Example 1 with ECPublicKeySpec
use of org.bouncycastle.jce.spec.ECPublicKeySpec in project oxAuth by GluuFederation.
the class ECSigner method verifySignature.
@Deprecated
@Override
public boolean verifySignature(String signingInput, String signature) throws Exception {
if (Strings.isNullOrEmpty(signingInput)) {
return false;
}
if (Strings.isNullOrEmpty(signature)) {
return false;
}
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
BigInteger q = ((ECCurve.Fp) ecSpec.getCurve()).getQ();
ECFieldElement xFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getX());
ECFieldElement yFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getY());
ECPoint pointQ = new ECPoint.Fp(ecSpec.getCurve(), xFieldElement, yFieldElement);
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
Signature sig = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
sig.initVerify(publicKey);
sig.update(sigInBytes);
return sig.verify(sigBytes);
} catch (NoSuchAlgorithmException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (UnsupportedEncodingException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (SignatureException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (NoSuchProviderException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (InvalidKeyException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (InvalidKeySpecException e) {
throw new Exception("There was a problem in EC verifier", e);
}
}
Also used :
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ECPoint(org.bouncycastle.math.ec.ECPoint)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
BigInteger(java.math.BigInteger)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
ECFieldElement(org.bouncycastle.math.ec.ECFieldElement)
Example 2 with ECPublicKeySpec
use of org.bouncycastle.jce.spec.ECPublicKeySpec in project webofneeds by researchstudio-sat.
the class WonKeysReaderWriter method readFromModel.
private void readFromModel(final Model model, final Map<String, PublicKey> keys, Resource keyAgent) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
StmtIterator keyStmts = model.listStatements(keyAgent, CERT.KEY, RdfUtils.EMPTY_RDF_NODE);
// TODO replace if with while if we allow multiple keys
if (keyStmts.hasNext()) {
Statement statement = keyStmts.next();
keyAgent = statement.getSubject();
RDFNode keyObj = statement.getObject();
// pub key statements
NodeIterator ni = model.listObjectsOfProperty(keyObj.asResource(), CERT.PUBLIC_KEY);
if (ni.hasNext()) {
RDFNode eccKeyObj = ni.next();
// ECC pub key statements
StmtIterator eccPubKeyStmts = model.listStatements(eccKeyObj.asResource(), RDF.type, WONCRYPT.ECC_PUBLIC_KEY);
if (eccPubKeyStmts.hasNext()) {
// extract properties of ECC public key:
ni = model.listObjectsOfProperty(eccKeyObj.asResource(), WONCRYPT.ECC_ALGORITHM);
String algName = null;
String curveId = null;
String qx = null;
String qy = null;
if (ni.hasNext()) {
algName = ni.next().asLiteral().toString();
} else {
return;
}
ni = model.listObjectsOfProperty(eccKeyObj.asResource(), WONCRYPT.ECC_CURVE_ID);
if (ni.hasNext()) {
curveId = ni.next().asLiteral().toString();
} else {
return;
}
ni = model.listObjectsOfProperty(eccKeyObj.asResource(), WONCRYPT.ECC_QX);
if (ni.hasNext()) {
qx = ni.next().asLiteral().toString();
} else {
return;
}
ni = model.listObjectsOfProperty(eccKeyObj.asResource(), WONCRYPT.ECC_QY);
if (ni.hasNext()) {
qy = ni.next().asLiteral().toString();
} else {
return;
}
ECNamedCurveParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(curveId);
org.bouncycastle.math.ec.ECPoint ecPoint = ecSpec.getCurve().createPoint(new BigInteger(qx, 16), new BigInteger(qy, 16));
ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(ecPoint, ecSpec);
// TODO add provider to RDF triples?
KeyFactory keyFactory = KeyFactory.getInstance(algName, "BC");
PublicKey key = keyFactory.generatePublic(pubKeySpec);
keys.put(keyAgent.getURI(), key);
}
}
}
}
Also used :
ECPublicKey(org.bouncycastle.jce.interfaces.ECPublicKey)
PublicKey(java.security.PublicKey)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
ECNamedCurveParameterSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec)
BigInteger(java.math.BigInteger)
ECNamedCurveParameterSpec(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
KeyFactory(java.security.KeyFactory)
Example 3 with ECPublicKeySpec
use of org.bouncycastle.jce.spec.ECPublicKeySpec in project athenz by yahoo.
the class Crypto method loadPublicKey.
public static PublicKey loadPublicKey(Reader r) throws CryptoException {
try (org.bouncycastle.openssl.PEMParser pemReader = new org.bouncycastle.openssl.PEMParser(r)) {
Object pemObj = pemReader.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
X9ECParameters ecParam = null;
if (pemObj instanceof ASN1ObjectIdentifier) {
// make sure this is EC Parameter we're handling. In which case
// we'll store it and read the next object which should be our
// EC Public Key
ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj;
ecParam = ECNamedCurveTable.getByOID(ecOID);
// /CLOVER:OFF
if (ecParam == null) {
throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId());
}
// /CLOVER:ON
pemObj = pemReader.readObject();
} else if (pemObj instanceof X9ECParameters) {
ecParam = (X9ECParameters) pemObj;
pemObj = pemReader.readObject();
}
SubjectPublicKeyInfo keyInfo;
if (pemObj instanceof org.bouncycastle.cert.X509CertificateHolder) {
keyInfo = ((org.bouncycastle.cert.X509CertificateHolder) pemObj).getSubjectPublicKeyInfo();
} else {
keyInfo = (SubjectPublicKeyInfo) pemObj;
}
PublicKey pubKey = pemConverter.getPublicKey(keyInfo);
if (ecParam != null && ECDSA.equals(pubKey.getAlgorithm())) {
ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed());
KeyFactory keyFactory = KeyFactory.getInstance(getECDSAAlgo(), getKeyFactoryProvider());
ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) pubKey).getQ(), ecSpec);
pubKey = keyFactory.generatePublic(keySpec);
}
return pubKey;
} catch (NoSuchProviderException e) {
LOG.error("loadPublicKey: Caught NoSuchProviderException, check to make sure the provider is loaded correctly.");
throw new CryptoException(e);
} catch (NoSuchAlgorithmException e) {
LOG.error("loadPublicKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
throw new CryptoException(e);
// /CLOVER:OFF
} catch (InvalidKeySpecException e) {
LOG.error("loadPublicKey: Caught InvalidKeySpecException, invalid key spec is being used.");
throw new CryptoException("InvalidKeySpecException");
} catch (IOException e) {
throw new CryptoException(e);
}
// /CLOVER:ON
}
Also used :
PEMParser(org.bouncycastle.openssl.PEMParser)
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
BCECPublicKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
java.security.cert(java.security.cert)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
PEMParser(org.bouncycastle.openssl.PEMParser)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
PEMException(org.bouncycastle.openssl.PEMException)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
PemObject(org.bouncycastle.util.io.pem.PemObject)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
Example 4 with ECPublicKeySpec
use of org.bouncycastle.jce.spec.ECPublicKeySpec in project oxAuth by GluuFederation.
the class SHA256withECDSASignatureVerification method decodePublicKey.
@Override
public PublicKey decodePublicKey(byte[] encodedPublicKey) throws SignatureException {
X9ECParameters curve = SECNamedCurves.getByName("secp256r1");
ECPoint point = curve.getCurve().decodePoint(encodedPublicKey);
try {
return KeyFactory.getInstance("ECDSA").generatePublic(new ECPublicKeySpec(point, new ECParameterSpec(curve.getCurve(), curve.getG(), curve.getN(), curve.getH())));
} catch (GeneralSecurityException ex) {
throw new SignatureException(ex);
}
}
Also used :
X9ECParameters(org.bouncycastle.asn1.x9.X9ECParameters)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
GeneralSecurityException(java.security.GeneralSecurityException)
SignatureException(org.xdi.oxauth.model.exception.SignatureException)
ECPoint(org.bouncycastle.math.ec.ECPoint)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
Example 5 with ECPublicKeySpec
use of org.bouncycastle.jce.spec.ECPublicKeySpec in project oxAuth by GluuFederation.
the class ECDSASigner method validateSignature.
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (ecdsaPublicKey == null) {
throw new SignatureException("The ECDSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
String algorithm;
String curve;
switch(getSignatureAlgorithm()) {
case ES256:
algorithm = "SHA256WITHECDSA";
curve = "P-256";
break;
case ES384:
algorithm = "SHA384WITHECDSA";
curve = "P-384";
break;
case ES512:
algorithm = "SHA512WITHECDSA";
curve = "P-521";
break;
default:
throw new SignatureException("Unsupported signature algorithm");
}
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(curve);
BigInteger q = ((ECCurve.AbstractFp) ecSpec.getCurve()).getField().getCharacteristic();
ECFieldElement xFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getX());
ECFieldElement yFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getY());
ECPoint pointQ = new ECPoint.Fp(ecSpec.getCurve(), xFieldElement, yFieldElement);
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
Signature sig = Signature.getInstance(algorithm, "BC");
sig.initVerify(publicKey);
sig.update(sigInBytes);
return sig.verify(sigBytes);
} catch (InvalidKeySpecException e) {
throw new SignatureException(e);
} catch (InvalidKeyException e) {
throw new SignatureException(e);
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
} catch (NoSuchProviderException e) {
throw new SignatureException(e);
} catch (UnsupportedEncodingException e) {
throw new SignatureException(e);
} catch (Exception e) {
throw new SignatureException(e);
}
}
Also used :
ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ECPoint(org.bouncycastle.math.ec.ECPoint)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
ECCurve(org.bouncycastle.math.ec.ECCurve)
BigInteger(java.math.BigInteger)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
ECFieldElement(org.bouncycastle.math.ec.ECFieldElement)
Aggregations
ECPublicKeySpec (org.bouncycastle.jce.spec.ECPublicKeySpec)12
ECParameterSpec (org.bouncycastle.jce.spec.ECParameterSpec)11
ECPoint (org.bouncycastle.math.ec.ECPoint)8
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)7
KeyFactory (java.security.KeyFactory)5
BigInteger (java.math.BigInteger)4
X9ECParameters (org.bouncycastle.asn1.x9.X9ECParameters)4
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
BCECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey)3
ECCurve (org.bouncycastle.math.ec.ECCurve)3
GeneralSecurityException (java.security.GeneralSecurityException)2
InvalidKeyException (java.security.InvalidKeyException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
NoSuchProviderException (java.security.NoSuchProviderException)2
PublicKey (java.security.PublicKey)2
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)2
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)2
ByteString (com.google.protobuf.ByteString)1
IOException (java.io.IOException)1
Reader (java.io.Reader)1
