Search in sources :

Example 36 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptEncryptionKey.

@Override
public byte[] decryptEncryptionKey(String encodedEncryptedKey) throws InvalidJweException {
    if (getKeyEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The key encryption algorithm is null");
    }
    if (encodedEncryptedKey == null) {
        throw new InvalidJweException("The encoded encryption key is null");
    }
    try {
        if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
            if (rsaPrivateKey == null && privateKey == null) {
                throw new InvalidJweException("The RSA private key is null");
            }
            //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
            Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
            if (rsaPrivateKey != null) {
                KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
                RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
                java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
                cipher.init(Cipher.DECRYPT_MODE, privKey);
            } else {
                cipher.init(Cipher.DECRYPT_MODE, privateKey);
            }
            byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));
            return decryptedKey;
        } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (sharedSymmetricKey.length != 16) {
                // 128 bit
                MessageDigest sha = MessageDigest.getInstance("SHA-1");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
            }
            byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
            SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
            AESWrapEngine aesWrapEngine = new AESWrapEngine();
            CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
            aesWrapEngine.init(false, params);
            byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);
            return decryptedKey;
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeySpecException e) {
        throw new InvalidJweException(e);
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) CipherParameters(org.bouncycastle.crypto.CipherParameters) java.security(java.security) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) AESWrapEngine(org.bouncycastle.crypto.engines.AESWrapEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(org.xdi.oxauth.model.crypto.signature.RSAPrivateKey) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)

Example 37 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class ECSigner method sign.

@Deprecated
@Override
public String sign(String signingInput) throws Exception {
    if (Strings.isNullOrEmpty(signingInput)) {
        throw new Exception("Invalid signing input");
    }
    try {
        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
        ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
        PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
        Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
        signature.initSign(privateKey);
        signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
        return Base64Util.base64urlencode(signature.sign());
    } catch (NoSuchAlgorithmException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (UnsupportedEncodingException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (SignatureException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (NoSuchProviderException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (InvalidKeyException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (InvalidKeySpecException e) {
        throw new Exception("There was a problem in EC signing", e);
    }
}
Also used : ECPrivateKeySpec(org.bouncycastle.jce.spec.ECPrivateKeySpec) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 38 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class ECSigner method verifySignature.

@Deprecated
@Override
public boolean verifySignature(String signingInput, String signature) throws Exception {
    if (Strings.isNullOrEmpty(signingInput)) {
        return false;
    }
    if (Strings.isNullOrEmpty(signature)) {
        return false;
    }
    try {
        byte[] sigBytes = Base64Util.base64urldecode(signature);
        byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
        BigInteger q = ((ECCurve.Fp) ecSpec.getCurve()).getQ();
        ECFieldElement xFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getX());
        ECFieldElement yFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getY());
        ECPoint pointQ = new ECPoint.Fp(ecSpec.getCurve(), xFieldElement, yFieldElement);
        ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
        PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
        Signature sig = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
        sig.initVerify(publicKey);
        sig.update(sigInBytes);
        return sig.verify(sigBytes);
    } catch (NoSuchAlgorithmException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (UnsupportedEncodingException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (SignatureException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (NoSuchProviderException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (InvalidKeyException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (InvalidKeySpecException e) {
        throw new Exception("There was a problem in EC verifier", e);
    }
}
Also used : UnsupportedEncodingException(java.io.UnsupportedEncodingException) ECPoint(org.bouncycastle.math.ec.ECPoint) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) BigInteger(java.math.BigInteger) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) ECFieldElement(org.bouncycastle.math.ec.ECFieldElement)

Example 39 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class ECDSASigner method generateSignature.

@Override
public String generateSignature(String signingInput) throws SignatureException {
    if (getSignatureAlgorithm() == null) {
        throw new SignatureException("The signature algorithm is null");
    }
    if (ecdsaPrivateKey == null) {
        throw new SignatureException("The ECDSA private key is null");
    }
    if (signingInput == null) {
        throw new SignatureException("The signing input is null");
    }
    try {
        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
        ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
        PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
        Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
        signature.initSign(privateKey);
        signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
        return Base64Util.base64urlencode(signature.sign());
    } catch (InvalidKeySpecException e) {
        throw new SignatureException(e);
    } catch (InvalidKeyException e) {
        throw new SignatureException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new SignatureException(e);
    } catch (NoSuchProviderException e) {
        throw new SignatureException(e);
    } catch (UnsupportedEncodingException e) {
        throw new SignatureException(e);
    } catch (Exception e) {
        throw new SignatureException(e);
    }
}
Also used : ECPrivateKeySpec(org.bouncycastle.jce.spec.ECPrivateKeySpec) ECDSAPrivateKey(org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 40 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class RSASigner method validateSignature.

@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
    if (getSignatureAlgorithm() == null) {
        throw new SignatureException("The signature algorithm is null");
    }
    if (rsaPublicKey == null) {
        throw new SignatureException("The RSA public key is null");
    }
    if (signingInput == null) {
        throw new SignatureException("The signing input is null");
    }
    String algorithm = null;
    switch(getSignatureAlgorithm()) {
        case RS256:
            algorithm = "SHA-256";
            break;
        case RS384:
            algorithm = "SHA-384";
            break;
        case RS512:
            algorithm = "SHA-512";
            break;
        default:
            throw new SignatureException("Unsupported signature algorithm");
    }
    ASN1InputStream aIn = null;
    try {
        byte[] sigBytes = Base64Util.base64urldecode(signature);
        byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
        RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent());
        KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
        PublicKey publicKey = keyFactory.generatePublic(rsaPublicKeySpec);
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(Cipher.DECRYPT_MODE, publicKey);
        byte[] decSig = cipher.doFinal(sigBytes);
        aIn = new ASN1InputStream(decSig);
        ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
        MessageDigest hash = MessageDigest.getInstance(algorithm, "BC");
        hash.update(sigInBytes);
        ASN1OctetString sigHash = (ASN1OctetString) seq.getObjectAt(1);
        return MessageDigest.isEqual(hash.digest(), sigHash.getOctets());
    } catch (IOException e) {
        throw new SignatureException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new SignatureException(e);
    } catch (InvalidKeyException e) {
        throw new SignatureException(e);
    } catch (InvalidKeySpecException e) {
        throw new SignatureException(e);
    } catch (NoSuchPaddingException e) {
        throw new SignatureException(e);
    } catch (BadPaddingException e) {
        throw new SignatureException(e);
    } catch (NoSuchProviderException e) {
        throw new SignatureException(e);
    } catch (IllegalBlockSizeException e) {
        throw new SignatureException(e);
    } catch (Exception e) {
        throw new SignatureException(e);
    } finally {
        IOUtils.closeQuietly(aIn);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Cipher(javax.crypto.Cipher) InvalidKeySpecException(java.security.spec.InvalidKeySpecException)

Aggregations

InvalidKeySpecException (java.security.spec.InvalidKeySpecException)483 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)306 KeyFactory (java.security.KeyFactory)199 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)155 InvalidKeyException (java.security.InvalidKeyException)116 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)108 IOException (java.io.IOException)98 PublicKey (java.security.PublicKey)90 PrivateKey (java.security.PrivateKey)77 SecretKeyFactory (javax.crypto.SecretKeyFactory)66 PBEKeySpec (javax.crypto.spec.PBEKeySpec)59 BigInteger (java.math.BigInteger)45 SignatureException (java.security.SignatureException)39 SecretKey (javax.crypto.SecretKey)38 BadPaddingException (javax.crypto.BadPaddingException)36 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)36 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)35 NoSuchProviderException (java.security.NoSuchProviderException)34 KeySpec (java.security.spec.KeySpec)32 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)30