Search in sources :

Example 21 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project BiglyBT by BiglySoftware.

the class JCEECPrivateKey method getEncoded.

/**
 * Return a PKCS8 representation of the key. The sequence returned
 * represents a full PrivateKeyInfo object.
 *
 * @return a PKCS8 representation of the key.
 */
@Override
public byte[] getEncoded() {
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    DEROutputStream dOut = new DEROutputStream(bOut);
    X962Parameters params = null;
    if (ecSpec instanceof ECNamedCurveParameterSpec) {
        params = new X962Parameters(X962NamedCurves.getOID(((ECNamedCurveParameterSpec) ecSpec).getName()));
    } else {
        X9ECParameters ecP = new X9ECParameters(ecSpec.getCurve(), ecSpec.getG(), ecSpec.getN(), ecSpec.getH(), ecSpec.getSeed());
        params = new X962Parameters(ecP);
    }
    PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), new ECPrivateKeyStructure(this.getD()).getDERObject());
    try {
        dOut.writeObject(info);
        dOut.close();
    } catch (IOException e) {
        throw new RuntimeException("Error encoding EC private key");
    }
    return bOut.toByteArray();
}
Also used : X962Parameters(org.gudy.bouncycastle.asn1.x9.X962Parameters) X9ECParameters(org.gudy.bouncycastle.asn1.x9.X9ECParameters) ECNamedCurveParameterSpec(org.gudy.bouncycastle.jce.spec.ECNamedCurveParameterSpec) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ECPrivateKeyStructure(org.gudy.bouncycastle.asn1.sec.ECPrivateKeyStructure) IOException(java.io.IOException) PrivateKeyInfo(org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo) AlgorithmIdentifier(org.gudy.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 22 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project certmgr by hdecarne.

the class DERCertReaderWriter method tryDecodeKey.

@Nullable
private static KeyPair tryDecodeKey(ASN1Primitive asn1Object, String resource, PasswordCallback password) throws IOException {
    PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = null;
    try {
        encryptedPrivateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo.getInstance(asn1Object));
    } catch (Exception e) {
        Exceptions.ignore(e);
    }
    PrivateKeyInfo privateKeyInfo = null;
    if (encryptedPrivateKeyInfo != null) {
        Throwable passwordException = null;
        while (privateKeyInfo == null) {
            char[] passwordChars = password.queryPassword(resource);
            if (passwordChars == null) {
                throw new PasswordRequiredException(resource, passwordException);
            }
            InputDecryptorProvider inputDecryptorProvider = INPUT_DECRYPTOR_BUILDER.build(passwordChars);
            try {
                privateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
            } catch (PKCSException e) {
                passwordException = e;
            }
        }
    }
    try {
        privateKeyInfo = PrivateKeyInfo.getInstance(asn1Object);
    } catch (Exception e) {
        Exceptions.ignore(e);
    }
    KeyPair key = null;
    if (privateKeyInfo != null) {
        PrivateKey privateKey;
        try {
            String algorithmId = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId();
            KeyFactory keyFactory = JCA_JCE_HELPER.createKeyFactory(algorithmId);
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
            privateKey = keyFactory.generatePrivate(keySpec);
        } catch (GeneralSecurityException e) {
            throw new CertProviderException(e);
        }
        key = KeyHelper.rebuildKeyPair(privateKey);
    }
    return key;
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException) PKCSException(org.bouncycastle.pkcs.PKCSException) CertProviderException(de.carne.certmgr.certs.CertProviderException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertProviderException(de.carne.certmgr.certs.CertProviderException) GeneralSecurityException(java.security.GeneralSecurityException) PKCSException(org.bouncycastle.pkcs.PKCSException) IOException(java.io.IOException) PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo) KeyFactory(java.security.KeyFactory) Nullable(de.carne.check.Nullable)

Example 23 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project certmgr by hdecarne.

the class PKCS12CertReaderWriter method readBinary.

@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
    LOG.debug("Trying to read PKCS#12 objects from: ''{0}''...", in);
    CertObjectStore certObjects = null;
    PKCS12PfxPdu pkcs12 = readPKCS12(in);
    if (pkcs12 != null) {
        certObjects = new CertObjectStore();
        for (ContentInfo contentInfo : pkcs12.getContentInfos()) {
            ASN1ObjectIdentifier contentType = contentInfo.getContentType();
            PKCS12SafeBagFactory safeBagFactory;
            if (contentType.equals(PKCSObjectIdentifiers.encryptedData)) {
                safeBagFactory = getSafeBagFactory(contentInfo, in.resource(), password);
            } else {
                safeBagFactory = getSafeBagFactory(contentInfo);
            }
            for (PKCS12SafeBag safeBag : safeBagFactory.getSafeBags()) {
                Object safeBagValue = safeBag.getBagValue();
                if (safeBagValue instanceof X509CertificateHolder) {
                    certObjects.addCRT(convertCRT((X509CertificateHolder) safeBagValue));
                } else if (safeBagValue instanceof PKCS8EncryptedPrivateKeyInfo) {
                    PrivateKey privateKey = convertPrivateKey((PKCS8EncryptedPrivateKeyInfo) safeBagValue, in.resource(), password);
                    try {
                        certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
                    } catch (IOException e) {
                        LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
                    }
                } else if (safeBagValue instanceof PrivateKeyInfo) {
                    PrivateKey privateKey = convertPrivateKey((PrivateKeyInfo) safeBagValue);
                    try {
                        certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
                    } catch (IOException e) {
                        LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
                    }
                } else {
                    LOG.warning(CertIOI18N.STR_PKCS12_UNKNOWN_OBJECT, safeBagValue.getClass().getName());
                }
            }
        }
    }
    return certObjects;
}
Also used : PrivateKey(java.security.PrivateKey) PKCS12SafeBagFactory(org.bouncycastle.pkcs.PKCS12SafeBagFactory) ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) IOException(java.io.IOException) PKCS12SafeBag(org.bouncycastle.pkcs.PKCS12SafeBag) PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) Nullable(de.carne.check.Nullable)

Example 24 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project xipki by xipki.

the class PrivateKeyCryptor method decrypt.

PrivateKey decrypt(PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) throws P11TokenException {
    ParamUtil.requireNonNull("encryptedPrivateKeyInfo", encryptedPrivateKeyInfo);
    PrivateKeyInfo privateKeyInfo;
    synchronized (decryptorProvider) {
        try {
            privateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(decryptorProvider);
        } catch (PKCSException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    }
    AlgorithmIdentifier keyAlg = privateKeyInfo.getPrivateKeyAlgorithm();
    ASN1ObjectIdentifier keyAlgOid = keyAlg.getAlgorithm();
    String algoName;
    if (PKCSObjectIdentifiers.rsaEncryption.equals(keyAlgOid)) {
        algoName = "RSA";
    } else if (X9ObjectIdentifiers.id_dsa.equals(keyAlgOid)) {
        algoName = "DSA";
    } else if (X9ObjectIdentifiers.id_ecPublicKey.equals(keyAlgOid)) {
        algoName = "EC";
    } else {
        throw new P11TokenException("unknown private key algorithm " + keyAlgOid.getId());
    }
    try {
        KeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
        KeyFactory keyFactory = KeyFactory.getInstance(algoName, "BC");
        return keyFactory.generatePrivate(keySpec);
    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException ex) {
        throw new P11TokenException(ex.getClass().getName() + ": " + ex.getMessage(), ex);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) KeySpec(java.security.spec.KeySpec) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PKCSException(org.bouncycastle.pkcs.PKCSException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchProviderException(java.security.NoSuchProviderException) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) KeyFactory(java.security.KeyFactory)

Example 25 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project xipki by xipki.

the class PrivateKeyCryptor method encrypt.

PKCS8EncryptedPrivateKeyInfo encrypt(PrivateKey privateKey) {
    ParamUtil.requireNonNull("privateKey", privateKey);
    PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(privateKey.getEncoded());
    PKCS8EncryptedPrivateKeyInfoBuilder builder = new PKCS8EncryptedPrivateKeyInfoBuilder(privateKeyInfo);
    synchronized (encryptor) {
        return builder.build(encryptor);
    }
}
Also used : PKCS8EncryptedPrivateKeyInfoBuilder(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Aggregations

PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)46 IOException (java.io.IOException)30 JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)26 PEMParser (org.bouncycastle.openssl.PEMParser)23 PrivateKey (java.security.PrivateKey)21 PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)18 PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)18 ByteArrayInputStream (java.io.ByteArrayInputStream)13 InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)13 JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)11 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)9 PemObject (org.bouncycastle.util.io.pem.PemObject)9 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)8 PrivateKeyInfo (com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8 StringReader (java.io.StringReader)8 JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)8 ObjectIdentifier (sun.security.util.ObjectIdentifier)8 AlgorithmId (sun.security.x509.AlgorithmId)8 GeneralSecurityException (java.security.GeneralSecurityException)7 KeyPair (java.security.KeyPair)7