Example 6 with RSAPublicKey
use of java.security.interfaces.RSAPublicKey in project robovm by robovm.
the class OpenSSLRSAPublicKey method equals.
@Override
public boolean equals(Object o) {
if (o == this) {
return true;
}
if (o instanceof OpenSSLRSAPublicKey) {
OpenSSLRSAPublicKey other = (OpenSSLRSAPublicKey) o;
/*
* We can shortcut the true case, but it still may be equivalent but
* different copies.
*/
if (key.equals(other.getOpenSSLKey())) {
return true;
}
}
if (!(o instanceof RSAPublicKey)) {
return false;
}
ensureReadParams();
RSAPublicKey other = (RSAPublicKey) o;
return modulus.equals(other.getModulus()) && publicExponent.equals(other.getPublicExponent());
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
Example 7 with RSAPublicKey
use of java.security.interfaces.RSAPublicKey in project robovm by robovm.
the class OpenSSLSignature method engineInitVerify.
@Override
protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
// If we had an existing context, destroy it first.
destroyContextIfExists();
if (publicKey instanceof OpenSSLKeyHolder) {
OpenSSLKey pkey = ((OpenSSLKeyHolder) publicKey).getOpenSSLKey();
checkEngineType(pkey);
key = pkey;
} else if (publicKey instanceof RSAPublicKey) {
if (engineType != EngineType.RSA) {
throw new InvalidKeyException("Signature not initialized as RSA");
}
RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
key = OpenSSLRSAPublicKey.getInstance(rsaPublicKey);
} else if (publicKey instanceof DSAPublicKey) {
if (engineType != EngineType.DSA) {
throw new InvalidKeyException("Signature not initialized as DSA");
}
DSAPublicKey dsaPublicKey = (DSAPublicKey) publicKey;
key = OpenSSLDSAPublicKey.getInstance(dsaPublicKey);
} else if (publicKey instanceof ECPublicKey) {
if (engineType != EngineType.EC) {
throw new InvalidKeyException("Signature not initialized as EC");
}
ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
key = OpenSSLECPublicKey.getInstance(ecPublicKey);
} else {
throw new InvalidKeyException("Need DSA or RSA or EC public key");
}
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
InvalidKeyException(java.security.InvalidKeyException)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
Example 8 with RSAPublicKey
use of java.security.interfaces.RSAPublicKey in project robovm by robovm.
the class NativeCryptoTest method test_OpenSSLKey_toJava.
public void test_OpenSSLKey_toJava() throws Exception {
OpenSSLKey key1;
BigInteger e = BigInteger.valueOf(65537);
key1 = new OpenSSLKey(NativeCrypto.RSA_generate_key_ex(1024, e.toByteArray()));
assertTrue(key1.getPublicKey() instanceof RSAPublicKey);
key1 = new OpenSSLKey(NativeCrypto.DSA_generate_key(1024, null, null, null, null));
assertTrue(key1.getPublicKey() instanceof DSAPublicKey);
long group1 = NULL;
try {
group1 = NativeCrypto.EC_GROUP_new_by_curve_name("prime256v1");
assertTrue(group1 != NULL);
key1 = new OpenSSLKey(NativeCrypto.EC_KEY_generate_key(group1));
} finally {
if (group1 != NULL) {
NativeCrypto.EC_GROUP_clear_free(group1);
}
}
assertTrue(key1.getPublicKey() instanceof ECPublicKey);
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
BigInteger(java.math.BigInteger)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
Example 9 with RSAPublicKey
use of java.security.interfaces.RSAPublicKey in project robovm by robovm.
the class CipherSpi method engineInit.
protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
CipherParameters param;
if (params == null || params instanceof OAEPParameterSpec) {
if (key instanceof RSAPublicKey) {
if (privateKeyOnly && opmode == Cipher.ENCRYPT_MODE) {
throw new InvalidKeyException("mode 1 requires RSAPrivateKey");
}
param = RSAUtil.generatePublicKeyParameter((RSAPublicKey) key);
} else if (key instanceof RSAPrivateKey) {
if (publicKeyOnly && opmode == Cipher.ENCRYPT_MODE) {
throw new InvalidKeyException("mode 2 requires RSAPublicKey");
}
param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey) key);
} else {
throw new InvalidKeyException("unknown key type passed to RSA");
}
if (params != null) {
OAEPParameterSpec spec = (OAEPParameterSpec) params;
paramSpec = params;
if (!spec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !spec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) {
throw new InvalidAlgorithmParameterException("unknown mask generation function specified");
}
if (!(spec.getMGFParameters() instanceof MGF1ParameterSpec)) {
throw new InvalidAlgorithmParameterException("unkown MGF parameters");
}
Digest digest = DigestFactory.getDigest(spec.getDigestAlgorithm());
if (digest == null) {
throw new InvalidAlgorithmParameterException("no match on digest algorithm: " + spec.getDigestAlgorithm());
}
MGF1ParameterSpec mgfParams = (MGF1ParameterSpec) spec.getMGFParameters();
Digest mgfDigest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm());
if (mgfDigest == null) {
throw new InvalidAlgorithmParameterException("no match on MGF digest algorithm: " + mgfParams.getDigestAlgorithm());
}
cipher = new OAEPEncoding(new RSABlindedEngine(), digest, mgfDigest, ((PSource.PSpecified) spec.getPSource()).getValue());
}
} else {
throw new IllegalArgumentException("unknown parameter type.");
}
if (!(cipher instanceof RSABlindedEngine)) {
if (random != null) {
param = new ParametersWithRandom(param, random);
} else {
param = new ParametersWithRandom(param, new SecureRandom());
}
}
bOut.reset();
switch(opmode) {
case Cipher.ENCRYPT_MODE:
case Cipher.WRAP_MODE:
cipher.init(true, param);
break;
case Cipher.DECRYPT_MODE:
case Cipher.UNWRAP_MODE:
cipher.init(false, param);
break;
default:
throw new InvalidParameterException("unknown opmode " + opmode + " passed to RSA");
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
Digest(org.bouncycastle.crypto.Digest)
ParametersWithRandom(org.bouncycastle.crypto.params.ParametersWithRandom)
SecureRandom(java.security.SecureRandom)
InvalidKeyException(java.security.InvalidKeyException)
OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)
CipherParameters(org.bouncycastle.crypto.CipherParameters)
InvalidParameterException(java.security.InvalidParameterException)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine)
OAEPEncoding(org.bouncycastle.crypto.encodings.OAEPEncoding)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)
Example 10 with RSAPublicKey
use of java.security.interfaces.RSAPublicKey in project robovm by robovm.
the class ServerHandshakeImpl method processClientHello.
/**
*
* Processes Client Hello message.
* Server responds to client hello message with server hello
* and (if necessary) server certificate, server key exchange,
* certificate request, and server hello done messages.
*/
void processClientHello() {
CipherSuite cipher_suite;
// check that clientHello contains CompressionMethod.null
checkCompression: {
for (int i = 0; i < clientHello.compression_methods.length; i++) {
if (clientHello.compression_methods[i] == 0) {
break checkCompression;
}
}
fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. Incorrect client hello message");
}
byte[] server_version = clientHello.client_version;
if (!ProtocolVersion.isSupported(clientHello.client_version)) {
if (clientHello.client_version[0] >= 3) {
// Protocol from the future, admit that the newest thing we know is TLSv1
server_version = ProtocolVersion.TLSv1.version;
} else {
fatalAlert(AlertProtocol.PROTOCOL_VERSION, "PROTOCOL VERSION. Unsupported client version " + clientHello.client_version[0] + clientHello.client_version[1]);
}
}
isResuming = false;
FIND: if (clientHello.session_id.length != 0) {
// client wishes to reuse session
SSLSessionImpl sessionToResume;
boolean reuseCurrent = false;
// reuse current session
if (session != null && Arrays.equals(session.id, clientHello.session_id)) {
if (session.isValid()) {
isResuming = true;
break FIND;
}
reuseCurrent = true;
}
// find session in cash
sessionToResume = findSessionToResume(clientHello.session_id);
if (sessionToResume == null || !sessionToResume.isValid()) {
if (!parameters.getEnableSessionCreation()) {
if (reuseCurrent) {
// we can continue current session
sendWarningAlert(AlertProtocol.NO_RENEGOTIATION);
status = NOT_HANDSHAKING;
clearMessages();
return;
}
// throw AlertException
fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "SSL Session may not be created");
}
session = null;
} else {
session = (SSLSessionImpl) sessionToResume.clone();
isResuming = true;
}
}
if (isResuming) {
cipher_suite = session.cipherSuite;
// clientHello.cipher_suites must include at least cipher_suite from the session
checkCipherSuite: {
for (int i = 0; i < clientHello.cipher_suites.length; i++) {
if (cipher_suite.equals(clientHello.cipher_suites[i])) {
break checkCipherSuite;
}
}
fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. Incorrect client hello message");
}
} else {
cipher_suite = selectSuite(clientHello.cipher_suites);
if (cipher_suite == null) {
fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. NO COMMON SUITE");
}
if (!parameters.getEnableSessionCreation()) {
fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "SSL Session may not be created");
}
session = new SSLSessionImpl(cipher_suite, parameters.getSecureRandom());
if (engineOwner != null) {
session.setPeer(engineOwner.getPeerHost(), engineOwner.getPeerPort());
} else {
session.setPeer(socketOwner.getInetAddress().getHostName(), socketOwner.getPort());
}
}
recordProtocol.setVersion(server_version);
session.protocol = ProtocolVersion.getByVersion(server_version);
session.clientRandom = clientHello.random;
// create server hello message
serverHello = new ServerHello(parameters.getSecureRandom(), server_version, session.getId(), cipher_suite, //CompressionMethod.null
(byte) 0);
session.serverRandom = serverHello.random;
send(serverHello);
if (isResuming) {
sendChangeCipherSpec();
return;
}
// create and send server certificate message if needed
if (!cipher_suite.isAnonymous()) {
// need to send server certificate
X509Certificate[] certs = null;
String certType = cipher_suite.getServerKeyType();
if (certType == null) {
fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "NO CERT TYPE FOR " + cipher_suite.getName());
}
// obtain certificates from key manager
String alias = null;
X509KeyManager km = parameters.getKeyManager();
if (km instanceof X509ExtendedKeyManager) {
X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
if (this.socketOwner != null) {
alias = ekm.chooseServerAlias(certType, null, this.socketOwner);
} else {
alias = ekm.chooseEngineServerAlias(certType, null, this.engineOwner);
}
if (alias != null) {
certs = ekm.getCertificateChain(alias);
}
} else {
alias = km.chooseServerAlias(certType, null, this.socketOwner);
if (alias != null) {
certs = km.getCertificateChain(alias);
}
}
if (certs == null) {
fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "NO SERVER CERTIFICATE FOUND");
return;
}
session.localCertificates = certs;
serverCert = new CertificateMessage(certs);
privKey = km.getPrivateKey(alias);
send(serverCert);
}
// create and send server key exchange message if needed
RSAPublicKey rsakey = null;
DHPublicKeySpec dhkeySpec = null;
byte[] hash = null;
BigInteger p = null;
BigInteger g = null;
KeyPairGenerator kpg = null;
try {
if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
PublicKey pk = serverCert.certs[0].getPublicKey();
if (getRSAKeyLength(pk) > 512) {
// key is longer than 512 bits
kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(512);
}
} else if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS_EXPORT || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA_EXPORT || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon_EXPORT) {
kpg = KeyPairGenerator.getInstance("DH");
p = new BigInteger(1, DHParameters.getPrime());
g = new BigInteger("2");
DHParameterSpec spec = new DHParameterSpec(p, g);
kpg.initialize(spec);
}
} catch (Exception e) {
fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e);
}
if (kpg != null) {
// need to send server key exchange message
DigitalSignature ds = new DigitalSignature(cipher_suite.authType);
KeyPair kp = null;
try {
kp = kpg.genKeyPair();
if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
rsakey = (RSAPublicKey) kp.getPublic();
} else {
DHPublicKey dhkey = (DHPublicKey) kp.getPublic();
KeyFactory kf = KeyFactory.getInstance("DH");
dhkeySpec = kf.getKeySpec(dhkey, DHPublicKeySpec.class);
}
if (!cipher_suite.isAnonymous()) {
// calculate signed_params
// init by private key which correspond to
// server certificate
ds.init(privKey);
// use emphemeral key for key exchange
privKey = kp.getPrivate();
ds.update(clientHello.getRandom());
ds.update(serverHello.getRandom());
//FIXME 1_byte==0x00
if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
ServerKeyExchange.updateSignatureRsa(ds, rsakey.getModulus(), rsakey.getPublicExponent());
} else {
ServerKeyExchange.updateSignatureDh(ds, dhkeySpec.getP(), dhkeySpec.getG(), dhkeySpec.getY());
}
hash = ds.sign();
} else {
// use emphemeral key for key exchange
privKey = kp.getPrivate();
}
} catch (Exception e) {
fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e);
}
if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
serverKeyExchange = new ServerKeyExchange(rsakey.getModulus(), rsakey.getPublicExponent(), null, hash);
} else {
serverKeyExchange = new ServerKeyExchange(p, g, dhkeySpec.getY(), hash);
}
send(serverKeyExchange);
}
// CERTIFICATE_REQUEST
certRequest: if (parameters.getWantClientAuth() || parameters.getNeedClientAuth()) {
X509Certificate[] accepted;
try {
X509TrustManager tm = parameters.getTrustManager();
accepted = tm.getAcceptedIssuers();
} catch (ClassCastException e) {
// don't send certificateRequest
break certRequest;
}
byte[] requestedClientCertTypes = { CipherSuite.TLS_CT_RSA_SIGN, CipherSuite.TLS_CT_DSS_SIGN };
certificateRequest = new CertificateRequest(requestedClientCertTypes, accepted);
send(certificateRequest);
}
// SERVER_HELLO_DONE
serverHelloDone = new ServerHelloDone();
send(serverHelloDone);
status = NEED_UNWRAP;
}
Also used :
DHPublicKey(javax.crypto.interfaces.DHPublicKey)
DHParameterSpec(javax.crypto.spec.DHParameterSpec)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyFactory(java.security.KeyFactory)
KeyPair(java.security.KeyPair)
PublicKey(java.security.PublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
DHPublicKey(javax.crypto.interfaces.DHPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509TrustManager(javax.net.ssl.X509TrustManager)
BigInteger(java.math.BigInteger)
DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec)
Aggregations
RSAPublicKey (java.security.interfaces.RSAPublicKey)83
PublicKey (java.security.PublicKey)29
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)24
BigInteger (java.math.BigInteger)17
KeyFactory (java.security.KeyFactory)17
X509Certificate (java.security.cert.X509Certificate)16
KeyPair (java.security.KeyPair)14
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14
PrivateKey (java.security.PrivateKey)14
ECPublicKey (java.security.interfaces.ECPublicKey)14
IOException (java.io.IOException)13
InvalidKeyException (java.security.InvalidKeyException)13
KeyPairGenerator (java.security.KeyPairGenerator)13
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)13
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)13
ByteArrayInputStream (java.io.ByteArrayInputStream)12
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)12
CertificateFactory (java.security.cert.CertificateFactory)9
RSAKey (java.security.interfaces.RSAKey)8
DSAPublicKey (java.security.interfaces.DSAPublicKey)7
