Example 36 with DSAPublicKeySpec
use of java.security.spec.DSAPublicKeySpec in project robovm by robovm.
the class CertPathValidatorUtilities method getNextWorkingKey.
/**
* Return the next working key inheriting DSA parameters if necessary.
* <p>
* This methods inherits DSA parameters from the indexed certificate or
* previous certificates in the certificate chain to the returned
* <code>PublicKey</code>. The list is searched upwards, meaning the end
* certificate is at position 0 and previous certificates are following.
* </p>
* <p>
* If the indexed certificate does not contain a DSA key this method simply
* returns the public key. If the DSA key already contains DSA parameters
* the key is also only returned.
* </p>
*
* @param certs The certification path.
* @param index The index of the certificate which contains the public key
* which should be extended with DSA parameters.
* @return The public key of the certificate in list position
* <code>index</code> extended with DSA parameters if applicable.
* @throws AnnotatedException if DSA parameters cannot be inherited.
*/
protected static PublicKey getNextWorkingKey(List certs, int index) throws CertPathValidatorException {
Certificate cert = (Certificate) certs.get(index);
PublicKey pubKey = cert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
return pubKey;
}
DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
if (dsaPubKey.getParams() != null) {
return dsaPubKey;
}
for (int i = index + 1; i < certs.size(); i++) {
X509Certificate parentCert = (X509Certificate) certs.get(i);
pubKey = parentCert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
if (prevDSAPubKey.getParams() == null) {
continue;
}
DSAParams dsaParams = prevDSAPubKey.getParams();
DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
try {
KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
return keyFactory.generatePublic(dsaPubKeySpec);
} catch (Exception exception) {
throw new RuntimeException(exception.getMessage());
}
}
throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
DSAParams(java.security.interfaces.DSAParams)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
X509Certificate(java.security.cert.X509Certificate)
KeyFactory(java.security.KeyFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CRLException(java.security.cert.CRLException)
CertificateParsingException(java.security.cert.CertificateParsingException)
StoreException(org.bouncycastle.util.StoreException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
X509AttributeCertificate(org.bouncycastle.x509.X509AttributeCertificate)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Example 37 with DSAPublicKeySpec
use of java.security.spec.DSAPublicKeySpec in project robovm by robovm.
the class OpenSSLDSAKeyFactory method engineGetKeySpec.
@Override
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) throws InvalidKeySpecException {
if (key == null) {
throw new InvalidKeySpecException("key == null");
}
if (keySpec == null) {
throw new InvalidKeySpecException("keySpec == null");
}
if (!"DSA".equals(key.getAlgorithm())) {
throw new InvalidKeySpecException("Key must be a DSA key");
}
if (key instanceof DSAPublicKey && DSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
DSAPublicKey dsaKey = (DSAPublicKey) key;
DSAParams params = dsaKey.getParams();
return (T) new DSAPublicKeySpec(dsaKey.getY(), params.getP(), params.getQ(), params.getG());
} else if (key instanceof PublicKey && DSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"X.509".equals(key.getFormat()) || encoded == null) {
throw new InvalidKeySpecException("Not a valid X.509 encoding");
}
DSAPublicKey dsaKey = (DSAPublicKey) engineGeneratePublic(new X509EncodedKeySpec(encoded));
DSAParams params = dsaKey.getParams();
return (T) new DSAPublicKeySpec(dsaKey.getY(), params.getP(), params.getQ(), params.getG());
} else if (key instanceof DSAPrivateKey && DSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
DSAPrivateKey dsaKey = (DSAPrivateKey) key;
DSAParams params = dsaKey.getParams();
return (T) new DSAPrivateKeySpec(dsaKey.getX(), params.getP(), params.getQ(), params.getG());
} else if (key instanceof PrivateKey && DSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"PKCS#8".equals(key.getFormat()) || encoded == null) {
throw new InvalidKeySpecException("Not a valid PKCS#8 encoding");
}
DSAPrivateKey dsaKey = (DSAPrivateKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
DSAParams params = dsaKey.getParams();
return (T) new DSAPrivateKeySpec(dsaKey.getX(), params.getP(), params.getQ(), params.getG());
} else if (key instanceof PrivateKey && PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"PKCS#8".equals(key.getFormat())) {
throw new InvalidKeySpecException("Encoding type must be PKCS#8; was " + key.getFormat());
} else if (encoded == null) {
throw new InvalidKeySpecException("Key is not encodable");
}
return (T) new PKCS8EncodedKeySpec(encoded);
} else if (key instanceof PublicKey && X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"X.509".equals(key.getFormat())) {
throw new InvalidKeySpecException("Encoding type must be X.509; was " + key.getFormat());
} else if (encoded == null) {
throw new InvalidKeySpecException("Key is not encodable");
}
return (T) new X509EncodedKeySpec(encoded);
} else {
throw new InvalidKeySpecException("Unsupported key type and key spec combination; key=" + key.getClass().getName() + ", keySpec=" + keySpec.getName());
}
}
Also used :
DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
DSAParams(java.security.interfaces.DSAParams)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Example 38 with DSAPublicKeySpec
use of java.security.spec.DSAPublicKeySpec in project robovm by robovm.
the class OpenSSLDSAKeyFactory method engineTranslateKey.
@Override
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("key == null");
}
if ((key instanceof OpenSSLDSAPublicKey) || (key instanceof OpenSSLDSAPrivateKey)) {
return key;
} else if (key instanceof DSAPublicKey) {
DSAPublicKey dsaKey = (DSAPublicKey) key;
BigInteger y = dsaKey.getY();
DSAParams params = dsaKey.getParams();
BigInteger p = params.getP();
BigInteger q = params.getQ();
BigInteger g = params.getG();
try {
return engineGeneratePublic(new DSAPublicKeySpec(y, p, q, g));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else if (key instanceof DSAPrivateKey) {
DSAPrivateKey dsaKey = (DSAPrivateKey) key;
BigInteger x = dsaKey.getX();
DSAParams params = dsaKey.getParams();
BigInteger p = params.getP();
BigInteger q = params.getQ();
BigInteger g = params.getG();
try {
return engineGeneratePrivate(new DSAPrivateKeySpec(x, p, q, g));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else if ((key instanceof PrivateKey) && ("PKCS#8".equals(key.getFormat()))) {
byte[] encoded = key.getEncoded();
if (encoded == null) {
throw new InvalidKeyException("Key does not support encoding");
}
try {
return engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else if ((key instanceof PublicKey) && ("X.509".equals(key.getFormat()))) {
byte[] encoded = key.getEncoded();
if (encoded == null) {
throw new InvalidKeyException("Key does not support encoding");
}
try {
return engineGeneratePublic(new X509EncodedKeySpec(encoded));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else {
throw new InvalidKeyException("Key must be DSA public or private key; was " + key.getClass().getName());
}
}
Also used :
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
DSAParams(java.security.interfaces.DSAParams)
InvalidKeyException(java.security.InvalidKeyException)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
BigInteger(java.math.BigInteger)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Example 39 with DSAPublicKeySpec
use of java.security.spec.DSAPublicKeySpec in project jdk8u_jdk by JetBrains.
the class AlgorithmChecker method check.
@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
if (!(cert instanceof X509Certificate) || constraints == null) {
// ignore the check for non-x.509 certificate or null constraints
return;
}
// check the key usage and key size
boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
if (keyUsage != null && keyUsage.length < 9) {
throw new CertPathValidatorException("incorrect KeyUsage extension", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
}
X509CertImpl x509Cert;
AlgorithmId algorithmId;
try {
x509Cert = X509CertImpl.toImpl((X509Certificate) cert);
algorithmId = (AlgorithmId) x509Cert.get(X509CertImpl.SIG_ALG);
} catch (CertificateException ce) {
throw new CertPathValidatorException(ce);
}
AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
PublicKey currPubKey = cert.getPublicKey();
String currSigAlg = ((X509Certificate) cert).getSigAlgName();
// Check the signature algorithm and parameters against constraints.
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, currSigAlgParams)) {
throw new CertPathValidatorException("Algorithm constraints check failed on signature " + "algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
// Assume all key usage bits are set if key usage is not present
Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
if (keyUsage != null) {
primitives = EnumSet.noneOf(CryptoPrimitive.class);
if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
// keyUsage[0]: KeyUsage.digitalSignature
// keyUsage[1]: KeyUsage.nonRepudiation
// keyUsage[5]: KeyUsage.keyCertSign
// keyUsage[6]: KeyUsage.cRLSign
primitives.add(CryptoPrimitive.SIGNATURE);
}
if (keyUsage[2]) {
// KeyUsage.keyEncipherment
primitives.add(CryptoPrimitive.KEY_ENCAPSULATION);
}
if (keyUsage[3]) {
// KeyUsage.dataEncipherment
primitives.add(CryptoPrimitive.PUBLIC_KEY_ENCRYPTION);
}
if (keyUsage[4]) {
// KeyUsage.keyAgreement
primitives.add(CryptoPrimitive.KEY_AGREEMENT);
}
if (primitives.isEmpty()) {
throw new CertPathValidatorException("incorrect KeyUsage extension bits", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
}
}
ConstraintsParameters cp = new ConstraintsParameters((X509Certificate) cert, trustedMatch, pkixdate, jarTimestamp, variant);
// Check against local constraints if it is DisabledAlgorithmConstraints
if (constraints instanceof DisabledAlgorithmConstraints) {
((DisabledAlgorithmConstraints) constraints).permits(currSigAlg, cp);
// DisabledAlgorithmsConstraints does not check primitives, so key
// additional key check.
} else {
// Perform the default constraints checking anyway.
certPathDefaultConstraints.permits(currSigAlg, cp);
// Call locally set constraints to check key with primitives.
if (!constraints.permits(primitives, currPubKey)) {
throw new CertPathValidatorException("Algorithm constraints check failed on key " + currPubKey.getAlgorithm() + " with size of " + sun.security.util.KeyUtil.getKeySize(currPubKey) + "bits", null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
// If there is no previous key, set one and exit
if (prevPubKey == null) {
prevPubKey = currPubKey;
return;
}
// Check with previous cert for signature algorithm and public key
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, prevPubKey, currSigAlgParams)) {
throw new CertPathValidatorException("Algorithm constraints check failed on " + "signature algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
// Inherit key parameters from previous key
if (PKIX.isDSAPublicKeyWithoutParams(currPubKey)) {
// Inherit DSA parameters from previous key
if (!(prevPubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException("Input key is not " + "of a appropriate type for inheriting parameters");
}
DSAParams params = ((DSAPublicKey) prevPubKey).getParams();
if (params == null) {
throw new CertPathValidatorException("Key parameters missing from public key.");
}
try {
BigInteger y = ((DSAPublicKey) currPubKey).getY();
KeyFactory kf = KeyFactory.getInstance("DSA");
DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
currPubKey = kf.generatePublic(ks);
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException("Unable to generate " + "key with inherited parameters: " + e.getMessage(), e);
}
}
// reset the previous public key
prevPubKey = currPubKey;
}
Also used :
DisabledAlgorithmConstraints(sun.security.util.DisabledAlgorithmConstraints)
CryptoPrimitive(java.security.CryptoPrimitive)
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
CertificateException(java.security.cert.CertificateException)
DSAParams(java.security.interfaces.DSAParams)
ConstraintsParameters(sun.security.util.ConstraintsParameters)
X509Certificate(java.security.cert.X509Certificate)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AlgorithmId(sun.security.x509.AlgorithmId)
X509CertImpl(sun.security.x509.X509CertImpl)
BigInteger(java.math.BigInteger)
KeyFactory(java.security.KeyFactory)
AlgorithmParameters(java.security.AlgorithmParameters)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Example 40 with DSAPublicKeySpec
use of java.security.spec.DSAPublicKeySpec in project jdk8u_jdk by JetBrains.
the class BasicChecker method makeInheritedParamsKey.
/**
* Internal method to create a new key with inherited key parameters.
*
* @param keyValueKey key from which to obtain key value
* @param keyParamsKey key from which to obtain key parameters
* @return new public key having value and parameters
* @throws CertPathValidatorException if keys are not appropriate types
* for this operation
*/
static PublicKey makeInheritedParamsKey(PublicKey keyValueKey, PublicKey keyParamsKey) throws CertPathValidatorException {
if (!(keyValueKey instanceof DSAPublicKey) || !(keyParamsKey instanceof DSAPublicKey))
throw new CertPathValidatorException("Input key is not " + "appropriate type for " + "inheriting parameters");
DSAParams params = ((DSAPublicKey) keyParamsKey).getParams();
if (params == null)
throw new CertPathValidatorException("Key parameters missing");
try {
BigInteger y = ((DSAPublicKey) keyValueKey).getY();
KeyFactory kf = KeyFactory.getInstance("DSA");
DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
return kf.generatePublic(ks);
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException("Unable to generate key with" + " inherited parameters: " + e.getMessage(), e);
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
GeneralSecurityException(java.security.GeneralSecurityException)
BigInteger(java.math.BigInteger)
DSAParams(java.security.interfaces.DSAParams)
KeyFactory(java.security.KeyFactory)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Aggregations
DSAPublicKeySpec (java.security.spec.DSAPublicKeySpec)63
BigInteger (java.math.BigInteger)45
KeyFactory (java.security.KeyFactory)37
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)23
PublicKey (java.security.PublicKey)22
DSAPublicKey (java.security.interfaces.DSAPublicKey)21
DSAPrivateKeySpec (java.security.spec.DSAPrivateKeySpec)19
KeySpec (java.security.spec.KeySpec)19
DSAParams (java.security.interfaces.DSAParams)17
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)17
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
PrivateKey (java.security.PrivateKey)10
GeneralSecurityException (java.security.GeneralSecurityException)9
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)9
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)9
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)9
IOException (java.io.IOException)7
CertPathValidatorException (java.security.cert.CertPathValidatorException)7
InvalidKeyException (java.security.InvalidKeyException)5
KeyPair (java.security.KeyPair)5
