Example 61 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class KeyFactorySpi1_2 method engineGeneratePrivate.
/**
* We don't support RSAPrivateKeySpec because it doesn't have enough
* information. You need to provide an RSAPrivateCrtKeySpec.
*/
@Override
protected java.security.PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
try {
if (keySpec instanceof RSAPrivateCrtKeySpec) {
//
// PKCS #1 RSAPrivateKey
//
RSAPrivateCrtKeySpec spec = (RSAPrivateCrtKeySpec) keySpec;
SEQUENCE privKey = new SEQUENCE();
// version
privKey.addElement(new INTEGER(0));
privKey.addElement(new INTEGER(spec.getModulus()));
privKey.addElement(new INTEGER(spec.getPublicExponent()));
privKey.addElement(new INTEGER(spec.getPrivateExponent()));
privKey.addElement(new INTEGER(spec.getPrimeP()));
privKey.addElement(new INTEGER(spec.getPrimeQ()));
privKey.addElement(new INTEGER(spec.getPrimeExponentP()));
privKey.addElement(new INTEGER(spec.getPrimeExponentQ()));
privKey.addElement(new INTEGER(spec.getCrtCoefficient()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.RSA.toOID(), null);
OCTET_STRING encodedPrivKey = new OCTET_STRING(ASN1Util.encode(privKey));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, encodedPrivKey, // OPTIONAL SET OF Attribute
(SET) null);
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken());
} else if (keySpec instanceof DSAPrivateKeySpec) {
DSAPrivateKeySpec spec = (DSAPrivateKeySpec) keySpec;
SEQUENCE pqgParams = new SEQUENCE();
pqgParams.addElement(new INTEGER(spec.getP()));
pqgParams.addElement(new INTEGER(spec.getQ()));
pqgParams.addElement(new INTEGER(spec.getG()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.DSA.toOID(), pqgParams);
OCTET_STRING privateKey = new OCTET_STRING(ASN1Util.encode(new INTEGER(spec.getX())));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, privateKey, // OPTIONAL SET OF Attribute
null);
// Derive the public key from the private key
BigInteger y = spec.getG().modPow(spec.getX(), spec.getP());
byte[] yBA = y.toByteArray();
// we need to chop off a leading zero byte
if (y.bitLength() % 8 == 0) {
byte[] newBA = new byte[yBA.length - 1];
assert (newBA.length >= 0);
System.arraycopy(yBA, 1, newBA, 0, newBA.length);
yBA = newBA;
}
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken(), yBA);
} else if (keySpec instanceof PKCS8EncodedKeySpec) {
return PK11PrivKey.fromPrivateKeyInfo((PKCS8EncodedKeySpec) keySpec, TokenSupplierManager.getTokenSupplier().getThreadToken());
}
throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
} catch (TokenException te) {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
te.printStackTrace(pw);
throw new InvalidKeySpecException("TokenException: " + sw.toString());
}
}
Also used :
RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
StringWriter(java.io.StringWriter)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
TokenException(org.mozilla.jss.crypto.TokenException)
BigInteger(java.math.BigInteger)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
PrivateKeyInfo(org.mozilla.jss.pkix.primitive.PrivateKeyInfo)
INTEGER(org.mozilla.jss.asn1.INTEGER)
PrintWriter(java.io.PrintWriter)
Example 62 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class CertRequest method encode.
/**
* This method is not yet supported.
*/
@Override
public void encode(Tag implicit, OutputStream ostream) throws IOException {
// Assert.notYetImplemented("CertRequest encoding");
SEQUENCE sequence = new SEQUENCE();
sequence.addElement(certReqId);
sequence.addElement(certTemplate);
if (controls != null)
sequence.addElement(controls);
sequence.encode(implicit, ostream);
}
Also used :
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
Example 63 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class SignerInfo method createDigestInfo.
private SEQUENCE createDigestInfo(byte[] data, boolean doDigest) throws NoSuchAlgorithmException {
if (data == null || data.length == 0) {
throw new IllegalArgumentException("Data to digest must be supplied");
}
SEQUENCE digestInfo = new SEQUENCE();
digestInfo.addElement(this.digestAlgorithm);
byte[] digest;
if (doDigest) {
MessageDigest md = MessageDigest.getInstance(DigestAlgorithm.fromOID(this.digestAlgorithm.getOID()).toString());
digest = md.digest(data);
} else {
digest = data;
}
digestInfo.addElement(new OCTET_STRING(digest));
return digestInfo;
}
Also used :
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
MessageDigest(java.security.MessageDigest)
Example 64 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class EncryptedContentInfo method decrypt.
/**
* Decrypts the content of an EncryptedContentInfo encrypted with a
* PBE key.
*
* @param pass The password to use in generating the PBE decryption key.
* @param charToByteConverter The converter for converting the password
* characters into bytes. May be null to use the default.
* @return The decrypted contents of the EncryptedContentInfo. The contents
* are first unpadded using the PKCS padding mechanism.
*/
public byte[] decrypt(Password pass, KeyGenerator.CharToByteConverter charToByteConverter) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException {
if (encryptedContent == null) {
return null;
}
// get the key gen parameters
AlgorithmIdentifier algid = contentEncryptionAlgorithm;
KeyGenAlgorithm kgAlg = KeyGenAlgorithm.fromOID(algid.getOID());
if (!(kgAlg instanceof PBEAlgorithm)) {
throw new NoSuchAlgorithmException("KeyGenAlgorithm is not a" + " PBE algorithm");
}
ASN1Value params = algid.getParameters();
if (params == null) {
throw new InvalidAlgorithmParameterException("PBE algorithms require parameters");
}
PBEParameter pbeParams;
if (params instanceof PBEParameter) {
pbeParams = (PBEParameter) params;
} else {
byte[] encodedParams = ASN1Util.encode(params);
pbeParams = (PBEParameter) ASN1Util.decode(PBEParameter.getTemplate(), encodedParams);
}
PBEKeyGenParams kgp = new PBEKeyGenParams(pass, pbeParams.getSalt(), pbeParams.getIterations());
// compute the key and IV
CryptoToken token = CryptoManager.getInstance().getInternalCryptoToken();
KeyGenerator kg = token.getKeyGenerator(kgAlg);
if (charToByteConverter != null) {
kg.setCharToByteConverter(charToByteConverter);
}
kg.initialize(kgp);
SymmetricKey key = kg.generate();
// compute algorithm parameters
EncryptionAlgorithm encAlg = ((PBEAlgorithm) kgAlg).getEncryptionAlg();
AlgorithmParameterSpec algParams = null;
Class<?>[] paramClasses = encAlg.getParameterClasses();
for (int i = 0; i < paramClasses.length; i++) {
if (paramClasses[i].equals(javax.crypto.spec.IvParameterSpec.class)) {
algParams = new IVParameterSpec(kg.generatePBE_IV());
break;
}
}
// perform the decryption
Cipher cipher = token.getCipherContext(encAlg);
cipher.initDecrypt(key, algParams);
return Cipher.unPad(cipher.doFinal(encryptedContent.toByteArray()));
}
Also used :
PBEParameter(org.mozilla.jss.pkix.primitive.PBEParameter)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
IVParameterSpec(org.mozilla.jss.crypto.IVParameterSpec)
SymmetricKey(org.mozilla.jss.crypto.SymmetricKey)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams)
ASN1Value(org.mozilla.jss.asn1.ASN1Value)
PBEAlgorithm(org.mozilla.jss.crypto.PBEAlgorithm)
KeyGenAlgorithm(org.mozilla.jss.crypto.KeyGenAlgorithm)
EncryptionAlgorithm(org.mozilla.jss.crypto.EncryptionAlgorithm)
Cipher(org.mozilla.jss.crypto.Cipher)
KeyGenerator(org.mozilla.jss.crypto.KeyGenerator)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Example 65 with NULL
use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.
the class CertReqMsg method main.
public static void main(String[] args) {
try {
if (args.length < 1) {
System.err.println("Give an arg");
System.exit(0);
}
SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(new CertReqMsg.Template());
SEQUENCE seq = null;
byte[] bytes;
try (FileInputStream fis = new FileInputStream(args[0])) {
bytes = new byte[fis.available()];
fis.read(bytes);
}
for (int i = 0; i < 1; i++) {
seq = (SEQUENCE) seqt.decode(new ByteArrayInputStream(bytes));
}
System.out.println("Decoded " + seq.size() + " messages");
CertReqMsg reqmsg = (CertReqMsg) seq.elementAt(0);
CertRequest certreq = reqmsg.getCertReq();
System.out.println("Request ID: " + certreq.getCertReqId());
CertTemplate temp = certreq.getCertTemplate();
if (temp.hasVersion()) {
System.out.println("Version: " + temp.getVersion());
} else {
System.out.println("No version");
}
if (temp.hasSerialNumber()) {
System.out.println("Serial Number: " + temp.getSerialNumber());
} else {
System.out.println("No serial number");
}
if (temp.hasSigningAlg()) {
System.out.println("SigningAlg: " + temp.getSigningAlg().getOID());
} else {
System.out.println("No signing alg");
}
if (temp.hasIssuer()) {
System.out.println("Issuer: " + temp.getIssuer().getRFC1485());
} else {
System.out.println("No issuer");
}
if (temp.hasSubject()) {
System.out.println("Subject: " + temp.getSubject().getRFC1485());
} else {
System.out.println("No subject: ");
}
if (temp.hasPublicKey()) {
System.out.println("Public Key: " + temp.getPublicKey().getAlgorithmIdentifier().getOID());
} else {
System.out.println("No public key");
}
if (temp.hasIssuerUID()) {
System.out.println("Issuer UID: " + new BigInteger(1, temp.getIssuerUID().getBits()));
} else {
System.out.println("no issuer uid");
}
if (temp.hasSubjectUID()) {
System.out.println("Subject UID: " + new BigInteger(1, temp.getIssuerUID().getBits()));
} else {
System.out.println("no subject uid");
}
if (temp.hasNotBefore()) {
System.out.println("Not Before: " + DateFormat.getInstance().format(temp.getNotBefore()));
}
if (temp.hasNotAfter()) {
System.out.println("Not After: " + DateFormat.getInstance().format(temp.getNotAfter()));
}
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
FileInputStream(java.io.FileInputStream)
InvalidBERException(org.mozilla.jss.asn1.InvalidBERException)
InvalidKeyFormatException(org.mozilla.jss.crypto.InvalidKeyFormatException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
TokenException(org.mozilla.jss.crypto.TokenException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
BigInteger(java.math.BigInteger)
Aggregations
SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)33
OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)19
InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)17
ANY (org.mozilla.jss.asn1.ANY)14
CryptoToken (org.mozilla.jss.crypto.CryptoToken)14
AlgorithmIdentifier (org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)11
IOException (java.io.IOException)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10
ASN1Value (org.mozilla.jss.asn1.ASN1Value)10
BMPString (org.mozilla.jss.asn1.BMPString)10
CryptoManager (org.mozilla.jss.CryptoManager)9
SET (org.mozilla.jss.asn1.SET)9
ByteArrayOutputStream (java.io.ByteArrayOutputStream)8
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)8
OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8
EncryptionAlgorithm (org.mozilla.jss.crypto.EncryptionAlgorithm)8
FileOutputStream (java.io.FileOutputStream)7
Cipher (org.mozilla.jss.crypto.Cipher)7
CertificateException (java.security.cert.CertificateException)6
BadPaddingException (javax.crypto.BadPaddingException)6
