Search in sources :

Example 1 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project jdk8u_jdk by JetBrains.

the class PKCS11Test method getECParameterSpec.

private static ECParameterSpec getECParameterSpec(Provider p, String name) throws Exception {
    AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", p);
    parameters.init(new ECGenParameterSpec(name));
    return parameters.getParameterSpec(ECParameterSpec.class);
}
Also used : ECGenParameterSpec(java.security.spec.ECGenParameterSpec)

Example 2 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project oxAuth by GluuFederation.

the class OxAuthCryptoProvider method generateKey.

@Override
public JSONObject generateKey(SignatureAlgorithm signatureAlgorithm, Long expirationTime) throws Exception {
    KeyPairGenerator keyGen = null;
    if (signatureAlgorithm == null) {
        throw new RuntimeException("The signature algorithm parameter cannot be null");
    } else if (SignatureAlgorithmFamily.RSA.equals(signatureAlgorithm.getFamily())) {
        keyGen = KeyPairGenerator.getInstance(signatureAlgorithm.getFamily(), "BC");
        keyGen.initialize(2048, new SecureRandom());
    } else if (SignatureAlgorithmFamily.EC.equals(signatureAlgorithm.getFamily())) {
        ECGenParameterSpec eccgen = new ECGenParameterSpec(signatureAlgorithm.getCurve().getAlias());
        keyGen = KeyPairGenerator.getInstance(signatureAlgorithm.getFamily(), "BC");
        keyGen.initialize(eccgen, new SecureRandom());
    } else {
        throw new RuntimeException("The provided signature algorithm parameter is not supported");
    }
    // Generate the key
    KeyPair keyPair = keyGen.generateKeyPair();
    java.security.PrivateKey pk = keyPair.getPrivate();
    // Java API requires a certificate chain
    X509Certificate cert = generateV3Certificate(keyPair, dnName, signatureAlgorithm.getAlgorithm(), expirationTime);
    X509Certificate[] chain = new X509Certificate[1];
    chain[0] = cert;
    String alias = UUID.randomUUID().toString();
    keyStore.setKeyEntry(alias, pk, keyStoreSecret.toCharArray(), chain);
    FileOutputStream stream = new FileOutputStream(keyStoreFile);
    keyStore.store(stream, keyStoreSecret.toCharArray());
    PublicKey publicKey = keyPair.getPublic();
    JSONObject jsonObject = new JSONObject();
    jsonObject.put(KEY_TYPE, signatureAlgorithm.getFamily());
    jsonObject.put(KEY_ID, alias);
    jsonObject.put(KEY_USE, Use.SIGNATURE);
    jsonObject.put(ALGORITHM, signatureAlgorithm.getName());
    jsonObject.put(EXPIRATION_TIME, expirationTime);
    if (publicKey instanceof RSAPublicKey) {
        RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
        jsonObject.put(MODULUS, Base64Util.base64urlencodeUnsignedBigInt(rsaPublicKey.getModulus()));
        jsonObject.put(EXPONENT, Base64Util.base64urlencodeUnsignedBigInt(rsaPublicKey.getPublicExponent()));
    } else if (publicKey instanceof ECPublicKey) {
        ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
        jsonObject.put(CURVE, signatureAlgorithm.getCurve());
        jsonObject.put(X, Base64Util.base64urlencodeUnsignedBigInt(ecPublicKey.getW().getAffineX()));
        jsonObject.put(Y, Base64Util.base64urlencodeUnsignedBigInt(ecPublicKey.getW().getAffineY()));
    }
    JSONArray x5c = new JSONArray();
    x5c.put(Base64.encodeBase64String(cert.getEncoded()));
    jsonObject.put(CERTIFICATE_CHAIN, x5c);
    return jsonObject;
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) JSONArray(org.codehaus.jettison.json.JSONArray) X509Certificate(java.security.cert.X509Certificate) java.security(java.security) JSONObject(org.codehaus.jettison.json.JSONObject) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) PrivateKey(java.security.PrivateKey) FileOutputStream(java.io.FileOutputStream)

Example 3 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project oxAuth by GluuFederation.

the class AbstractCryptoProvider method getPublicKey.

public PublicKey getPublicKey(String alias, JSONObject jwks) throws Exception {
    java.security.PublicKey publicKey = null;
    JSONArray webKeys = jwks.getJSONArray(JSON_WEB_KEY_SET);
    for (int i = 0; i < webKeys.length(); i++) {
        JSONObject key = webKeys.getJSONObject(i);
        if (alias.equals(key.getString(KEY_ID))) {
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(key.getString(ALGORITHM));
            if (signatureAlgorithm != null) {
                if (signatureAlgorithm.getFamily().equals(SignatureAlgorithmFamily.RSA)) {
                    publicKey = new RSAPublicKeyImpl(new BigInteger(1, Base64Util.base64urldecode(key.getString(MODULUS))), new BigInteger(1, Base64Util.base64urldecode(key.getString(EXPONENT))));
                } else if (signatureAlgorithm.getFamily().equals(SignatureAlgorithmFamily.EC)) {
                    AlgorithmParameters parameters = AlgorithmParameters.getInstance(SignatureAlgorithmFamily.EC);
                    parameters.init(new ECGenParameterSpec(signatureAlgorithm.getCurve().getAlias()));
                    ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
                    publicKey = KeyFactory.getInstance(SignatureAlgorithmFamily.EC).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(key.getString(X))), new BigInteger(1, Base64Util.base64urldecode(key.getString(Y)))), ecParameters));
                }
            }
        }
    }
    return publicKey;
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONArray(org.codehaus.jettison.json.JSONArray) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) PublicKey(java.security.PublicKey) SignatureAlgorithm(org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm) ECPoint(java.security.spec.ECPoint) ECPoint(java.security.spec.ECPoint) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) JSONObject(org.codehaus.jettison.json.JSONObject) ECParameterSpec(java.security.spec.ECParameterSpec) BigInteger(java.math.BigInteger) AlgorithmParameters(java.security.AlgorithmParameters)

Example 4 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project robovm by robovm.

the class ECDHKeyAgreementTest method testInit_withUnsupportedAlgorithmParameterSpec.

void testInit_withUnsupportedAlgorithmParameterSpec(Provider provider) throws Exception {
    try {
        getKeyAgreement(provider).init(KAT_PRIVATE_KEY1, new ECGenParameterSpec("prime256v1"));
        fail();
    } catch (InvalidAlgorithmParameterException expected) {
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) ECGenParameterSpec(java.security.spec.ECGenParameterSpec)

Example 5 with ECGenParameterSpec

use of java.security.spec.ECGenParameterSpec in project platform_frameworks_base by android.

the class AndroidKeyStoreKeyPairGeneratorSpi method initAlgorithmSpecificParameters.

private void initAlgorithmSpecificParameters() throws InvalidAlgorithmParameterException {
    AlgorithmParameterSpec algSpecificSpec = mSpec.getAlgorithmParameterSpec();
    switch(mKeymasterAlgorithm) {
        case KeymasterDefs.KM_ALGORITHM_RSA:
            {
                BigInteger publicExponent = null;
                if (algSpecificSpec instanceof RSAKeyGenParameterSpec) {
                    RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) algSpecificSpec;
                    if (mKeySizeBits == -1) {
                        mKeySizeBits = rsaSpec.getKeysize();
                    } else if (mKeySizeBits != rsaSpec.getKeysize()) {
                        throw new InvalidAlgorithmParameterException("RSA key size must match " + " between " + mSpec + " and " + algSpecificSpec + ": " + mKeySizeBits + " vs " + rsaSpec.getKeysize());
                    }
                    publicExponent = rsaSpec.getPublicExponent();
                } else if (algSpecificSpec != null) {
                    throw new InvalidAlgorithmParameterException("RSA may only use RSAKeyGenParameterSpec");
                }
                if (publicExponent == null) {
                    publicExponent = RSAKeyGenParameterSpec.F4;
                }
                if (publicExponent.compareTo(BigInteger.ZERO) < 1) {
                    throw new InvalidAlgorithmParameterException("RSA public exponent must be positive: " + publicExponent);
                }
                if (publicExponent.compareTo(KeymasterArguments.UINT64_MAX_VALUE) > 0) {
                    throw new InvalidAlgorithmParameterException("Unsupported RSA public exponent: " + publicExponent + ". Maximum supported value: " + KeymasterArguments.UINT64_MAX_VALUE);
                }
                mRSAPublicExponent = publicExponent;
                break;
            }
        case KeymasterDefs.KM_ALGORITHM_EC:
            if (algSpecificSpec instanceof ECGenParameterSpec) {
                ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
                String curveName = ecSpec.getName();
                Integer ecSpecKeySizeBits = SUPPORTED_EC_NIST_CURVE_NAME_TO_SIZE.get(curveName.toLowerCase(Locale.US));
                if (ecSpecKeySizeBits == null) {
                    throw new InvalidAlgorithmParameterException("Unsupported EC curve name: " + curveName + ". Supported: " + SUPPORTED_EC_NIST_CURVE_NAMES);
                }
                if (mKeySizeBits == -1) {
                    mKeySizeBits = ecSpecKeySizeBits;
                } else if (mKeySizeBits != ecSpecKeySizeBits) {
                    throw new InvalidAlgorithmParameterException("EC key size must match " + " between " + mSpec + " and " + algSpecificSpec + ": " + mKeySizeBits + " vs " + ecSpecKeySizeBits);
                }
            } else if (algSpecificSpec != null) {
                throw new InvalidAlgorithmParameterException("EC may only use ECGenParameterSpec");
            }
            break;
        default:
            throw new ProviderException("Unsupported algorithm: " + mKeymasterAlgorithm);
    }
}
Also used : BigInteger(java.math.BigInteger) ASN1Integer(com.android.org.bouncycastle.asn1.ASN1Integer) DERInteger(com.android.org.bouncycastle.asn1.DERInteger) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) ProviderException(java.security.ProviderException) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) BigInteger(java.math.BigInteger) RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec) DERBitString(com.android.org.bouncycastle.asn1.DERBitString) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)

Aggregations

ECGenParameterSpec (java.security.spec.ECGenParameterSpec)57 KeyPairGenerator (java.security.KeyPairGenerator)28 KeyPair (java.security.KeyPair)21 AlgorithmParameters (java.security.AlgorithmParameters)16 ECPublicKey (java.security.interfaces.ECPublicKey)15 BigInteger (java.math.BigInteger)12 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)12 PublicKey (java.security.PublicKey)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 ECPrivateKey (java.security.interfaces.ECPrivateKey)9 PrivateKey (java.security.PrivateKey)8 ECParameterSpec (java.security.spec.ECParameterSpec)8 Cipher (javax.crypto.Cipher)8 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)7 ECPoint (java.security.spec.ECPoint)7 Test (org.junit.Test)7 GeneralSecurityException (java.security.GeneralSecurityException)6 ECPublicKeySpec (java.security.spec.ECPublicKeySpec)6 ASN1Integer (com.android.org.bouncycastle.asn1.ASN1Integer)5 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5