Examples with DHKey javax.crypto.interfaces.DHKey used on opensource projects

Search in sources :

Example 1 with DHKey

use of javax.crypto.interfaces.DHKey in project XobotOS by xamarin.

the class ClientHandshakeImpl method processServerHelloDone.

/**
     * Processes ServerHelloDone: makes verification of the server messages; sends
     * client messages, computers masterSecret, sends ChangeCipherSpec
     */
void processServerHelloDone() {
    PrivateKey clientKey = null;
    if (serverCert != null) {
        if (session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
        verifyServerCert();
    } else {
        if (!session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
    }
    // Client certificate
    if (certificateRequest != null) {
        X509Certificate[] certs = null;
        // obtain certificates from key manager
        String alias = null;
        String[] certTypes = certificateRequest.getTypesAsString();
        X500Principal[] issuers = certificateRequest.certificate_authorities;
        X509KeyManager km = parameters.getKeyManager();
        if (km instanceof X509ExtendedKeyManager) {
            X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
            if (this.socketOwner != null) {
                alias = ekm.chooseClientAlias(certTypes, issuers, this.socketOwner);
            } else {
                alias = ekm.chooseEngineClientAlias(certTypes, issuers, this.engineOwner);
            }
            if (alias != null) {
                certs = ekm.getCertificateChain(alias);
            }
        } else {
            alias = km.chooseClientAlias(certTypes, issuers, this.socketOwner);
            if (alias != null) {
                certs = km.getCertificateChain(alias);
            }
        }
        session.localCertificates = certs;
        clientCert = new CertificateMessage(certs);
        clientKey = km.getPrivateKey(alias);
        send(clientCert);
    }
    // Client key exchange
    if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
        // RSA encrypted premaster secret message
        Cipher c;
        try {
            c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            if (serverKeyExchange != null) {
                c.init(Cipher.ENCRYPT_MODE, serverKeyExchange.getRSAPublicKey());
            } else {
                c.init(Cipher.ENCRYPT_MODE, serverCert.certs[0]);
            }
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
        preMasterSecret = new byte[48];
        parameters.getSecureRandom().nextBytes(preMasterSecret);
        System.arraycopy(clientHello.client_version, 0, preMasterSecret, 0, 2);
        try {
            clientKeyExchange = new ClientKeyExchange(c.doFinal(preMasterSecret), serverHello.server_version[1] == 1);
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
    } else {
        try {
            KeyFactory kf = KeyFactory.getInstance("DH");
            KeyAgreement agreement = KeyAgreement.getInstance("DH");
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
            PublicKey serverPublic;
            DHParameterSpec spec;
            if (serverKeyExchange != null) {
                serverPublic = kf.generatePublic(new DHPublicKeySpec(serverKeyExchange.par3, serverKeyExchange.par1, serverKeyExchange.par2));
                spec = new DHParameterSpec(serverKeyExchange.par1, serverKeyExchange.par2);
            } else {
                serverPublic = serverCert.certs[0].getPublicKey();
                spec = ((DHPublicKey) serverPublic).getParams();
            }
            kpg.initialize(spec);
            KeyPair kp = kpg.generateKeyPair();
            Key key = kp.getPublic();
            if (clientCert != null && serverCert != null && (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS)) {
                PublicKey client_pk = clientCert.certs[0].getPublicKey();
                PublicKey server_pk = serverCert.certs[0].getPublicKey();
                if (client_pk instanceof DHKey && server_pk instanceof DHKey) {
                    if (((DHKey) client_pk).getParams().getG().equals(((DHKey) server_pk).getParams().getG()) && ((DHKey) client_pk).getParams().getP().equals(((DHKey) server_pk).getParams().getG())) {
                        // client cert message DH public key parameters
                        // matched those specified by the
                        //   server in its certificate,
                        // empty
                        clientKeyExchange = new ClientKeyExchange();
                    }
                }
            } else {
                clientKeyExchange = new ClientKeyExchange(((DHPublicKey) key).getY());
            }
            key = kp.getPrivate();
            agreement.init(key);
            agreement.doPhase(serverPublic, true);
            preMasterSecret = agreement.generateSecret();
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
    }
    if (clientKeyExchange != null) {
        send(clientKeyExchange);
    }
    computerMasterSecret();
    // fixed DH parameters
    if (clientCert != null && !clientKeyExchange.isEmpty()) {
        // Certificate verify
        String authType = clientKey.getAlgorithm();
        DigitalSignature ds = new DigitalSignature(authType);
        ds.init(clientKey);
        if ("RSA".equals(authType)) {
            ds.setMD5(io_stream.getDigestMD5());
            ds.setSHA(io_stream.getDigestSHA());
        } else if ("DSA".equals(authType)) {
            ds.setSHA(io_stream.getDigestSHA());
        // The Signature should be empty in case of anonymous signature algorithm:
        // } else if ("DH".equals(authType)) {
        }
        certificateVerify = new CertificateVerify(ds.sign());
        send(certificateVerify);
    }
    sendChangeCipherSpec();
}
Also used : PrivateKey(java.security.PrivateKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) DHParameterSpec(javax.crypto.spec.DHParameterSpec) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) X509KeyManager(javax.net.ssl.X509KeyManager) DHKey(javax.crypto.interfaces.DHKey) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory) KeyPair(java.security.KeyPair) PublicKey(java.security.PublicKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X500Principal(javax.security.auth.x500.X500Principal) Cipher(javax.crypto.Cipher) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec) PublicKey(java.security.PublicKey) Key(java.security.Key) DHKey(javax.crypto.interfaces.DHKey) PrivateKey(java.security.PrivateKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey)

Example 2 with DHKey

use of javax.crypto.interfaces.DHKey in project jdk8u_jdk by JetBrains.

the class KeyUtil method getKeySize.

/**
     * Returns the key size of the given key object in bits.
     *
     * @param key the key object, cannot be null
     * @return the key size of the given key object in bits, or -1 if the
     *       key size is not accessible
     */
public static final int getKeySize(Key key) {
    int size = -1;
    if (key instanceof Length) {
        try {
            Length ruler = (Length) key;
            size = ruler.length();
        } catch (UnsupportedOperationException usoe) {
        // ignore the exception
        }
        if (size >= 0) {
            return size;
        }
    }
    // try to parse the length from key specification
    if (key instanceof SecretKey) {
        SecretKey sk = (SecretKey) key;
        String format = sk.getFormat();
        if ("RAW".equals(format) && sk.getEncoded() != null) {
            size = (sk.getEncoded().length * 8);
        }
    // Otherwise, it may be a unextractable key of PKCS#11, or
    // a key we are not able to handle.
    } else if (key instanceof RSAKey) {
        RSAKey pubk = (RSAKey) key;
        size = pubk.getModulus().bitLength();
    } else if (key instanceof ECKey) {
        ECKey pubk = (ECKey) key;
        size = pubk.getParams().getOrder().bitLength();
    } else if (key instanceof DSAKey) {
        DSAKey pubk = (DSAKey) key;
        // params can be null
        DSAParams params = pubk.getParams();
        size = (params != null) ? params.getP().bitLength() : -1;
    } else if (key instanceof DHKey) {
        DHKey pubk = (DHKey) key;
        size = pubk.getParams().getP().bitLength();
    }
    return size;
}
Also used : SecretKey(javax.crypto.SecretKey) RSAKey(java.security.interfaces.RSAKey) DSAKey(java.security.interfaces.DSAKey) ECKey(java.security.interfaces.ECKey) DSAParams(java.security.interfaces.DSAParams) DHKey(javax.crypto.interfaces.DHKey)

Aggregations

DHKey (javax.crypto.interfaces.DHKey)2 IOException (java.io.IOException)1 Key (java.security.Key)1 KeyFactory (java.security.KeyFactory)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 DSAKey (java.security.interfaces.DSAKey)1 DSAParams (java.security.interfaces.DSAParams)1 ECKey (java.security.interfaces.ECKey)1 RSAKey (java.security.interfaces.RSAKey)1 Cipher (javax.crypto.Cipher)1 KeyAgreement (javax.crypto.KeyAgreement)1 SecretKey (javax.crypto.SecretKey)1 DHPublicKey (javax.crypto.interfaces.DHPublicKey)1 DHParameterSpec (javax.crypto.spec.DHParameterSpec)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial