Examples with SigningPrivateKey net.i2p.data.SigningPrivateKey used on opensource projects

Example 21 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class SelfSignedGenerator method generate.

/**
 *  @param cname the common name, non-null. Must be a hostname or email address. IP addresses will not be correctly encoded.
 *  @param altNames the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses.
 *                  cname, localhost, 127.0.0.1, and ::1 will be automatically added.
 *  @param ou The OU (organizational unit) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
 *  @param o The O (organization)in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
 *  @param l The L (city or locality) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
 *  @param st The ST (state or province) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
 *  @param c The C (country) in the distinguished name, non-null before 0.9.28, may be null as of 0.9.28
 *
 *  @return length 4 array:
 *  rv[0] is a Java PublicKey
 *  rv[1] is a Java PrivateKey
 *  rv[2] is a Java X509Certificate
 *  rv[3] is a Java X509CRL
 *
 *  @since 0.9.34 added altNames param
 */
public static Object[] generate(String cname, Set<String> altNames, String ou, String o, String l, String st, String c, int validDays, SigType type) throws GeneralSecurityException {
    SimpleDataStructure[] keys = KeyGenerator.getInstance().generateSigningKeys(type);
    SigningPublicKey pub = (SigningPublicKey) keys[0];
    SigningPrivateKey priv = (SigningPrivateKey) keys[1];
    PublicKey jpub = SigUtil.toJavaKey(pub);
    PrivateKey jpriv = SigUtil.toJavaKey(priv);
    return generate(jpub, jpriv, priv, type, cname, altNames, ou, o, l, st, c, validDays);
}

Example 22 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class SelfSignedGenerator method generateCRL.

/**
 *  Generate a CRL for the given cert, signed with the given private key
 */
private static X509CRL generateCRL(X509Certificate cert, int validDays, int crlNum, byte[] sigoid, PrivateKey jpriv) throws GeneralSecurityException {
    SigningPrivateKey priv = SigUtil.fromJavaKey(jpriv);
    byte[] tbs = genTBSCRL(cert, validDays, crlNum, sigoid);
    int tbslen = tbs.length;
    Signature sig = DSAEngine.getInstance().sign(tbs, priv);
    if (sig == null)
        throw new GeneralSecurityException("sig failed");
    byte[] sigbytes = SigUtil.toJavaSig(sig);
    int seqlen = tbslen + sigoid.length + spaceFor(sigbytes.length + 1);
    int totlen = spaceFor(seqlen);
    byte[] cb = new byte[totlen];
    int idx = 0;
    // construct the whole encoded cert
    cb[idx++] = 0x30;
    idx = intToASN1(cb, idx, seqlen);
    // TBS cert
    System.arraycopy(tbs, 0, cb, idx, tbs.length);
    idx += tbs.length;
    // sig algo
    System.arraycopy(sigoid, 0, cb, idx, sigoid.length);
    idx += sigoid.length;
    // sig (bit string)
    cb[idx++] = 0x03;
    idx = intToASN1(cb, idx, sigbytes.length + 1);
    cb[idx++] = 0;
    System.arraycopy(sigbytes, 0, cb, idx, sigbytes.length);
    /**
     **
     *        if (DEBUG) {
     *            System.out.println("CRL Sig OID");
     *            System.out.println(HexDump.dump(sigoid));
     *            System.out.println("CRL Signature");
     *            System.out.println(HexDump.dump(sigbytes));
     *            System.out.println("Whole CRL");
     *            System.out.println(HexDump.dump(cb));
     *        }
     ***
     */
    ByteArrayInputStream bais = new ByteArrayInputStream(cb);
    X509CRL rv;
    try {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        // wow, unlike for x509Certificates, there's no validation here at all
        // ASN.1 errors don't cause any exceptions
        rv = (X509CRL) cf.generateCRL(bais);
    } catch (IllegalArgumentException iae) {
        throw new GeneralSecurityException("cert error", iae);
    }
    return rv;
}

Example 23 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class CreateLeaseSetMessage method doReadMessage.

@Override
protected void doReadMessage(InputStream in, int size) throws I2CPMessageException, IOException {
    try {
        _sessionId = new SessionId();
        _sessionId.readBytes(in);
        // Revocation is unimplemented.
        // As the SPK comes before the LeaseSet, we don't know the key type.
        // We could have some sort of callback or state setting so we get the
        // expected type from the session. But for now, we just assume it's 20 bytes.
        // Clients outside router context should throw in a dummy 20 bytes.
        _signingPrivateKey = new SigningPrivateKey();
        _signingPrivateKey.readBytes(in);
        _privateKey = new PrivateKey();
        _privateKey.readBytes(in);
        _leaseSet = new LeaseSet();
        _leaseSet.readBytes(in);
    } catch (DataFormatException dfe) {
        throw new I2CPMessageException("Error reading the CreateLeaseSetMessage", dfe);
    }
}

Example 24 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class TunnelController method createAltPrivateKey.

/**
 * Creates alternate Destination with the same encryption keys as the primary Destination,
 * but a different signing key.
 *
 * Must have already called createPrivateKey() successfully.
 * Does nothing unless option OPT_ALT_PKF is set with the privkey file name.
 * Does nothing if the file already exists.
 *
 * @return success
 * @since 0.9.30
 */
private boolean createAltPrivateKey() {
    if (PREFERRED_SIGTYPE == SigType.DSA_SHA1)
        return false;
    File keyFile = getPrivateKeyFile();
    if (keyFile == null)
        return false;
    if (!keyFile.exists())
        return false;
    File altFile = getAlternatePrivateKeyFile();
    if (altFile == null)
        return false;
    if (altFile.equals(keyFile))
        return false;
    if (altFile.exists())
        return true;
    PrivateKeyFile pkf = new PrivateKeyFile(keyFile);
    FileOutputStream out = null;
    try {
        Destination dest = pkf.getDestination();
        if (dest == null)
            return false;
        if (dest.getSigType() != SigType.DSA_SHA1)
            return false;
        PublicKey pub = dest.getPublicKey();
        PrivateKey priv = pkf.getPrivKey();
        SimpleDataStructure[] signingKeys = KeyGenerator.getInstance().generateSigningKeys(PREFERRED_SIGTYPE);
        SigningPublicKey signingPubKey = (SigningPublicKey) signingKeys[0];
        SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeys[1];
        KeyCertificate cert = new KeyCertificate(signingPubKey);
        Destination d = new Destination();
        d.setPublicKey(pub);
        d.setSigningPublicKey(signingPubKey);
        d.setCertificate(cert);
        int len = signingPubKey.length();
        if (len < 128) {
            byte[] pad = new byte[128 - len];
            RandomSource.getInstance().nextBytes(pad);
            d.setPadding(pad);
        } else if (len > 128) {
        // copy of excess data handled in KeyCertificate constructor
        }
        out = new SecureFileOutputStream(altFile);
        d.writeBytes(out);
        priv.writeBytes(out);
        signingPrivKey.writeBytes(out);
        try {
            out.close();
        } catch (IOException ioe) {
        }
        String destStr = d.toBase64();
        log("Alternate private key created and saved in " + altFile.getAbsolutePath());
        log("You should backup this file in a secure place.");
        log("New alternate destination: " + destStr);
        String b32 = d.toBase32();
        log("Base32: " + b32);
        File backupDir = new SecureFile(I2PAppContext.getGlobalContext().getConfigDir(), KEY_BACKUP_DIR);
        if (backupDir.isDirectory() || backupDir.mkdir()) {
            String name = b32 + '-' + I2PAppContext.getGlobalContext().clock().now() + ".dat";
            File backup = new File(backupDir, name);
            if (FileUtil.copy(altFile, backup, false, true)) {
                SecureFileOutputStream.setPerms(backup);
                log("Alternate private key backup saved to " + backup.getAbsolutePath());
            }
        }
        return true;
    } catch (GeneralSecurityException e) {
        log("Error creating keys " + e);
        return false;
    } catch (I2PSessionException e) {
        log("Error creating keys " + e);
        return false;
    } catch (I2PException e) {
        log("Error creating keys " + e);
        return false;
    } catch (IOException e) {
        log("Error creating keys " + e);
        return false;
    } catch (RuntimeException e) {
        log("Error creating keys " + e);
        return false;
    } finally {
        if (out != null)
            try {
                out.close();
            } catch (IOException ioe) {
            }
    }
}

Example 25 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class LoadRouterInfoJob method readKeyData.

/**
 *  @param rkf1 in router.keys format, tried second
 *  @param rkf2 in eepPriv.dat format, tried first
 *  @return non-null, throws IOE if neither exisits
 *  @since 0.9.16
 */
public static KeyData readKeyData(File rkf1, File rkf2) throws DataFormatException, IOException {
    RouterIdentity ri;
    PrivateKey privkey;
    SigningPrivateKey signingPrivKey;
    if (rkf2.exists()) {
        RouterPrivateKeyFile pkf = new RouterPrivateKeyFile(rkf2);
        ri = pkf.getRouterIdentity();
        if (!pkf.validateKeyPairs())
            throw new DataFormatException("Key pairs invalid");
        privkey = pkf.getPrivKey();
        signingPrivKey = pkf.getSigningPrivKey();
    } else {
        InputStream fis = null;
        try {
            fis = new BufferedInputStream(new FileInputStream(rkf1));
            privkey = new PrivateKey();
            privkey.readBytes(fis);
            signingPrivKey = new SigningPrivateKey();
            signingPrivKey.readBytes(fis);
            PublicKey pubkey = new PublicKey();
            pubkey.readBytes(fis);
            SigningPublicKey signingPubKey = new SigningPublicKey();
            signingPubKey.readBytes(fis);
            // validate
            try {
                if (!pubkey.equals(KeyGenerator.getPublicKey(privkey)))
                    throw new DataFormatException("Key pairs invalid");
                if (!signingPubKey.equals(KeyGenerator.getSigningPublicKey(signingPrivKey)))
                    throw new DataFormatException("Key pairs invalid");
            } catch (IllegalArgumentException iae) {
                throw new DataFormatException("Key pairs invalid", iae);
            }
            ri = new RouterIdentity();
            ri.setPublicKey(pubkey);
            ri.setSigningPublicKey(signingPubKey);
            ri.setCertificate(Certificate.NULL_CERT);
        } finally {
            if (fis != null)
                try {
                    fis.close();
                } catch (IOException ioe) {
                }
        }
    }
    return new KeyData(ri, privkey, signingPrivKey);
}