Search in sources :

Example 26 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project robovm by robovm.

the class PBEKeySpecTest method testClearPassword.

/**
     * clearPassword() method testing. Tests that internal copy of password
     * is cleared after the method call.
     */
public void testClearPassword() {
    char[] password = new char[] { '1', '2', '3', '4', '5' };
    PBEKeySpec pbeks = new PBEKeySpec(password);
    pbeks.clearPassword();
    try {
        pbeks.getPassword();
        fail("An IllegalStateException should be was thrown " + "after the clearing the password.");
    } catch (IllegalStateException e) {
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec)

Example 27 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project robovm by robovm.

the class PBEKeySpecTest method testPBEKeySpec1.

/**
     * PBEKeySpec(char[] password) method testing. Tests the behavior of
     * the method in the case of null input char array and tests that input
     * array is copied during the object initialization.
     */
public void testPBEKeySpec1() {
    try {
        PBEKeySpec pbeks = new PBEKeySpec(null);
        assertTrue("An empty char[] should be used in case of null " + "char array.", pbeks.getPassword().length == 0);
    } catch (NullPointerException e) {
        fail("Unexpected NullPointerException was thrown.");
    }
    char[] password = new char[] { '1', '2', '3', '4', '5' };
    PBEKeySpec pbeks = new PBEKeySpec(password);
    password[0]++;
    assertFalse("The change of password specified in the constructor " + "should not cause the change of internal array.", password[0] == pbeks.getPassword()[0]);
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec)

Example 28 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project robovm by robovm.

the class PKCS12KeyStoreSpi method unwrapKey.

protected PrivateKey unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException {
    ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
    try {
        if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) {
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
            PBEKeySpec pbeSpec = new PBEKeySpec(password);
            PrivateKey out;
            SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm.getId(), bcProvider);
            PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
            SecretKey k = keyFact.generateSecret(pbeSpec);
            ((BCPBEKey) k).setTryWrongPKCS12Zero(wrongPKCS12Zero);
            Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider);
            cipher.init(Cipher.UNWRAP_MODE, k, defParams);
            // we pass "" as the key algorithm type as it is unknown at this point
            return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
        } else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) {
            PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters());
            PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
            SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider);
            SecretKey k = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), SecretKeyUtil.getKeySize(alg.getEncryptionScheme().getAlgorithm())));
            Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId(), bcProvider);
            cipher.init(Cipher.UNWRAP_MODE, k, new IvParameterSpec(ASN1OctetString.getInstance(alg.getEncryptionScheme().getParameters()).getOctets()));
            // we pass "" as the key algorithm type as it is unknown at this point
            return (PrivateKey) cipher.unwrap(data, "", Cipher.PRIVATE_KEY);
        }
    } catch (Exception e) {
        throw new IOException("exception unwrapping private key - " + e.toString());
    }
    throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm);
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) PBES2Parameters(org.bouncycastle.asn1.pkcs.PBES2Parameters) PrivateKey(java.security.PrivateKey) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SecretKey(javax.crypto.SecretKey) PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams) BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey) PBKDF2Params(org.bouncycastle.asn1.pkcs.PBKDF2Params) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) SecretKeyFactory(javax.crypto.SecretKeyFactory) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 29 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project robovm by robovm.

the class PKCS12KeyStoreSpi method calculatePbeMac.

private static byte[] calculatePbeMac(ASN1ObjectIdentifier oid, byte[] salt, int itCount, char[] password, boolean wrongPkcs12Zero, byte[] data) throws Exception {
    SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider);
    PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
    PBEKeySpec pbeSpec = new PBEKeySpec(password);
    BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
    key.setTryWrongPKCS12Zero(wrongPkcs12Zero);
    Mac mac = Mac.getInstance(oid.getId(), bcProvider);
    mac.init(key, defParams);
    mac.update(data);
    return mac.doFinal();
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) Mac(javax.crypto.Mac)

Example 30 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project robovm by robovm.

the class PKCS12KeyStoreSpi method cryptData.

protected byte[] cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException {
    String algorithm = algId.getAlgorithm().getId();
    PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
    PBEKeySpec pbeSpec = new PBEKeySpec(password);
    try {
        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider);
        PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());
        BCPBEKey key = (BCPBEKey) keyFact.generateSecret(pbeSpec);
        key.setTryWrongPKCS12Zero(wrongPKCS12Zero);
        Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
        int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
        cipher.init(mode, key, defParams);
        return cipher.doFinal(data);
    } catch (Exception e) {
        throw new IOException("exception decrypting data - " + e.toString());
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) PKCS12PBEParams(org.bouncycastle.asn1.pkcs.PKCS12PBEParams) BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DEROctetString(org.bouncycastle.asn1.DEROctetString) BEROctetString(org.bouncycastle.asn1.BEROctetString) Cipher(javax.crypto.Cipher) IOException(java.io.IOException) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException)

Aggregations

PBEKeySpec (javax.crypto.spec.PBEKeySpec)249 SecretKeyFactory (javax.crypto.SecretKeyFactory)190 SecretKey (javax.crypto.SecretKey)118 Cipher (javax.crypto.Cipher)82 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)73 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)63 KeySpec (java.security.spec.KeySpec)59 PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)59 SecretKeySpec (javax.crypto.spec.SecretKeySpec)49 IOException (java.io.IOException)25 KeyStoreException (java.security.KeyStoreException)23 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)22 EncryptedPrivateKeyInfo (javax.crypto.EncryptedPrivateKeyInfo)17 CertificateException (java.security.cert.CertificateException)15 GeneralSecurityException (java.security.GeneralSecurityException)14 UnrecoverableKeyException (java.security.UnrecoverableKeyException)14 AlgorithmParameters (java.security.AlgorithmParameters)13 Key (java.security.Key)13 KeyStore (java.security.KeyStore)13 InvalidKeyException (java.security.InvalidKeyException)12