use of java.security.spec.X509EncodedKeySpec in project j2objc by google.
the class IosRSAKeyFactory method engineGetKeySpec.
@Override
@SuppressWarnings("unchecked")
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) throws InvalidKeySpecException {
if (key == null) {
throw new InvalidKeySpecException("key == null");
}
if (keySpec == null) {
throw new InvalidKeySpecException("keySpec == null");
}
if (!"RSA".equals(key.getAlgorithm())) {
throw new InvalidKeySpecException("Key must be a RSA key");
}
if (key instanceof RSAPublicKey && RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
RSAPublicKey rsaKey = (RSAPublicKey) key;
return (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
} else if (key instanceof PublicKey && RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"X.509".equals(key.getFormat()) || encoded == null) {
throw new InvalidKeySpecException("Not a valid X.509 encoding");
}
RSAPublicKey rsaKey = (RSAPublicKey) engineGeneratePublic(new X509EncodedKeySpec(encoded));
return (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
} else if (key instanceof RSAPrivateCrtKey && RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
return (T) new RSAPrivateCrtKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
} else if (key instanceof RSAPrivateCrtKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
} else if (key instanceof RSAPrivateKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
RSAPrivateKey rsaKey = (RSAPrivateKey) key;
return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
} else if (key instanceof PrivateKey && RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"PKCS#8".equals(key.getFormat()) || encoded == null) {
throw new InvalidKeySpecException("Not a valid PKCS#8 encoding");
}
RSAPrivateKey privKey = (RSAPrivateKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
if (privKey instanceof RSAPrivateCrtKey) {
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) privKey;
return (T) new RSAPrivateCrtKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
} else {
throw new InvalidKeySpecException("Encoded key is not an RSAPrivateCrtKey");
}
} else if (key instanceof PrivateKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"PKCS#8".equals(key.getFormat()) || encoded == null) {
throw new InvalidKeySpecException("Not a valid PKCS#8 encoding");
}
RSAPrivateKey rsaKey = (RSAPrivateKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
} else if (key instanceof PrivateKey && PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"PKCS#8".equals(key.getFormat())) {
throw new InvalidKeySpecException("Encoding type must be PKCS#8; was " + key.getFormat());
} else if (encoded == null) {
throw new InvalidKeySpecException("Key is not encodable");
}
return (T) new PKCS8EncodedKeySpec(encoded);
} else if (key instanceof PublicKey && X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
final byte[] encoded = key.getEncoded();
if (!"X.509".equals(key.getFormat())) {
throw new InvalidKeySpecException("Encoding type must be X.509; was " + key.getFormat());
} else if (encoded == null) {
throw new InvalidKeySpecException("Key is not encodable");
}
return (T) new X509EncodedKeySpec(encoded);
} else {
throw new InvalidKeySpecException("Unsupported key type and key spec combination; key=" + key.getClass().getName() + ", keySpec=" + keySpec.getName());
}
}
use of java.security.spec.X509EncodedKeySpec in project j2objc by google.
the class IosRSAKeyFactory method engineTranslateKey.
@Override
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
if (key == null) {
throw new InvalidKeyException("key == null");
}
if ((key instanceof IosRSAKey.IosRSAPublicKey) || (key instanceof IosRSAKey.IosRSAPrivateKey)) {
return key;
} else if (key instanceof RSAPublicKey) {
RSAPublicKey rsaKey = (RSAPublicKey) key;
try {
return engineGeneratePublic(new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent()));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else if (key instanceof RSAPrivateCrtKey) {
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
BigInteger modulus = rsaKey.getModulus();
BigInteger publicExponent = rsaKey.getPublicExponent();
BigInteger privateExponent = rsaKey.getPrivateExponent();
BigInteger primeP = rsaKey.getPrimeP();
BigInteger primeQ = rsaKey.getPrimeQ();
BigInteger primeExponentP = rsaKey.getPrimeExponentP();
BigInteger primeExponentQ = rsaKey.getPrimeExponentQ();
BigInteger crtCoefficient = rsaKey.getCrtCoefficient();
try {
return engineGeneratePrivate(new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else if (key instanceof RSAPrivateKey) {
RSAPrivateKey rsaKey = (RSAPrivateKey) key;
BigInteger modulus = rsaKey.getModulus();
BigInteger privateExponent = rsaKey.getPrivateExponent();
try {
return engineGeneratePrivate(new RSAPrivateKeySpec(modulus, privateExponent));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else if ((key instanceof PrivateKey) && ("PKCS#8".equals(key.getFormat()))) {
byte[] encoded = key.getEncoded();
if (encoded == null) {
throw new InvalidKeyException("Key does not support encoding");
}
try {
return engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else if ((key instanceof PublicKey) && ("X.509".equals(key.getFormat()))) {
byte[] encoded = key.getEncoded();
if (encoded == null) {
throw new InvalidKeyException("Key does not support encoding");
}
try {
return engineGeneratePublic(new X509EncodedKeySpec(encoded));
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException(e);
}
} else {
throw new InvalidKeyException("Key must be an RSA public or private key; was " + key.getClass().getName());
}
}
use of java.security.spec.X509EncodedKeySpec in project wycheproof by google.
the class EcKeyTest method testEncodedPublicKey.
public void testEncodedPublicKey() throws Exception {
KeyFactory kf = KeyFactory.getInstance("EC");
for (String encodedHex : EC_INVALID_PUBLIC_KEYS) {
byte[] encoded = TestUtil.hexToBytes(encodedHex);
X509EncodedKeySpec x509keySpec = new X509EncodedKeySpec(encoded);
try {
ECPublicKey unused = (ECPublicKey) kf.generatePublic(x509keySpec);
fail("Constructed invalid public key from:" + encodedHex);
} catch (InvalidKeySpecException ex) {
// OK, since the public keys have been modified.
System.out.println(ex.toString());
}
}
}
use of java.security.spec.X509EncodedKeySpec in project wycheproof by google.
the class EcdhTest method testModifiedPublic.
/**
* This test modifies the order of group in the public key. A severe bug would be an
* implementation that leaks information whether the private key is larger than the order given in
* the public key. Also a severe bug would be to reduce the private key modulo the order given in
* the public key parameters.
*/
@SuppressWarnings("InsecureCryptoUsage")
public void testModifiedPublic(String algorithm) throws Exception {
KeyAgreement ka;
try {
ka = KeyAgreement.getInstance(algorithm);
} catch (NoSuchAlgorithmException ex) {
System.out.println("testWrongOrder: " + algorithm + " not supported");
return;
}
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
keyGen.initialize(EcUtil.getNistP256Params());
ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
KeyFactory kf = KeyFactory.getInstance("EC");
ECPublicKey validKey = (ECPublicKey) kf.generatePublic(EC_VALID_PUBLIC_KEY.getSpec());
ka.init(priv);
ka.doPhase(validKey, true);
String expected = TestUtil.bytesToHex(ka.generateSecret());
for (EcPublicKeyTestVector test : EC_MODIFIED_PUBLIC_KEYS) {
try {
X509EncodedKeySpec spec = test.getX509EncodedKeySpec();
ECPublicKey modifiedKey = (ECPublicKey) kf.generatePublic(spec);
ka.init(priv);
ka.doPhase(modifiedKey, true);
String shared = TestUtil.bytesToHex(ka.generateSecret());
// The implementation did not notice that the public key was modified.
// This is not nice, but at the moment we only fail the test if the
// modification was essential for computing the shared secret.
//
// BouncyCastle v.1.53 fails this test, for ECDHC with modified order.
// This implementation reduces the product s*h modulo the order given
// in the public key. An attacker who can modify the order of the public key
// and who can learn whether such a modification changes the shared secret is
// able to learn the private key with a simple binary search.
assertEquals("algorithm:" + algorithm + " test:" + test.comment, expected, shared);
} catch (GeneralSecurityException ex) {
// OK, since the public keys have been modified.
System.out.println("testModifiedPublic:" + test.comment + " throws " + ex.toString());
}
}
}
use of java.security.spec.X509EncodedKeySpec in project wycheproof by google.
the class RsaKeyTest method testEncodeDecodePublic.
/**
* Checks whether decoding and again encoding an RSA public key results
* in the same encoding.
* This is a regression test. Failing this test implies that the encoding has changed.
* Such a failure does not need to be a bug, since several encoding for the same key are
* possible.
*/
public void testEncodeDecodePublic() throws Exception {
KeyFactory kf = KeyFactory.getInstance("RSA");
byte[] encoded = TestUtil.hexToBytes(ENCODED_PUBLIC_KEY);
X509EncodedKeySpec spec = new X509EncodedKeySpec(encoded);
RSAPublicKey pub = (RSAPublicKey) kf.generatePublic(spec);
assertEquals("The test assumes that the public key is in X.509 format", "X.509", pub.getFormat());
assertEquals(ENCODED_PUBLIC_KEY, TestUtil.bytesToHex(pub.getEncoded()));
}
Aggregations