Example 76 with ECPoint
use of java.security.spec.ECPoint in project keycloak by keycloak.
the class JWKParser method createECPublicKey.
private PublicKey createECPublicKey() {
String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV);
BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X)));
BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y)));
String name;
switch(crv) {
case "P-256":
name = "secp256r1";
break;
case "P-384":
name = "secp384r1";
break;
case "P-521":
name = "secp521r1";
break;
default:
throw new RuntimeException("Unsupported curve");
}
try {
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(name);
ECNamedCurveSpec params = new ECNamedCurveSpec("prime256v1", spec.getCurve(), spec.getG(), spec.getN());
ECPoint point = new ECPoint(x, y);
ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params);
KeyFactory kf = KeyFactory.getInstance("ECDSA");
return kf.generatePublic(pubKeySpec);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
ECNamedCurveParameterSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec)
BigInteger(java.math.BigInteger)
ECPoint(java.security.spec.ECPoint)
ECPublicKeySpec(java.security.spec.ECPublicKeySpec)
KeyFactory(java.security.KeyFactory)
ECNamedCurveSpec(org.bouncycastle.jce.spec.ECNamedCurveSpec)
Example 77 with ECPoint
use of java.security.spec.ECPoint in project keycloak by keycloak.
the class JWKTest method publicEs256.
@Test
public void publicEs256() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
keyGen.initialize(ecSpec, randomGen);
KeyPair keyPair = keyGen.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
JWK jwk = JWKBuilder.create().kid(KeyUtils.createKeyId(keyPair.getPublic())).algorithm("ES256").ec(publicKey);
assertEquals("EC", jwk.getKeyType());
assertEquals("ES256", jwk.getAlgorithm());
assertEquals("sig", jwk.getPublicKeyUse());
assertTrue(jwk instanceof ECPublicJWK);
ECPublicJWK ecJwk = (ECPublicJWK) jwk;
assertNotNull(ecJwk.getCrv());
assertNotNull(ecJwk.getX());
assertNotNull(ecJwk.getY());
byte[] xBytes = Base64Url.decode(ecJwk.getX());
byte[] yBytes = Base64Url.decode(ecJwk.getY());
assertTrue(publicKey instanceof ECPublicKey);
ECPoint ecPoint = ((ECPublicKey) publicKey).getW();
assertNotNull(ecPoint);
int lengthAffineX = JWKUtil.toIntegerBytes(ecPoint.getAffineX()).length;
int lengthAffineY = JWKUtil.toIntegerBytes(ecPoint.getAffineY()).length;
assertEquals(lengthAffineX, xBytes.length);
assertEquals(lengthAffineY, yBytes.length);
String jwkJson = JsonSerialization.writeValueAsString(jwk);
JWKParser parser = JWKParser.create().parse(jwkJson);
PublicKey publicKeyFromJwk = parser.toPublicKey();
assertArrayEquals(publicKey.getEncoded(), publicKeyFromJwk.getEncoded());
byte[] data = "Some test string".getBytes(StandardCharsets.UTF_8);
byte[] sign = sign(data, JavaAlgorithm.ES256, keyPair.getPrivate());
verify(data, sign, JavaAlgorithm.ES256, publicKeyFromJwk);
}
Also used :
KeyPair(java.security.KeyPair)
PublicKey(java.security.PublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
ECGenParameterSpec(java.security.spec.ECGenParameterSpec)
SecureRandom(java.security.SecureRandom)
KeyPairGenerator(java.security.KeyPairGenerator)
ECPoint(java.security.spec.ECPoint)
ECPoint(java.security.spec.ECPoint)
ECPublicKey(java.security.interfaces.ECPublicKey)
Test(org.junit.Test)
Example 78 with ECPoint
use of java.security.spec.ECPoint in project airlift by airlift.
the class JwksDecoder method tryDecodeEcKey.
public static Optional<JwkEcPublicKey> tryDecodeEcKey(String keyId, JsonKey key) {
// alg field is optional so not verified
// use field is optional so not verified
Optional<String> curveName = key.getStringProperty("crv");
Optional<ECParameterSpec> curve = curveName.flatMap(EcCurve::tryGet);
if (!curve.isPresent()) {
log.error("JWK EC %s curve '%s' is not supported", keyId, curveName);
return Optional.empty();
}
Optional<BigInteger> x = key.getStringProperty("x").flatMap(encodedX -> decodeBigint(keyId, "x", encodedX));
if (!x.isPresent()) {
return Optional.empty();
}
Optional<BigInteger> y = key.getStringProperty("y").flatMap(encodedY -> decodeBigint(keyId, "y", encodedY));
if (!y.isPresent()) {
return Optional.empty();
}
ECPoint w = new ECPoint(x.get(), y.get());
return Optional.of(new JwkEcPublicKey(keyId, curve.get(), w));
}
Also used :
ECParameterSpec(java.security.spec.ECParameterSpec)
BigInteger(java.math.BigInteger)
ECPoint(java.security.spec.ECPoint)
Example 79 with ECPoint
use of java.security.spec.ECPoint in project jmulticard by ctt-gob-es.
the class JseCryptoHelper method mapNonceGMWithECDH.
private static ECParameterSpec mapNonceGMWithECDH(final BigInteger nonceS, final ECPoint sharedSecretPointH, final ECParameterSpec params) {
// D~ = (p, a, b, G~, n, h) where G~ = [s]G + H
final ECPoint generator = params.getGenerator();
final EllipticCurve curve = params.getCurve();
final BigInteger a = curve.getA();
final BigInteger b = curve.getB();
final ECFieldFp field = (ECFieldFp) curve.getField();
final BigInteger p = field.getP();
final BigInteger order = params.getOrder();
final int cofactor = params.getCofactor();
final ECPoint ephemeralGenerator = add(multiply(nonceS, generator, params), sharedSecretPointH, params);
if (!toSpongyCastleECPoint(ephemeralGenerator, params).isValid()) {
// $NON-NLS-1$
LOGGER.warning("Se ha generado un punto invalido");
}
return new ECParameterSpec(new EllipticCurve(new ECFieldFp(p), a, b), ephemeralGenerator, order, cofactor);
}
Also used :
ECFieldFp(java.security.spec.ECFieldFp)
EllipticCurve(java.security.spec.EllipticCurve)
ECParameterSpec(java.security.spec.ECParameterSpec)
BigInteger(java.math.BigInteger)
ECPoint(java.security.spec.ECPoint)
ECPoint(java.security.spec.ECPoint)
Example 80 with ECPoint
use of java.security.spec.ECPoint in project minidns by MiniDNS.
the class ECDSASignatureVerifier method getPublicKey.
@Override
protected PublicKey getPublicKey(byte[] key) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(key));
try {
byte[] xBytes = new byte[length];
dis.readFully(xBytes);
BigInteger x = new BigInteger(1, xBytes);
byte[] yBytes = new byte[length];
dis.readFully(yBytes);
BigInteger y = new BigInteger(1, yBytes);
return getKeyFactory().generatePublic(new ECPublicKeySpec(new ECPoint(x, y), spec));
} catch (IOException | InvalidKeySpecException e) {
throw new DNSSECValidationFailedException("Invalid public key!", e);
}
}
Also used :
DataInput(java.io.DataInput)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DNSSECValidationFailedException(org.minidns.dnssec.DNSSECValidationFailedException)
BigInteger(java.math.BigInteger)
IOException(java.io.IOException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
DataInputStream(java.io.DataInputStream)
ECPoint(java.security.spec.ECPoint)
ECPublicKeySpec(java.security.spec.ECPublicKeySpec)
Aggregations
ECPoint (java.security.spec.ECPoint)111
ECParameterSpec (java.security.spec.ECParameterSpec)56
BigInteger (java.math.BigInteger)54
ECPublicKeySpec (java.security.spec.ECPublicKeySpec)36
ECPublicKey (java.security.interfaces.ECPublicKey)31
EllipticCurve (java.security.spec.EllipticCurve)31
KeyPair (java.security.KeyPair)20
ECPrivateKey (java.security.interfaces.ECPrivateKey)20
PublicKey (java.security.PublicKey)17
ECFieldFp (java.security.spec.ECFieldFp)17
ECGenParameterSpec (java.security.spec.ECGenParameterSpec)16
Test (org.junit.Test)16
KeyFactory (java.security.KeyFactory)15
KeyPairGenerator (java.security.KeyPairGenerator)14
AlgorithmParameters (java.security.AlgorithmParameters)13
GeneralSecurityException (java.security.GeneralSecurityException)12
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
KeySpec (java.security.spec.KeySpec)11
IOException (java.io.IOException)10
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)9
