Examples with ObjectIdentifier - sun.security.util.ObjectIdentifier

Example 51 with ObjectIdentifier

use of sun.security.util.ObjectIdentifier in project jdk8u_jdk by JetBrains.

the class AltNamesEqualsTest method stringToOIDName.

private OIDName stringToOIDName(String name) throws Exception {
    OIDName oidName = null;
    ObjectIdentifier oid = new ObjectIdentifier(name);
    oidName = new OIDName(oid);
    return oidName;
}

Also used : ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 52 with ObjectIdentifier

use of sun.security.util.ObjectIdentifier in project jdk8u_jdk by JetBrains.

the class PKCS12SameKeyId method main.

public static void main(String[] args) throws Exception {
    // Prepare a JKS keystore with many entries
    new File(JKSFILE).delete();
    for (int i = 0; i < SIZE; i++) {
        System.err.print(".");
        String cmd = "-keystore " + JKSFILE + " -storepass changeit -keypass changeit -keyalg rsa " + "-genkeypair -alias p" + i + " -dname CN=" + i;
        sun.security.tools.keytool.Main.main(cmd.split(" "));
    }
    // Prepare EncryptedPrivateKeyInfo parameters, copied from various
    // places in PKCS12KeyStore.java
    AlgorithmParameters algParams = AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
    algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
    AlgorithmId algid = new AlgorithmId(new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
    PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
    SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
    SecretKey skey = skFac.generateSecret(keySpec);
    Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
    cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
    // Pre-calculated keys and certs and aliases
    byte[][] keys = new byte[SIZE][];
    Certificate[][] certChains = new Certificate[SIZE][];
    String[] aliases = new String[SIZE];
    // Reads from JKS keystore and pre-calculate
    KeyStore ks = KeyStore.getInstance("jks");
    try (FileInputStream fis = new FileInputStream(JKSFILE)) {
        ks.load(fis, PASSWORD);
    }
    for (int i = 0; i < SIZE; i++) {
        aliases[i] = "p" + i;
        byte[] enckey = cipher.doFinal(ks.getKey(aliases[i], PASSWORD).getEncoded());
        keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
        certChains[i] = ks.getCertificateChain(aliases[i]);
    }
    // Write into PKCS12 keystore. Use this overloaded version of
    // setKeyEntry() to be as fast as possible, so that they would
    // have same localKeyId.
    KeyStore p12 = KeyStore.getInstance("pkcs12");
    p12.load(null, PASSWORD);
    for (int i = 0; i < SIZE; i++) {
        p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
    }
    try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
        p12.store(fos, PASSWORD);
    }
    // Check private keys still match certs
    p12 = KeyStore.getInstance("pkcs12");
    try (FileInputStream fis = new FileInputStream(P12FILE)) {
        p12.load(fis, PASSWORD);
    }
    for (int i = 0; i < SIZE; i++) {
        String a = "p" + i;
        X509Certificate x = (X509Certificate) p12.getCertificate(a);
        X500Name name = (X500Name) x.getSubjectDN();
        if (!name.getCommonName().equals("" + i)) {
            throw new Exception(a + "'s cert is " + name);
        }
    }
}

Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) X500Name(sun.security.x509.X500Name) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) AlgorithmId(sun.security.x509.AlgorithmId) FileOutputStream(java.io.FileOutputStream) EncryptedPrivateKeyInfo(sun.security.pkcs.EncryptedPrivateKeyInfo) Cipher(javax.crypto.Cipher) File(java.io.File) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec) AlgorithmParameters(java.security.AlgorithmParameters) ObjectIdentifier(sun.security.util.ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 53 with ObjectIdentifier

use of sun.security.util.ObjectIdentifier in project jdk8u_jdk by JetBrains.

the class CipherForKeyProtector method protect.

/**
     * Protects the given cleartext private key, using the password provided at
     * construction time.
     */
byte[] protect(PrivateKey key) throws Exception {
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);
    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();
    // encrypt private key
    PBEWithMD5AndTripleDESCipher cipher;
    cipher = new PBEWithMD5AndTripleDESCipher();
    cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
    byte[] plain = key.getEncoded();
    byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
    // wrap encrypted private key in EncryptedPrivateKeyInfo
    // (as defined in PKCS#8)
    AlgorithmParameters pbeParams = AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
    pbeParams.init(pbeSpec);
    AlgorithmId encrAlg = new AlgorithmId(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), pbeParams);
    return new EncryptedPrivateKeyInfo(encrAlg, encrKey).getEncoded();
}

Also used : SecretKey(javax.crypto.SecretKey) AlgorithmId(sun.security.x509.AlgorithmId) AlgorithmParameters(java.security.AlgorithmParameters) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 54 with ObjectIdentifier

use of sun.security.util.ObjectIdentifier in project jdk8u_jdk by JetBrains.

the class X509CertSelector method setExtendedKeyUsage.

/**
     * Sets the extendedKeyUsage criterion. The {@code X509Certificate}
     * must allow the specified key purposes in its extended key usage
     * extension. If {@code keyPurposeSet} is empty or {@code null},
     * no extendedKeyUsage check will be done. Note that an
     * {@code X509Certificate} that has no extendedKeyUsage extension
     * implicitly allows all key purposes.
     * <p>
     * Note that the {@code Set} is cloned to protect against
     * subsequent modifications.
     *
     * @param keyPurposeSet a {@code Set} of key purpose OIDs in string
     * format (or {@code null}). Each OID is represented by a set of
     * nonnegative integers separated by periods.
     * @throws IOException if the OID is invalid, such as
     * the first component being not 0, 1 or 2 or the second component
     * being greater than 39.
     * @see #getExtendedKeyUsage
     */
public void setExtendedKeyUsage(Set<String> keyPurposeSet) throws IOException {
    if ((keyPurposeSet == null) || keyPurposeSet.isEmpty()) {
        this.keyPurposeSet = null;
        keyPurposeOIDSet = null;
    } else {
        this.keyPurposeSet = Collections.unmodifiableSet(new HashSet<String>(keyPurposeSet));
        keyPurposeOIDSet = new HashSet<ObjectIdentifier>();
        for (String s : this.keyPurposeSet) {
            keyPurposeOIDSet.add(new ObjectIdentifier(s));
        }
    }
}

Also used : ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 55 with ObjectIdentifier

use of sun.security.util.ObjectIdentifier in project Resurrection_packages_apps_Settings by ResurrectionRemix.

the class CredentialStorage method isHardwareBackedKey.

private boolean isHardwareBackedKey(byte[] keyData) {
    try {
        ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData));
        PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject());
        String algOid = pki.getAlgorithmId().getAlgorithm().getId();
        String algName = new AlgorithmId(new ObjectIdentifier(algOid)).getName();
        return KeyChain.isBoundKeyAlgorithm(algName);
    } catch (IOException e) {
        Log.e(TAG, "Failed to parse key data");
        return false;
    }
}

Also used : ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) AlgorithmId(sun.security.x509.AlgorithmId) IOException(java.io.IOException) PrivateKeyInfo(com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Aggregations

ObjectIdentifier (sun.security.util.ObjectIdentifier)76 IOException (java.io.IOException)27 DerValue (sun.security.util.DerValue)17 AlgorithmId (sun.security.x509.AlgorithmId)17 DerInputStream (sun.security.util.DerInputStream)16 CertificateException (java.security.cert.CertificateException)14 KeyStoreException (java.security.KeyStoreException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 UnrecoverableEntryException (java.security.UnrecoverableEntryException)10 UnrecoverableKeyException (java.security.UnrecoverableKeyException)10 AlgorithmParameters (java.security.AlgorithmParameters)9 X509Certificate (java.security.cert.X509Certificate)9 SecretKey (javax.crypto.SecretKey)9 DerOutputStream (sun.security.util.DerOutputStream)9 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)8 PrivateKeyInfo (com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8 ByteArrayInputStream (java.io.ByteArrayInputStream)8 Date (java.util.Date)8 DestroyFailedException (javax.security.auth.DestroyFailedException)8 Cipher (javax.crypto.Cipher)7