Examples with PublicKey java.security.PublicKey used on opensource projects

Example 16 with PublicKey

use of java.security.PublicKey in project OpenAM by OpenRock.

the class AMKeyProvider method getPublicKey.

/**
     * Return java.security.PublicKey for the specified keyAlias.
     * @param keyAlias Key alias name
     * @return PublicKey which matches the keyAlias, return null if the PublicKey could not be found.
     */
public java.security.PublicKey getPublicKey(String keyAlias) {
    if (keyAlias == null || keyAlias.length() == 0) {
        return null;
    }
    java.security.PublicKey pkey = null;
    try {
        X509Certificate cert = (X509Certificate) ks.getCertificate(keyAlias);
        if (cert == null) {
            logger.error("Unable to retrieve certificate with alias '" + keyAlias + "' from keystore " + "'" + this.keystoreFile + "'");
            return null;
        }
        pkey = cert.getPublicKey();
    } catch (KeyStoreException e) {
        logger.error("Unable to get public key:" + keyAlias, e);
    }
    return pkey;
}

Example 17 with PublicKey

use of java.security.PublicKey in project OpenAM by OpenRock.

the class AMKeyProvider method getKeyPair.

/**
     * Return {@link KeyPair} containing {@link PublicKey} and {@link PrivateKey} for the specified certAlias.
     *
     * @param certAlias Certificate alias name
     *
     * @return KeyPair which matches the certAlias, return null if the PrivateKey or PublicKey could not be found.
     */
public KeyPair getKeyPair(String certAlias) {
    PublicKey publicKey = getPublicKey(certAlias);
    PrivateKey privateKey = getPrivateKey(certAlias);
    if (publicKey != null && privateKey != null) {
        return new KeyPair(publicKey, privateKey);
    } else {
        return null;
    }
}

Example 18 with PublicKey

use of java.security.PublicKey in project OpenAM by OpenRock.

the class ServerCertReport method loadKeyTable.

private Map loadKeyTable(KeyStore kStore) {
    Map<String, Object> keyTable = new HashMap<String, Object>();
    try {
        // create key to Certificate mapping
        for (Enumeration e = kStore.aliases(); e.hasMoreElements(); ) {
            String alias = (String) e.nextElement();
            Certificate cert = getCertificate(kStore, alias);
            PublicKey pk = getPublicKey(kStore, alias);
            String key = Base64.encode(pk.getEncoded());
            keyTable.put(alias, cert);
        }
    } catch (Exception e) {
        Debug.getInstance(DEBUG_NAME).error("ServerCertReport.loadKeyTable: " + "Exception in loading keystore", e);
    }
    return keyTable;
}

Example 19 with PublicKey

use of java.security.PublicKey in project OpenAM by OpenRock.

the class ServerCertReport method getPublicKey.

/**
     * Return java.security.PublicKey for the specified keyAlias
     * 
     * @param keyStore KeyStore to be used
     * @param keyAlias Key alias name
     * @return PublicKey which matches the keyAlias, return null if
     *         the PublicKey could not be found.
     */
private java.security.PublicKey getPublicKey(KeyStore keyStore, String keyAlias) {
    if (keyAlias == null || keyAlias.length() == 0) {
        return null;
    }
    java.security.PublicKey pkey = null;
    try {
        java.security.cert.X509Certificate cert = (X509Certificate) keyStore.getCertificate(keyAlias);
        pkey = cert.getPublicKey();
    } catch (Exception e) {
        Debug.getInstance(DEBUG_NAME).error("ServerCertReport.getPublicKey: " + "Exception in retriving public key from keystore", e);
    }
    return pkey;
}

Example 20 with PublicKey

use of java.security.PublicKey in project android_frameworks_base by ResurrectionRemix.

the class ApkSignatureSchemeV2Verifier method verifySigner.

private static X509Certificate[] verifySigner(ByteBuffer signerBlock, Map<Integer, byte[]> contentDigests, CertificateFactory certFactory) throws SecurityException, IOException {
    ByteBuffer signedData = getLengthPrefixedSlice(signerBlock);
    ByteBuffer signatures = getLengthPrefixedSlice(signerBlock);
    byte[] publicKeyBytes = readLengthPrefixedByteArray(signerBlock);
    int signatureCount = 0;
    int bestSigAlgorithm = -1;
    byte[] bestSigAlgorithmSignatureBytes = null;
    List<Integer> signaturesSigAlgorithms = new ArrayList<>();
    while (signatures.hasRemaining()) {
        signatureCount++;
        try {
            ByteBuffer signature = getLengthPrefixedSlice(signatures);
            if (signature.remaining() < 8) {
                throw new SecurityException("Signature record too short");
            }
            int sigAlgorithm = signature.getInt();
            signaturesSigAlgorithms.add(sigAlgorithm);
            if (!isSupportedSignatureAlgorithm(sigAlgorithm)) {
                continue;
            }
            if ((bestSigAlgorithm == -1) || (compareSignatureAlgorithm(sigAlgorithm, bestSigAlgorithm) > 0)) {
                bestSigAlgorithm = sigAlgorithm;
                bestSigAlgorithmSignatureBytes = readLengthPrefixedByteArray(signature);
            }
        } catch (IOException | BufferUnderflowException e) {
            throw new SecurityException("Failed to parse signature record #" + signatureCount, e);
        }
    }
    if (bestSigAlgorithm == -1) {
        if (signatureCount == 0) {
            throw new SecurityException("No signatures found");
        } else {
            throw new SecurityException("No supported signatures found");
        }
    }
    String keyAlgorithm = getSignatureAlgorithmJcaKeyAlgorithm(bestSigAlgorithm);
    Pair<String, ? extends AlgorithmParameterSpec> signatureAlgorithmParams = getSignatureAlgorithmJcaSignatureAlgorithm(bestSigAlgorithm);
    String jcaSignatureAlgorithm = signatureAlgorithmParams.first;
    AlgorithmParameterSpec jcaSignatureAlgorithmParams = signatureAlgorithmParams.second;
    boolean sigVerified;
    try {
        PublicKey publicKey = KeyFactory.getInstance(keyAlgorithm).generatePublic(new X509EncodedKeySpec(publicKeyBytes));
        Signature sig = Signature.getInstance(jcaSignatureAlgorithm);
        sig.initVerify(publicKey);
        if (jcaSignatureAlgorithmParams != null) {
            sig.setParameter(jcaSignatureAlgorithmParams);
        }
        sig.update(signedData);
        sigVerified = sig.verify(bestSigAlgorithmSignatureBytes);
    } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException | InvalidAlgorithmParameterException | SignatureException e) {
        throw new SecurityException("Failed to verify " + jcaSignatureAlgorithm + " signature", e);
    }
    if (!sigVerified) {
        throw new SecurityException(jcaSignatureAlgorithm + " signature did not verify");
    }
    // Signature over signedData has verified.
    byte[] contentDigest = null;
    signedData.clear();
    ByteBuffer digests = getLengthPrefixedSlice(signedData);
    List<Integer> digestsSigAlgorithms = new ArrayList<>();
    int digestCount = 0;
    while (digests.hasRemaining()) {
        digestCount++;
        try {
            ByteBuffer digest = getLengthPrefixedSlice(digests);
            if (digest.remaining() < 8) {
                throw new IOException("Record too short");
            }
            int sigAlgorithm = digest.getInt();
            digestsSigAlgorithms.add(sigAlgorithm);
            if (sigAlgorithm == bestSigAlgorithm) {
                contentDigest = readLengthPrefixedByteArray(digest);
            }
        } catch (IOException | BufferUnderflowException e) {
            throw new IOException("Failed to parse digest record #" + digestCount, e);
        }
    }
    if (!signaturesSigAlgorithms.equals(digestsSigAlgorithms)) {
        throw new SecurityException("Signature algorithms don't match between digests and signatures records");
    }
    int digestAlgorithm = getSignatureAlgorithmContentDigestAlgorithm(bestSigAlgorithm);
    byte[] previousSignerDigest = contentDigests.put(digestAlgorithm, contentDigest);
    if ((previousSignerDigest != null) && (!MessageDigest.isEqual(previousSignerDigest, contentDigest))) {
        throw new SecurityException(getContentDigestAlgorithmJcaDigestAlgorithm(digestAlgorithm) + " contents digest does not match the digest specified by a preceding signer");
    }
    ByteBuffer certificates = getLengthPrefixedSlice(signedData);
    List<X509Certificate> certs = new ArrayList<>();
    int certificateCount = 0;
    while (certificates.hasRemaining()) {
        certificateCount++;
        byte[] encodedCert = readLengthPrefixedByteArray(certificates);
        X509Certificate certificate;
        try {
            certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(encodedCert));
        } catch (CertificateException e) {
            throw new SecurityException("Failed to decode certificate #" + certificateCount, e);
        }
        certificate = new VerbatimX509Certificate(certificate, encodedCert);
        certs.add(certificate);
    }
    if (certs.isEmpty()) {
        throw new SecurityException("No certificates listed");
    }
    X509Certificate mainCertificate = certs.get(0);
    byte[] certificatePublicKeyBytes = mainCertificate.getPublicKey().getEncoded();
    if (!Arrays.equals(publicKeyBytes, certificatePublicKeyBytes)) {
        throw new SecurityException("Public key mismatch between certificate and signature record");
    }
    return certs.toArray(new X509Certificate[certs.size()]);
}