Example 1 with EdDSAKey
use of org.bouncycastle.jcajce.interfaces.EdDSAKey in project xipki by xipki.
the class KeypairWithCert method fromKeystore.
public static KeypairWithCert fromKeystore(KeyStore keystore, String keyname, char[] keyPassword, X509Cert[] certchain) throws XiSecurityException {
notNull(keyPassword, "keyPassword");
try {
String tmpKeyname = keyname;
if (tmpKeyname == null) {
Enumeration<String> aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keystore.isKeyEntry(alias)) {
tmpKeyname = alias;
break;
}
}
} else {
if (!keystore.isKeyEntry(tmpKeyname)) {
throw new XiSecurityException("unknown key named " + tmpKeyname);
}
}
PrivateKey key = (PrivateKey) keystore.getKey(tmpKeyname, keyPassword);
if (!(key instanceof RSAPrivateKey || key instanceof DSAPrivateKey || key instanceof ECPrivateKey || key instanceof EdDSAKey || key instanceof XDHKey)) {
throw new XiSecurityException("unsupported key " + key.getClass().getName());
}
Set<X509Cert> caCerts = new HashSet<>();
X509Cert cert;
if (certchain != null && certchain.length > 0) {
cert = certchain[0];
final int n = certchain.length;
if (n > 1) {
caCerts.addAll(Arrays.asList(certchain).subList(1, n));
}
} else {
cert = new X509Cert((X509Certificate) keystore.getCertificate(tmpKeyname));
}
Certificate[] certsInKeystore = keystore.getCertificateChain(tmpKeyname);
if (certsInKeystore.length > 1) {
for (int i = 1; i < certsInKeystore.length; i++) {
caCerts.add(new X509Cert((X509Certificate) certsInKeystore[i]));
}
}
X509Cert[] certificateChain = X509Util.buildCertPath(cert, caCerts);
return new KeypairWithCert(key, certificateChain);
} catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | ClassCastException | CertPathBuilderException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
XDHKey(org.bouncycastle.jcajce.interfaces.XDHKey)
X509Certificate(java.security.cert.X509Certificate)
XiSecurityException(org.xipki.security.XiSecurityException)
EdDSAKey(org.bouncycastle.jcajce.interfaces.EdDSAKey)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
X509Cert(org.xipki.security.X509Cert)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
HashSet(java.util.HashSet)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 2 with EdDSAKey
use of org.bouncycastle.jcajce.interfaces.EdDSAKey in project xipki by xipki.
the class P12KeyGenerator method getContentSigner.
// method generateIdentity
private static ContentSigner getContentSigner(PrivateKey key, PublicKey publicKey) throws Exception {
if (key instanceof XDHKey) {
String algorithm = key.getAlgorithm();
ASN1ObjectIdentifier curveOid = EdECConstants.getCurveOid(algorithm);
if (curveOid == null || !EdECConstants.isMontgomeryCurve(curveOid)) {
throw new InvalidKeyException("unknown XDH key algorithm " + algorithm);
}
Signature signer = Signature.getInstance("EdDSA", "BC");
// Just dummy: signature created by the signKey cannot be verified by the public key.
PrivateKey signKey = KeyUtil.convertXDHToDummyEdDSAPrivateKey(key);
return new SignatureSigner(new AlgorithmIdentifier(curveOid), signer, signKey);
}
P12ContentSignerBuilder builder = new P12ContentSignerBuilder(key, publicKey);
SignAlgo algo;
if (key instanceof RSAPrivateKey) {
algo = SignAlgo.RSA_SHA256;
} else if (key instanceof DSAPrivateKey) {
algo = SignAlgo.DSA_SHA256;
} else if (key instanceof ECPrivateKey) {
if (GMUtil.isSm2primev2Curve(((ECPublicKey) publicKey).getParams().getCurve())) {
algo = SignAlgo.SM2_SM3;
} else {
int keysize = ((ECPrivateKey) key).getParams().getOrder().bitLength();
if (keysize > 384) {
algo = SignAlgo.ECDSA_SHA512;
} else if (keysize > 256) {
algo = SignAlgo.ECDSA_SHA384;
} else if (keysize > 160) {
algo = SignAlgo.ECDSA_SHA256;
} else {
algo = SignAlgo.ECDSA_SHA1;
}
}
} else if (key instanceof EdDSAKey) {
String algorithm = key.getAlgorithm();
ASN1ObjectIdentifier curveOid = EdECConstants.getCurveOid(algorithm);
if (EdECConstants.id_ED25519.equals(curveOid)) {
algo = SignAlgo.ED25519;
} else if (EdECConstants.id_ED448.equals(curveOid)) {
algo = SignAlgo.ED448;
} else {
throw new IllegalArgumentException("unknown EdDSA key algorithm " + algorithm);
}
} else {
throw new IllegalArgumentException("unknown type of key " + key.getClass().getName());
}
return builder.createSigner(algo, 1, null).borrowSigner().value();
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
ECPrivateKey(java.security.interfaces.ECPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
XDHKey(org.bouncycastle.jcajce.interfaces.XDHKey)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
ECPublicKey(java.security.interfaces.ECPublicKey)
EdDSAKey(org.bouncycastle.jcajce.interfaces.EdDSAKey)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 3 with EdDSAKey
use of org.bouncycastle.jcajce.interfaces.EdDSAKey in project xipki by xipki.
the class KeyUtil method createSubjectPublicKeyInfo.
// method generatePublicKeyParameter
public static SubjectPublicKeyInfo createSubjectPublicKeyInfo(PublicKey publicKey) throws InvalidKeyException {
notNull(publicKey, "publicKey");
if (publicKey instanceof DSAPublicKey) {
DSAPublicKey dsaPubKey = (DSAPublicKey) publicKey;
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(dsaPubKey.getParams().getP()));
vec.add(new ASN1Integer(dsaPubKey.getParams().getQ()));
vec.add(new ASN1Integer(dsaPubKey.getParams().getG()));
ASN1Sequence dssParams = new DERSequence(vec);
try {
return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, dssParams), new ASN1Integer(dsaPubKey.getY()));
} catch (IOException ex) {
throw new InvalidKeyException(ex.getMessage(), ex);
}
} else if (publicKey instanceof RSAPublicKey) {
RSAPublicKey rsaPubKey = (RSAPublicKey) publicKey;
try {
return new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(rsaPubKey.getModulus(), rsaPubKey.getPublicExponent()));
} catch (IOException ex) {
throw new InvalidKeyException(ex.getMessage(), ex);
}
} else if (publicKey instanceof ECPublicKey) {
ECPublicKey ecPubKey = (ECPublicKey) publicKey;
ECParameterSpec paramSpec = ecPubKey.getParams();
ASN1ObjectIdentifier curveOid = detectCurveOid(paramSpec);
if (curveOid == null) {
throw new InvalidKeyException("Cannot find namedCurve of the given private key");
}
java.security.spec.ECPoint pointW = ecPubKey.getW();
BigInteger wx = pointW.getAffineX();
if (wx.signum() != 1) {
throw new InvalidKeyException("Wx is not positive");
}
BigInteger wy = pointW.getAffineY();
if (wy.signum() != 1) {
throw new InvalidKeyException("Wy is not positive");
}
int keysize = (paramSpec.getOrder().bitLength() + 7) / 8;
byte[] wxBytes = BigIntegers.asUnsignedByteArray(keysize, wx);
byte[] wyBytes = BigIntegers.asUnsignedByteArray(keysize, wy);
byte[] pubKey = new byte[1 + keysize * 2];
// uncompressed
pubKey[0] = 4;
System.arraycopy(wxBytes, 0, pubKey, 1, keysize);
System.arraycopy(wyBytes, 0, pubKey, 1 + keysize, keysize);
AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, curveOid);
return new SubjectPublicKeyInfo(algId, pubKey);
} else if (publicKey instanceof XDHKey || publicKey instanceof EdDSAKey) {
String algorithm = publicKey.getAlgorithm().toUpperCase();
byte[] encoded = publicKey.getEncoded();
int keysize;
byte[] prefix;
ASN1ObjectIdentifier algOid;
switch(algorithm) {
case EdECConstants.ED25519:
algOid = EdECConstants.id_ED25519;
keysize = 32;
prefix = Ed25519Prefix;
break;
case EdECConstants.X25519:
algOid = EdECConstants.id_X25519;
keysize = 32;
prefix = x25519Prefix;
break;
case EdECConstants.ED448:
algOid = EdECConstants.id_ED448;
keysize = 57;
prefix = Ed448Prefix;
break;
case EdECConstants.X448:
algOid = EdECConstants.id_X448;
keysize = 56;
prefix = x448Prefix;
break;
default:
throw new IllegalArgumentException("invalid algorithm " + algorithm);
}
if (encoded.length != prefix.length + keysize) {
throw new IllegalArgumentException("invalid encoded PublicKey");
}
if (!CompareUtil.areEqual(encoded, 0, prefix, 0, prefix.length)) {
throw new IllegalArgumentException("invalid encoded PublicKey");
}
byte[] keyData = Arrays.copyOfRange(encoded, prefix.length, prefix.length + keysize);
AlgorithmIdentifier algId = new AlgorithmIdentifier(algOid);
return new SubjectPublicKeyInfo(algId, keyData);
} else {
throw new InvalidKeyException("unknown publicKey class " + publicKey.getClass().getName());
}
}
Also used :
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
java.security.spec(java.security.spec)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
org.bouncycastle.asn1(org.bouncycastle.asn1)
XDHKey(org.bouncycastle.jcajce.interfaces.XDHKey)
IOException(java.io.IOException)
EdDSAKey(org.bouncycastle.jcajce.interfaces.EdDSAKey)
BigInteger(java.math.BigInteger)
Example 4 with EdDSAKey
use of org.bouncycastle.jcajce.interfaces.EdDSAKey in project xipki by xipki.
the class P11ContentSignerBuilder method createSigner.
// constructor
public ConcurrentContentSigner createSigner(SignAlgo signAlgo, int parallelism) throws XiSecurityException, P11TokenException {
positive(parallelism, "parallelism");
List<XiContentSigner> signers = new ArrayList<>(parallelism);
Boolean isSm2p256v1 = null;
for (int i = 0; i < parallelism; i++) {
XiContentSigner signer;
if (publicKey instanceof RSAPublicKey) {
signer = createRSAContentSigner(signAlgo);
} else if (publicKey instanceof ECPublicKey) {
ECPublicKey ecKey = (ECPublicKey) publicKey;
if (i == 0) {
isSm2p256v1 = GMUtil.isSm2primev2Curve(ecKey.getParams().getCurve());
}
if (isSm2p256v1) {
java.security.spec.ECPoint w = ecKey.getW();
signer = createSM2ContentSigner(signAlgo, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
} else {
signer = createECContentSigner(signAlgo);
}
} else if (publicKey instanceof DSAPublicKey) {
signer = createDSAContentSigner(signAlgo);
} else if (publicKey instanceof EdDSAKey) {
signer = createEdDSAContentSigner(signAlgo);
} else {
throw new XiSecurityException("unsupported key " + publicKey.getClass().getName());
}
signers.add(signer);
}
// end for
final boolean mac = false;
PrivateKey privateKey = new P11PrivateKey(cryptService, identityId);
DfltConcurrentContentSigner concurrentSigner;
try {
concurrentSigner = new DfltConcurrentContentSigner(mac, signers, privateKey);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
if (certificateChain != null) {
concurrentSigner.setCertificateChain(certificateChain);
} else {
concurrentSigner.setPublicKey(publicKey);
}
return concurrentSigner;
}
Also used :
PrivateKey(java.security.PrivateKey)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
org.xipki.security(org.xipki.security)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
EdDSAKey(org.bouncycastle.jcajce.interfaces.EdDSAKey)
Example 5 with EdDSAKey
use of org.bouncycastle.jcajce.interfaces.EdDSAKey in project xipki by xipki.
the class EmulatorP11Identity method init.
private synchronized void init() throws P11TokenException {
if (initialized) {
return;
}
try {
if (this.publicKey instanceof RSAPublicKey) {
String providerName = "BC";
LOG.info("use provider {}", providerName);
for (int i = 0; i < maxSessions; i++) {
Cipher rsaCipher;
try {
final String algo = "RSA/ECB/NoPadding";
rsaCipher = Cipher.getInstance(algo, providerName);
LOG.info("use cipher algorithm {}", algo);
} catch (NoSuchPaddingException ex) {
throw new P11TokenException("NoSuchPadding", ex);
} catch (NoSuchAlgorithmException ex) {
final String algo = "RSA/NONE/NoPadding";
try {
rsaCipher = Cipher.getInstance(algo, providerName);
LOG.info("use cipher algorithm {}", algo);
} catch (NoSuchPaddingException e1) {
throw new P11TokenException("NoSuchPadding", ex);
}
}
rsaCipher.init(Cipher.ENCRYPT_MODE, signingKey);
rsaCiphers.add(new ConcurrentBagEntry<>(rsaCipher));
}
} else {
String algorithm;
if (this.publicKey instanceof ECPublicKey) {
boolean sm2curve = GMUtil.isSm2primev2Curve(((ECPublicKey) this.publicKey).getParams().getCurve());
algorithm = sm2curve ? null : "NONEwithECDSA";
} else if (this.publicKey instanceof DSAPublicKey) {
algorithm = "NONEwithDSA";
} else if (this.publicKey instanceof EdDSAKey) {
algorithm = null;
} else if (this.publicKey instanceof XDHKey) {
algorithm = null;
} else {
throw new P11TokenException("Currently only RSA, DSA, EC, EC Edwards and EC " + "Montgomery public key are supported, but not " + this.publicKey.getAlgorithm() + " (class: " + this.publicKey.getClass().getName() + ")");
}
if (algorithm != null) {
for (int i = 0; i < maxSessions; i++) {
Signature dsaSignature = Signature.getInstance(algorithm, "BC");
dsaSignature.initSign((PrivateKey) signingKey, random);
dsaSignatures.add(new ConcurrentBagEntry<>(dsaSignature));
}
} else if (this.publicKey instanceof EdDSAKey) {
algorithm = this.publicKey.getAlgorithm();
for (int i = 0; i < maxSessions; i++) {
Signature signature = Signature.getInstance(algorithm, "BC");
signature.initSign((PrivateKey) signingKey);
eddsaSignatures.add(new ConcurrentBagEntry<>(signature));
}
} else if (this.publicKey instanceof XDHKey) {
// do nothing. not suitable for sign.
} else {
for (int i = 0; i < maxSessions; i++) {
SM2Signer sm2signer = new SM2Signer(ECUtil.generatePrivateKeyParameter((PrivateKey) signingKey));
sm2Signers.add(new ConcurrentBagEntry<>(sm2signer));
}
}
}
} catch (GeneralSecurityException ex) {
throw new P11TokenException(ex);
} finally {
initialized = true;
}
}
Also used :
ConcurrentBagEntry(org.xipki.util.concurrent.ConcurrentBagEntry)
XDHKey(org.bouncycastle.jcajce.interfaces.XDHKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
EdDSAKey(org.bouncycastle.jcajce.interfaces.EdDSAKey)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
Aggregations
EdDSAKey (org.bouncycastle.jcajce.interfaces.EdDSAKey)6
XDHKey (org.bouncycastle.jcajce.interfaces.XDHKey)5
ECPublicKey (java.security.interfaces.ECPublicKey)3
IOException (java.io.IOException)2
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)2
DSAPublicKey (java.security.interfaces.DSAPublicKey)2
ECPrivateKey (java.security.interfaces.ECPrivateKey)2
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
RSAPublicKey (java.security.interfaces.RSAPublicKey)2
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)2
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)2
File (java.io.File)1
BigInteger (java.math.BigInteger)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PrivateKey (java.security.PrivateKey)1
CertPathBuilderException (java.security.cert.CertPathBuilderException)1
Certificate (java.security.cert.Certificate)1
X509Certificate (java.security.cert.X509Certificate)1
java.security.spec (java.security.spec)1
