Example 41 with PrivateKeyInfo
use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project android_packages_apps_Settings by crdroidandroid.
the class CredentialStorage method isHardwareBackedKey.
private boolean isHardwareBackedKey(byte[] keyData) {
try {
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData));
PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject());
String algOid = pki.getAlgorithmId().getAlgorithm().getId();
String algName = new AlgorithmId(new ObjectIdentifier(algOid)).getName();
return KeyChain.isBoundKeyAlgorithm(algName);
} catch (IOException e) {
Log.e(TAG, "Failed to parse key data");
return false;
}
}
Also used :
ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AlgorithmId(sun.security.x509.AlgorithmId)
IOException(java.io.IOException)
PrivateKeyInfo(com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 42 with PrivateKeyInfo
use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project box-java-sdk by box.
the class BoxDeveloperEditionAPIConnection method decryptPrivateKey.
private PrivateKey decryptPrivateKey() {
PrivateKey decryptedPrivateKey;
try {
PEMParser keyReader = new PEMParser(new StringReader(this.privateKey));
Object keyPair = keyReader.readObject();
keyReader.close();
if (keyPair instanceof PrivateKeyInfo) {
PrivateKeyInfo keyInfo = (PrivateKeyInfo) keyPair;
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else if (keyPair instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder builder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider decryptionProvider = builder.build(this.privateKeyPassword.toCharArray());
keyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptionProvider);
PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else if (keyPair instanceof PKCS8EncryptedPrivateKeyInfo) {
InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(this.privateKeyPassword.toCharArray());
PrivateKeyInfo keyInfo = ((PKCS8EncryptedPrivateKeyInfo) keyPair).decryptPrivateKeyInfo(pkcs8Prov);
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else {
PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
}
} catch (IOException e) {
throw new BoxAPIException("Error parsing private key for Box Developer Edition.", e);
} catch (OperatorCreationException e) {
throw new BoxAPIException("Error parsing PKCS#8 private key for Box Developer Edition.", e);
} catch (PKCSException e) {
throw new BoxAPIException("Error parsing PKCS private key for Box Developer Edition.", e);
}
return decryptedPrivateKey;
}
Also used :
PrivateKey(java.security.PrivateKey)
PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
IOException(java.io.IOException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
StringReader(java.io.StringReader)
JsonObject(com.eclipsesource.json.JsonObject)
JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
Example 43 with PrivateKeyInfo
use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project zm-mailbox by Zimbra.
the class MobileConfigFormatter method signConfig.
private byte[] signConfig(Domain domain, Server server, byte[] config) {
byte[] signedConfig = config;
String certStr = null;
String pvtKeyStr = null;
if (domain != null) {
certStr = domain.getSSLCertificate();
pvtKeyStr = domain.getSSLPrivateKey();
if (StringUtil.isNullOrEmpty(certStr) && server != null) {
certStr = server.getSSLCertificate();
pvtKeyStr = server.getSSLPrivateKey();
}
}
if (!StringUtil.isNullOrEmpty(certStr) && !StringUtil.isNullOrEmpty(pvtKeyStr)) {
try (InputStream targetStream = new ByteArrayInputStream(certStr.getBytes())) {
CertificateFactory certFactory = CertificateFactory.getInstance(SmimeConstants.PUB_CERT_TYPE);
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(targetStream);
StringReader reader = new StringReader(pvtKeyStr);
PrivateKey privateKey = null;
try (PEMParser pp = new PEMParser(reader)) {
Object pemKP = pp.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PrivateKeyInfo pkInfo = null;
if (pemKP instanceof PrivateKeyInfo) {
pkInfo = (PrivateKeyInfo) pemKP;
} else {
pkInfo = ((PEMKeyPair) pemKP).getPrivateKeyInfo();
}
privateKey = converter.getPrivateKey(pkInfo);
}
signedConfig = DataSigner.signData(config, cert, privateKey);
} catch (IOException | CertificateException | OperatorCreationException | CMSException e) {
ZimbraLog.misc.debug("exception occurred during signing config", e);
}
} else {
ZimbraLog.misc.debug("SSLCertificate/SSLPrivateKey is not set, config will not be signed");
}
return signedConfig;
}
Also used :
PrivateKey(java.security.PrivateKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
PEMParser(org.bouncycastle.openssl.PEMParser)
ByteArrayInputStream(java.io.ByteArrayInputStream)
StringReader(java.io.StringReader)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
CMSException(org.bouncycastle.cms.CMSException)
Example 44 with PrivateKeyInfo
use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project athenz by yahoo.
the class Utils method createKeyStore.
/**
* Create a {@link KeyStore} from suppliers of {@link InputStream} for cert and key.
*
* @param athenzPublicCertInputStream Supplier of the certificate input stream
* @param athenzPublicCertLocationSupplier Supplier of the location of the certificate (for error logging)
* @param athenzPrivateKeyInputStream Supplier of the private key input stream
* @param athenzPrivateKeyLocationSupplier Supplier of the location of the certificate (for error logging)
* @return a KeyStore with loaded key and certificate
* @throws KeyRefresherException in case of any key refresher errors processing the request
* @throws IOException in case of any errors with reading files
*/
public static KeyStore createKeyStore(final Supplier<InputStream> athenzPublicCertInputStream, final Supplier<String> athenzPublicCertLocationSupplier, final Supplier<InputStream> athenzPrivateKeyInputStream, final Supplier<String> athenzPrivateKeyLocationSupplier) throws IOException, KeyRefresherException {
List<? extends Certificate> certificates;
PrivateKey privateKey;
KeyStore keyStore = null;
try (InputStream publicCertStream = athenzPublicCertInputStream.get();
InputStream privateKeyStream = athenzPrivateKeyInputStream.get();
PEMParser pemParser = new PEMParser(new InputStreamReader(privateKeyStream))) {
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
Object key = pemParser.readObject();
if (key instanceof PEMKeyPair) {
PrivateKeyInfo pKeyInfo = ((PEMKeyPair) key).getPrivateKeyInfo();
privateKey = pemConverter.getPrivateKey(pKeyInfo);
} else if (key instanceof PrivateKeyInfo) {
privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) key);
} else {
throw new KeyRefresherException("Unknown object type: " + (key == null ? "null" : key.getClass().getName()));
}
// noinspection unchecked
certificates = (List<? extends Certificate>) cf.generateCertificates(publicCertStream);
if (certificates.isEmpty()) {
throw new KeyRefresherException("Certificate file contains empty certificate or an invalid certificate.");
}
// We are going to assume that the first one is the main certificate which will be used for the alias
String alias = ((X509Certificate) certificates.get(0)).getSubjectX500Principal().getName();
if (LOG.isDebugEnabled()) {
LOG.debug("{} number of certificates found. Using {} alias to create the keystore", certificates.size(), alias);
}
keyStore = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
keyStore.load(null);
keyStore.setKeyEntry(alias, privateKey, KEYSTORE_PASSWORD, certificates.toArray((Certificate[]) new X509Certificate[certificates.size()]));
} catch (CertificateException | NoSuchAlgorithmException ex) {
String keyStoreFailMsg = "Unable to load " + athenzPublicCertLocationSupplier.get() + " as a KeyStore. Please check the validity of the file.";
throw new KeyRefresherException(keyStoreFailMsg, ex);
} catch (KeyStoreException ex) {
LOG.error("No Provider supports a KeyStoreSpi implementation for the specified type.", ex);
}
return keyStore;
}
Also used :
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
PEMParser(org.bouncycastle.openssl.PEMParser)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
Example 45 with PrivateKeyInfo
use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project android_packages_apps_Settings by SudaMod.
the class CredentialStorage method isHardwareBackedKey.
private boolean isHardwareBackedKey(byte[] keyData) {
try {
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData));
PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject());
String algOid = pki.getAlgorithmId().getAlgorithm().getId();
String algName = new AlgorithmId(new ObjectIdentifier(algOid)).getName();
return KeyChain.isBoundKeyAlgorithm(algName);
} catch (IOException e) {
Log.e(TAG, "Failed to parse key data");
return false;
}
}
Also used :
ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AlgorithmId(sun.security.x509.AlgorithmId)
IOException(java.io.IOException)
PrivateKeyInfo(com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Aggregations
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)46
IOException (java.io.IOException)30
JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)26
PEMParser (org.bouncycastle.openssl.PEMParser)23
PrivateKey (java.security.PrivateKey)21
PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)18
PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)18
ByteArrayInputStream (java.io.ByteArrayInputStream)13
InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)13
JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)11
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)9
PemObject (org.bouncycastle.util.io.pem.PemObject)9
ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)8
PrivateKeyInfo (com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8
StringReader (java.io.StringReader)8
JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)8
ObjectIdentifier (sun.security.util.ObjectIdentifier)8
AlgorithmId (sun.security.x509.AlgorithmId)8
GeneralSecurityException (java.security.GeneralSecurityException)7
KeyPair (java.security.KeyPair)7
