws ConfigurationServiceException {
CertContainer certContainer = null;
try {
ByteArrayInputStream bais = new ByteArrayInputStream(data);
// lets try this a as a PKCS12 data stream first
try {
KeyStore localKeyStore = KeyStore.getInstance("PKCS12", Certificate.getJCEProviderName());
localKeyStore.load(bais, "".toCharArray());
Enumeration<String> aliases = localKeyStore.aliases();
// we are really expecting only one alias
if (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
// check if there is private key
Key key = localKeyStore.getKey(alias, "".toCharArray());
if (key != null && key instanceof PrivateKey) {
certContainer = new CertContainer(cert, key);
}
}
} catch (Exception e) {
// must not be a PKCS12 stream, go on to next step
}
if (certContainer == null) {
//try X509 certificate factory next
bais.reset();
bais = new ByteArrayInputStream(data);
X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
certContainer = new CertContainer(cert, null);
}
bais.close();
} catch (Exception e) {
throw new ConfigurationServiceException("Data cannot be converted to a valid X.509 Certificate", e);
}
return certContainer;
}
Aggregations