Search in sources :

Example 46 with DSAParams

use of java.security.interfaces.DSAParams in project robovm by robovm.

the class OpenSSLDSAParams method equals.

@Override
public boolean equals(Object o) {
    if (o == this) {
        return true;
    }
    if (o instanceof OpenSSLDSAParams) {
        OpenSSLDSAParams other = (OpenSSLDSAParams) o;
        /*
             * We can shortcut the true case, but it still may be equivalent but
             * different copies.
             */
        if (key == other.getOpenSSLKey()) {
            return true;
        }
    }
    if (!(o instanceof DSAParams)) {
        return false;
    }
    ensureReadParams();
    DSAParams other = (DSAParams) o;
    return g.equals(other.getG()) && p.equals(other.getP()) && q.equals(other.getQ());
}
Also used : DSAParams(java.security.interfaces.DSAParams)

Example 47 with DSAParams

use of java.security.interfaces.DSAParams in project jdk8u_jdk by JetBrains.

the class AlgorithmChecker method check.

@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
    if (!(cert instanceof X509Certificate) || constraints == null) {
        // ignore the check for non-x.509 certificate or null constraints
        return;
    }
    // check the key usage and key size
    boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
    if (keyUsage != null && keyUsage.length < 9) {
        throw new CertPathValidatorException("incorrect KeyUsage extension", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
    }
    X509CertImpl x509Cert;
    AlgorithmId algorithmId;
    try {
        x509Cert = X509CertImpl.toImpl((X509Certificate) cert);
        algorithmId = (AlgorithmId) x509Cert.get(X509CertImpl.SIG_ALG);
    } catch (CertificateException ce) {
        throw new CertPathValidatorException(ce);
    }
    AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
    PublicKey currPubKey = cert.getPublicKey();
    String currSigAlg = ((X509Certificate) cert).getSigAlgName();
    // Check the signature algorithm and parameters against constraints.
    if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, currSigAlgParams)) {
        throw new CertPathValidatorException("Algorithm constraints check failed on signature " + "algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
    }
    // Assume all key usage bits are set if key usage is not present
    Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
    if (keyUsage != null) {
        primitives = EnumSet.noneOf(CryptoPrimitive.class);
        if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
            // keyUsage[0]: KeyUsage.digitalSignature
            // keyUsage[1]: KeyUsage.nonRepudiation
            // keyUsage[5]: KeyUsage.keyCertSign
            // keyUsage[6]: KeyUsage.cRLSign
            primitives.add(CryptoPrimitive.SIGNATURE);
        }
        if (keyUsage[2]) {
            // KeyUsage.keyEncipherment
            primitives.add(CryptoPrimitive.KEY_ENCAPSULATION);
        }
        if (keyUsage[3]) {
            // KeyUsage.dataEncipherment
            primitives.add(CryptoPrimitive.PUBLIC_KEY_ENCRYPTION);
        }
        if (keyUsage[4]) {
            // KeyUsage.keyAgreement
            primitives.add(CryptoPrimitive.KEY_AGREEMENT);
        }
        if (primitives.isEmpty()) {
            throw new CertPathValidatorException("incorrect KeyUsage extension bits", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
        }
    }
    ConstraintsParameters cp = new ConstraintsParameters((X509Certificate) cert, trustedMatch, pkixdate, jarTimestamp, variant);
    // Check against local constraints if it is DisabledAlgorithmConstraints
    if (constraints instanceof DisabledAlgorithmConstraints) {
        ((DisabledAlgorithmConstraints) constraints).permits(currSigAlg, cp);
    // DisabledAlgorithmsConstraints does not check primitives, so key
    // additional key check.
    } else {
        // Perform the default constraints checking anyway.
        certPathDefaultConstraints.permits(currSigAlg, cp);
        // Call locally set constraints to check key with primitives.
        if (!constraints.permits(primitives, currPubKey)) {
            throw new CertPathValidatorException("Algorithm constraints check failed on key " + currPubKey.getAlgorithm() + " with size of " + sun.security.util.KeyUtil.getKeySize(currPubKey) + "bits", null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
    // If there is no previous key, set one and exit
    if (prevPubKey == null) {
        prevPubKey = currPubKey;
        return;
    }
    // Check with previous cert for signature algorithm and public key
    if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, prevPubKey, currSigAlgParams)) {
        throw new CertPathValidatorException("Algorithm constraints check failed on " + "signature algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
    }
    // Inherit key parameters from previous key
    if (PKIX.isDSAPublicKeyWithoutParams(currPubKey)) {
        // Inherit DSA parameters from previous key
        if (!(prevPubKey instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("Input key is not " + "of a appropriate type for inheriting parameters");
        }
        DSAParams params = ((DSAPublicKey) prevPubKey).getParams();
        if (params == null) {
            throw new CertPathValidatorException("Key parameters missing from public key.");
        }
        try {
            BigInteger y = ((DSAPublicKey) currPubKey).getY();
            KeyFactory kf = KeyFactory.getInstance("DSA");
            DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
            currPubKey = kf.generatePublic(ks);
        } catch (GeneralSecurityException e) {
            throw new CertPathValidatorException("Unable to generate " + "key with inherited parameters: " + e.getMessage(), e);
        }
    }
    // reset the previous public key
    prevPubKey = currPubKey;
}
Also used : DisabledAlgorithmConstraints(sun.security.util.DisabledAlgorithmConstraints) CryptoPrimitive(java.security.CryptoPrimitive) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) CertificateException(java.security.cert.CertificateException) DSAParams(java.security.interfaces.DSAParams) ConstraintsParameters(sun.security.util.ConstraintsParameters) X509Certificate(java.security.cert.X509Certificate) DSAPublicKey(java.security.interfaces.DSAPublicKey) CertPathValidatorException(java.security.cert.CertPathValidatorException) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) KeyFactory(java.security.KeyFactory) AlgorithmParameters(java.security.AlgorithmParameters) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 48 with DSAParams

use of java.security.interfaces.DSAParams in project jdk8u_jdk by JetBrains.

the class BasicChecker method makeInheritedParamsKey.

/**
     * Internal method to create a new key with inherited key parameters.
     *
     * @param keyValueKey key from which to obtain key value
     * @param keyParamsKey key from which to obtain key parameters
     * @return new public key having value and parameters
     * @throws CertPathValidatorException if keys are not appropriate types
     * for this operation
     */
static PublicKey makeInheritedParamsKey(PublicKey keyValueKey, PublicKey keyParamsKey) throws CertPathValidatorException {
    if (!(keyValueKey instanceof DSAPublicKey) || !(keyParamsKey instanceof DSAPublicKey))
        throw new CertPathValidatorException("Input key is not " + "appropriate type for " + "inheriting parameters");
    DSAParams params = ((DSAPublicKey) keyParamsKey).getParams();
    if (params == null)
        throw new CertPathValidatorException("Key parameters missing");
    try {
        BigInteger y = ((DSAPublicKey) keyValueKey).getY();
        KeyFactory kf = KeyFactory.getInstance("DSA");
        DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
        return kf.generatePublic(ks);
    } catch (GeneralSecurityException e) {
        throw new CertPathValidatorException("Unable to generate key with" + " inherited parameters: " + e.getMessage(), e);
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) GeneralSecurityException(java.security.GeneralSecurityException) BigInteger(java.math.BigInteger) DSAParams(java.security.interfaces.DSAParams) KeyFactory(java.security.KeyFactory) DSAPublicKey(java.security.interfaces.DSAPublicKey) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 49 with DSAParams

use of java.security.interfaces.DSAParams in project camel by apache.

the class DSAKeyPairIdentity method getPublicKeyBlob.

@Override
public byte[] getPublicKeyBlob() {
    DSAPublicKey publicKey = (DSAPublicKey) keyPair.getPublic();
    byte[] sshDss = ALGORITHM_TYPE.getBytes();
    DSAParams dsaParams = publicKey.getParams();
    byte[] pArray = dsaParams.getP().toByteArray();
    byte[] qArray = dsaParams.getQ().toByteArray();
    byte[] gArray = dsaParams.getG().toByteArray();
    byte[] yArray = publicKey.getY().toByteArray();
    byte[] result = new byte[sshDss.length + 4 + pArray.length + 4 + qArray.length + 4 + gArray.length + 4 + yArray.length + 4];
    int index = 0;
    byte[] intAsByteArray = ByteBuffer.allocate(4).putInt(sshDss.length).array();
    System.arraycopy(intAsByteArray, 0, result, index, 4);
    index += 4;
    System.arraycopy(sshDss, 0, result, index, sshDss.length);
    index += sshDss.length;
    intAsByteArray = ByteBuffer.allocate(4).putInt(pArray.length).array();
    System.arraycopy(intAsByteArray, 0, result, index, 4);
    index += 4;
    System.arraycopy(pArray, 0, result, index, pArray.length);
    index += pArray.length;
    intAsByteArray = ByteBuffer.allocate(4).putInt(qArray.length).array();
    System.arraycopy(intAsByteArray, 0, result, index, 4);
    index += 4;
    System.arraycopy(qArray, 0, result, index, qArray.length);
    index += qArray.length;
    intAsByteArray = ByteBuffer.allocate(4).putInt(gArray.length).array();
    System.arraycopy(intAsByteArray, 0, result, index, 4);
    index += 4;
    System.arraycopy(gArray, 0, result, index, gArray.length);
    index += gArray.length;
    intAsByteArray = ByteBuffer.allocate(4).putInt(yArray.length).array();
    System.arraycopy(intAsByteArray, 0, result, index, 4);
    index += 4;
    System.arraycopy(yArray, 0, result, index, yArray.length);
    return result;
}
Also used : DSAParams(java.security.interfaces.DSAParams) DSAPublicKey(java.security.interfaces.DSAPublicKey)

Example 50 with DSAParams

use of java.security.interfaces.DSAParams in project BiglyBT by BiglySoftware.

the class PEMWriter method writeObject.

public void writeObject(Object obj, String algorithm, char[] password, SecureRandom random) throws IOException {
    if (obj instanceof KeyPair) {
        writeObject(((KeyPair) obj).getPrivate());
        return;
    }
    String type = null;
    byte[] keyData = null;
    if (obj instanceof RSAPrivateCrtKey) {
        type = "RSA PRIVATE KEY";
        RSAPrivateCrtKey k = (RSAPrivateCrtKey) obj;
        RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(k.getModulus(), k.getPublicExponent(), k.getPrivateExponent(), k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient());
        // convert to bytearray
        keyData = keyStruct.getEncoded();
    } else if (obj instanceof DSAPrivateKey) {
        type = "DSA PRIVATE KEY";
        DSAPrivateKey k = (DSAPrivateKey) obj;
        DSAParams p = k.getParams();
        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new DERInteger(0));
        v.add(new DERInteger(p.getP()));
        v.add(new DERInteger(p.getQ()));
        v.add(new DERInteger(p.getG()));
        BigInteger x = k.getX();
        BigInteger y = p.getG().modPow(x, p.getP());
        v.add(new DERInteger(y));
        v.add(new DERInteger(x));
        keyData = new DERSequence(v).getEncoded();
    }
    if (type == null || keyData == null) {
        // TODO Support other types?
        throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName());
    }
    String dekAlgName = Strings.toUpperCase(algorithm);
    // Note: For backward compatibility
    if (dekAlgName.equals("DESEDE")) {
        dekAlgName = "DES-EDE3-CBC";
    }
    int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8;
    byte[] iv = new byte[ivLength];
    random.nextBytes(iv);
    byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv);
    // write the data
    writeHeader(type);
    this.write("Proc-Type: 4,ENCRYPTED");
    this.newLine();
    this.write("DEK-Info: " + dekAlgName + ",");
    this.writeHexEncoded(iv);
    this.newLine();
    this.newLine();
    this.writeEncoded(encData);
    writeFooter(type);
}
Also used : RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) DSAParams(java.security.interfaces.DSAParams) RSAPrivateKeyStructure(org.gudy.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) BigInteger(java.math.BigInteger)

Aggregations

DSAParams (java.security.interfaces.DSAParams)66 DSAPublicKey (java.security.interfaces.DSAPublicKey)30 BigInteger (java.math.BigInteger)29 DSAPrivateKey (java.security.interfaces.DSAPrivateKey)18 DSAPublicKeySpec (java.security.spec.DSAPublicKeySpec)17 DSAParameterSpec (java.security.spec.DSAParameterSpec)16 PublicKey (java.security.PublicKey)10 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)9 InvalidKeyException (java.security.InvalidKeyException)8 KeyFactory (java.security.KeyFactory)8 DSAPrivateKeySpec (java.security.spec.DSAPrivateKeySpec)8 IOException (java.io.IOException)7 GeneralSecurityException (java.security.GeneralSecurityException)7 CertPathValidatorException (java.security.cert.CertPathValidatorException)7 RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)7 RSAPublicKey (java.security.interfaces.RSAPublicKey)7 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)7 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)7 AlgorithmParameters (java.security.AlgorithmParameters)6 X509Certificate (java.security.cert.X509Certificate)6