use of java.security.interfaces.RSAPublicKey in project OpenAttestation by OpenAttestation.
the class ProvisionTPM method takeOwnership.
/**
* Entry point into the program
* @throws Exception
*/
public static void takeOwnership() throws Exception {
// throws InvalidKeyException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, NoSuchProviderException, KeyStoreException, CertificateException, IOException, javax.security.cert.CertificateException {
//get properties file info
final String OWNER_AUTH = "TpmOwnerAuth";
final String EC_VALIDITY = "EcValidityDays";
final String EC_STORAGE = "ecStorage";
final String PRIVACY_CA_URL = "PrivacyCaUrl";
final String TRUST_STORE = "TrustStore";
final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
final String EC_LOCATION = "ecLocation";
String ecStorage = "";
String ecStorageFileName = "";
String PrivacyCaUrl = "";
int EcValidityDays = 0;
String PrivacyCaCertFile = "";
byte[] TpmOwnerAuth = null;
byte[] encryptCert = null;
byte[] pubEkMod = null;
X509Certificate pcaCert = null;
PublicKey publicKey = null;
//This is for logging purpose
String propertiesFileName = ResourceFinder.getLocation("hisprovisioner.properties");
FileInputStream PropertyFile = null;
String tpmOwnerAuth = "";
String homeFolder = "";
try {
File propFile = ResourceFinder.getFile("hisprovisioner.properties");
PropertyFile = new FileInputStream(propFile);
Properties HisProvisionerProperties = new Properties();
HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
homeFolder = propFile.getAbsolutePath();
homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
log.info("Home folder : " + homeFolder);
EcValidityDays = Integer.parseInt(HisProvisionerProperties.getProperty(EC_VALIDITY, ""));
tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
if (tpmOwnerAuth != null) {
TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
}
//else if (tpmOwnerAuth.length() == 40) {
// log.info("owner authentication is hex code formatted");
// TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
//} else {
// log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
//}
//TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH, ""));
PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
log.info("ecStorageFileName:" + ecStorageFileName);
} catch (FileNotFoundException e) {
throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (IOException e) {
throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (NumberFormatException e) {
throw new PrivacyCAException("Error while reading EcValidityDays", e);
} finally {
if (PropertyFile != null) {
try {
PropertyFile.close();
} catch (IOException e) {
log.log(Level.SEVERE, "Error while closing the property file ", e);
}
}
}
String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
boolean hasErrors = false;
if (EcValidityDays == 0) {
errorString += " - \"EcValidityDays\" value must be the number of validity days for the Endorsement Credential\n";
hasErrors = true;
}
if (TpmOwnerAuth == null) {
// || TpmOwnerAuth.length != 20){
errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner auth\n";
hasErrors = true;
}
if (hasErrors) {
throw new PrivacyCAException(errorString);
}
//Provision the TPM
log.info("Performing TPM provisioning...");
Security.addProvider(new BouncyCastleProvider());
SecretKey deskey = TpmUtils.generateSecretKey();
// Take Ownership
byte[] nonce = null;
try {
nonce = TpmUtils.createRandomBytes(20);
TpmModule.takeOwnership(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
if (e.toString().contains(".takeOwnership returned nonzero error: 4")) {
Logger.getLogger(ProvisionTPM.class.getName()).info("Ownership is already taken : ");
if (!System.getProperty("forceCreateEk", "false").equals("true")) {
// feature to help with bug #554 and allow admin to force creating an ek (in case it failed the first time due to a non-tpm error such as java missing classes exception
return;
}
} else
throw e;
} catch (IOException e) {
e.printStackTrace();
}
// Create Endorsement Certificate
try {
nonce = TpmUtils.createRandomBytes(20);
pubEkMod = TpmModule.getEndorsementKeyModulus(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (Exception e) {
System.out.println("Error getting PubEK: " + e.toString());
}
try {
pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
if (pcaCert != null) {
publicKey = (RSAPublicKey) pcaCert.getPublicKey();
}
} catch (Exception e) {
System.out.println("print out error message: " + e.toString());
e.printStackTrace();
}
try {
IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
encryptCert = hisPrivacyCAWebService2.requestGetEC(TpmUtils.encryptDES(pubEkMod, deskey), TpmUtils.encryptRSA(deskey.getEncoded(), publicKey), EcValidityDays);
} catch (Exception e) {
System.out.println("FAILED");
e.printStackTrace();
System.exit(1);
}
//Decrypt and generate endorsement certificate
X509Certificate ekCert = null;
try {
if (encryptCert != null) {
ekCert = TpmUtils.certFromBytes(TpmUtils.decryptDES(encryptCert, deskey));
}
} catch (java.security.cert.CertificateException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
// Store the new EC in NV-RAM or in the file
try {
if (ecStorage.equalsIgnoreCase("file")) {
File ecFile = new File(ecStorageFileName);
FileOutputStream ecFileOut = new FileOutputStream(ecFile);
ecFileOut.write(ekCert.getEncoded());
ecFileOut.flush();
ecFileOut.close();
} else {
TpmModule.setCredential(TpmOwnerAuth, "EC", ekCert.getEncoded());
}
System.out.println(ekCert.getEncoded().length);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println("DONE");
//System.exit(0);
return;
}
use of java.security.interfaces.RSAPublicKey in project OpenAM by OpenRock.
the class OpenAMOAuth2ProviderSettings method getJWKSet.
public JsonValue getJWKSet() throws ServerException {
synchronized (jwks) {
if (jwks.isEmpty()) {
PublicKey key = getServerKeyPair().getPublic();
jwks.add(createRSAJWK((RSAPublicKey) key, KeyUse.SIG, JwsAlgorithm.RS256.name()));
}
}
return new JsonValue(Collections.singletonMap("keys", jwks));
}
use of java.security.interfaces.RSAPublicKey in project OpenAM by OpenRock.
the class PEMDecoder method decodeRSAPublicKey.
/**
* Decodes a PEM encoded Public Key.
*
* @param encodedKey The Base64 encoded public key bytes.
* @return The decoded Public Key.
* @throws NoSuchAlgorithmException If the key cannot be decoded.
* @throws InvalidKeySpecException If the key cannot be decoded.
*/
public RSAPublicKey decodeRSAPublicKey(String encodedKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
if (encodedKey == null) {
return null;
}
encodedKey = encodedKey.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").trim();
byte[] decodedKey = Base64.decode(encodedKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
return (RSAPublicKey) keyFactory.generatePublic(keySpec);
}
use of java.security.interfaces.RSAPublicKey in project OpenAM by OpenRock.
the class LibSecurityTokenProvider method createKeyInfo.
/**
* Returns the <code>KeyInfo</code> object as a Document Element.
*/
private Element createKeyInfo() throws SecurityTokenException {
X509Certificate cert = getX509Certificate();
Document doc = null;
try {
doc = XMLUtils.newDocument();
} catch (Exception e) {
debug.error("createKeyInfo: ", e);
throw new SecurityTokenException(e.getMessage());
}
String keyNameTextString = null;
String base64CertString = null;
PublicKey pk = null;
try {
pk = cert.getPublicKey();
keyNameTextString = cert.getSubjectDN().getName();
base64CertString = Base64.encode(cert.getEncoded());
} catch (Exception e) {
debug.error("createKeyInfo: ", e);
throw new SecurityTokenException(e.getMessage());
}
Element keyInfo = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_KEYINFO);
keyInfo.setAttribute("xmlns", SAMLConstants.XMLSIG_NAMESPACE_URI);
if ((keyInfoType != null) && (keyInfoType.equalsIgnoreCase("certificate"))) {
//put Certificate in KeyInfo
Element x509Data = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_X509DATA);
Element x509Certificate = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_X509CERTIFICATE);
Text certText = doc.createTextNode(base64CertString);
x509Certificate.appendChild(certText);
keyInfo.appendChild(x509Data).appendChild(x509Certificate);
} else {
//put public key in keyinfo
Element keyName = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_KEYNAME);
Text keyNameText = doc.createTextNode(keyNameTextString);
Element keyvalue = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, SAMLConstants.TAG_KEYVALUE);
if (pk.getAlgorithm().equals("DSA")) {
DSAPublicKey dsakey = (DSAPublicKey) pk;
DSAParams dsaParams = dsakey.getParams();
BigInteger _p = dsaParams.getP();
BigInteger _q = dsaParams.getQ();
BigInteger _g = dsaParams.getG();
BigInteger _y = dsakey.getY();
Element DSAKeyValue = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "DSAKeyValue");
Element p = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "P");
Text value_p = doc.createTextNode(Base64.encode(_p.toByteArray()));
p.appendChild(value_p);
DSAKeyValue.appendChild(p);
Element q = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Q");
Text value_q = doc.createTextNode(Base64.encode(_q.toByteArray()));
q.appendChild(value_q);
DSAKeyValue.appendChild(q);
Element g = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "G");
Text value_g = doc.createTextNode(Base64.encode(_g.toByteArray()));
g.appendChild(value_g);
DSAKeyValue.appendChild(g);
Element y = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Y");
Text value_y = doc.createTextNode(Base64.encode(_y.toByteArray()));
y.appendChild(value_y);
DSAKeyValue.appendChild(y);
keyvalue.appendChild(DSAKeyValue);
} else {
// It is RSA
RSAPublicKey rsakey = (RSAPublicKey) pk;
BigInteger exponent = rsakey.getPublicExponent();
BigInteger modulus = rsakey.getModulus();
Element RSAKeyValue = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "RSAKeyValue");
Element modulusNode = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Modulus");
Element exponentNode = doc.createElementNS(SAMLConstants.XMLSIG_NAMESPACE_URI, "Exponent");
RSAKeyValue.appendChild(modulusNode);
RSAKeyValue.appendChild(exponentNode);
Text modulusValue = doc.createTextNode(Base64.encode(modulus.toByteArray()));
modulusNode.appendChild(modulusValue);
Text exponentValue = doc.createTextNode(Base64.encode(exponent.toByteArray()));
exponentNode.appendChild(exponentValue);
keyvalue.appendChild(RSAKeyValue);
}
keyInfo.appendChild(keyName).appendChild(keyNameText);
keyInfo.appendChild(keyvalue);
}
return keyInfo;
}
use of java.security.interfaces.RSAPublicKey in project android_frameworks_base by ResurrectionRemix.
the class AndroidKeyStoreProvider method getAndroidKeyStorePublicKey.
@NonNull
public static AndroidKeyStorePublicKey getAndroidKeyStorePublicKey(@NonNull String alias, int uid, @NonNull @KeyProperties.KeyAlgorithmEnum String keyAlgorithm, @NonNull byte[] x509EncodedForm) {
PublicKey publicKey;
try {
KeyFactory keyFactory = KeyFactory.getInstance(keyAlgorithm);
publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(x509EncodedForm));
} catch (NoSuchAlgorithmException e) {
throw new ProviderException("Failed to obtain " + keyAlgorithm + " KeyFactory", e);
} catch (InvalidKeySpecException e) {
throw new ProviderException("Invalid X.509 encoding of public key", e);
}
if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(keyAlgorithm)) {
return new AndroidKeyStoreECPublicKey(alias, uid, (ECPublicKey) publicKey);
} else if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(keyAlgorithm)) {
return new AndroidKeyStoreRSAPublicKey(alias, uid, (RSAPublicKey) publicKey);
} else {
throw new ProviderException("Unsupported Android Keystore public key algorithm: " + keyAlgorithm);
}
}
Aggregations