use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.
the class JSSSecretKeyFactorySpi method generateKeyFromBits.
private SecretKey generateKeyFromBits(byte[] bits, SymmetricKey.Type keyType) throws NoSuchAlgorithmException, TokenException, InvalidKeySpecException, InvalidAlgorithmParameterException {
try {
KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.PLAINTEXT);
wrapper.initUnwrap();
SymmetricKey symk = wrapper.unwrapSymmetric(bits, keyType, 0);
return new SecretKeyFacade(symk);
} catch (InvalidKeyException e) {
throw new InvalidKeySpecException(e.getMessage());
}
}
use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineSetKeyEntry.
@Override
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException {
logger.debug("JSSKeyStoreSpi: engineSetKeyEntry(" + alias + ", key, password, chain)");
if (key instanceof SecretKeyFacade) {
SecretKeyFacade skf = (SecretKeyFacade) key;
engineSetKeyEntryNative(alias, skf.key, password, chain);
} else {
engineSetKeyEntryNative(alias, key, password, chain);
}
}
use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineGetKey.
@Override
public Key engineGetKey(String alias, char[] password) {
logger.debug("JSSKeyStoreSpi: engineGetKey(" + alias + ")");
try {
CryptoManager cm = CryptoManager.getInstance();
logger.debug("JSSKeyStoreSpi: searching for cert");
try {
X509Certificate cert = cm.findCertByNickname(alias);
logger.debug("JSSKeyStoreSpi: found cert: " + alias);
PrivateKey privateKey = cm.findPrivKeyByCert(cert);
logger.debug("JSSKeyStoreSpi: found private key: " + alias);
return privateKey;
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert/key not found, searching for key");
}
String[] parts = parseAlias(alias);
String tokenName = parts[0];
String nickname = parts[1];
CryptoToken token;
if (tokenName == null) {
token = cm.getInternalKeyStorageToken();
} else {
token = cm.getTokenByName(tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: searching for private key");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
logger.debug("JSSKeyStoreSpi: - " + keyID);
if (nickname.equals(keyID)) {
logger.debug("JSSKeyStoreSpi: found private key: " + nickname);
return privateKey;
}
}
logger.debug("JSSKeyStoreSpi: searching for symmetric key");
for (SymmetricKey symmetricKey : store.getSymmetricKeys()) {
logger.debug("JSSKeyStoreSpi: - " + symmetricKey.getNickName());
if (nickname.equals(symmetricKey.getNickName())) {
logger.debug("JSSKeyStoreSpi: found symmetric key: " + nickname);
return new SecretKeyFacade(symmetricKey);
}
}
logger.debug("JSSKeyStoreSpi: key not found: " + nickname);
return null;
} catch (NoSuchTokenException e) {
throw new RuntimeException(e);
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
}
}
use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.
the class KeyStoreTest method addKey.
public static void addKey(KeyStore ks, String alias) throws Throwable {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
kpg.initialize(1024);
KeyPair pair = kpg.genKeyPair();
Certificate[] certs = new Certificate[1];
ks.setKeyEntry(alias, pair.getPrivate(), null, certs);
CryptoManager cm = CryptoManager.getInstance();
CryptoToken tok = cm.getInternalKeyStorageToken();
KeyGenerator kg = tok.getKeyGenerator(KeyGenAlgorithm.DES3);
SecretKey key = new SecretKeyFacade(kg.generate());
ks.setKeyEntry(alias + "sym", key, null, null);
}
use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.
the class JCAKeyWrap method wrapSymetricKey.
/**
* @param symKey
* @param wrapperAlg
* @param wrapperKey
* @param providerA
* @param providerB
* @throws Exception
*/
public void wrapSymetricKey(Key symKey, String wrapperAlg, Key wrapperKey, String providerA, String providerB) throws Exception {
try {
System.out.print("Wrap " + symKey.getAlgorithm() + " " + ((SecretKeyFacade) symKey).key.getStrength() + " with " + wrapperKey.getAlgorithm() + " " + ((SecretKeyFacade) wrapperKey).key.getStrength() + " symmetric key. ");
// wrap key
Cipher cipher = Cipher.getInstance(wrapperAlg, providerA);
cipher.init(Cipher.WRAP_MODE, wrapperKey);
byte[] wrappedData = cipher.wrap(symKey);
// generate the algorithm Parameters; they need to be
// the same for encrypt/decrypt if they are needed.
byte[] encodedKeyWrapAP = null;
AlgorithmParameters ap = null;
ap = cipher.getParameters();
if (ap != null) {
// get parameters to store away as example.
encodedKeyWrapAP = ap.getEncoded();
}
// unwrap key
cipher = Cipher.getInstance(wrapperAlg, providerA);
if (encodedKeyWrapAP == null) {
cipher.init(Cipher.UNWRAP_MODE, wrapperKey);
} else {
// retrieve the algorithmParameters from the encoded array
AlgorithmParameters aps = AlgorithmParameters.getInstance(wrapperKey.getAlgorithm());
aps.init(encodedKeyWrapAP);
cipher.init(Cipher.UNWRAP_MODE, wrapperKey, aps);
}
SecretKey unwrappedKey = (SecretKey) cipher.unwrap(wrappedData, symKey.getAlgorithm(), Cipher.SECRET_KEY);
testKeys(symKey, unwrappedKey, providerA, providerB);
} catch (BadPaddingException ex) {
ex.printStackTrace();
System.exit(1);
} catch (IllegalBlockSizeException ex) {
ex.printStackTrace();
System.exit(1);
} catch (UnsupportedEncodingException ex) {
ex.printStackTrace();
System.exit(1);
} catch (InvalidKeyException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchPaddingException ex) {
ex.printStackTrace();
System.exit(1);
}
}
Aggregations