Example 16 with KeyPairGenerator
use of java.security.KeyPairGenerator in project robovm by robovm.
the class ClientHandshakeImpl method processServerHelloDone.
/**
* Processes ServerHelloDone: makes verification of the server messages; sends
* client messages, computers masterSecret, sends ChangeCipherSpec
*/
void processServerHelloDone() {
PrivateKey clientKey = null;
if (serverCert != null) {
if (session.cipherSuite.isAnonymous()) {
unexpectedMessage();
return;
}
verifyServerCert();
} else {
if (!session.cipherSuite.isAnonymous()) {
unexpectedMessage();
return;
}
}
// Client certificate
if (certificateRequest != null) {
X509Certificate[] certs = null;
// obtain certificates from key manager
String alias = null;
String[] certTypes = certificateRequest.getTypesAsString();
X500Principal[] issuers = certificateRequest.certificate_authorities;
X509KeyManager km = parameters.getKeyManager();
if (km instanceof X509ExtendedKeyManager) {
X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
if (this.socketOwner != null) {
alias = ekm.chooseClientAlias(certTypes, issuers, this.socketOwner);
} else {
alias = ekm.chooseEngineClientAlias(certTypes, issuers, this.engineOwner);
}
if (alias != null) {
certs = ekm.getCertificateChain(alias);
}
} else {
alias = km.chooseClientAlias(certTypes, issuers, this.socketOwner);
if (alias != null) {
certs = km.getCertificateChain(alias);
}
}
session.localCertificates = certs;
clientCert = new CertificateMessage(certs);
clientKey = km.getPrivateKey(alias);
send(clientCert);
}
// Client key exchange
if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
// RSA encrypted premaster secret message
Cipher c;
try {
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
if (serverKeyExchange != null) {
if (!session.cipherSuite.isAnonymous()) {
DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
ds.init(serverCert.certs[0]);
ds.update(clientHello.getRandom());
ds.update(serverHello.getRandom());
if (!serverKeyExchange.verifySignature(ds)) {
fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
return;
}
}
c.init(Cipher.WRAP_MODE, serverKeyExchange.getRSAPublicKey());
} else {
c.init(Cipher.WRAP_MODE, serverCert.certs[0]);
}
} catch (Exception e) {
fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
return;
}
preMasterSecret = new byte[48];
parameters.getSecureRandom().nextBytes(preMasterSecret);
System.arraycopy(clientHello.client_version, 0, preMasterSecret, 0, 2);
try {
clientKeyExchange = new ClientKeyExchange(c.wrap(new SecretKeySpec(preMasterSecret, "preMasterSecret")), serverHello.server_version[1] == 1);
} catch (Exception e) {
fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
return;
}
} else if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS_EXPORT || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA_EXPORT || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon_EXPORT) {
/*
* All other key exchanges should have had a DH key communicated via
* ServerKeyExchange beforehand.
*/
if (serverKeyExchange == null) {
fatalAlert(AlertProtocol.UNEXPECTED_MESSAGE, "Expected ServerKeyExchange");
return;
}
if (session.cipherSuite.isAnonymous() != serverKeyExchange.isAnonymous()) {
fatalAlert(AlertProtocol.DECRYPT_ERROR, "Wrong type in ServerKeyExchange");
return;
}
try {
if (!session.cipherSuite.isAnonymous()) {
DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
ds.init(serverCert.certs[0]);
ds.update(clientHello.getRandom());
ds.update(serverHello.getRandom());
if (!serverKeyExchange.verifySignature(ds)) {
fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify DH params");
return;
}
}
KeyFactory kf = KeyFactory.getInstance("DH");
KeyAgreement agreement = KeyAgreement.getInstance("DH");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
PublicKey serverDhPublic = kf.generatePublic(new DHPublicKeySpec(serverKeyExchange.par3, serverKeyExchange.par1, serverKeyExchange.par2));
DHParameterSpec spec = new DHParameterSpec(serverKeyExchange.par1, serverKeyExchange.par2);
kpg.initialize(spec);
KeyPair kp = kpg.generateKeyPair();
DHPublicKey pubDhKey = (DHPublicKey) kp.getPublic();
clientKeyExchange = new ClientKeyExchange(pubDhKey.getY());
PrivateKey privDhKey = kp.getPrivate();
agreement.init(privDhKey);
agreement.doPhase(serverDhPublic, true);
preMasterSecret = agreement.generateSecret();
} catch (Exception e) {
fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
return;
}
} else {
fatalAlert(AlertProtocol.DECRYPT_ERROR, "Unsupported handshake type");
return;
}
if (clientKeyExchange != null) {
send(clientKeyExchange);
}
computerMasterSecret();
// fixed DH parameters
if (clientCert != null && clientCert.certs.length > 0 && !clientKeyExchange.isEmpty()) {
// Certificate verify
String authType = clientKey.getAlgorithm();
DigitalSignature ds = new DigitalSignature(authType);
ds.init(clientKey);
if ("RSA".equals(authType)) {
ds.setMD5(io_stream.getDigestMD5());
ds.setSHA(io_stream.getDigestSHA());
} else if ("DSA".equals(authType)) {
ds.setSHA(io_stream.getDigestSHA());
// The Signature should be empty in case of anonymous signature algorithm:
// } else if ("DH".equals(authType)) {
}
certificateVerify = new CertificateVerify(ds.sign());
send(certificateVerify);
}
sendChangeCipherSpec();
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
DHPublicKey(javax.crypto.interfaces.DHPublicKey)
PublicKey(java.security.PublicKey)
DHPublicKey(javax.crypto.interfaces.DHPublicKey)
DHParameterSpec(javax.crypto.spec.DHParameterSpec)
KeyPairGenerator(java.security.KeyPairGenerator)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
X509KeyManager(javax.net.ssl.X509KeyManager)
X500Principal(javax.security.auth.x500.X500Principal)
Cipher(javax.crypto.Cipher)
DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec)
KeyAgreement(javax.crypto.KeyAgreement)
KeyFactory(java.security.KeyFactory)
Example 17 with KeyPairGenerator
use of java.security.KeyPairGenerator in project robovm by robovm.
the class KeyPairGeneratorTest method test_getInstance.
public void test_getInstance() throws Exception {
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
Set<Provider.Service> services = provider.getServices();
for (Provider.Service service : services) {
String type = service.getType();
if (!type.equals("KeyPairGenerator")) {
continue;
}
String algorithm = service.getAlgorithm();
// AndroidKeyStore is tested in CTS.
if ("AndroidKeyStore".equals(provider.getName())) {
continue;
}
AlgorithmParameterSpec params = null;
// TODO: detect if we're running in vogar and run the full test
if ("DH".equals(algorithm)) {
params = getDHParams();
}
try {
// KeyPairGenerator.getInstance(String)
KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(algorithm);
assertEquals(algorithm, kpg1.getAlgorithm());
if (params != null) {
kpg1.initialize(params);
}
test_KeyPairGenerator(kpg1);
// KeyPairGenerator.getInstance(String, Provider)
KeyPairGenerator kpg2 = KeyPairGenerator.getInstance(algorithm, provider);
assertEquals(algorithm, kpg2.getAlgorithm());
assertEquals(provider, kpg2.getProvider());
if (params != null) {
kpg2.initialize(params);
}
test_KeyPairGenerator(kpg2);
// KeyPairGenerator.getInstance(String, String)
KeyPairGenerator kpg3 = KeyPairGenerator.getInstance(algorithm, provider.getName());
assertEquals(algorithm, kpg3.getAlgorithm());
assertEquals(provider, kpg3.getProvider());
if (params != null) {
kpg3.initialize(params);
}
test_KeyPairGenerator(kpg3);
} catch (Exception e) {
throw new Exception("Problem testing KeyPairGenerator." + algorithm, e);
}
}
}
}
Also used :
Service(java.security.Provider.Service)
Service(java.security.Provider.Service)
KeyPairGenerator(java.security.KeyPairGenerator)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Provider(java.security.Provider)
Example 18 with KeyPairGenerator
use of java.security.KeyPairGenerator in project robovm by robovm.
the class DSAPublicKeyTest method test_getY.
/**
* java.security.interfaces.DSAPublicKey
* #getY()
* test covers following use cases
* Case 1: check with predefined p, q, g, x
* Case 2: check with random p, q, g, x. It takes some time (up to
* minute)
*/
public void test_getY() throws Exception {
KeyPairGenerator keyGen = null;
KeyPair keys = null;
DSAPrivateKey priv = null;
DSAPublicKey publ = null;
// Case 1: check with predefined p, q, g, x
keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(new DSAParameterSpec(Util.P, Util.Q, Util.G), new SecureRandom(new MySecureRandomSpi(), null) {
});
keys = keyGen.generateKeyPair();
priv = (DSAPrivateKey) keys.getPrivate();
publ = (DSAPublicKey) keys.getPublic();
assertNotNull("Invalid Y value", publ.getY());
// Case 2: check with random p, q, g, x. It takes some time (up to
// minute)
keyGen = KeyPairGenerator.getInstance("DSA");
keys = keyGen.generateKeyPair();
priv = (DSAPrivateKey) keys.getPrivate();
publ = (DSAPublicKey) keys.getPublic();
assertNotNull("Invalid Y value", publ.getY());
}
Also used :
DSAParameterSpec(java.security.spec.DSAParameterSpec)
KeyPair(java.security.KeyPair)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
SecureRandom(java.security.SecureRandom)
KeyPairGenerator(java.security.KeyPairGenerator)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
Example 19 with KeyPairGenerator
use of java.security.KeyPairGenerator in project robovm by robovm.
the class DHPublicKeyTest method test_getParams.
@BrokenTest("Too slow - disabling for now")
public void test_getParams() throws Exception {
KeyPairGenerator kg = KeyPairGenerator.getInstance("DH");
kg.initialize(1024);
KeyPair kp1 = kg.genKeyPair();
KeyPair kp2 = kg.genKeyPair();
DHPublicKey pk1 = (DHPublicKey) kp1.getPublic();
DHPublicKey pk2 = (DHPublicKey) kp2.getPublic();
assertTrue(pk1.getY().getClass().getCanonicalName().equals("java.math.BigInteger"));
assertTrue(pk2.getParams().getClass().getCanonicalName().equals("javax.crypto.spec.DHParameterSpec"));
assertFalse(pk1.equals(pk2));
assertTrue(pk1.getY().equals(pk1.getY()));
}
Also used :
KeyPair(java.security.KeyPair)
DHPublicKey(javax.crypto.interfaces.DHPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
BrokenTest(dalvik.annotation.BrokenTest)
Example 20 with KeyPairGenerator
use of java.security.KeyPairGenerator in project robovm by robovm.
the class OldDHTest method testDHGen.
@BrokenTest("Suffers from DH slowness, disabling for now")
public void testDHGen() throws Exception {
KeyPairGenerator gen = null;
try {
gen = KeyPairGenerator.getInstance("DH");
} catch (NoSuchAlgorithmException e) {
fail(e.getMessage());
}
AlgorithmParameterGenerator algorithmparametergenerator = AlgorithmParameterGenerator.getInstance("DH");
algorithmparametergenerator.init(1024, new SecureRandom());
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
DHParameterSpec dhparameterspec = algorithmparameters.getParameterSpec(DHParameterSpec.class);
//gen.initialize(1024);
gen.initialize(dhparameterspec);
KeyPair key = gen.generateKeyPair();
}
Also used :
KeyPair(java.security.KeyPair)
AlgorithmParameterGenerator(java.security.AlgorithmParameterGenerator)
SecureRandom(java.security.SecureRandom)
DHParameterSpec(javax.crypto.spec.DHParameterSpec)
KeyPairGenerator(java.security.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmParameters(java.security.AlgorithmParameters)
BrokenTest(dalvik.annotation.BrokenTest)
Aggregations
KeyPairGenerator (java.security.KeyPairGenerator)197
KeyPair (java.security.KeyPair)145
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)43
SecureRandom (java.security.SecureRandom)39
PublicKey (java.security.PublicKey)27
PrivateKey (java.security.PrivateKey)26
X509Certificate (java.security.cert.X509Certificate)23
KeyFactory (java.security.KeyFactory)21
IOException (java.io.IOException)19
BigInteger (java.math.BigInteger)17
GeneralSecurityException (java.security.GeneralSecurityException)15
Signature (java.security.Signature)15
Date (java.util.Date)15
Cipher (javax.crypto.Cipher)15
KeyAgreement (javax.crypto.KeyAgreement)15
RSAPublicKey (java.security.interfaces.RSAPublicKey)14
X500Principal (javax.security.auth.x500.X500Principal)13
ECPrivateKey (java.security.interfaces.ECPrivateKey)12
ECPublicKey (java.security.interfaces.ECPublicKey)12
HashMap (java.util.HashMap)11
