Search in sources :

Example 1 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project OpenAttestation by OpenAttestation.

the class ProvisionTPM method takeOwnership.

/**
	 * Entry point into the program
	 * @throws Exception 
	 */
public static void takeOwnership() throws Exception {
    // throws InvalidKeyException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, NoSuchProviderException, KeyStoreException, CertificateException, IOException, javax.security.cert.CertificateException {
    //get properties file info
    final String OWNER_AUTH = "TpmOwnerAuth";
    final String EC_VALIDITY = "EcValidityDays";
    final String EC_STORAGE = "ecStorage";
    final String PRIVACY_CA_URL = "PrivacyCaUrl";
    final String TRUST_STORE = "TrustStore";
    final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
    final String EC_LOCATION = "ecLocation";
    String ecStorage = "";
    String ecStorageFileName = "";
    String PrivacyCaUrl = "";
    int EcValidityDays = 0;
    String PrivacyCaCertFile = "";
    byte[] TpmOwnerAuth = null;
    byte[] encryptCert = null;
    byte[] pubEkMod = null;
    X509Certificate pcaCert = null;
    PublicKey publicKey = null;
    //This is for logging purpose
    String propertiesFileName = ResourceFinder.getLocation("hisprovisioner.properties");
    FileInputStream PropertyFile = null;
    String tpmOwnerAuth = "";
    String homeFolder = "";
    try {
        File propFile = ResourceFinder.getFile("hisprovisioner.properties");
        PropertyFile = new FileInputStream(propFile);
        Properties HisProvisionerProperties = new Properties();
        HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
        homeFolder = propFile.getAbsolutePath();
        homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
        log.info("Home folder : " + homeFolder);
        EcValidityDays = Integer.parseInt(HisProvisionerProperties.getProperty(EC_VALIDITY, ""));
        tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
        if (tpmOwnerAuth != null) {
            TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
        }
        //else if (tpmOwnerAuth.length() == 40) {
        //    log.info("owner authentication is hex code formatted");
        //    TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
        //} else {
        //    log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
        //}
        //TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH, ""));
        PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
        PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
        ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
        ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
        log.info("ecStorageFileName:" + ecStorageFileName);
    } catch (FileNotFoundException e) {
        throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties)", e);
    } catch (IOException e) {
        throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties)", e);
    } catch (NumberFormatException e) {
        throw new PrivacyCAException("Error while reading EcValidityDays", e);
    } finally {
        if (PropertyFile != null) {
            try {
                PropertyFile.close();
            } catch (IOException e) {
                log.log(Level.SEVERE, "Error while closing the property file ", e);
            }
        }
    }
    String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
    boolean hasErrors = false;
    if (EcValidityDays == 0) {
        errorString += " - \"EcValidityDays\" value must be the number of validity days for the Endorsement Credential\n";
        hasErrors = true;
    }
    if (TpmOwnerAuth == null) {
        // || TpmOwnerAuth.length != 20){
        errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner auth\n";
        hasErrors = true;
    }
    if (hasErrors) {
        throw new PrivacyCAException(errorString);
    }
    //Provision the TPM
    log.info("Performing TPM provisioning...");
    Security.addProvider(new BouncyCastleProvider());
    SecretKey deskey = TpmUtils.generateSecretKey();
    // Take Ownership
    byte[] nonce = null;
    try {
        nonce = TpmUtils.createRandomBytes(20);
        TpmModule.takeOwnership(TpmOwnerAuth, nonce);
    } catch (TpmModuleException e) {
        if (e.toString().contains(".takeOwnership returned nonzero error: 4")) {
            Logger.getLogger(ProvisionTPM.class.getName()).info("Ownership is already taken : ");
            if (!System.getProperty("forceCreateEk", "false").equals("true")) {
                // feature to help with bug #554 and allow admin to force creating an ek (in case it failed the first time due to a non-tpm error such as java missing classes exception
                return;
            }
        } else
            throw e;
    } catch (IOException e) {
        e.printStackTrace();
    }
    // Create Endorsement Certificate
    try {
        nonce = TpmUtils.createRandomBytes(20);
        pubEkMod = TpmModule.getEndorsementKeyModulus(TpmOwnerAuth, nonce);
    } catch (TpmModuleException e) {
        System.out.println("Error getting PubEK: " + e.toString());
    } catch (Exception e) {
        System.out.println("Error getting PubEK: " + e.toString());
    }
    try {
        pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
        if (pcaCert != null) {
            publicKey = (RSAPublicKey) pcaCert.getPublicKey();
        }
    } catch (Exception e) {
        System.out.println("print out error message: " + e.toString());
        e.printStackTrace();
    }
    try {
        IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
        encryptCert = hisPrivacyCAWebService2.requestGetEC(TpmUtils.encryptDES(pubEkMod, deskey), TpmUtils.encryptRSA(deskey.getEncoded(), publicKey), EcValidityDays);
    } catch (Exception e) {
        System.out.println("FAILED");
        e.printStackTrace();
        System.exit(1);
    }
    //Decrypt and generate endorsement certificate 
    X509Certificate ekCert = null;
    try {
        if (encryptCert != null) {
            ekCert = TpmUtils.certFromBytes(TpmUtils.decryptDES(encryptCert, deskey));
        }
    } catch (java.security.cert.CertificateException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (Exception e) {
        e.printStackTrace();
    }
    // Store the new EC in NV-RAM or in the file
    try {
        if (ecStorage.equalsIgnoreCase("file")) {
            File ecFile = new File(ecStorageFileName);
            FileOutputStream ecFileOut = new FileOutputStream(ecFile);
            ecFileOut.write(ekCert.getEncoded());
            ecFileOut.flush();
            ecFileOut.close();
        } else {
            TpmModule.setCredential(TpmOwnerAuth, "EC", ekCert.getEncoded());
        }
        System.out.println(ekCert.getEncoded().length);
    } catch (TpmModuleException e) {
        System.out.println("Error getting PubEK: " + e.toString());
    } catch (CertificateEncodingException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
    System.out.println("DONE");
    //System.exit(0);
    return;
}
Also used : FileNotFoundException(java.io.FileNotFoundException) CertificateException(javax.security.cert.CertificateException) Properties(java.util.Properties) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2) InputStreamReader(java.io.InputStreamReader) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) FileInputStream(java.io.FileInputStream) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException) FileNotFoundException(java.io.FileNotFoundException) CertificateException(javax.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) SecretKey(javax.crypto.SecretKey) FileOutputStream(java.io.FileOutputStream) TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException) File(java.io.File)

Example 2 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project OpenAM by OpenRock.

the class OpenAMOAuth2ProviderSettings method getJWKSet.

public JsonValue getJWKSet() throws ServerException {
    synchronized (jwks) {
        if (jwks.isEmpty()) {
            PublicKey key = getServerKeyPair().getPublic();
            jwks.add(createRSAJWK((RSAPublicKey) key, KeyUse.SIG, JwsAlgorithm.RS256.name()));
        }
    }
    return new JsonValue(Collections.singletonMap("keys", jwks));
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) JsonValue(org.forgerock.json.JsonValue)

Example 3 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project OpenAM by OpenRock.

the class PEMDecoder method decodeRSAPublicKey.

/**
     * Decodes a PEM encoded Public Key.
     *
     * @param encodedKey The Base64 encoded public key bytes.
     * @return The decoded Public Key.
     * @throws NoSuchAlgorithmException If the key cannot be decoded.
     * @throws InvalidKeySpecException If the key cannot be decoded.
     */
public RSAPublicKey decodeRSAPublicKey(String encodedKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
    if (encodedKey == null) {
        return null;
    }
    encodedKey = encodedKey.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").trim();
    byte[] decodedKey = Base64.decode(encodedKey);
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
    return (RSAPublicKey) keyFactory.generatePublic(keySpec);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) KeyFactory(java.security.KeyFactory)

Example 4 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project OpenAM by OpenRock.

the class LibSecurityTokenProvider method createKeyInfo.

/**
     * Returns the <code>KeyInfo</code> object as a Document Element.
     */
private Element createKeyInfo() throws SecurityTokenException {
    X509Certificate cert = getX509Certificate();
    Document doc = null;
    try {
        doc = XMLUtils.newDocument();
    } catch (Exception e) {
        debug.error("createKeyInfo: ", e);
        throw new SecurityTokenException(e.getMessage());
    }
    String keyNameTextString = null;
    String base64CertString = null;
    PublicKey pk = null;
    try {
        pk = cert.getPublicKey();
        keyNameTextString = cert.getSubjectDN().getName();
        base64CertString = Base64.encode(cert.getEncoded());
    } catch (Exception e) {
        debug.error("createKeyInfo: ", e);
        throw new SecurityTokenException(e.getMessage());
    }
    Element keyInfo = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_KEYINFO);
    keyInfo.setAttribute("xmlns", SAMLConstants.XMLSIG_NAMESPACE_URI);
    if ((keyInfoType != null) && (keyInfoType.equalsIgnoreCase("certificate"))) {
        //put Certificate in KeyInfo
        Element x509Data = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_X509DATA);
        Element x509Certificate = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_X509CERTIFICATE);
        Text certText = doc.createTextNode(base64CertString);
        x509Certificate.appendChild(certText);
        keyInfo.appendChild(x509Data).appendChild(x509Certificate);
    } else {
        //put public key in keyinfo
        Element keyName = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_KEYNAME);
        Text keyNameText = doc.createTextNode(keyNameTextString);
        Element keyvalue = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_KEYVALUE);
        if (pk.getAlgorithm().equals("DSA")) {
            DSAPublicKey dsakey = (DSAPublicKey) pk;
            DSAParams dsaParams = dsakey.getParams();
            BigInteger _p = dsaParams.getP();
            BigInteger _q = dsaParams.getQ();
            BigInteger _g = dsaParams.getG();
            BigInteger _y = dsakey.getY();
            Element DSAKeyValue = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "DSAKeyValue");
            Element p = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "P");
            Text value_p = doc.createTextNode(Base64.encode(_p.toByteArray()));
            p.appendChild(value_p);
            DSAKeyValue.appendChild(p);
            Element q = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Q");
            Text value_q = doc.createTextNode(Base64.encode(_q.toByteArray()));
            q.appendChild(value_q);
            DSAKeyValue.appendChild(q);
            Element g = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "G");
            Text value_g = doc.createTextNode(Base64.encode(_g.toByteArray()));
            g.appendChild(value_g);
            DSAKeyValue.appendChild(g);
            Element y = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Y");
            Text value_y = doc.createTextNode(Base64.encode(_y.toByteArray()));
            y.appendChild(value_y);
            DSAKeyValue.appendChild(y);
            keyvalue.appendChild(DSAKeyValue);
        } else {
            // It is RSA
            RSAPublicKey rsakey = (RSAPublicKey) pk;
            BigInteger exponent = rsakey.getPublicExponent();
            BigInteger modulus = rsakey.getModulus();
            Element RSAKeyValue = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "RSAKeyValue");
            Element modulusNode = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Modulus");
            Element exponentNode = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Exponent");
            RSAKeyValue.appendChild(modulusNode);
            RSAKeyValue.appendChild(exponentNode);
            Text modulusValue = doc.createTextNode(Base64.encode(modulus.toByteArray()));
            modulusNode.appendChild(modulusValue);
            Text exponentValue = doc.createTextNode(Base64.encode(exponent.toByteArray()));
            exponentNode.appendChild(exponentValue);
            keyvalue.appendChild(RSAKeyValue);
        }
        keyInfo.appendChild(keyName).appendChild(keyNameText);
        keyInfo.appendChild(keyvalue);
    }
    return keyInfo;
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) Element(org.w3c.dom.Element) BigInteger(java.math.BigInteger) Text(org.w3c.dom.Text) DSAParams(java.security.interfaces.DSAParams) Document(org.w3c.dom.Document) X509Certificate(java.security.cert.X509Certificate) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) DSAPublicKey(java.security.interfaces.DSAPublicKey)

Example 5 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreProvider method getAndroidKeyStorePublicKey.

@NonNull
public static AndroidKeyStorePublicKey getAndroidKeyStorePublicKey(@NonNull String alias, int uid, @NonNull @KeyProperties.KeyAlgorithmEnum String keyAlgorithm, @NonNull byte[] x509EncodedForm) {
    PublicKey publicKey;
    try {
        KeyFactory keyFactory = KeyFactory.getInstance(keyAlgorithm);
        publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(x509EncodedForm));
    } catch (NoSuchAlgorithmException e) {
        throw new ProviderException("Failed to obtain " + keyAlgorithm + " KeyFactory", e);
    } catch (InvalidKeySpecException e) {
        throw new ProviderException("Invalid X.509 encoding of public key", e);
    }
    if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(keyAlgorithm)) {
        return new AndroidKeyStoreECPublicKey(alias, uid, (ECPublicKey) publicKey);
    } else if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(keyAlgorithm)) {
        return new AndroidKeyStoreRSAPublicKey(alias, uid, (RSAPublicKey) publicKey);
    } else {
        throw new ProviderException("Unsupported Android Keystore public key algorithm: " + keyAlgorithm);
    }
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) ProviderException(java.security.ProviderException) NoSuchProviderException(java.security.NoSuchProviderException) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) KeyFactory(java.security.KeyFactory) NonNull(android.annotation.NonNull)

Aggregations

RSAPublicKey (java.security.interfaces.RSAPublicKey)228 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)64 PublicKey (java.security.PublicKey)49 KeyPair (java.security.KeyPair)46 BigInteger (java.math.BigInteger)43 IOException (java.io.IOException)39 KeyPairGenerator (java.security.KeyPairGenerator)39 KeyFactory (java.security.KeyFactory)36 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)31 ECPublicKey (java.security.interfaces.ECPublicKey)30 X509Certificate (java.security.cert.X509Certificate)29 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)28 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)27 PrivateKey (java.security.PrivateKey)25 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)25 Test (org.junit.Test)25 CertificateException (java.security.cert.CertificateException)24 InvalidKeyException (java.security.InvalidKeyException)22 DSAPublicKey (java.security.interfaces.DSAPublicKey)22 ByteArrayInputStream (java.io.ByteArrayInputStream)21