use of java.security.spec.DSAPublicKeySpec in project xipki by xipki.
the class EmulatorP11Slot method readPublicKey.
private PublicKey readPublicKey(byte[] keyId) throws P11TokenException {
String hexKeyId = hex(keyId);
File pubKeyFile = new File(pubKeyDir, hexKeyId + INFO_FILE_SUFFIX);
Properties props = loadProperties(pubKeyFile);
String algorithm = props.getProperty(PROP_ALGORITHM);
if (PKCSObjectIdentifiers.rsaEncryption.getId().equals(algorithm)) {
BigInteger exp = new BigInteger(1, decodeHex(props.getProperty(PROP_RSA_PUBLIC_EXPONENT)));
BigInteger mod = new BigInteger(1, decodeHex(props.getProperty(PROP_RSA_MODUS)));
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(mod, exp);
try {
return KeyUtil.generateRSAPublicKey(keySpec);
} catch (InvalidKeySpecException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
} else if (X9ObjectIdentifiers.id_dsa.getId().equals(algorithm)) {
// p
BigInteger prime = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_PRIME)));
// q
BigInteger subPrime = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_SUBPRIME)));
// g
BigInteger base = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_BASE)));
// y
BigInteger value = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_VALUE)));
DSAPublicKeySpec keySpec = new DSAPublicKeySpec(value, prime, subPrime, base);
try {
return KeyUtil.generateDSAPublicKey(keySpec);
} catch (InvalidKeySpecException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
} else if (X9ObjectIdentifiers.id_ecPublicKey.getId().equals(algorithm)) {
byte[] ecdsaParams = decodeHex(props.getProperty(PROP_EC_ECDSA_PARAMS));
byte[] asn1EncodedPoint = decodeHex(props.getProperty(PROP_EC_EC_POINT));
byte[] ecPoint = DEROctetString.getInstance(asn1EncodedPoint).getOctets();
try {
return KeyUtil.createECPublicKey(ecdsaParams, ecPoint);
} catch (InvalidKeySpecException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
} else {
throw new P11TokenException("unknown key algorithm " + algorithm);
}
}
use of java.security.spec.DSAPublicKeySpec in project Zom-Android by zom.
the class OtrAndroidKeyManagerImpl method regenerateLocalPublicKey.
public void regenerateLocalPublicKey(KeyFactory factory, String fullUserId, DSAPrivateKey privKey) {
String userId = Address.stripResource(fullUserId);
BigInteger x = privKey.getX();
DSAParams params = privKey.getParams();
BigInteger y = params.getG().modPow(x, params.getP());
DSAPublicKeySpec keySpec = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
PublicKey pubKey;
try {
pubKey = factory.generatePublic(keySpec);
storeLocalPublicKey(userId, pubKey);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of java.security.spec.DSAPublicKeySpec in project Bytecoder by mirkosertic.
the class DSAKeyFactory method engineGetKeySpec.
/**
* Returns a specification (key material) of the given key object
* in the requested format.
*
* @param key the key
*
* @param keySpec the requested format in which the key material shall be
* returned
*
* @return the underlying key specification (key material) in the
* requested format
*
* @exception InvalidKeySpecException if the requested key specification is
* inappropriate for the given key, or the given key cannot be processed
* (e.g., the given key has an unrecognized algorithm or format).
*/
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) throws InvalidKeySpecException {
DSAParams params;
try {
if (key instanceof java.security.interfaces.DSAPublicKey) {
// Determine valid key specs
Class<?> dsaPubKeySpec = Class.forName("java.security.spec.DSAPublicKeySpec");
Class<?> x509KeySpec = Class.forName("java.security.spec.X509EncodedKeySpec");
if (dsaPubKeySpec.isAssignableFrom(keySpec)) {
java.security.interfaces.DSAPublicKey dsaPubKey = (java.security.interfaces.DSAPublicKey) key;
params = dsaPubKey.getParams();
return keySpec.cast(new DSAPublicKeySpec(dsaPubKey.getY(), params.getP(), params.getQ(), params.getG()));
} else if (x509KeySpec.isAssignableFrom(keySpec)) {
return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
} else {
throw new InvalidKeySpecException("Inappropriate key specification");
}
} else if (key instanceof java.security.interfaces.DSAPrivateKey) {
// Determine valid key specs
Class<?> dsaPrivKeySpec = Class.forName("java.security.spec.DSAPrivateKeySpec");
Class<?> pkcs8KeySpec = Class.forName("java.security.spec.PKCS8EncodedKeySpec");
if (dsaPrivKeySpec.isAssignableFrom(keySpec)) {
java.security.interfaces.DSAPrivateKey dsaPrivKey = (java.security.interfaces.DSAPrivateKey) key;
params = dsaPrivKey.getParams();
return keySpec.cast(new DSAPrivateKeySpec(dsaPrivKey.getX(), params.getP(), params.getQ(), params.getG()));
} else if (pkcs8KeySpec.isAssignableFrom(keySpec)) {
return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
} else {
throw new InvalidKeySpecException("Inappropriate key specification");
}
} else {
throw new InvalidKeySpecException("Inappropriate key type");
}
} catch (ClassNotFoundException e) {
throw new InvalidKeySpecException("Unsupported key specification: " + e.getMessage());
}
}
use of java.security.spec.DSAPublicKeySpec in project Bytecoder by mirkosertic.
the class AlgorithmChecker method check.
@Override
public void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException {
if (!(cert instanceof X509Certificate) || constraints == null) {
// ignore the check for non-x.509 certificate or null constraints
return;
}
// check the key usage and key size
boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
if (keyUsage != null && keyUsage.length < 9) {
throw new CertPathValidatorException("incorrect KeyUsage extension", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
}
X509CertImpl x509Cert;
AlgorithmId algorithmId;
try {
x509Cert = X509CertImpl.toImpl((X509Certificate) cert);
algorithmId = (AlgorithmId) x509Cert.get(X509CertImpl.SIG_ALG);
} catch (CertificateException ce) {
throw new CertPathValidatorException(ce);
}
AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
PublicKey currPubKey = cert.getPublicKey();
String currSigAlg = x509Cert.getSigAlgName();
// Check the signature algorithm and parameters against constraints.
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, currSigAlgParams)) {
throw new CertPathValidatorException("Algorithm constraints check failed on signature " + "algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
// Assume all key usage bits are set if key usage is not present
Set<CryptoPrimitive> primitives = KU_PRIMITIVE_SET;
if (keyUsage != null) {
primitives = EnumSet.noneOf(CryptoPrimitive.class);
if (keyUsage[0] || keyUsage[1] || keyUsage[5] || keyUsage[6]) {
// keyUsage[0]: KeyUsage.digitalSignature
// keyUsage[1]: KeyUsage.nonRepudiation
// keyUsage[5]: KeyUsage.keyCertSign
// keyUsage[6]: KeyUsage.cRLSign
primitives.add(CryptoPrimitive.SIGNATURE);
}
if (keyUsage[2]) {
// KeyUsage.keyEncipherment
primitives.add(CryptoPrimitive.KEY_ENCAPSULATION);
}
if (keyUsage[3]) {
// KeyUsage.dataEncipherment
primitives.add(CryptoPrimitive.PUBLIC_KEY_ENCRYPTION);
}
if (keyUsage[4]) {
// KeyUsage.keyAgreement
primitives.add(CryptoPrimitive.KEY_AGREEMENT);
}
if (primitives.isEmpty()) {
throw new CertPathValidatorException("incorrect KeyUsage extension bits", null, null, -1, PKIXReason.INVALID_KEY_USAGE);
}
}
ConstraintsParameters cp = new ConstraintsParameters((X509Certificate) cert, trustedMatch, pkixdate, jarTimestamp, variant);
// Check against local constraints if it is DisabledAlgorithmConstraints
if (constraints instanceof DisabledAlgorithmConstraints) {
((DisabledAlgorithmConstraints) constraints).permits(currSigAlg, cp);
// DisabledAlgorithmsConstraints does not check primitives, so key
// additional key check.
} else {
// Perform the default constraints checking anyway.
certPathDefaultConstraints.permits(currSigAlg, cp);
// Call locally set constraints to check key with primitives.
if (!constraints.permits(primitives, currPubKey)) {
throw new CertPathValidatorException("Algorithm constraints check failed on key " + currPubKey.getAlgorithm() + " with size of " + sun.security.util.KeyUtil.getKeySize(currPubKey) + "bits", null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
// If there is no previous key, set one and exit
if (prevPubKey == null) {
prevPubKey = currPubKey;
return;
}
// Check with previous cert for signature algorithm and public key
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg, prevPubKey, currSigAlgParams)) {
throw new CertPathValidatorException("Algorithm constraints check failed on " + "signature algorithm: " + currSigAlg, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
// Inherit key parameters from previous key
if (PKIX.isDSAPublicKeyWithoutParams(currPubKey)) {
// Inherit DSA parameters from previous key
if (!(prevPubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException("Input key is not " + "of a appropriate type for inheriting parameters");
}
DSAParams params = ((DSAPublicKey) prevPubKey).getParams();
if (params == null) {
throw new CertPathValidatorException("Key parameters missing from public key.");
}
try {
BigInteger y = ((DSAPublicKey) currPubKey).getY();
KeyFactory kf = KeyFactory.getInstance("DSA");
DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG());
currPubKey = kf.generatePublic(ks);
} catch (GeneralSecurityException e) {
throw new CertPathValidatorException("Unable to generate " + "key with inherited parameters: " + e.getMessage(), e);
}
}
// reset the previous public key
prevPubKey = currPubKey;
}
use of java.security.spec.DSAPublicKeySpec in project santuario-java by apache.
the class BaltimoreTest method getPublicKey.
private static PublicKey getPublicKey(String algo, int number) throws InvalidKeySpecException, NoSuchAlgorithmException {
KeyFactory kf = KeyFactory.getInstance(algo);
KeySpec kspec = null;
if (algo.equalsIgnoreCase("DSA")) {
if (number == 15) {
kspec = new DSAPublicKeySpec(new BigInteger(DSA_Y_15), new BigInteger(DSA_P_15), new BigInteger(DSA_Q_15), new BigInteger(DSA_G_15));
} else if (number == 23) {
kspec = new DSAPublicKeySpec(new BigInteger(DSA_Y_23), new BigInteger(DSA_P_23), new BigInteger(DSA_Q_23), new BigInteger(DSA_G_23));
}
} else if (algo.equalsIgnoreCase("RSA")) {
if (number == 15) {
kspec = new RSAPublicKeySpec(new BigInteger(RSA_MOD_15), new BigInteger(RSA_PUB));
} else if (number == 23) {
kspec = new RSAPublicKeySpec(new BigInteger(RSA_MOD_23), new BigInteger(RSA_PUB));
}
} else {
throw new RuntimeException("Unsupported key algorithm " + algo);
}
return kf.generatePublic(kspec);
}
Aggregations