Search in sources :

Example 56 with PKCS8EncodedKeySpec

use of java.security.spec.PKCS8EncodedKeySpec in project jdk8u_jdk by JetBrains.

the class TestLeadingZeros method main.

public static void main(String[] argv) throws Exception {
    KeyFactory factory = KeyFactory.getInstance("DSA", "SUN");
    for (String encodings : PKCS8_ENCODINGS) {
        byte[] encodingBytes = hexToBytes(encodings);
        PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodingBytes);
        DSAPrivateKey privKey2 = (DSAPrivateKey) factory.generatePrivate(encodedKeySpec);
        System.out.println("key: " + privKey2);
    }
    System.out.println("Test Passed");
}
Also used : PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)

Example 57 with PKCS8EncodedKeySpec

use of java.security.spec.PKCS8EncodedKeySpec in project nhin-d by DirectProject.

the class CertificatesController method toCertDataFormat.

/*
	 * Converts an incoming P12 format to an appropriate format to be store in the config store.  If a keystore protection manager
	 * has been configured, then the private key is wrapped before sending to the config store.
	 */
private byte[] toCertDataFormat(byte[] certOrP12Bytes, byte[] privateKeyBytes, PrivateKeyType privKeyType) throws CryptoException {
    try {
        // if there is no private key, then just return the encoded certificate
        if (privKeyType == PrivateKeyType.NONE)
            return certOrP12Bytes;
        final CertContainer cont = CertUtils.toCertContainer(certOrP12Bytes);
        // if this is a PKCS12 format, then either return the bytes as is, or if there is keystore manager, wrap the private keys
        if (privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE | privKeyType == PrivateKeyType.PKCS_12_UNPROTECTED) {
            // as PKCS12 file
            if (this.keyManager == null) {
                this.log.info("Storing PKCS12 file in PKCS12 unprotected format");
                return certOrP12Bytes;
            } else {
                this.log.info("Storing PKCS12 file in wrapped format");
                // now wrap the private key
                final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), cont.getKey());
                // return the wrapped key format
                return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
            }
        } else // when there is private key file, then either turn into a PKCS12 file (if there is no key manager), or wrap the key.
        {
            // cert and wrapped key format
            if (privKeyType == PrivateKeyType.PKCS8_WRAPPED) {
                this.log.info("Storing already wrapped PKCS8 file");
                return CertUtils.certAndWrappedKeyToRawByteFormat(privateKeyBytes, cont.getCert());
            }
            // get a private key object, the private key is normalized at this point into an unencrypted format
            final KeyFactory kf = KeyFactory.getInstance("RSA", CertUtils.getJCEProviderName());
            final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(privateKeyBytes);
            final Key privKey = kf.generatePrivate(keysp);
            if (this.keyManager == null) {
                this.log.info("Storing PKCS8 private key in PKCS12 unprotected format");
                // if there is no keystore manager, we can't wrap the keys, so we'll just send them over the wire
                // as PKCS12 file.  need to turn this into a PKCS12 format
                final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CertUtils.getJCEProviderName());
                localKeyStore.load(null, null);
                localKeyStore.setKeyEntry("privCert", privKey, "".toCharArray(), new java.security.cert.Certificate[] { cont.getCert() });
                final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
                localKeyStore.store(outStr, "".toCharArray());
                try {
                    return outStr.toByteArray();
                } finally {
                    IOUtils.closeQuietly(outStr);
                }
            } else {
                this.log.info("Storing PKCS8 private key in wrapped format");
                // wrap the key and turn the stream in the wrapped key format
                final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), privKey);
                return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
            }
        }
    } catch (Exception e) {
        throw new CryptoException("Failed to conver certificate and key to cert data format: " + e.getMessage(), e);
    }
}
Also used : PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager) KeyStoreProtectionManager(org.nhindirect.common.crypto.KeyStoreProtectionManager) ByteArrayOutputStream(java.io.ByteArrayOutputStream) CryptoException(org.nhindirect.common.crypto.exceptions.CryptoException) KeyStore(java.security.KeyStore) CertContainer(org.nhindirect.config.model.utils.CertUtils.CertContainer) KeyFactory(java.security.KeyFactory) SecretKeyFactory(javax.crypto.SecretKeyFactory) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) ServiceException(org.nhindirect.common.rest.exceptions.ServiceException) IOException(java.io.IOException) CryptoException(org.nhindirect.common.crypto.exceptions.CryptoException)

Example 58 with PKCS8EncodedKeySpec

use of java.security.spec.PKCS8EncodedKeySpec in project jdk8u_jdk by JetBrains.

the class TestKeyStoreBasic method runTest.

public void runTest(String provider) throws Exception {
    // load private key
    // all keystore types should support private keys
    KeySpec spec = new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(PRIVATE_KEY_PKCS8_BASE64));
    PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(spec);
    // load x509 certificate
    Certificate cert;
    try (InputStream is = new BufferedInputStream(new ByteArrayInputStream(CERTIFICATE.getBytes()))) {
        cert = CertificateFactory.getInstance("X.509").generateCertificate(is);
    }
    int numEntries = 5;
    String type = null;
    for (int i = 0; i < PROVIDERS.length; i++) {
        if (provider.compareTo(PROVIDERS[i]) == 0) {
            type = KS_Type[i];
            break;
        }
    }
    System.out.printf("Test %s provider and %s keystore%n", provider, type);
    KeyStore ks = KeyStore.getInstance(type, provider);
    KeyStore ks2 = KeyStore.getInstance(type, ks.getProvider().getName());
    // create an empty key store
    ks.load(null, null);
    // store the secret keys
    for (int j = 0; j < numEntries; j++) {
        ks.setKeyEntry(ALIAS_HEAD + j, privateKey, PASSWDK, new Certificate[] { cert });
    }
    // initialize the 2nd key store object with the 1st one
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ks.store(baos, PASSWDK);
    byte[] bArr = baos.toByteArray();
    ByteArrayInputStream bais = new ByteArrayInputStream(bArr);
    ks2.load(bais, null);
    // check 2nd key store type
    checkType(ks2, type);
    // check the existing aliases for the 2nd key store
    checkAlias(ks2, numEntries);
    // compare the creation date of the 2 key stores for all aliases
    compareCreationDate(ks, ks2, numEntries);
    // remove the last entry from the 2nd key store
    numEntries--;
    ks2.deleteEntry(ALIAS_HEAD + numEntries);
    // re-initialize the 1st key store with the 2nd key store
    baos.reset();
    ks2.store(baos, PASSWD2);
    bais = new ByteArrayInputStream(baos.toByteArray());
    try {
        // expect an exception since the password is incorrect
        ks.load(bais, PASSWDK);
        throw new RuntimeException("ERROR: passed the loading with incorrect password");
    } catch (IOException ex) {
        System.out.println("Expected exception: " + ex);
        if (!causedBy(ex, UnrecoverableKeyException.class)) {
            ex.printStackTrace(System.out);
            throw new RuntimeException("Unexpected cause");
        }
        System.out.println("Expected cause: " + UnrecoverableKeyException.class.getName());
        bais.reset();
        ks.load(bais, PASSWD2);
        bais.reset();
        ks.load(bais, null);
    }
    // check key store type
    checkType(ks, type);
    // check the existing aliases
    checkAlias(ks, numEntries);
    // compare the creation date of the 2 key stores for all aliases
    compareCreationDate(ks, ks2, numEntries);
}
Also used : PrivateKey(java.security.PrivateKey) BufferedInputStream(java.io.BufferedInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) KeySpec(java.security.spec.KeySpec) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) KeyStore(java.security.KeyStore) UnrecoverableKeyException(java.security.UnrecoverableKeyException) BufferedInputStream(java.io.BufferedInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) Certificate(java.security.cert.Certificate)

Example 59 with PKCS8EncodedKeySpec

use of java.security.spec.PKCS8EncodedKeySpec in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    // Start with PrivateKeyEntry
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        expectedChain[1] = caCert;
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
    // Replace with TrustedCertificateEntry
    {
        TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type TrustedCertificateEntry", actualEntry instanceof TrustedCertificateEntry);
        TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
        assertEquals("Stored and retrieved certificates should be the same", expectedCertEntry.getTrustedCertificate(), actualCertEntry.getTrustedCertificate());
    }
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry)

Example 60 with PKCS8EncodedKeySpec

use of java.security.spec.PKCS8EncodedKeySpec in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreTest method testKeyStore_GetKey_NoPassword_Encrypted_Success.

public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
    assertNotNull("Key should exist", key);
    assertTrue("Should be a PrivateKey", key instanceof PrivateKey);
    assertTrue("Should be a RSAKey", key instanceof RSAKey);
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
    assertEquals("Inserted key should be same as retrieved key", ((RSAKey) expectedKey).getModulus(), ((RSAKey) key).getModulus());
}
Also used : RSAKey(java.security.interfaces.RSAKey) PrivateKey(java.security.PrivateKey) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) RSAKey(java.security.interfaces.RSAKey) ECKey(java.security.interfaces.ECKey) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) KeyFactory(java.security.KeyFactory)

Aggregations

PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)227 KeyFactory (java.security.KeyFactory)179 PrivateKey (java.security.PrivateKey)148 CertificateFactory (java.security.cert.CertificateFactory)86 ByteArrayInputStream (java.io.ByteArrayInputStream)85 Certificate (java.security.cert.Certificate)72 X509Certificate (java.security.cert.X509Certificate)71 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)59 Entry (java.security.KeyStore.Entry)53 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)53 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)50 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)47 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)40 PublicKey (java.security.PublicKey)39 IOException (java.io.IOException)30 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)30 SecretKey (javax.crypto.SecretKey)28 InvalidKeyException (java.security.InvalidKeyException)26 Key (java.security.Key)24 KeyStoreException (java.security.KeyStoreException)15