Examples with PFX org.mozilla.jss.pkcs12.PFX used on opensource projects

Search in sources :

Example 1 with PFX

use of org.mozilla.jss.pkcs12.PFX in project core by jcryptool.

the class ImportExportManager method exportKeyPair.

public void exportKeyPair(IPath path, PrivateKey key, Certificate[] chain, char[] password) {
    PFX pfx;
    X509Certificate[] x509Chain = convert(chain);
    try {
        if (x509Chain.length > 1) {
            X509Certificate[] shortChain = new X509Certificate[x509Chain.length - 1];
            for (int i = 1; i < chain.length; i++) {
                shortChain[i - 1] = x509Chain[i];
            }
            pfx = new PFX(key, x509Chain[0], shortChain, password, null, null);
        } else {
            pfx = new PFX(key, x509Chain[0], null, password, null, null);
        }
        IFileStore fileStore = EFS.getStore(URIUtil.toURI(path));
        OutputStream os = new BufferedOutputStream(fileStore.openOutputStream(EFS.APPEND, null));
        DEREncoder encoder = new DEREncoder(os);
        pfx.encode(encoder);
        encoder.close();
        os.close();
    } catch (CertificateEncodingException e) {
        LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "CertificateEncodingException while creating a PFX", e, true);
    } catch (GeneralSecurityException e) {
        LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "GeneralSecurityException while creating a PFX", e, true);
    } catch (ASN1Exception e) {
        LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "ASN1Exception while creating a PFX", e, true);
    } catch (IOException e) {
        LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "IOException while creating a PFX", e, true);
    } catch (CoreException e) {
        LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "CoreException while creating a PFX", e, true);
    }
}
Also used : PFX(codec.pkcs12.PFX) ASN1Exception(codec.asn1.ASN1Exception) BufferedOutputStream(java.io.BufferedOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) OutputStream(java.io.OutputStream) GeneralSecurityException(java.security.GeneralSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) CoreException(org.eclipse.core.runtime.CoreException) DEREncoder(codec.asn1.DEREncoder) IFileStore(org.eclipse.core.filesystem.IFileStore) BufferedOutputStream(java.io.BufferedOutputStream)

Example 2 with PFX

use of org.mozilla.jss.pkcs12.PFX in project core by jcryptool.

the class AbstractImportKeyStoreEntryHandler method performImportAction.

protected void performImportAction(IImportDescriptor descriptor, Object importedObject) throws IllegalArgumentException {
    if (descriptor.getKeyStoreEntryType().equals(KeyType.SECRETKEY)) {
        if (importedObject instanceof SecretKey) {
            // $NON-NLS-1$
            LogUtil.logInfo("importing secret key");
            addSecretKey(descriptor, (SecretKey) importedObject);
        } else {
            throw new IllegalArgumentException("Parameter is not as expected an instance of SecretKey");
        }
    } else if (descriptor.getKeyStoreEntryType().equals(KeyType.KEYPAIR)) {
        if (importedObject instanceof PFX) {
            // $NON-NLS-1$
            LogUtil.logInfo("importing pfx");
            PFX pfx = (PFX) importedObject;
            try {
                char[] password = promptPassword();
                if (password == null)
                    return;
                SafeBag safeBag = pfx.getAuthSafe().getSafeContents(0).getSafeBag(0);
                PKCS8ShroudedKeyBag kBag = (PKCS8ShroudedKeyBag) safeBag.getBagValue();
                PrivateKey privKey = kBag.getPrivateKey(password);
                SafeBag certBag = pfx.getAuthSafe().getSafeContents(1, password).getSafeBag(0);
                CertBag cBag = (CertBag) certBag.getBagValue();
                PublicKey pubKey = cBag.getCertificate().getPublicKey();
                int keySize = -1;
                if (pubKey instanceof RSAPublicKey)
                    keySize = ((RSAPublicKey) pubKey).getN().bitLength();
                else if (pubKey instanceof DSAPublicKey)
                    keySize = ((DSAPublicKey) pubKey).getParameters().getP().bitLength();
                // TODO: Add keySize calculation for the remaining
                // algorithms.
                ImportDescriptor newDescriptor = new ImportDescriptor(descriptor.getContactName(), privKey.getAlgorithm(), KeyType.KEYPAIR, descriptor.getFileName(), descriptor.getPassword(), descriptor.getProvider(), keySize);
                addKeyPair(newDescriptor, privKey, pubKey);
            } catch (ASN1Exception e) {
                LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "error while importing key pair", e, true);
            } catch (IOException e) {
                LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "error while importing key pair", e, false);
            } catch (GeneralSecurityException e) {
                LogUtil.logError(KeyStorePlugin.PLUGIN_ID, "error while importing key pair", e, true);
            }
        } else {
            throw new IllegalArgumentException("Parameter is not an instance of PFX, as expected");
        }
    } else if (descriptor.getKeyStoreEntryType().equals(KeyType.PUBLICKEY)) {
        if (importedObject instanceof Certificate) {
            // $NON-NLS-1$
            LogUtil.logInfo("importing certificate");
            addCertificate(descriptor, (Certificate) importedObject);
        } else {
            throw new IllegalArgumentException("Parameter is not an instance of Certificate, as expected");
        }
    }
}
Also used : PKCS8ShroudedKeyBag(codec.pkcs12.PKCS8ShroudedKeyBag) PFX(codec.pkcs12.PFX) PrivateKey(java.security.PrivateKey) RSAPublicKey(de.flexiprovider.core.rsa.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(de.flexiprovider.core.dsa.interfaces.DSAPublicKey) ASN1Exception(codec.asn1.ASN1Exception) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) SafeBag(codec.pkcs12.SafeBag) DSAPublicKey(de.flexiprovider.core.dsa.interfaces.DSAPublicKey) SecretKey(javax.crypto.SecretKey) CertBag(codec.pkcs12.CertBag) RSAPublicKey(de.flexiprovider.core.rsa.interfaces.RSAPublicKey) IImportDescriptor(org.jcryptool.crypto.keystore.descriptors.interfaces.IImportDescriptor) ImportDescriptor(org.jcryptool.crypto.keystore.descriptors.ImportDescriptor) Certificate(java.security.cert.Certificate)

Example 3 with PFX

use of org.mozilla.jss.pkcs12.PFX in project core by jcryptool.

the class ImportManager method importPFX.

public PFX importPFX(IPath path) {
    BufferedInputStream is;
    try {
        IFileStore fileStore = EFS.getStore(URIUtil.toURI(path));
        is = new BufferedInputStream(fileStore.openInputStream(EFS.NONE, null));
        PFX pfx = new PFX();
        DERDecoder decoder = new DERDecoder(is);
        pfx.decode(decoder);
        decoder.close();
        return pfx;
    } catch (CoreException e) {
        LogUtil.logError(FlexiProviderKeystorePlugin.PLUGIN_ID, "CoreException while accessing a file store", e, true);
    } catch (ASN1Exception e) {
        LogUtil.logError(FlexiProviderKeystorePlugin.PLUGIN_ID, "ASN1Exception while decoding a pfx", e, true);
    } catch (IOException e) {
        LogUtil.logError(FlexiProviderKeystorePlugin.PLUGIN_ID, "IOException while decoding a pfx", e, false);
    }
    return null;
}
Also used : PFX(codec.pkcs12.PFX) CoreException(org.eclipse.core.runtime.CoreException) BufferedInputStream(java.io.BufferedInputStream) ASN1Exception(codec.asn1.ASN1Exception) IFileStore(org.eclipse.core.filesystem.IFileStore) IOException(java.io.IOException) DERDecoder(codec.asn1.DERDecoder)

Example 4 with PFX

use of org.mozilla.jss.pkcs12.PFX in project OpenAM by OpenRock.

the class SecureLogHelperJSSImpl method readFromSecretStore.

/**
     * Returns matched secret data from from the secret Storage. 
     * At a time there are only 3 things in logger's secure store file 
     *    - initialkey, currentkey and current signature
     * In the verifier secure store file there is just the initial key of the
     * logger and the currentKey
     * @param filename file for secret storage
     * @param dataType The kind of data to be read, whether it is a
     *                 signature or a key
     * @param password password for the file
     * @return secure data that is matched with dataType
     * @throws Exception if it fails to read secret data from secret store
     */
byte[] readFromSecretStore(String filename, String dataType, AMPassword password) throws Exception {
    // open input file for reading
    FileInputStream infile = null;
    infile = new FileInputStream(filename);
    // Decode the P12 file
    PFX.Template pfxt = new PFX.Template();
    PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(infile, 2048));
    // Verify the MAC on the PFX.  This is important to be sure
    // it hasn't been tampered with.
    StringBuffer reason = new StringBuffer();
    MessageDigest md = MessageDigest.getInstance("SHA");
    Password jssPasswd = new Password(new String(md.digest(password.getByteCopy()), "UTF-8").toCharArray());
    md.reset();
    if (!pfx.verifyAuthSafes(jssPasswd, reason)) {
        throw new Exception("AuthSafes failed to verify because: " + reason.toString());
    }
    AuthenticatedSafes authSafes = pfx.getAuthSafes();
    SEQUENCE safeContentsSequence = authSafes.getSequence();
    byte[] cryptoData = null;
    // Loop over contents of the authenticated safes
    for (int i = 0; i < safeContentsSequence.size(); i++) {
        // The safeContents may or may not be encrypted.  We always send
        // the password in.  It will get used if it is needed.  If the
        // decryption of the safeContents fails for some reason (like
        // a bad password), then this method will throw an exception
        SEQUENCE safeContents = authSafes.getSafeContentsAt(jssPasswd, i);
        SafeBag safeBag = null;
        ASN1Value val = null;
        // Go through all the bags in this SafeContents
        for (int j = 0; j < safeContents.size(); j++) {
            safeBag = (SafeBag) safeContents.elementAt(j);
            // look for bag attributes and then choose the key
            SET attribs = safeBag.getBagAttributes();
            if (attribs == null) {
                Debug.error("Bag has no attributes");
            } else {
                for (int b = 0; b < attribs.size(); b++) {
                    Attribute a = (Attribute) attribs.elementAt(b);
                    if (a.getType().equals(SafeBag.FRIENDLY_NAME)) {
                        // the friendly name attribute is a nickname
                        BMPString bs = (BMPString) ((ANY) a.getValues().elementAt(0)).decodeWith(BMPString.getTemplate());
                        if (dataType.equals(bs.toString())) {
                            // look at the contents of the bag
                            val = safeBag.getInterpretedBagContent();
                            break;
                        }
                    }
                }
            }
        }
        if (val instanceof ANY)
            cryptoData = ((ANY) val).getContents();
    }
    // Close the file
    infile.close();
    return cryptoData;
}
Also used : PFX(org.mozilla.jss.pkcs12.PFX) SET(org.mozilla.jss.asn1.SET) Attribute(org.mozilla.jss.pkix.primitive.Attribute) BMPString(org.mozilla.jss.asn1.BMPString) SafeBag(org.mozilla.jss.pkcs12.SafeBag) ANY(org.mozilla.jss.asn1.ANY) FileInputStream(java.io.FileInputStream) AuthenticatedSafes(org.mozilla.jss.pkcs12.AuthenticatedSafes) ASN1Value(org.mozilla.jss.asn1.ASN1Value) BufferedInputStream(java.io.BufferedInputStream) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) MessageDigest(java.security.MessageDigest) BMPString(org.mozilla.jss.asn1.BMPString) AMPassword(com.sun.identity.security.keystore.AMPassword) Password(org.mozilla.jss.util.Password)

Example 5 with PFX

use of org.mozilla.jss.pkcs12.PFX in project OpenAM by OpenRock.

the class SecureLogHelperJSSImpl method writeToSecretStore.

/**
     * Writes to the secret Storage. If the data to be written is a key, then
     * writes the older signature also. If it is a signature then writes the
     * older key also
     * @param cryptoMaterial The data to be written to the secret storage
     * @param filename The file for secret storage
     * @param password The password for the file
     * @param dataType The kind of cryptoMaterial, whether it is a signature
     * or a key
     * @throws Exception if it fails to write secret data from secret store
     */
void writeToSecretStore(byte[] cryptoMaterial, String filename, AMPassword password, String dataType) throws Exception {
    byte[] oldDataFromSecretStorage = null;
    String oldDataType = null;
    MessageDigest md = MessageDigest.getInstance("SHA");
    Password jssPasswd = new Password(new String(md.digest(password.getByteCopy()), "UTF-8").toCharArray());
    md.reset();
    // Do this only when the logger's file is being used
    if (filename.equals(logFileName) && loggerInitialized) {
        // current signature in the PKCS12 file
        if (dataType.equals(currentSignature)) {
            oldDataFromSecretStorage = readFromSecretStore(logFileName, currentKey, password);
            oldDataType = currentKey;
        } else if (dataType.equals(currentKey)) {
            // need to read the currentSignature 
            // for the same reason as above
            oldDataFromSecretStorage = readFromSecretStore(logFileName, currentSignature, password);
            oldDataType = currentSignature;
        }
    }
    // Start building the new contents by adding the older content first
    AuthenticatedSafes newAuthSafes = new AuthenticatedSafes();
    if (oldDataFromSecretStorage != null) {
        SEQUENCE oldSafeContents = AddToSecretStore(oldDataFromSecretStorage, oldDataType);
        // Add the old contents to the existing safe
        newAuthSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, jssPasswd, null, AuthenticatedSafes.DEFAULT_ITERATIONS, oldSafeContents);
    }
    // not being added for the first time
    if ((filename.equals(logFileName)) && !dataType.equals(initialKey) && loggerInitialized) {
        byte[] key = readFromSecretStore(filename, initialKey, password);
        if (key != null) {
            SEQUENCE initialKeySafeContents = AddToSecretStore(key, initialKey);
            newAuthSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, jssPasswd, null, AuthenticatedSafes.DEFAULT_ITERATIONS, initialKeySafeContents);
        }
    }
    if ((filename.equals(verifierFileName)) && !dataType.equals(initialKey) && verifierInitialized) {
        byte[] key = readFromSecretStore(filename, initialKey, password);
        if (key != null) {
            SEQUENCE initialKeySafeContents = AddToSecretStore(key, initialKey);
            newAuthSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, jssPasswd, null, AuthenticatedSafes.DEFAULT_ITERATIONS, initialKeySafeContents);
        }
    }
    // Add the new contents
    SEQUENCE encSafeContents = AddToSecretStore(cryptoMaterial, dataType);
    // Add the new contents to the existing safe
    newAuthSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, jssPasswd, null, AuthenticatedSafes.DEFAULT_ITERATIONS, encSafeContents);
    PFX newpfx = new PFX(newAuthSafes);
    newpfx.computeMacData(jssPasswd, null, 5);
    // write the new PFX out to the logger
    FileOutputStream fos = new FileOutputStream(filename);
    newpfx.encode(fos);
    fos.close();
}
Also used : PFX(org.mozilla.jss.pkcs12.PFX) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) FileOutputStream(java.io.FileOutputStream) BMPString(org.mozilla.jss.asn1.BMPString) MessageDigest(java.security.MessageDigest) AMPassword(com.sun.identity.security.keystore.AMPassword) Password(org.mozilla.jss.util.Password) AuthenticatedSafes(org.mozilla.jss.pkcs12.AuthenticatedSafes)

Aggregations

PFX (codec.pkcs12.PFX)4 ASN1Exception (codec.asn1.ASN1Exception)3 IOException (java.io.IOException)3 AMPassword (com.sun.identity.security.keystore.AMPassword)2 BufferedInputStream (java.io.BufferedInputStream)2 GeneralSecurityException (java.security.GeneralSecurityException)2 MessageDigest (java.security.MessageDigest)2 Certificate (java.security.cert.Certificate)2 SecretKey (javax.crypto.SecretKey)2 IFileStore (org.eclipse.core.filesystem.IFileStore)2 CoreException (org.eclipse.core.runtime.CoreException)2 ImportDescriptor (org.jcryptool.crypto.keystore.descriptors.ImportDescriptor)2 IImportDescriptor (org.jcryptool.crypto.keystore.descriptors.interfaces.IImportDescriptor)2 BMPString (org.mozilla.jss.asn1.BMPString)2 SEQUENCE (org.mozilla.jss.asn1.SEQUENCE)2 AuthenticatedSafes (org.mozilla.jss.pkcs12.AuthenticatedSafes)2 PFX (org.mozilla.jss.pkcs12.PFX)2 Password (org.mozilla.jss.util.Password)2 DERDecoder (codec.asn1.DERDecoder)1 DEREncoder (codec.asn1.DEREncoder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial