Search in sources :

Example 81 with KeySpec

use of java.security.spec.KeySpec in project hutool by looly.

the class KeyUtil method generateDESKey.

/**
 * 生成 {@link SecretKey}
 *
 * @param algorithm DES算法,包括DES、DESede等
 * @param key       密钥
 * @return {@link SecretKey}
 */
public static SecretKey generateDESKey(String algorithm, byte[] key) {
    if (StrUtil.isBlank(algorithm) || false == algorithm.startsWith("DES")) {
        throw new CryptoException("Algorithm [{}] is not a DES algorithm!", algorithm);
    }
    SecretKey secretKey;
    if (null == key) {
        secretKey = generateKey(algorithm);
    } else {
        KeySpec keySpec;
        try {
            if (algorithm.startsWith("DESede")) {
                // DESede兼容
                keySpec = new DESedeKeySpec(key);
            } else {
                keySpec = new DESKeySpec(key);
            }
        } catch (InvalidKeyException e) {
            throw new CryptoException(e);
        }
        secretKey = generateKey(algorithm, keySpec);
    }
    return secretKey;
}
Also used : SecretKey(javax.crypto.SecretKey) DESKeySpec(javax.crypto.spec.DESKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) KeySpec(java.security.spec.KeySpec) PBEKeySpec(javax.crypto.spec.PBEKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) DESKeySpec(javax.crypto.spec.DESKeySpec) InvalidKeyException(java.security.InvalidKeyException)

Example 82 with KeySpec

use of java.security.spec.KeySpec in project karaf by apache.

the class PublickeyLoginModule method equals.

public static boolean equals(PublicKey key, String storedKey) throws FailedLoginException {
    try {
        DataInputStream dis = new DataInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(storedKey)));
        String identifier = readString(dis);
        if (key instanceof DSAPublicKey) {
            if (!"ssh-dss".equals(identifier)) {
                return false;
            }
            BigInteger p = readBigInteger(dis);
            BigInteger q = readBigInteger(dis);
            BigInteger g = readBigInteger(dis);
            BigInteger y = readBigInteger(dis);
            KeyFactory keyFactory = KeyFactory.getInstance("DSA");
            KeySpec publicKeySpec = new DSAPublicKeySpec(y, p, q, g);
            PublicKey generatedPublicKey = keyFactory.generatePublic(publicKeySpec);
            return key.equals(generatedPublicKey);
        } else if (key instanceof RSAKey) {
            if (!"ssh-rsa".equals(identifier)) {
                return false;
            }
            BigInteger exponent = readBigInteger(dis);
            BigInteger modulus = readBigInteger(dis);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            KeySpec publicKeySpec = new RSAPublicKeySpec(modulus, exponent);
            PublicKey generatedPublicKey = keyFactory.generatePublic(publicKeySpec);
            return key.equals(generatedPublicKey);
        } else if (key instanceof ECPublicKey) {
            String ecIdentifier = readString(dis);
            if (!identifier.equals("ecdsa-sha2-" + ecIdentifier) || !nistSecMap.containsKey(ecIdentifier)) {
                return false;
            }
            // Overall size of the x + y coordinates. We only support uncompressed points here, so
            // to read x + y we ignore the "04" byte using (size - 1) / 2
            int size = dis.readInt();
            byte[] bytes = new byte[(size - 1) / 2];
            dis.skipBytes(1);
            dis.read(bytes, 0, bytes.length);
            BigInteger x = new BigInteger(bytes);
            dis.read(bytes, 0, bytes.length);
            BigInteger y = new BigInteger(bytes);
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");
            parameters.init(new ECGenParameterSpec(nistSecMap.get(ecIdentifier)));
            ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
            ECPoint pubPoint = new ECPoint(x, y);
            KeySpec keySpec = new ECPublicKeySpec(pubPoint, ecParameters);
            PublicKey generatedPublicKey = keyFactory.generatePublic(keySpec);
            return key.equals(generatedPublicKey);
        } else {
            throw new FailedLoginException("Unsupported key type " + key.getClass().toString());
        }
    } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
        throw new FailedLoginException("Unable to check public key");
    }
}
Also used : RSAKey(java.security.interfaces.RSAKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) KeyFactory(java.security.KeyFactory) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) ECPoint(java.security.spec.ECPoint) ECPoint(java.security.spec.ECPoint) DSAPublicKey(java.security.interfaces.DSAPublicKey) FailedLoginException(javax.security.auth.login.FailedLoginException) ECPublicKey(java.security.interfaces.ECPublicKey) ByteArrayInputStream(java.io.ByteArrayInputStream) ECParameterSpec(java.security.spec.ECParameterSpec) BigInteger(java.math.BigInteger) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) AlgorithmParameters(java.security.AlgorithmParameters)

Example 83 with KeySpec

use of java.security.spec.KeySpec in project karaf by apache.

the class PublicKeyEncodingTest method testRSAKeys.

@Test
public void testRSAKeys() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException {
    // Generated using: ssh-keygen -t rsa
    String storedKey = "AAAAB3NzaC1yc2EAAAADAQABAAABAQDGX4CpCL49sWHaIuDE4VbGkdTMhsDLV3b8MDZ37Llsx3kRBs/x7G3OhSvQPhI" + "jMNcbnUnCr+6O6poKjRcFI1Aj76TiSSYlvz9QbsWqc50ZwCuR39h6F9u8f9k62AV7IVA4aNVSJBFn2nOA00HOWvDDrU3ykG0cPeJcmP1l" + "PeOO9WJVG7dc37v3soZZniIH+uop/UFQ4Ga0zWy4xjggAy2rE2p0BYHchrJb43ovInh5cGgXx2vNVwURsAf0TAPJwn7GLNpMYr3IFbRC3" + "Tbe1wPdy9YM4rFlKL78o/dFbvUOH+Vd1BlYDofoxT4kHxod7W5wPALBr/Bm8CD2tR6OLLoD";
    String knownModulus = "2504227846033126752625313329217708474924890377669312098933267135871562327792150810915433595733" + "979130785790337621243914845149325143098632580183245971502051291613503136182182218708721890923769091345704" + "119963221758691543226829294312457492456071842409242817598014777158790065648435489978774648853589909638928" + "448069481622573966178879417253888452317622624006445863588961367514293886664167742695648199055900918338245" + "701727653606086096756173044470526840851957391900922886984556493506186438991284463663361749451775578708454" + "0181594148839238901052763862484299588887844606103377160953183624788815045644521767391398467190125279747";
    // Generate a PublicKey using the known values
    BigInteger modulus = new BigInteger(knownModulus);
    BigInteger exponent = new BigInteger("65537");
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    KeySpec publicKeySpec = new RSAPublicKeySpec(modulus, exponent);
    PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
    assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
    // Make sure a different stored key does not work
    String differentKey = "AAAAB3NzaC1yc2EAAAADAQABAAABAQC9nIk6uBMouH2KhMZnnVhkEGC7ZdSOHZbCcmQSsvK3bl/Ly2yzvXNdqqRhlyv" + "Lv/Qjq0i4HnZsOUFAsfarYh8A0IP238AhTCoAeZf+ga+Mpm2uc+AOgDzwupfMYs6Zz81HWr1UsDr+LCOJkCC1/zzh5lub/Obif49j+nC1XX" + "0fT0AJ9BeGnR9HWg3m72SCUmWYMSYGwgfjNqTtqA9IHxCfEr29J8YO7HiJME3zwj0ok133RuZASEclTYXtJkKYvAzE6obhBPw7J6kqETJIH" + "0G0SkNjIm7cWThBalzyqcfydZ+0O+f/3LuSSp7EawaKu3g8mHkjt8b8ZxtjhgY0BZNV";
    assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
Also used : PublicKey(java.security.PublicKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) KeyFactory(java.security.KeyFactory) Test(org.junit.Test)

Example 84 with KeySpec

use of java.security.spec.KeySpec in project karaf by apache.

the class PublicKeyEncodingTest method testRSA1024.

@Test
public void testRSA1024() throws FailedLoginException, NoSuchAlgorithmException, InvalidKeySpecException {
    // Generated using: ssh-keygen -t rsa -b 1024
    String storedKey = "AAAAB3NzaC1yc2EAAAADAQABAAAAgQCpvuUWHwGUbRtunzgNaiKo9varvw3rZ6xRwV37/tNsMcdE98T07zF3UiUzfm79vv" + "u6LrsMX6yzR3j1hSKxGtHoCuLO+wdx20Cxn+aqDsQsjTEgOE3SnqUhqX0aFRWs9GUo2sXRZooR7+5EKhSzFTmkgmx0b/FhlJQ2/Bdc9woZAw==";
    String knownModulus = "1191994723232881252194746074531692276628392720352218105656446277364105948933208899459090143" + "34485583082055798404847857986526198262831735131892900109314572095535330090724020090628526184947685186417937" + "713630451839747221181072495928766941603698696083904958230358940260930311021743608730447712164571127205526640899";
    // Generate a PublicKey using the known values
    BigInteger modulus = new BigInteger(knownModulus);
    BigInteger exponent = new BigInteger("65537");
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    KeySpec publicKeySpec = new RSAPublicKeySpec(modulus, exponent);
    PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
    assertTrue(PublickeyLoginModule.equals(publicKey, storedKey));
    // Make sure a different stored key does not work
    String differentKey = "AAAAB3NzaC1yc2EAAAADAQABAAABAQC9nIk6uBMouH2KhMZnnVhkEGC7ZdSOHZbCcmQSsvK3bl/Ly2yzvXNdqqRhlyv" + "Lv/Qjq0i4HnZsOUFAsfarYh8A0IP238AhTCoAeZf+ga+Mpm2uc+AOgDzwupfMYs6Zz81HWr1UsDr+LCOJkCC1/zzh5lub/Obif49j+nC1XX" + "0fT0AJ9BeGnR9HWg3m72SCUmWYMSYGwgfjNqTtqA9IHxCfEr29J8YO7HiJME3zwj0ok133RuZASEclTYXtJkKYvAzE6obhBPw7J6kqETJIH" + "0G0SkNjIm7cWThBalzyqcfydZ+0O+f/3LuSSp7EawaKu3g8mHkjt8b8ZxtjhgY0BZNV";
    assertFalse(PublickeyLoginModule.equals(publicKey, differentKey));
}
Also used : PublicKey(java.security.PublicKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) KeyFactory(java.security.KeyFactory) Test(org.junit.Test)

Example 85 with KeySpec

use of java.security.spec.KeySpec in project karaf by apache.

the class PublicKeyLoginModuleTest method testRSALogin.

@Test
public void testRSALogin() throws Exception {
    Properties options = getLoginModuleOptions();
    PublickeyLoginModule module = new PublickeyLoginModule();
    Subject subject = new Subject();
    String knownModulus = "2504227846033126752625313329217708474924890377669312098933267135871562327792150810915433595733" + "979130785790337621243914845149325143098632580183245971502051291613503136182182218708721890923769091345704" + "119963221758691543226829294312457492456071842409242817598014777158790065648435489978774648853589909638928" + "448069481622573966178879417253888452317622624006445863588961367514293886664167742695648199055900918338245" + "701727653606086096756173044470526840851957391900922886984556493506186438991284463663361749451775578708454" + "0181594148839238901052763862484299588887844606103377160953183624788815045644521767391398467190125279747";
    // Generate a PublicKey using the known values
    BigInteger modulus = new BigInteger(knownModulus);
    BigInteger exponent = new BigInteger("65537");
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    KeySpec publicKeySpec = new RSAPublicKeySpec(modulus, exponent);
    PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
    module.initialize(subject, new NamePubkeyCallbackHandler("rsa", publicKey), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertFalse(subject.getPrincipals().isEmpty());
    assertThat("rsa", isIn(names(subject.getPrincipals(UserPrincipal.class))));
    assertThat("ssh", isIn(names(subject.getPrincipals(RolePrincipal.class))));
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used : PublicKey(java.security.PublicKey) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) KeySpec(java.security.spec.KeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) Properties(org.apache.felix.utils.properties.Properties) NamePubkeyCallbackHandler(org.apache.karaf.jaas.modules.NamePubkeyCallbackHandler) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) KeyFactory(java.security.KeyFactory) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Test(org.junit.Test)

Aggregations

KeySpec (java.security.spec.KeySpec)171 PBEKeySpec (javax.crypto.spec.PBEKeySpec)71 SecretKeyFactory (javax.crypto.SecretKeyFactory)65 KeyFactory (java.security.KeyFactory)61 SecretKeySpec (javax.crypto.spec.SecretKeySpec)50 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)41 BigInteger (java.math.BigInteger)40 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)40 SecretKey (javax.crypto.SecretKey)39 DSAPublicKeySpec (java.security.spec.DSAPublicKeySpec)38 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)37 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)34 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)29 PublicKey (java.security.PublicKey)27 ECPublicKeySpec (java.security.spec.ECPublicKeySpec)24 RSAPrivateKeySpec (java.security.spec.RSAPrivateKeySpec)21 PrivateKey (java.security.PrivateKey)19 IOException (java.io.IOException)18 Cipher (javax.crypto.Cipher)16 InvalidKeyException (java.security.InvalidKeyException)15