Examples with NULL org.mozilla.jss.asn1.NULL used on opensource projects

Search in sources :

Example 11 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class KeyFactorySpi1_2 method engineGeneratePublic.

@Override
protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
    if (keySpec instanceof RSAPublicKeySpec) {
        RSAPublicKeySpec spec = (RSAPublicKeySpec) keySpec;
        // Generate a DER RSA public key
        SEQUENCE seq = new SEQUENCE();
        seq.addElement(new INTEGER(spec.getModulus()));
        seq.addElement(new INTEGER(spec.getPublicExponent()));
        return PK11PubKey.fromRaw(PrivateKey.RSA, ASN1Util.encode(seq));
    } else if (keySpec instanceof DSAPublicKeySpec) {
        // We need to import both the public value and the PQG parameters.
        // The only way to get all that information in DER is to send
        // a full SubjectPublicKeyInfo. So we encode all the information
        // into an SPKI.
        DSAPublicKeySpec spec = (DSAPublicKeySpec) keySpec;
        SEQUENCE pqg = new SEQUENCE();
        pqg.addElement(new INTEGER(spec.getP()));
        pqg.addElement(new INTEGER(spec.getQ()));
        pqg.addElement(new INTEGER(spec.getG()));
        OBJECT_IDENTIFIER oid = null;
        try {
            oid = SignatureAlgorithm.DSASignature.toOID();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No such algorithm: " + e.getMessage(), e);
        }
        AlgorithmIdentifier algID = new AlgorithmIdentifier(oid, pqg);
        INTEGER publicValue = new INTEGER(spec.getY());
        byte[] encodedPublicValue = ASN1Util.encode(publicValue);
        SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(algID, new BIT_STRING(encodedPublicValue, 0));
        return PK11PubKey.fromSPKI(ASN1Util.encode(spki));
    // 
    // requires JAVA 1.5
    // 
    // } else if( keySpec instanceof ECPublicKeySpec ) {
    // // We need to import both the public value and the curve.
    // // The only way to get all that information in DER is to send
    // // a full SubjectPublicKeyInfo. So we encode all the information
    // // into an SPKI.
    // 
    // ECPublicKeySpec spec = (ECPublicKeySpec) keySpec;
    // AlgorithmParameters algParams = getInstance("ECParameters");
    // 
    // algParameters.init(spec.getECParameters());
    // OBJECT_IDENTIFIER oid = null;
    // try {
    // oid = SignatureAlgorithm.ECSignature.toOID();
    // } catch(NoSuchAlgorithmException ex ) {
    // Assert.notReached("no such algorithm as DSA?");
    // }
    // AlgorithmIdentifier algID =
    // new AlgorithmIdentifier(oid, ecParams.getParams() );
    // INTEGER publicValueX = new INTEGER(spec.getW().getAffineX());
    // INTEGER publicValueY = new INTEGER(spec.getW().getAffineY());
    // byte[] encodedPublicValue;
    // encodedPublicValue[0] = EC_UNCOMPRESSED_POINT;
    // encodedPublicValue += spec.getW().getAffineX().toByteArray();
    // encodedPublicValue += spec.getW().getAffineY().toByteArray();
    // 
    // byte[] encodedPublicValue = ASN1Util.encode(publicValue);
    // SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo(
    // algID, new BIT_STRING(encodedPublicValue, 0) );
    // 
    // return PK11PubKey.fromSPKI( ASN1Util.encode(spki) );
    // 
    // use the following for EC keys in 1.4.2
    } else if (keySpec instanceof X509EncodedKeySpec) {
        // 
        // SubjectPublicKeyInfo
        // 
        X509EncodedKeySpec spec = (X509EncodedKeySpec) keySpec;
        return PK11PubKey.fromSPKI(spec.getEncoded());
    }
    throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
}
Also used : SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SubjectPublicKeyInfo(org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo) BIT_STRING(org.mozilla.jss.asn1.BIT_STRING) INTEGER(org.mozilla.jss.asn1.INTEGER) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)

Example 12 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class Name method AVAToString.

private String AVAToString(AVA ava) throws InvalidBERException {
    OBJECT_IDENTIFIER oid = ava.getOID();
    String type = typeToString(oid);
    if (type == null) {
        return "";
    } else {
        return type + "=" + ava.getValue().decodeWith(DirectoryString.getTemplate());
    }
}
Also used : OBJECT_IDENTIFIER(org.mozilla.jss.asn1.OBJECT_IDENTIFIER) PrintableString(org.mozilla.jss.asn1.PrintableString)

Example 13 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class PKCS12Util method create_EPKI_with_PBE_PKCS5_PBES2.

public ASN1Value create_EPKI_with_PBE_PKCS5_PBES2(CryptoToken token, PrivateKey privateKey, Password password) throws Exception {
    CryptoStore store = token.getCryptoStore();
    byte[] bytes = store.getEncryptedPrivateKeyInfo(// password converter
    null, password, // alg.  To avoid mismatch, use AES_256_CBC.
    EncryptionAlgorithm.AES_256_CBC, // iterations (default)
    0, privateKey);
    return new ANY(bytes);
}
Also used : CryptoStore(org.mozilla.jss.crypto.CryptoStore) ANY(org.mozilla.jss.asn1.ANY)

Example 14 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class PKCS12Util method addKeyBag.

/**
 * Add a private key to the PKCS #12 object.
 *
 * The PKCS12KeyInfo object received comes about in two
 * different scenarios:
 *
 * - The private key could be in encrypted byte[] form (e.g.
 *   when we have merely loaded a PKCS #12 file for inspection
 *   or e.g. to delete a certificate and its associated key).
 *   In this case we simply re-use this encrypted private key
 *   info byte[].
 *
 * - The private key could be a be an NSS PrivateKey handle.  In
 *   this case we must export the PrivateKey from the token to
 *   obtain the EncryptedPrivateKeyInfo.
 *
 * The common final step is to add the encrypted private key
 * data to a "Shrouded Key Bag" to the PKCS #12 object.
 * Unencrypted key material is never seen.
 */
public void addKeyBag(PKCS12KeyInfo keyInfo, Password password, SEQUENCE encSafeContents) throws Exception {
    byte[] keyID = keyInfo.getID();
    logger.debug(" - Key ID: " + Utils.HexEncode(keyID));
    ASN1Value content;
    byte[] epkiBytes = keyInfo.getEncryptedPrivateKeyInfoBytes();
    if (epkiBytes != null) {
        // private key already encrypted
        content = new ANY(epkiBytes);
    } else {
        PrivateKey privateKey = keyInfo.getPrivateKey();
        if (privateKey == null) {
            throw new Exception("Missing private key for " + keyInfo.getFriendlyName());
        }
        CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
        if (keyEncryption == PBEAlgorithm.PBE_SHA1_DES3_CBC) {
            content = create_EPKI_with_PBE_SHA1_DES3_CBC(token, privateKey, password);
        } else if (keyEncryption == PBEAlgorithm.PBE_PKCS5_PBES2) {
            content = create_EPKI_with_PBE_PKCS5_PBES2(token, privateKey, password);
        } else {
            throw new Exception("Unsupported key encryption: " + keyEncryption);
        }
    }
    SET keyAttrs = createKeyBagAttrs(keyInfo);
    SafeBag safeBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, content, keyAttrs);
    encSafeContents.addElement(safeBag);
}
Also used : ASN1Value(org.mozilla.jss.asn1.ASN1Value) PrivateKey(org.mozilla.jss.crypto.PrivateKey) CryptoToken(org.mozilla.jss.crypto.CryptoToken) SET(org.mozilla.jss.asn1.SET) ANY(org.mozilla.jss.asn1.ANY) SafeBag(org.mozilla.jss.pkcs12.SafeBag) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) CertificateException(java.security.cert.CertificateException) InvalidNameException(javax.naming.InvalidNameException)

Example 15 with NULL

use of org.mozilla.jss.asn1.NULL in project jss by dogtagpki.

the class PKCS12Util method storeCertIntoNSS.

/**
 * Store a certificate (and key, if present) in NSSDB.
 */
public void storeCertIntoNSS(PKCS12 pkcs12, Password password, PKCS12CertInfo certInfo, boolean overwrite) throws Exception {
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken ct = cm.getInternalKeyStorageToken();
    CryptoStore store = ct.getCryptoStore();
    String nickname = certInfo.getFriendlyName();
    for (X509Certificate cert : cm.findCertsByNickname(nickname)) {
        if (!overwrite) {
            return;
        }
        store.deleteCert(cert);
    }
    X509CertImpl certImpl = certInfo.getCert();
    X509Certificate cert;
    byte[] keyID = certInfo.getKeyID();
    if (keyID != null) {
        // cert has key
        logger.debug("Importing private key for " + certInfo.getFriendlyName());
        PKCS12KeyInfo keyInfo = pkcs12.getKeyInfoByID(keyID);
        importKey(pkcs12, password, certInfo.getFriendlyName(), keyInfo);
        logger.debug("Importing user certificate " + certInfo.getFriendlyName());
        cert = cm.importUserCACertPackage(certImpl.getEncoded(), certInfo.getFriendlyName());
    } else {
        // cert has no key
        logger.debug("Importing CA certificate " + certInfo.getFriendlyName());
        // Note: JSS does not preserve CA certificate nickname
        cert = cm.importCACertPackage(certImpl.getEncoded());
    }
    String trustFlags = certInfo.getTrustFlags();
    if (trustFlags != null && trustFlagsEnabled) {
        PK11Cert pk11Cert = (PK11Cert) cert;
        pk11Cert.setTrustFlags(trustFlags);
    }
}
Also used : CryptoStore(org.mozilla.jss.crypto.CryptoStore) CryptoToken(org.mozilla.jss.crypto.CryptoToken) X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl) CryptoManager(org.mozilla.jss.CryptoManager) BMPString(org.mozilla.jss.asn1.BMPString) X509Certificate(org.mozilla.jss.crypto.X509Certificate) PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)

Aggregations

SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)33 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)19 InvalidBERException (org.mozilla.jss.asn1.InvalidBERException)17 ANY (org.mozilla.jss.asn1.ANY)14 CryptoToken (org.mozilla.jss.crypto.CryptoToken)14 AlgorithmIdentifier (org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)11 IOException (java.io.IOException)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 ASN1Value (org.mozilla.jss.asn1.ASN1Value)10 BMPString (org.mozilla.jss.asn1.BMPString)10 CryptoManager (org.mozilla.jss.CryptoManager)9 SET (org.mozilla.jss.asn1.SET)9 ByteArrayOutputStream (java.io.ByteArrayOutputStream)8 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)8 OBJECT_IDENTIFIER (org.mozilla.jss.asn1.OBJECT_IDENTIFIER)8 EncryptionAlgorithm (org.mozilla.jss.crypto.EncryptionAlgorithm)8 FileOutputStream (java.io.FileOutputStream)7 Cipher (org.mozilla.jss.crypto.Cipher)7 CertificateException (java.security.cert.CertificateException)6 BadPaddingException (javax.crypto.BadPaddingException)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial