use of java.security.spec.PKCS8EncodedKeySpec in project jdk8u_jdk by JetBrains.
the class TestLeadingZeros method main.
public static void main(String[] argv) throws Exception {
KeyFactory factory = KeyFactory.getInstance("DSA", "SUN");
for (String encodings : PKCS8_ENCODINGS) {
byte[] encodingBytes = hexToBytes(encodings);
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodingBytes);
DSAPrivateKey privKey2 = (DSAPrivateKey) factory.generatePrivate(encodedKeySpec);
System.out.println("key: " + privKey2);
}
System.out.println("Test Passed");
}
use of java.security.spec.PKCS8EncodedKeySpec in project nhin-d by DirectProject.
the class CertificatesController method toCertDataFormat.
/*
* Converts an incoming P12 format to an appropriate format to be store in the config store. If a keystore protection manager
* has been configured, then the private key is wrapped before sending to the config store.
*/
private byte[] toCertDataFormat(byte[] certOrP12Bytes, byte[] privateKeyBytes, PrivateKeyType privKeyType) throws CryptoException {
try {
// if there is no private key, then just return the encoded certificate
if (privKeyType == PrivateKeyType.NONE)
return certOrP12Bytes;
final CertContainer cont = CertUtils.toCertContainer(certOrP12Bytes);
// if this is a PKCS12 format, then either return the bytes as is, or if there is keystore manager, wrap the private keys
if (privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE | privKeyType == PrivateKeyType.PKCS_12_UNPROTECTED) {
// as PKCS12 file
if (this.keyManager == null) {
this.log.info("Storing PKCS12 file in PKCS12 unprotected format");
return certOrP12Bytes;
} else {
this.log.info("Storing PKCS12 file in wrapped format");
// now wrap the private key
final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), cont.getKey());
// return the wrapped key format
return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
}
} else // when there is private key file, then either turn into a PKCS12 file (if there is no key manager), or wrap the key.
{
// cert and wrapped key format
if (privKeyType == PrivateKeyType.PKCS8_WRAPPED) {
this.log.info("Storing already wrapped PKCS8 file");
return CertUtils.certAndWrappedKeyToRawByteFormat(privateKeyBytes, cont.getCert());
}
// get a private key object, the private key is normalized at this point into an unencrypted format
final KeyFactory kf = KeyFactory.getInstance("RSA", CertUtils.getJCEProviderName());
final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(privateKeyBytes);
final Key privKey = kf.generatePrivate(keysp);
if (this.keyManager == null) {
this.log.info("Storing PKCS8 private key in PKCS12 unprotected format");
// if there is no keystore manager, we can't wrap the keys, so we'll just send them over the wire
// as PKCS12 file. need to turn this into a PKCS12 format
final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CertUtils.getJCEProviderName());
localKeyStore.load(null, null);
localKeyStore.setKeyEntry("privCert", privKey, "".toCharArray(), new java.security.cert.Certificate[] { cont.getCert() });
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
localKeyStore.store(outStr, "".toCharArray());
try {
return outStr.toByteArray();
} finally {
IOUtils.closeQuietly(outStr);
}
} else {
this.log.info("Storing PKCS8 private key in wrapped format");
// wrap the key and turn the stream in the wrapped key format
final byte[] wrappedKey = this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) keyManager).getPrivateKeyProtectionKey(), privKey);
return CertUtils.certAndWrappedKeyToRawByteFormat(wrappedKey, cont.getCert());
}
}
} catch (Exception e) {
throw new CryptoException("Failed to conver certificate and key to cert data format: " + e.getMessage(), e);
}
}
use of java.security.spec.PKCS8EncodedKeySpec in project jdk8u_jdk by JetBrains.
the class TestKeyStoreBasic method runTest.
public void runTest(String provider) throws Exception {
// load private key
// all keystore types should support private keys
KeySpec spec = new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(PRIVATE_KEY_PKCS8_BASE64));
PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(spec);
// load x509 certificate
Certificate cert;
try (InputStream is = new BufferedInputStream(new ByteArrayInputStream(CERTIFICATE.getBytes()))) {
cert = CertificateFactory.getInstance("X.509").generateCertificate(is);
}
int numEntries = 5;
String type = null;
for (int i = 0; i < PROVIDERS.length; i++) {
if (provider.compareTo(PROVIDERS[i]) == 0) {
type = KS_Type[i];
break;
}
}
System.out.printf("Test %s provider and %s keystore%n", provider, type);
KeyStore ks = KeyStore.getInstance(type, provider);
KeyStore ks2 = KeyStore.getInstance(type, ks.getProvider().getName());
// create an empty key store
ks.load(null, null);
// store the secret keys
for (int j = 0; j < numEntries; j++) {
ks.setKeyEntry(ALIAS_HEAD + j, privateKey, PASSWDK, new Certificate[] { cert });
}
// initialize the 2nd key store object with the 1st one
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ks.store(baos, PASSWDK);
byte[] bArr = baos.toByteArray();
ByteArrayInputStream bais = new ByteArrayInputStream(bArr);
ks2.load(bais, null);
// check 2nd key store type
checkType(ks2, type);
// check the existing aliases for the 2nd key store
checkAlias(ks2, numEntries);
// compare the creation date of the 2 key stores for all aliases
compareCreationDate(ks, ks2, numEntries);
// remove the last entry from the 2nd key store
numEntries--;
ks2.deleteEntry(ALIAS_HEAD + numEntries);
// re-initialize the 1st key store with the 2nd key store
baos.reset();
ks2.store(baos, PASSWD2);
bais = new ByteArrayInputStream(baos.toByteArray());
try {
// expect an exception since the password is incorrect
ks.load(bais, PASSWDK);
throw new RuntimeException("ERROR: passed the loading with incorrect password");
} catch (IOException ex) {
System.out.println("Expected exception: " + ex);
if (!causedBy(ex, UnrecoverableKeyException.class)) {
ex.printStackTrace(System.out);
throw new RuntimeException("Unexpected cause");
}
System.out.println("Expected cause: " + UnrecoverableKeyException.class.getName());
bais.reset();
ks.load(bais, PASSWD2);
bais.reset();
ks.load(bais, null);
}
// check key store type
checkType(ks, type);
// check the existing aliases
checkAlias(ks, numEntries);
// compare the creation date of the 2 key stores for all aliases
compareCreationDate(ks, ks2, numEntries);
}
use of java.security.spec.PKCS8EncodedKeySpec in project android_frameworks_base by AOSPA.
the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success.
public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() throws Exception {
setupPassword();
mKeyStore.load(null, null);
final CertificateFactory f = CertificateFactory.getInstance("X.509");
final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
// Start with PrivateKeyEntry
{
KeyFactory keyFact = KeyFactory.getInstance("RSA");
PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
final Certificate[] expectedChain = new Certificate[2];
expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
expectedChain[1] = caCert;
PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
assertNotNull("Retrieved entry should exist", actualEntry);
assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
// Replace with TrustedCertificateEntry
{
TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
assertNotNull("Retrieved entry should exist", actualEntry);
assertTrue("Retrieved entry should be of type TrustedCertificateEntry", actualEntry instanceof TrustedCertificateEntry);
TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
assertEquals("Stored and retrieved certificates should be the same", expectedCertEntry.getTrustedCertificate(), actualCertEntry.getTrustedCertificate());
}
}
use of java.security.spec.PKCS8EncodedKeySpec in project android_frameworks_base by AOSPA.
the class AndroidKeyStoreTest method testKeyStore_GetKey_NoPassword_Encrypted_Success.
public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception {
setupPassword();
mKeyStore.load(null, null);
assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
assertNotNull("Key should exist", key);
assertTrue("Should be a PrivateKey", key instanceof PrivateKey);
assertTrue("Should be a RSAKey", key instanceof RSAKey);
KeyFactory keyFact = KeyFactory.getInstance("RSA");
PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
assertEquals("Inserted key should be same as retrieved key", ((RSAKey) expectedKey).getModulus(), ((RSAKey) key).getModulus());
}
Aggregations