Example 76 with KeyPairGenerator
use of java.security.KeyPairGenerator in project mobile-center-sdk-android by Microsoft.
the class CryptoRsaHandler method generateKey.
/*
* We don't run this code prior to Android 4.4 hence no 4.3 secure random problem.
*/
@Override
@SuppressWarnings("deprecation")
@SuppressLint({ "InlinedApi", "TrulyRandom" })
public void generateKey(CryptoUtils.ICryptoFactory cryptoFactory, String alias, Context context) throws Exception {
Calendar writeExpiry = Calendar.getInstance();
writeExpiry.add(Calendar.YEAR, ENCRYPT_KEY_LIFETIME_IN_YEARS);
KeyPairGenerator generator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, ANDROID_KEY_STORE);
generator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlias(alias).setSubject(new X500Principal("CN=" + alias)).setStartDate(new Date()).setEndDate(writeExpiry.getTime()).setSerialNumber(BigInteger.TEN).setKeySize(RSA_KEY_SIZE).build());
generator.generateKeyPair();
}
Also used :
Calendar(java.util.Calendar)
X500Principal(javax.security.auth.x500.X500Principal)
KeyPairGenerator(java.security.KeyPairGenerator)
Date(java.util.Date)
SuppressLint(android.annotation.SuppressLint)
Example 77 with KeyPairGenerator
use of java.security.KeyPairGenerator in project OpenAM by OpenRock.
the class JwtSessionMapperTest method newKeyPair.
/**
* Generate a random RSA public-private key pair.
*
* @return The public-private KeyPair.
*/
static KeyPair newKeyPair() {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
return keyPairGenerator.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
}
Also used :
KeyPairGenerator(java.security.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 78 with KeyPairGenerator
use of java.security.KeyPairGenerator in project OpenAM by OpenRock.
the class KeyPairProviderImpl method newKeyPair.
private KeyPair newKeyPair(String algorithm, int keySize) {
try {
KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm);
generator.initialize(keySize);
return generator.generateKeyPair();
} catch (NoSuchAlgorithmException nsaE) {
throw new IllegalArgumentException("Unsupported key algorithm " + algorithm, nsaE);
}
}
Also used :
KeyPairGenerator(java.security.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 79 with KeyPairGenerator
use of java.security.KeyPairGenerator in project OpenAM by OpenRock.
the class JwtGenerator method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
System.exit(1);
}
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
KeyPair keyPair = keyGen.genKeyPair();
PublicKey publicKey = keyPair.getPublic();
long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
System.out.println("JWT: " + jwt);
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.DAY_OF_YEAR, 7);
X509CertInfo info = new X509CertInfo();
CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(keyPair.getPrivate(), "SHA256withRSA");
System.out.println("Certificate:");
BASE64Encoder encoder = new BASE64Encoder();
System.out.println(X509Factory.BEGIN_CERT);
encoder.encodeBuffer(cert.getEncoded(), System.out);
System.out.println(X509Factory.END_CERT);
}
Also used :
JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory)
CertificateSubjectName(sun.security.x509.CertificateSubjectName)
KeyPair(java.security.KeyPair)
X509CertInfo(sun.security.x509.X509CertInfo)
PublicKey(java.security.PublicKey)
Calendar(java.util.Calendar)
CertificateIssuerName(sun.security.x509.CertificateIssuerName)
BASE64Encoder(sun.misc.BASE64Encoder)
SecureRandom(java.security.SecureRandom)
CertificateVersion(sun.security.x509.CertificateVersion)
CertificateValidity(sun.security.x509.CertificateValidity)
KeyPairGenerator(java.security.KeyPairGenerator)
X500Name(sun.security.x509.X500Name)
CertificateX509Key(sun.security.x509.CertificateX509Key)
SigningManager(org.forgerock.json.jose.jws.SigningManager)
Date(java.util.Date)
CertificateSerialNumber(sun.security.x509.CertificateSerialNumber)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)
Example 80 with KeyPairGenerator
use of java.security.KeyPairGenerator in project android_frameworks_base by ResurrectionRemix.
the class ESTHandler method buildCSR.
private byte[] buildCSR(ByteBuffer octetBuffer, OMADMAdapter omadmAdapter, HTTPHandler httpHandler) throws IOException, GeneralSecurityException {
//Security.addProvider(new BouncyCastleProvider());
Log.d(TAG, "/csrattrs:");
/*
byte[] octets = new byte[octetBuffer.remaining()];
octetBuffer.duplicate().get(octets);
for (byte b : octets) {
System.out.printf("%02x ", b & 0xff);
}
*/
Collection<Asn1Object> csrs = Asn1Decoder.decode(octetBuffer);
for (Asn1Object asn1Object : csrs) {
Log.d(TAG, asn1Object.toString());
}
if (csrs.size() != 1) {
throw new IOException("Unexpected object count in CSR attributes response: " + csrs.size());
}
Asn1Object sequence = csrs.iterator().next();
if (sequence.getClass() != Asn1Constructed.class) {
throw new IOException("Unexpected CSR attribute container: " + sequence);
}
String keyAlgo = null;
Asn1Oid keyAlgoOID = null;
String sigAlgo = null;
String curveName = null;
Asn1Oid pubCrypto = null;
int keySize = -1;
Map<Asn1Oid, ASN1Encodable> idAttributes = new HashMap<>();
for (Asn1Object child : sequence.getChildren()) {
if (child.getTag() == Asn1Decoder.TAG_OID) {
Asn1Oid oid = (Asn1Oid) child;
OidMappings.SigEntry sigEntry = OidMappings.getSigEntry(oid);
if (sigEntry != null) {
sigAlgo = sigEntry.getSigAlgo();
keyAlgoOID = sigEntry.getKeyAlgo();
keyAlgo = OidMappings.getJCEName(keyAlgoOID);
} else if (oid.equals(OidMappings.sPkcs9AtChallengePassword)) {
byte[] tlsUnique = httpHandler.getTLSUnique();
if (tlsUnique != null) {
idAttributes.put(oid, new DERPrintableString(Base64.encodeToString(tlsUnique, Base64.DEFAULT)));
} else {
Log.w(TAG, "Cannot retrieve TLS unique channel binding");
}
}
} else if (child.getTag() == Asn1Decoder.TAG_SEQ) {
Asn1Oid oid = null;
Set<Asn1Oid> oidValues = new HashSet<>();
List<Asn1Object> values = new ArrayList<>();
for (Asn1Object attributeSeq : child.getChildren()) {
if (attributeSeq.getTag() == Asn1Decoder.TAG_OID) {
oid = (Asn1Oid) attributeSeq;
} else if (attributeSeq.getTag() == Asn1Decoder.TAG_SET) {
for (Asn1Object value : attributeSeq.getChildren()) {
if (value.getTag() == Asn1Decoder.TAG_OID) {
oidValues.add((Asn1Oid) value);
} else {
values.add(value);
}
}
}
}
if (oid == null) {
throw new IOException("Invalid attribute, no OID");
}
if (oid.equals(OidMappings.sExtensionRequest)) {
for (Asn1Oid subOid : oidValues) {
if (OidMappings.isIDAttribute(subOid)) {
if (subOid.equals(OidMappings.sMAC)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getMAC()));
} else if (subOid.equals(OidMappings.sIMEI)) {
idAttributes.put(subOid, new DERIA5String(omadmAdapter.getImei()));
} else if (subOid.equals(OidMappings.sMEID)) {
idAttributes.put(subOid, new DERBitString(omadmAdapter.getMeid()));
} else if (subOid.equals(OidMappings.sDevID)) {
idAttributes.put(subOid, new DERPrintableString(omadmAdapter.getDevID()));
}
}
}
} else if (OidMappings.getCryptoID(oid) != null) {
pubCrypto = oid;
if (!values.isEmpty()) {
for (Asn1Object value : values) {
if (value.getTag() == Asn1Decoder.TAG_INTEGER) {
keySize = (int) ((Asn1Integer) value).getValue();
}
}
}
if (oid.equals(OidMappings.sAlgo_EC)) {
if (oidValues.isEmpty()) {
throw new IOException("No ECC curve name provided");
}
for (Asn1Oid value : oidValues) {
curveName = OidMappings.getJCEName(value);
if (curveName != null) {
break;
}
}
if (curveName == null) {
throw new IOException("Found no ECC curve for " + oidValues);
}
}
}
}
}
if (keyAlgoOID == null) {
throw new IOException("No public key algorithm specified");
}
if (pubCrypto != null && !pubCrypto.equals(keyAlgoOID)) {
throw new IOException("Mismatching key algorithms");
}
if (keyAlgoOID.equals(OidMappings.sAlgo_RSA)) {
if (keySize < MinRSAKeySize) {
if (keySize >= 0) {
Log.i(TAG, "Upgrading suggested RSA key size from " + keySize + " to " + MinRSAKeySize);
}
keySize = MinRSAKeySize;
}
}
Log.d(TAG, String.format("pub key '%s', signature '%s', ECC curve '%s', id-atts %s", keyAlgo, sigAlgo, curveName, idAttributes));
/*
Ruckus:
SEQUENCE:
OID=1.2.840.113549.1.1.11 (algo_id_sha256WithRSAEncryption)
RFC-7030:
SEQUENCE:
OID=1.2.840.113549.1.9.7 (challengePassword)
SEQUENCE:
OID=1.2.840.10045.2.1 (algo_id_ecPublicKey)
SET:
OID=1.3.132.0.34 (secp384r1)
SEQUENCE:
OID=1.2.840.113549.1.9.14 (extensionRequest)
SET:
OID=1.3.6.1.1.1.1.22 (mac-address)
OID=1.2.840.10045.4.3.3 (eccdaWithSHA384)
1L, 3L, 6L, 1L, 1L, 1L, 1L, 22
*/
// ECC Does not appear to be supported currently
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo);
if (curveName != null) {
AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(keyAlgo);
algorithmParameters.init(new ECNamedCurveGenParameterSpec(curveName));
kpg.initialize(algorithmParameters.getParameterSpec(ECNamedCurveGenParameterSpec.class));
} else {
kpg.initialize(keySize);
}
KeyPair kp = kpg.generateKeyPair();
X500Principal subject = new X500Principal("CN=Android, O=Google, C=US");
mClientKey = kp.getPrivate();
// !!! Map the idAttributes into an ASN1Set of values to pass to
// the PKCS10CertificationRequest - this code is using outdated BC classes and
// has *not* been tested.
ASN1Set attributes;
if (!idAttributes.isEmpty()) {
ASN1EncodableVector payload = new DEREncodableVector();
for (Map.Entry<Asn1Oid, ASN1Encodable> entry : idAttributes.entrySet()) {
DERObjectIdentifier type = new DERObjectIdentifier(entry.getKey().toOIDString());
ASN1Set values = new DERSet(entry.getValue());
Attribute attribute = new Attribute(type, values);
payload.add(attribute);
}
attributes = new DERSet(payload);
} else {
attributes = null;
}
return new PKCS10CertificationRequest(sigAlgo, subject, kp.getPublic(), attributes, mClientKey).getEncoded();
}
Also used :
DERSet(com.android.org.bouncycastle.asn1.DERSet)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Attribute(com.android.org.bouncycastle.asn1.x509.Attribute)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
DERSet(com.android.org.bouncycastle.asn1.DERSet)
DERIA5String(com.android.org.bouncycastle.asn1.DERIA5String)
Asn1Integer(com.android.hotspot2.asn1.Asn1Integer)
DERPrintableString(com.android.org.bouncycastle.asn1.DERPrintableString)
ASN1EncodableVector(com.android.org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
ArrayList(java.util.ArrayList)
ASN1Encodable(com.android.org.bouncycastle.asn1.ASN1Encodable)
PKCS10CertificationRequest(com.android.org.bouncycastle.jce.PKCS10CertificationRequest)
Asn1Oid(com.android.hotspot2.asn1.Asn1Oid)
KeyPair(java.security.KeyPair)
ECNamedCurveGenParameterSpec(com.android.org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec)
DEREncodableVector(com.android.org.bouncycastle.asn1.DEREncodableVector)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
IOException(java.io.IOException)
KeyPairGenerator(java.security.KeyPairGenerator)
DERObjectIdentifier(com.android.org.bouncycastle.asn1.DERObjectIdentifier)
Asn1Object(com.android.hotspot2.asn1.Asn1Object)
OidMappings(com.android.hotspot2.asn1.OidMappings)
ASN1Set(com.android.org.bouncycastle.asn1.ASN1Set)
X500Principal(javax.security.auth.x500.X500Principal)
Map(java.util.Map)
HashMap(java.util.HashMap)
AlgorithmParameters(java.security.AlgorithmParameters)
Aggregations
KeyPairGenerator (java.security.KeyPairGenerator)197
KeyPair (java.security.KeyPair)145
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)43
SecureRandom (java.security.SecureRandom)39
PublicKey (java.security.PublicKey)27
PrivateKey (java.security.PrivateKey)26
X509Certificate (java.security.cert.X509Certificate)23
KeyFactory (java.security.KeyFactory)21
IOException (java.io.IOException)19
BigInteger (java.math.BigInteger)17
GeneralSecurityException (java.security.GeneralSecurityException)15
Signature (java.security.Signature)15
Date (java.util.Date)15
Cipher (javax.crypto.Cipher)15
KeyAgreement (javax.crypto.KeyAgreement)15
RSAPublicKey (java.security.interfaces.RSAPublicKey)14
X500Principal (javax.security.auth.x500.X500Principal)13
ECPrivateKey (java.security.interfaces.ECPrivateKey)12
ECPublicKey (java.security.interfaces.ECPublicKey)12
HashMap (java.util.HashMap)11
