Search in sources :

Example 41 with DSAPublicKeySpec

use of java.security.spec.DSAPublicKeySpec in project xipki by xipki.

the class EmulatorP11Slot method readPublicKey.

private PublicKey readPublicKey(byte[] keyId) throws P11TokenException {
    String hexKeyId = hex(keyId);
    File pubKeyFile = new File(pubKeyDir, hexKeyId + INFO_FILE_SUFFIX);
    Properties props = loadProperties(pubKeyFile);
    String algorithm = props.getProperty(PROP_ALGORITHM);
    if (PKCSObjectIdentifiers.rsaEncryption.getId().equals(algorithm)) {
        BigInteger exp = new BigInteger(1, decodeHex(props.getProperty(PROP_RSA_PUBLIC_EXPONENT)));
        BigInteger mod = new BigInteger(1, decodeHex(props.getProperty(PROP_RSA_MODUS)));
        RSAPublicKeySpec keySpec = new RSAPublicKeySpec(mod, exp);
        try {
            return KeyUtil.generateRSAPublicKey(keySpec);
        } catch (InvalidKeySpecException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    } else if (X9ObjectIdentifiers.id_dsa.getId().equals(algorithm)) {
        // p
        BigInteger prime = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_PRIME)));
        // q
        BigInteger subPrime = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_SUBPRIME)));
        // g
        BigInteger base = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_BASE)));
        // y
        BigInteger value = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_VALUE)));
        DSAPublicKeySpec keySpec = new DSAPublicKeySpec(value, prime, subPrime, base);
        try {
            return KeyUtil.generateDSAPublicKey(keySpec);
        } catch (InvalidKeySpecException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    } else if (X9ObjectIdentifiers.id_ecPublicKey.getId().equals(algorithm)) {
        byte[] ecdsaParams = decodeHex(props.getProperty(PROP_EC_ECDSA_PARAMS));
        byte[] asn1EncodedPoint = decodeHex(props.getProperty(PROP_EC_EC_POINT));
        byte[] ecPoint = DEROctetString.getInstance(asn1EncodedPoint).getOctets();
        try {
            return KeyUtil.createECPublicKey(ecdsaParams, ecPoint);
        } catch (InvalidKeySpecException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    } else {
        throw new P11TokenException("unknown key algorithm " + algorithm);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) BigInteger(java.math.BigInteger) DEROctetString(org.bouncycastle.asn1.DEROctetString) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) Properties(java.util.Properties) File(java.io.File) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 42 with DSAPublicKeySpec

use of java.security.spec.DSAPublicKeySpec in project Zom-Android by zom.

the class OtrAndroidKeyManagerImpl method regenerateLocalPublicKey.

public void regenerateLocalPublicKey(KeyFactory factory, String fullUserId, DSAPrivateKey privKey) {
    String userId = Address.stripResource(fullUserId);
    BigInteger x = privKey.getX();
    DSAParams params = privKey.getParams();
    BigInteger y = params.getG().modPow(x, params.getP());
    DSAPublicKeySpec keySpec = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
    PublicKey pubKey;
    try {
        pubKey = factory.generatePublic(keySpec);
        storeLocalPublicKey(userId, pubKey);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : PublicKey(java.security.PublicKey) BigInteger(java.math.BigInteger) DSAParams(java.security.interfaces.DSAParams) OtrCryptoException(net.java.otr4j.crypto.OtrCryptoException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) IOException(java.io.IOException) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 43 with DSAPublicKeySpec

use of java.security.spec.DSAPublicKeySpec in project Bytecoder by mirkosertic.

the class DSAKeyFactory method engineGetKeySpec.

/**
 * Returns a specification (key material) of the given key object
 * in the requested format.
 *
 * @param key the key
 *
 * @param keySpec the requested format in which the key material shall be
 * returned
 *
 * @return the underlying key specification (key material) in the
 * requested format
 *
 * @exception InvalidKeySpecException if the requested key specification is
 * inappropriate for the given key, or the given key cannot be processed
 * (e.g., the given key has an unrecognized algorithm or format).
 */
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) throws InvalidKeySpecException {
    DSAParams params;
    try {
        if (key instanceof java.security.interfaces.DSAPublicKey) {
            // Determine valid key specs
            Class<?> dsaPubKeySpec = Class.forName("java.security.spec.DSAPublicKeySpec");
            Class<?> x509KeySpec = Class.forName("java.security.spec.X509EncodedKeySpec");
            if (dsaPubKeySpec.isAssignableFrom(keySpec)) {
                java.security.interfaces.DSAPublicKey dsaPubKey = (java.security.interfaces.DSAPublicKey) key;
                params = dsaPubKey.getParams();
                return keySpec.cast(new DSAPublicKeySpec(dsaPubKey.getY(), params.getP(), params.getQ(), params.getG()));
            } else if (x509KeySpec.isAssignableFrom(keySpec)) {
                return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
            } else {
                throw new InvalidKeySpecException("Inappropriate key specification");
            }
        } else if (key instanceof java.security.interfaces.DSAPrivateKey) {
            // Determine valid key specs
            Class<?> dsaPrivKeySpec = Class.forName("java.security.spec.DSAPrivateKeySpec");
            Class<?> pkcs8KeySpec = Class.forName("java.security.spec.PKCS8EncodedKeySpec");
            if (dsaPrivKeySpec.isAssignableFrom(keySpec)) {
                java.security.interfaces.DSAPrivateKey dsaPrivKey = (java.security.interfaces.DSAPrivateKey) key;
                params = dsaPrivKey.getParams();
                return keySpec.cast(new DSAPrivateKeySpec(dsaPrivKey.getX(), params.getP(), params.getQ(), params.getG()));
            } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) {
                return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
            } else {
                throw new InvalidKeySpecException("Inappropriate key specification");
            }
        } else {
            throw new InvalidKeySpecException("Inappropriate key type");
        }
    } catch (ClassNotFoundException e) {
        throw new InvalidKeySpecException("Unsupported key specification: " + e.getMessage());
    }
}
Also used : X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DSAParams(java.security.interfaces.DSAParams) DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 44 with DSAPublicKeySpec

use of java.security.spec.DSAPublicKeySpec in project Bytecoder by mirkosertic.

the class AlgorithmChecker method check.

@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
    if (!(cert instanceof X509Certificate) || constraints == null) {
        // ignore the check for non-x.509 certificate or null constraints
        return;
    }
    // check the key usage and key size
    boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
    if (keyUsage != null && keyUsage.length < 9) {
        throw new CertPathValidatorException("incorrect KeyUsage extension", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
    }
    X509CertImpl x509Cert;
    AlgorithmId algorithmId;
    try {
        x509Cert = X509CertImpl.toImpl((X509Certificate) cert);
        algorithmId = (AlgorithmId) x509Cert.get(X509CertImpl.SIG_ALG);
    } catch (CertificateException ce) {
        throw new CertPathValidatorException(ce);
    }
    AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
    PublicKey currPubKey = cert.getPublicKey();
    String currSigAlg = x509Cert.getSigAlgName();
    // Check the signature algorithm and parameters against constraints.
    if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, currSigAlgParams)) {
        throw new CertPathValidatorException("Algorithm constraints check failed on signature " + "algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
    }
    // Assume all key usage bits are set if key usage is not present
    Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
    if (keyUsage != null) {
        primitives = EnumSet.noneOf(CryptoPrimitive.class);
        if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
            // keyUsage[0]: KeyUsage.digitalSignature
            // keyUsage[1]: KeyUsage.nonRepudiation
            // keyUsage[5]: KeyUsage.keyCertSign
            // keyUsage[6]: KeyUsage.cRLSign
            primitives.add(CryptoPrimitive.SIGNATURE);
        }
        if (keyUsage[2]) {
            // KeyUsage.keyEncipherment
            primitives.add(CryptoPrimitive.KEY_ENCAPSULATION);
        }
        if (keyUsage[3]) {
            // KeyUsage.dataEncipherment
            primitives.add(CryptoPrimitive.PUBLIC_KEY_ENCRYPTION);
        }
        if (keyUsage[4]) {
            // KeyUsage.keyAgreement
            primitives.add(CryptoPrimitive.KEY_AGREEMENT);
        }
        if (primitives.isEmpty()) {
            throw new CertPathValidatorException("incorrect KeyUsage extension bits", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
        }
    }
    ConstraintsParameters cp = new ConstraintsParameters((X509Certificate) cert, trustedMatch, pkixdate, jarTimestamp, variant);
    // Check against local constraints if it is DisabledAlgorithmConstraints
    if (constraints instanceof DisabledAlgorithmConstraints) {
        ((DisabledAlgorithmConstraints) constraints).permits(currSigAlg, cp);
    // DisabledAlgorithmsConstraints does not check primitives, so key
    // additional key check.
    } else {
        // Perform the default constraints checking anyway.
        certPathDefaultConstraints.permits(currSigAlg, cp);
        // Call locally set constraints to check key with primitives.
        if (!constraints.permits(primitives, currPubKey)) {
            throw new CertPathValidatorException("Algorithm constraints check failed on key " + currPubKey.getAlgorithm() + " with size of " + sun.security.util.KeyUtil.getKeySize(currPubKey) + "bits", null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
        }
    }
    // If there is no previous key, set one and exit
    if (prevPubKey == null) {
        prevPubKey = currPubKey;
        return;
    }
    // Check with previous cert for signature algorithm and public key
    if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, prevPubKey, currSigAlgParams)) {
        throw new CertPathValidatorException("Algorithm constraints check failed on " + "signature algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
    }
    // Inherit key parameters from previous key
    if (PKIX.isDSAPublicKeyWithoutParams(currPubKey)) {
        // Inherit DSA parameters from previous key
        if (!(prevPubKey instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("Input key is not " + "of a appropriate type for inheriting parameters");
        }
        DSAParams params = ((DSAPublicKey) prevPubKey).getParams();
        if (params == null) {
            throw new CertPathValidatorException("Key parameters missing from public key.");
        }
        try {
            BigInteger y = ((DSAPublicKey) currPubKey).getY();
            KeyFactory kf = KeyFactory.getInstance("DSA");
            DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
            currPubKey = kf.generatePublic(ks);
        } catch (GeneralSecurityException e) {
            throw new CertPathValidatorException("Unable to generate " + "key with inherited parameters: " + e.getMessage(), e);
        }
    }
    // reset the previous public key
    prevPubKey = currPubKey;
}
Also used : DisabledAlgorithmConstraints(sun.security.util.DisabledAlgorithmConstraints) CryptoPrimitive(java.security.CryptoPrimitive) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) CertificateException(java.security.cert.CertificateException) DSAParams(java.security.interfaces.DSAParams) ConstraintsParameters(sun.security.util.ConstraintsParameters) X509Certificate(java.security.cert.X509Certificate) DSAPublicKey(java.security.interfaces.DSAPublicKey) CertPathValidatorException(java.security.cert.CertPathValidatorException) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) KeyFactory(java.security.KeyFactory) AlgorithmParameters(java.security.AlgorithmParameters) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Example 45 with DSAPublicKeySpec

use of java.security.spec.DSAPublicKeySpec in project santuario-java by apache.

the class BaltimoreTest method getPublicKey.

private static PublicKey getPublicKey(String algo, int number) throws InvalidKeySpecException, NoSuchAlgorithmException {
    KeyFactory kf = KeyFactory.getInstance(algo);
    KeySpec kspec = null;
    if (algo.equalsIgnoreCase("DSA")) {
        if (number == 15) {
            kspec = new DSAPublicKeySpec(new BigInteger(DSA_Y_15), new BigInteger(DSA_P_15), new BigInteger(DSA_Q_15), new BigInteger(DSA_G_15));
        } else if (number == 23) {
            kspec = new DSAPublicKeySpec(new BigInteger(DSA_Y_23), new BigInteger(DSA_P_23), new BigInteger(DSA_Q_23), new BigInteger(DSA_G_23));
        }
    } else if (algo.equalsIgnoreCase("RSA")) {
        if (number == 15) {
            kspec = new RSAPublicKeySpec(new BigInteger(RSA_MOD_15), new BigInteger(RSA_PUB));
        } else if (number == 23) {
            kspec = new RSAPublicKeySpec(new BigInteger(RSA_MOD_23), new BigInteger(RSA_PUB));
        }
    } else {
        throw new RuntimeException("Unsupported key algorithm " + algo);
    }
    return kf.generatePublic(kspec);
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) KeyFactory(java.security.KeyFactory) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Aggregations

DSAPublicKeySpec (java.security.spec.DSAPublicKeySpec)63 BigInteger (java.math.BigInteger)45 KeyFactory (java.security.KeyFactory)37 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)23 PublicKey (java.security.PublicKey)22 DSAPublicKey (java.security.interfaces.DSAPublicKey)21 DSAPrivateKeySpec (java.security.spec.DSAPrivateKeySpec)19 KeySpec (java.security.spec.KeySpec)19 DSAParams (java.security.interfaces.DSAParams)17 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)17 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 PrivateKey (java.security.PrivateKey)10 GeneralSecurityException (java.security.GeneralSecurityException)9 DSAPrivateKey (java.security.interfaces.DSAPrivateKey)9 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)9 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)9 IOException (java.io.IOException)7 CertPathValidatorException (java.security.cert.CertPathValidatorException)7 InvalidKeyException (java.security.InvalidKeyException)5 KeyPair (java.security.KeyPair)5