use of java.security.interfaces.DSAParams in project robovm by robovm.
the class OpenSSLDSAParams method equals.
@Override
public boolean equals(Object o) {
if (o == this) {
return true;
}
if (o instanceof OpenSSLDSAParams) {
OpenSSLDSAParams other = (OpenSSLDSAParams) o;
/*
* We can shortcut the true case, but it still may be equivalent but
* different copies.
*/
if (key == other.getOpenSSLKey()) {
return true;
}
}
if (!(o instanceof DSAParams)) {
return false;
}
ensureReadParams();
DSAParams other = (DSAParams) o;
return g.equals(other.getG()) && p.equals(other.getP()) && q.equals(other.getQ());
}
use of java.security.interfaces.DSAParams in project jdk8u_jdk by JetBrains.
the class AlgorithmChecker method check.
@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
if (!(cert instanceof X509Certificate) || constraints == null) {
// ignore the check for non-x.509 certificate or null constraints
return;
}
// check the key usage and key size
boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
if (keyUsage != null && keyUsage.length < 9) {
throw new CertPathValidatorException("incorrect KeyUsage extension", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
}
X509CertImpl x509Cert;
AlgorithmId algorithmId;
try {
x509Cert = X509CertImpl.toImpl((X509Certificate) cert);
algorithmId = (AlgorithmId) x509Cert.get(X509CertImpl.SIG_ALG);
} catch (CertificateException ce) {
throw new CertPathValidatorException(ce);
}
AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
PublicKey currPubKey = cert.getPublicKey();
String currSigAlg = ((X509Certificate) cert).getSigAlgName();
// Check the signature algorithm and parameters against constraints.
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, currSigAlgParams)) {
throw new CertPathValidatorException("Algorithm constraints check failed on signature " + "algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
// Assume all key usage bits are set if key usage is not present
Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
if (keyUsage != null) {
primitives = EnumSet.noneOf(CryptoPrimitive.class);
if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
// keyUsage[0]: KeyUsage.digitalSignature
// keyUsage[1]: KeyUsage.nonRepudiation
// keyUsage[5]: KeyUsage.keyCertSign
// keyUsage[6]: KeyUsage.cRLSign
primitives.add(CryptoPrimitive.SIGNATURE);
}
if (keyUsage[2]) {
// KeyUsage.keyEncipherment
primitives.add(CryptoPrimitive.KEY_ENCAPSULATION);
}
if (keyUsage[3]) {
// KeyUsage.dataEncipherment
primitives.add(CryptoPrimitive.PUBLIC_KEY_ENCRYPTION);
}
if (keyUsage[4]) {
// KeyUsage.keyAgreement
primitives.add(CryptoPrimitive.KEY_AGREEMENT);
}
if (primitives.isEmpty()) {
throw new CertPathValidatorException("incorrect KeyUsage extension bits", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
}
}
ConstraintsParameters cp = new ConstraintsParameters((X509Certificate) cert, trustedMatch, pkixdate, jarTimestamp, variant);
// Check against local constraints if it is DisabledAlgorithmConstraints
if (constraints instanceof DisabledAlgorithmConstraints) {
((DisabledAlgorithmConstraints) constraints).permits(currSigAlg, cp);
// DisabledAlgorithmsConstraints does not check primitives, so key
// additional key check.
} else {
// Perform the default constraints checking anyway.
certPathDefaultConstraints.permits(currSigAlg, cp);
// Call locally set constraints to check key with primitives.
if (!constraints.permits(primitives, currPubKey)) {
throw new CertPathValidatorException("Algorithm constraints check failed on key " + currPubKey.getAlgorithm() + " with size of " + sun.security.util.KeyUtil.getKeySize(currPubKey) + "bits", null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
// If there is no previous key, set one and exit
if (prevPubKey == null) {
prevPubKey = currPubKey;
return;
}
// Check with previous cert for signature algorithm and public key
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, prevPubKey, currSigAlgParams)) {
throw new CertPathValidatorException("Algorithm constraints check failed on " + "signature algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
// Inherit key parameters from previous key
if (PKIX.isDSAPublicKeyWithoutParams(currPubKey)) {
// Inherit DSA parameters from previous key
if (!(prevPubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException("Input key is not " + "of a appropriate type for inheriting parameters");
}
DSAParams params = ((DSAPublicKey) prevPubKey).getParams();
if (params == null) {
throw new CertPathValidatorException("Key parameters missing from public key.");
}
try {
BigInteger y = ((DSAPublicKey) currPubKey).getY();
KeyFactory kf = KeyFactory.getInstance("DSA");
DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
currPubKey = kf.generatePublic(ks);
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException("Unable to generate " + "key with inherited parameters: " + e.getMessage(), e);
}
}
// reset the previous public key
prevPubKey = currPubKey;
}
use of java.security.interfaces.DSAParams in project jdk8u_jdk by JetBrains.
the class BasicChecker method makeInheritedParamsKey.
/**
* Internal method to create a new key with inherited key parameters.
*
* @param keyValueKey key from which to obtain key value
* @param keyParamsKey key from which to obtain key parameters
* @return new public key having value and parameters
* @throws CertPathValidatorException if keys are not appropriate types
* for this operation
*/
static PublicKey makeInheritedParamsKey(PublicKey keyValueKey, PublicKey keyParamsKey) throws CertPathValidatorException {
if (!(keyValueKey instanceof DSAPublicKey) || !(keyParamsKey instanceof DSAPublicKey))
throw new CertPathValidatorException("Input key is not " + "appropriate type for " + "inheriting parameters");
DSAParams params = ((DSAPublicKey) keyParamsKey).getParams();
if (params == null)
throw new CertPathValidatorException("Key parameters missing");
try {
BigInteger y = ((DSAPublicKey) keyValueKey).getY();
KeyFactory kf = KeyFactory.getInstance("DSA");
DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
return kf.generatePublic(ks);
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException("Unable to generate key with" + " inherited parameters: " + e.getMessage(), e);
}
}
use of java.security.interfaces.DSAParams in project camel by apache.
the class DSAKeyPairIdentity method getPublicKeyBlob.
@Override
public byte[] getPublicKeyBlob() {
DSAPublicKey publicKey = (DSAPublicKey) keyPair.getPublic();
byte[] sshDss = ALGORITHM_TYPE.getBytes();
DSAParams dsaParams = publicKey.getParams();
byte[] pArray = dsaParams.getP().toByteArray();
byte[] qArray = dsaParams.getQ().toByteArray();
byte[] gArray = dsaParams.getG().toByteArray();
byte[] yArray = publicKey.getY().toByteArray();
byte[] result = new byte[sshDss.length + 4 + pArray.length + 4 + qArray.length + 4 + gArray.length + 4 + yArray.length + 4];
int index = 0;
byte[] intAsByteArray = ByteBuffer.allocate(4).putInt(sshDss.length).array();
System.arraycopy(intAsByteArray, 0, result, index, 4);
index += 4;
System.arraycopy(sshDss, 0, result, index, sshDss.length);
index += sshDss.length;
intAsByteArray = ByteBuffer.allocate(4).putInt(pArray.length).array();
System.arraycopy(intAsByteArray, 0, result, index, 4);
index += 4;
System.arraycopy(pArray, 0, result, index, pArray.length);
index += pArray.length;
intAsByteArray = ByteBuffer.allocate(4).putInt(qArray.length).array();
System.arraycopy(intAsByteArray, 0, result, index, 4);
index += 4;
System.arraycopy(qArray, 0, result, index, qArray.length);
index += qArray.length;
intAsByteArray = ByteBuffer.allocate(4).putInt(gArray.length).array();
System.arraycopy(intAsByteArray, 0, result, index, 4);
index += 4;
System.arraycopy(gArray, 0, result, index, gArray.length);
index += gArray.length;
intAsByteArray = ByteBuffer.allocate(4).putInt(yArray.length).array();
System.arraycopy(intAsByteArray, 0, result, index, 4);
index += 4;
System.arraycopy(yArray, 0, result, index, yArray.length);
return result;
}
use of java.security.interfaces.DSAParams in project BiglyBT by BiglySoftware.
the class PEMWriter method writeObject.
public void writeObject(Object obj, String algorithm, char[] password, SecureRandom random) throws IOException {
if (obj instanceof KeyPair) {
writeObject(((KeyPair) obj).getPrivate());
return;
}
String type = null;
byte[] keyData = null;
if (obj instanceof RSAPrivateCrtKey) {
type = "RSA PRIVATE KEY";
RSAPrivateCrtKey k = (RSAPrivateCrtKey) obj;
RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(k.getModulus(), k.getPublicExponent(), k.getPrivateExponent(), k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient());
// convert to bytearray
keyData = keyStruct.getEncoded();
} else if (obj instanceof DSAPrivateKey) {
type = "DSA PRIVATE KEY";
DSAPrivateKey k = (DSAPrivateKey) obj;
DSAParams p = k.getParams();
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERInteger(0));
v.add(new DERInteger(p.getP()));
v.add(new DERInteger(p.getQ()));
v.add(new DERInteger(p.getG()));
BigInteger x = k.getX();
BigInteger y = p.getG().modPow(x, p.getP());
v.add(new DERInteger(y));
v.add(new DERInteger(x));
keyData = new DERSequence(v).getEncoded();
}
if (type == null || keyData == null) {
// TODO Support other types?
throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName());
}
String dekAlgName = Strings.toUpperCase(algorithm);
// Note: For backward compatibility
if (dekAlgName.equals("DESEDE")) {
dekAlgName = "DES-EDE3-CBC";
}
int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8;
byte[] iv = new byte[ivLength];
random.nextBytes(iv);
byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv);
// write the data
writeHeader(type);
this.write("Proc-Type: 4,ENCRYPTED");
this.newLine();
this.write("DEK-Info: " + dekAlgName + ",");
this.writeHexEncoded(iv);
this.newLine();
this.newLine();
this.writeEncoded(encData);
writeFooter(type);
}
Aggregations