Search in sources :

Example 91 with X509EncodedKeySpec

use of java.security.spec.X509EncodedKeySpec in project j2objc by google.

the class IosRSAKeyFactory method engineGetKeySpec.

@Override
@SuppressWarnings("unchecked")
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) throws InvalidKeySpecException {
    if (key == null) {
        throw new InvalidKeySpecException("key == null");
    }
    if (keySpec == null) {
        throw new InvalidKeySpecException("keySpec == null");
    }
    if (!"RSA".equals(key.getAlgorithm())) {
        throw new InvalidKeySpecException("Key must be a RSA key");
    }
    if (key instanceof RSAPublicKey && RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPublicKey rsaKey = (RSAPublicKey) key;
        return (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
    } else if (key instanceof PublicKey && RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"X.509".equals(key.getFormat()) || encoded == null) {
            throw new InvalidKeySpecException("Not a valid X.509 encoding");
        }
        RSAPublicKey rsaKey = (RSAPublicKey) engineGeneratePublic(new X509EncodedKeySpec(encoded));
        return (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
    } else if (key instanceof RSAPrivateCrtKey && RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
        return (T) new RSAPrivateCrtKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
    } else if (key instanceof RSAPrivateCrtKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
        return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
    } else if (key instanceof RSAPrivateKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPrivateKey rsaKey = (RSAPrivateKey) key;
        return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
    } else if (key instanceof PrivateKey && RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"PKCS#8".equals(key.getFormat()) || encoded == null) {
            throw new InvalidKeySpecException("Not a valid PKCS#8 encoding");
        }
        RSAPrivateKey privKey = (RSAPrivateKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
        if (privKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) privKey;
            return (T) new RSAPrivateCrtKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
        } else {
            throw new InvalidKeySpecException("Encoded key is not an RSAPrivateCrtKey");
        }
    } else if (key instanceof PrivateKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"PKCS#8".equals(key.getFormat()) || encoded == null) {
            throw new InvalidKeySpecException("Not a valid PKCS#8 encoding");
        }
        RSAPrivateKey rsaKey = (RSAPrivateKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
        return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
    } else if (key instanceof PrivateKey && PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"PKCS#8".equals(key.getFormat())) {
            throw new InvalidKeySpecException("Encoding type must be PKCS#8; was " + key.getFormat());
        } else if (encoded == null) {
            throw new InvalidKeySpecException("Key is not encodable");
        }
        return (T) new PKCS8EncodedKeySpec(encoded);
    } else if (key instanceof PublicKey && X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"X.509".equals(key.getFormat())) {
            throw new InvalidKeySpecException("Encoding type must be X.509; was " + key.getFormat());
        } else if (encoded == null) {
            throw new InvalidKeySpecException("Key is not encodable");
        }
        return (T) new X509EncodedKeySpec(encoded);
    } else {
        throw new InvalidKeySpecException("Unsupported key type and key spec combination; key=" + key.getClass().getName() + ", keySpec=" + keySpec.getName());
    }
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey)

Example 92 with X509EncodedKeySpec

use of java.security.spec.X509EncodedKeySpec in project j2objc by google.

the class IosRSAKeyFactory method engineTranslateKey.

@Override
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
    if (key == null) {
        throw new InvalidKeyException("key == null");
    }
    if ((key instanceof IosRSAKey.IosRSAPublicKey) || (key instanceof IosRSAKey.IosRSAPrivateKey)) {
        return key;
    } else if (key instanceof RSAPublicKey) {
        RSAPublicKey rsaKey = (RSAPublicKey) key;
        try {
            return engineGeneratePublic(new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent()));
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e);
        }
    } else if (key instanceof RSAPrivateCrtKey) {
        RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
        BigInteger modulus = rsaKey.getModulus();
        BigInteger publicExponent = rsaKey.getPublicExponent();
        BigInteger privateExponent = rsaKey.getPrivateExponent();
        BigInteger primeP = rsaKey.getPrimeP();
        BigInteger primeQ = rsaKey.getPrimeQ();
        BigInteger primeExponentP = rsaKey.getPrimeExponentP();
        BigInteger primeExponentQ = rsaKey.getPrimeExponentQ();
        BigInteger crtCoefficient = rsaKey.getCrtCoefficient();
        try {
            return engineGeneratePrivate(new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient));
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e);
        }
    } else if (key instanceof RSAPrivateKey) {
        RSAPrivateKey rsaKey = (RSAPrivateKey) key;
        BigInteger modulus = rsaKey.getModulus();
        BigInteger privateExponent = rsaKey.getPrivateExponent();
        try {
            return engineGeneratePrivate(new RSAPrivateKeySpec(modulus, privateExponent));
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e);
        }
    } else if ((key instanceof PrivateKey) && ("PKCS#8".equals(key.getFormat()))) {
        byte[] encoded = key.getEncoded();
        if (encoded == null) {
            throw new InvalidKeyException("Key does not support encoding");
        }
        try {
            return engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e);
        }
    } else if ((key instanceof PublicKey) && ("X.509".equals(key.getFormat()))) {
        byte[] encoded = key.getEncoded();
        if (encoded == null) {
            throw new InvalidKeyException("Key does not support encoding");
        }
        try {
            return engineGeneratePublic(new X509EncodedKeySpec(encoded));
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e);
        }
    } else {
        throw new InvalidKeyException("Key must be an RSA public or private key; was " + key.getClass().getName());
    }
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) InvalidKeyException(java.security.InvalidKeyException) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) BigInteger(java.math.BigInteger) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey)

Example 93 with X509EncodedKeySpec

use of java.security.spec.X509EncodedKeySpec in project wycheproof by google.

the class EcKeyTest method testEncodedPublicKey.

public void testEncodedPublicKey() throws Exception {
    KeyFactory kf = KeyFactory.getInstance("EC");
    for (String encodedHex : EC_INVALID_PUBLIC_KEYS) {
        byte[] encoded = TestUtil.hexToBytes(encodedHex);
        X509EncodedKeySpec x509keySpec = new X509EncodedKeySpec(encoded);
        try {
            ECPublicKey unused = (ECPublicKey) kf.generatePublic(x509keySpec);
            fail("Constructed invalid public key from:" + encodedHex);
        } catch (InvalidKeySpecException ex) {
            // OK, since the public keys have been modified.
            System.out.println(ex.toString());
        }
    }
}
Also used : ECPublicKey(java.security.interfaces.ECPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) KeyFactory(java.security.KeyFactory)

Example 94 with X509EncodedKeySpec

use of java.security.spec.X509EncodedKeySpec in project wycheproof by google.

the class EcdhTest method testModifiedPublic.

/**
   * This test modifies the order of group in the public key. A severe bug would be an
   * implementation that leaks information whether the private key is larger than the order given in
   * the public key. Also a severe bug would be to reduce the private key modulo the order given in
   * the public key parameters.
   */
@SuppressWarnings("InsecureCryptoUsage")
public void testModifiedPublic(String algorithm) throws Exception {
    KeyAgreement ka;
    try {
        ka = KeyAgreement.getInstance(algorithm);
    } catch (NoSuchAlgorithmException ex) {
        System.out.println("testWrongOrder: " + algorithm + " not supported");
        return;
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
    keyGen.initialize(EcUtil.getNistP256Params());
    ECPrivateKey priv = (ECPrivateKey) keyGen.generateKeyPair().getPrivate();
    KeyFactory kf = KeyFactory.getInstance("EC");
    ECPublicKey validKey = (ECPublicKey) kf.generatePublic(EC_VALID_PUBLIC_KEY.getSpec());
    ka.init(priv);
    ka.doPhase(validKey, true);
    String expected = TestUtil.bytesToHex(ka.generateSecret());
    for (EcPublicKeyTestVector test : EC_MODIFIED_PUBLIC_KEYS) {
        try {
            X509EncodedKeySpec spec = test.getX509EncodedKeySpec();
            ECPublicKey modifiedKey = (ECPublicKey) kf.generatePublic(spec);
            ka.init(priv);
            ka.doPhase(modifiedKey, true);
            String shared = TestUtil.bytesToHex(ka.generateSecret());
            // The implementation did not notice that the public key was modified.
            // This is not nice, but at the moment we only fail the test if the
            // modification was essential for computing the shared secret.
            //
            // BouncyCastle v.1.53 fails this test, for ECDHC with modified order.
            // This implementation reduces the product s*h modulo the order given
            // in the public key. An attacker who can modify the order of the public key
            // and who can learn whether such a modification changes the shared secret is
            // able to learn the private key with a simple binary search.
            assertEquals("algorithm:" + algorithm + " test:" + test.comment, expected, shared);
        } catch (GeneralSecurityException ex) {
            // OK, since the public keys have been modified.
            System.out.println("testModifiedPublic:" + test.comment + " throws " + ex.toString());
        }
    }
}
Also used : ECPrivateKey(java.security.interfaces.ECPrivateKey) ECPublicKey(java.security.interfaces.ECPublicKey) GeneralSecurityException(java.security.GeneralSecurityException) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyPairGenerator(java.security.KeyPairGenerator) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory)

Example 95 with X509EncodedKeySpec

use of java.security.spec.X509EncodedKeySpec in project wycheproof by google.

the class RsaKeyTest method testEncodeDecodePublic.

/**
   * Checks whether decoding and again encoding an RSA public key results
   * in the same encoding.
   * This is a regression test. Failing this test implies that the encoding has changed.
   * Such a failure does not need to be a bug, since several encoding for the same key are
   * possible.
   */
public void testEncodeDecodePublic() throws Exception {
    KeyFactory kf = KeyFactory.getInstance("RSA");
    byte[] encoded = TestUtil.hexToBytes(ENCODED_PUBLIC_KEY);
    X509EncodedKeySpec spec = new X509EncodedKeySpec(encoded);
    RSAPublicKey pub = (RSAPublicKey) kf.generatePublic(spec);
    assertEquals("The test assumes that the public key is in X.509 format", "X.509", pub.getFormat());
    assertEquals(ENCODED_PUBLIC_KEY, TestUtil.bytesToHex(pub.getEncoded()));
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) KeyFactory(java.security.KeyFactory)

Aggregations

X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)162 KeyFactory (java.security.KeyFactory)112 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)93 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)80 PublicKey (java.security.PublicKey)65 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)45 InvalidKeyException (java.security.InvalidKeyException)30 PrivateKey (java.security.PrivateKey)27 IOException (java.io.IOException)26 RSAPublicKey (java.security.interfaces.RSAPublicKey)20 Signature (java.security.Signature)13 ByteArrayInputStream (java.io.ByteArrayInputStream)12 BigInteger (java.math.BigInteger)11 CertificateException (java.security.cert.CertificateException)10 X509Certificate (java.security.cert.X509Certificate)10 EncodedKeySpec (java.security.spec.EncodedKeySpec)10 SecretKey (javax.crypto.SecretKey)9 KeyPair (java.security.KeyPair)8 ECPublicKey (java.security.interfaces.ECPublicKey)8 EncryptionException (edu.umass.cs.gnscommon.exceptions.client.EncryptionException)7