Example 61 with ObjectIdentifier
use of sun.security.util.ObjectIdentifier in project Bytecoder by mirkosertic.
the class PKCS9Attributes method toString.
/**
* Returns the PKCS9 block in a printable string form.
*/
public String toString() {
StringBuilder sb = new StringBuilder(200);
sb.append("PKCS9 Attributes: [\n\t");
ObjectIdentifier oid;
PKCS9Attribute value;
boolean first = true;
for (int i = 1; i < PKCS9Attribute.PKCS9_OIDS.length; i++) {
value = getAttribute(PKCS9Attribute.PKCS9_OIDS[i]);
if (value == null)
continue;
// we have a value; print it
if (first)
first = false;
else
sb.append(";\n\t");
sb.append(value.toString());
}
sb.append("\n\t] (end PKCS9 Attributes)");
return sb.toString();
}
Also used :
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 62 with ObjectIdentifier
use of sun.security.util.ObjectIdentifier in project Bytecoder by mirkosertic.
the class PKCS9Attributes method decode.
/**
* Decode this set of PKCS9 attributes from the contents of its
* DER encoding. Ignores unsupported attributes when directed.
*
* @param in
* the contents of the DER encoding of the attribute set.
*
* @exception IOException
* on i/o error, encoding syntax error, unacceptable or
* unsupported attribute, or duplicate attribute.
*/
private byte[] decode(DerInputStream in) throws IOException {
DerValue val = in.getDerValue();
// save the DER encoding with its proper tag byte.
byte[] derEncoding = val.toByteArray();
derEncoding[0] = DerValue.tag_SetOf;
DerInputStream derIn = new DerInputStream(derEncoding);
DerValue[] derVals = derIn.getSet(3, true);
PKCS9Attribute attrib;
ObjectIdentifier oid;
boolean reuseEncoding = true;
for (int i = 0; i < derVals.length; i++) {
try {
attrib = new PKCS9Attribute(derVals[i]);
} catch (ParsingException e) {
if (ignoreUnsupportedAttributes) {
// cannot reuse supplied DER encoding
reuseEncoding = false;
// skip
continue;
} else {
throw e;
}
}
oid = attrib.getOID();
if (attributes.get(oid) != null)
throw new IOException("Duplicate PKCS9 attribute: " + oid);
if (permittedAttributes != null && !permittedAttributes.containsKey(oid))
throw new IOException("Attribute " + oid + " not permitted in this attribute set");
attributes.put(oid, attrib);
}
return reuseEncoding ? derEncoding : generateDerEncoding();
}
Also used :
DerValue(sun.security.util.DerValue)
DerInputStream(sun.security.util.DerInputStream)
IOException(java.io.IOException)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 63 with ObjectIdentifier
use of sun.security.util.ObjectIdentifier in project Bytecoder by mirkosertic.
the class PKCS12KeyStore method encryptPrivateKey.
/*
* Encrypt private key using Password-based encryption (PBE)
* as defined in PKCS#5.
*
* NOTE: By default, pbeWithSHAAnd3-KeyTripleDES-CBC algorithmID is
* used to derive the key and IV.
*
* @return encrypted private key encoded as EncryptedPrivateKeyInfo
*/
private byte[] encryptPrivateKey(byte[] data, KeyStore.PasswordProtection passwordProtection) throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
byte[] key = null;
try {
String algorithm;
AlgorithmParameters algParams;
AlgorithmId algid;
// Initialize PBE algorithm and parameters
algorithm = passwordProtection.getProtectionAlgorithm();
if (algorithm != null) {
AlgorithmParameterSpec algParamSpec = passwordProtection.getProtectionParameters();
if (algParamSpec != null) {
algParams = AlgorithmParameters.getInstance(algorithm);
algParams.init(algParamSpec);
} else {
algParams = getAlgorithmParameters(algorithm);
}
} else {
// Check default key protection algorithm for PKCS12 keystores
algorithm = AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
String prop = Security.getProperty(KEY_PROTECTION_ALGORITHM[0]);
if (prop == null) {
prop = Security.getProperty(KEY_PROTECTION_ALGORITHM[1]);
}
return prop;
}
});
if (algorithm == null || algorithm.isEmpty()) {
algorithm = "PBEWithSHA1AndDESede";
}
algParams = getAlgorithmParameters(algorithm);
}
ObjectIdentifier pbeOID = mapPBEAlgorithmToOID(algorithm);
if (pbeOID == null) {
throw new IOException("PBE algorithm '" + algorithm + " 'is not supported for key entry protection");
}
// Use JCE
SecretKey skey = getPBEKey(passwordProtection.getPassword());
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
byte[] encryptedKey = cipher.doFinal(data);
algid = new AlgorithmId(pbeOID, cipher.getParameters());
if (debug != null) {
debug.println(" (Cipher algorithm: " + cipher.getAlgorithm() + ")");
}
// wrap encrypted private key in EncryptedPrivateKeyInfo
// as defined in PKCS#8
EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(algid, encryptedKey);
key = encrInfo.getEncoded();
} catch (Exception e) {
UnrecoverableKeyException uke = new UnrecoverableKeyException("Encrypt Private Key failed: " + e.getMessage());
uke.initCause(e);
throw uke;
}
return key;
}
Also used :
KeyStoreException(java.security.KeyStoreException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
DestroyFailedException(javax.security.auth.DestroyFailedException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
SecretKey(javax.crypto.SecretKey)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
AlgorithmId(sun.security.x509.AlgorithmId)
PrivilegedAction(java.security.PrivilegedAction)
EncryptedPrivateKeyInfo(sun.security.pkcs.EncryptedPrivateKeyInfo)
Cipher(javax.crypto.Cipher)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
AlgorithmParameters(java.security.AlgorithmParameters)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Example 64 with ObjectIdentifier
use of sun.security.util.ObjectIdentifier in project Bytecoder by mirkosertic.
the class PKCS12KeyStore method engineGetKey.
/**
* Returns the key associated with the given alias, using the given
* password to recover it.
*
* @param alias the alias name
* @param password the password for recovering the key
*
* @return the requested key, or null if the given alias does not exist
* or does not identify a <i>key entry</i>.
*
* @exception NoSuchAlgorithmException if the algorithm for recovering the
* key cannot be found
* @exception UnrecoverableKeyException if the key cannot be recovered
* (e.g., the given password is wrong).
*/
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException {
Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
Key key = null;
if (entry == null || (!(entry instanceof KeyEntry))) {
return null;
}
// get the encoded private key or secret key
byte[] encrBytes = null;
if (entry instanceof PrivateKeyEntry) {
encrBytes = ((PrivateKeyEntry) entry).protectedPrivKey;
} else if (entry instanceof SecretKeyEntry) {
encrBytes = ((SecretKeyEntry) entry).protectedSecretKey;
} else {
throw new UnrecoverableKeyException("Error locating key");
}
byte[] encryptedKey;
AlgorithmParameters algParams;
ObjectIdentifier algOid;
try {
// get the encrypted private key
EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(encrBytes);
encryptedKey = encrInfo.getEncryptedData();
// parse Algorithm parameters
DerValue val = new DerValue(encrInfo.getAlgorithm().encode());
DerInputStream in = val.toDerInputStream();
algOid = in.getOID();
algParams = parseAlgParameters(algOid, in);
} catch (IOException ioe) {
UnrecoverableKeyException uke = new UnrecoverableKeyException("Private key not stored as " + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
uke.initCause(ioe);
throw uke;
}
try {
byte[] keyInfo;
while (true) {
try {
// Use JCE
SecretKey skey = getPBEKey(password);
Cipher cipher = Cipher.getInstance(mapPBEParamsToAlgorithm(algOid, algParams));
cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
keyInfo = cipher.doFinal(encryptedKey);
break;
} catch (Exception e) {
if (password.length == 0) {
// Retry using an empty password
// without a NULL terminator.
password = new char[1];
continue;
}
throw e;
}
}
/*
* Parse the key algorithm and then use a JCA key factory
* to re-create the key.
*/
DerValue val = new DerValue(keyInfo);
DerInputStream in = val.toDerInputStream();
int i = in.getInteger();
DerValue[] value = in.getSequence(2);
AlgorithmId algId = new AlgorithmId(value[0].getOID());
String keyAlgo = algId.getName();
// decode private key
if (entry instanceof PrivateKeyEntry) {
KeyFactory kfac = KeyFactory.getInstance(keyAlgo);
PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(keyInfo);
key = kfac.generatePrivate(kspec);
if (debug != null) {
debug.println("Retrieved a protected private key (" + key.getClass().getName() + ") at alias '" + alias + "'");
}
// decode secret key
} else {
byte[] keyBytes = in.getOctetString();
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, keyAlgo);
// Special handling required for PBE: needs a PBEKeySpec
if (keyAlgo.startsWith("PBE")) {
SecretKeyFactory sKeyFactory = SecretKeyFactory.getInstance(keyAlgo);
KeySpec pbeKeySpec = sKeyFactory.getKeySpec(secretKeySpec, PBEKeySpec.class);
key = sKeyFactory.generateSecret(pbeKeySpec);
} else {
key = secretKeySpec;
}
if (debug != null) {
debug.println("Retrieved a protected secret key (" + key.getClass().getName() + ") at alias '" + alias + "'");
}
}
} catch (Exception e) {
UnrecoverableKeyException uke = new UnrecoverableKeyException("Get Key failed: " + e.getMessage());
uke.initCause(e);
throw uke;
}
return key;
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeySpec(java.security.spec.KeySpec)
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
DerValue(sun.security.util.DerValue)
DerInputStream(sun.security.util.DerInputStream)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyFactory(java.security.KeyFactory)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
KeyStoreException(java.security.KeyStoreException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
DestroyFailedException(javax.security.auth.DestroyFailedException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
SecretKey(javax.crypto.SecretKey)
AlgorithmId(sun.security.x509.AlgorithmId)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
EncryptedPrivateKeyInfo(sun.security.pkcs.EncryptedPrivateKeyInfo)
Cipher(javax.crypto.Cipher)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 65 with ObjectIdentifier
use of sun.security.util.ObjectIdentifier in project Bytecoder by mirkosertic.
the class PKCS12KeyStore method getBagAttributes.
private byte[] getBagAttributes(String alias, byte[] keyId, ObjectIdentifier[] trustedUsage, Set<KeyStore.Entry.Attribute> attributes) throws IOException {
byte[] localKeyID = null;
byte[] friendlyName = null;
byte[] trustedKeyUsage = null;
// return null if all three attributes are null
if ((alias == null) && (keyId == null) && (trustedKeyUsage == null)) {
return null;
}
// SafeBag Attributes
DerOutputStream bagAttrs = new DerOutputStream();
// Encode the friendlyname oid.
if (alias != null) {
DerOutputStream bagAttr1 = new DerOutputStream();
bagAttr1.putOID(PKCS9FriendlyName_OID);
DerOutputStream bagAttrContent1 = new DerOutputStream();
DerOutputStream bagAttrValue1 = new DerOutputStream();
bagAttrContent1.putBMPString(alias);
bagAttr1.write(DerValue.tag_Set, bagAttrContent1);
bagAttrValue1.write(DerValue.tag_Sequence, bagAttr1);
friendlyName = bagAttrValue1.toByteArray();
}
// Encode the localkeyId oid.
if (keyId != null) {
DerOutputStream bagAttr2 = new DerOutputStream();
bagAttr2.putOID(PKCS9LocalKeyId_OID);
DerOutputStream bagAttrContent2 = new DerOutputStream();
DerOutputStream bagAttrValue2 = new DerOutputStream();
bagAttrContent2.putOctetString(keyId);
bagAttr2.write(DerValue.tag_Set, bagAttrContent2);
bagAttrValue2.write(DerValue.tag_Sequence, bagAttr2);
localKeyID = bagAttrValue2.toByteArray();
}
// Encode the trustedKeyUsage oid.
if (trustedUsage != null) {
DerOutputStream bagAttr3 = new DerOutputStream();
bagAttr3.putOID(TrustedKeyUsage_OID);
DerOutputStream bagAttrContent3 = new DerOutputStream();
DerOutputStream bagAttrValue3 = new DerOutputStream();
for (ObjectIdentifier usage : trustedUsage) {
bagAttrContent3.putOID(usage);
}
bagAttr3.write(DerValue.tag_Set, bagAttrContent3);
bagAttrValue3.write(DerValue.tag_Sequence, bagAttr3);
trustedKeyUsage = bagAttrValue3.toByteArray();
}
DerOutputStream attrs = new DerOutputStream();
if (friendlyName != null) {
attrs.write(friendlyName);
}
if (localKeyID != null) {
attrs.write(localKeyID);
}
if (trustedKeyUsage != null) {
attrs.write(trustedKeyUsage);
}
if (attributes != null) {
for (KeyStore.Entry.Attribute attribute : attributes) {
String attributeName = attribute.getName();
// skip friendlyName, localKeyId and trustedKeyUsage
if (CORE_ATTRIBUTES[0].equals(attributeName) || CORE_ATTRIBUTES[1].equals(attributeName) || CORE_ATTRIBUTES[2].equals(attributeName)) {
continue;
}
attrs.write(((PKCS12Attribute) attribute).getEncoded());
}
}
bagAttrs.write(DerValue.tag_Set, attrs);
return bagAttrs.toByteArray();
}
Also used :
DerOutputStream(sun.security.util.DerOutputStream)
ObjectIdentifier(sun.security.util.ObjectIdentifier)
Aggregations
ObjectIdentifier (sun.security.util.ObjectIdentifier)76
IOException (java.io.IOException)27
DerValue (sun.security.util.DerValue)17
AlgorithmId (sun.security.x509.AlgorithmId)17
DerInputStream (sun.security.util.DerInputStream)16
CertificateException (java.security.cert.CertificateException)14
KeyStoreException (java.security.KeyStoreException)12
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
UnrecoverableEntryException (java.security.UnrecoverableEntryException)10
UnrecoverableKeyException (java.security.UnrecoverableKeyException)10
AlgorithmParameters (java.security.AlgorithmParameters)9
X509Certificate (java.security.cert.X509Certificate)9
SecretKey (javax.crypto.SecretKey)9
DerOutputStream (sun.security.util.DerOutputStream)9
ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)8
PrivateKeyInfo (com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8
ByteArrayInputStream (java.io.ByteArrayInputStream)8
Date (java.util.Date)8
DestroyFailedException (javax.security.auth.DestroyFailedException)8
Cipher (javax.crypto.Cipher)7
