List of usage examples for org.bouncycastle.asn1.x9 ECNamedCurveTable getByOID
public static X9ECParameters getByOID(ASN1ObjectIdentifier oid)
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static PublicKey loadPublicKey(Reader r) throws CryptoException { try (org.bouncycastle.openssl.PEMParser pemReader = new org.bouncycastle.openssl.PEMParser(r)) { PublicKey pubKey = null;//from w w w . ja v a 2 s . c om Object pemObj = pemReader.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); SubjectPublicKeyInfo keyInfo = null; X9ECParameters ecParam = null; if (pemObj instanceof ASN1ObjectIdentifier) { // make sure this is EC Parameter we're handling. In which case // we'll store it and read the next object which should be our // EC Public Key ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj; ecParam = ECNamedCurveTable.getByOID(ecOID); if (ecParam == null) { throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId()); } pemObj = pemReader.readObject(); } else if (pemObj instanceof X9ECParameters) { ecParam = (X9ECParameters) pemObj; pemObj = pemReader.readObject(); } if (pemObj instanceof org.bouncycastle.cert.X509CertificateHolder) { keyInfo = ((org.bouncycastle.cert.X509CertificateHolder) pemObj).getSubjectPublicKeyInfo(); } else { keyInfo = (SubjectPublicKeyInfo) pemObj; } pubKey = pemConverter.getPublicKey(keyInfo); if (ecParam != null && ECDSA.equals(pubKey.getAlgorithm())) { ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed()); KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BC_PROVIDER); ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) pubKey).getQ(), ecSpec); pubKey = (PublicKey) keyFactory.generatePublic(keySpec); } return pubKey; } catch (PEMException e) { throw new CryptoException(e); } catch (NoSuchProviderException e) { LOG.error( "loadPublicKey: Caught NoSuchProviderException, check to make sure the provider is loaded correctly."); throw new CryptoException(e); } catch (NoSuchAlgorithmException e) { LOG.error( "loadPublicKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider."); throw new CryptoException(e); } catch (InvalidKeySpecException e) { LOG.error("loadPublicKey: Caught InvalidKeySpecException, invalid key spec is being used."); throw new CryptoException("InvalidKeySpecException"); } catch (IOException e) { throw new CryptoException(e); } }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static PrivateKey loadPrivateKey(Reader reader, String pwd) throws CryptoException { try (PEMParser pemReader = new PEMParser(reader)) { PrivateKey privKey = null; X9ECParameters ecParam = null;//from www. j a va2 s.c om Object pemObj = pemReader.readObject(); if (pemObj instanceof ASN1ObjectIdentifier) { // make sure this is EC Parameter we're handling. In which case // we'll store it and read the next object which should be our // EC Private Key ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj; ecParam = ECNamedCurveTable.getByOID(ecOID); if (ecParam == null) { throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId()); } pemObj = pemReader.readObject(); } else if (pemObj instanceof X9ECParameters) { ecParam = (X9ECParameters) pemObj; pemObj = pemReader.readObject(); } if (pemObj instanceof PEMKeyPair) { PrivateKeyInfo pKeyInfo = ((PEMKeyPair) pemObj).getPrivateKeyInfo(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); privKey = pemConverter.getPrivateKey(pKeyInfo); } else if (pemObj instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo pKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObj; if (pwd == null) { throw new CryptoException("No password specified to decrypt encrypted private key"); } // Decrypt the private key with the specified password InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder() .setProvider(BC_PROVIDER).build(pwd.toCharArray()); PrivateKeyInfo privateKeyInfo = pKeyInfo.decryptPrivateKeyInfo(pkcs8Prov); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); privKey = pemConverter.getPrivateKey(privateKeyInfo); } // if our private key is EC type and we have parameters specified // then we need to set it accordingly if (ecParam != null && ECDSA.equals(privKey.getAlgorithm())) { ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed()); KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BC_PROVIDER); ECPrivateKeySpec keySpec = new ECPrivateKeySpec(((BCECPrivateKey) privKey).getS(), ecSpec); privKey = (PrivateKey) keyFactory.generatePrivate(keySpec); } return privKey; } catch (PEMException e) { LOG.error("loadPrivateKey: Caught PEMException, problem with format of key detected."); throw new CryptoException(e); } catch (NoSuchProviderException e) { LOG.error( "loadPrivateKey: Caught NoSuchProviderException, check to make sure the provider is loaded correctly."); throw new CryptoException(e); } catch (NoSuchAlgorithmException e) { LOG.error( "loadPrivateKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider."); throw new CryptoException(e); } catch (InvalidKeySpecException e) { LOG.error("loadPrivateKey: Caught InvalidKeySpecException, invalid key spec is being used."); throw new CryptoException(e); } catch (OperatorCreationException e) { LOG.error( "loadPrivateKey: Caught OperatorCreationException when creating JceOpenSSLPKCS8DecryptorProviderBuilder."); throw new CryptoException(e); } catch (PKCSException e) { LOG.error("loadPrivateKey: Caught PKCSException when decrypting private key."); throw new CryptoException(e); } catch (IOException e) { LOG.error("loadPrivateKey: Caught IOException, while trying to read key."); throw new CryptoException(e); } }
From source file:org.apache.pulsar.client.impl.MessageCrypto.java
License:Apache License
private PublicKey loadPublicKey(byte[] keyBytes) throws Exception { Reader keyReader = new StringReader(new String(keyBytes)); PublicKey publicKey = null;//from ww w . j a va 2s. c o m try (org.bouncycastle.openssl.PEMParser pemReader = new org.bouncycastle.openssl.PEMParser(keyReader)) { Object pemObj = pemReader.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); SubjectPublicKeyInfo keyInfo = null; X9ECParameters ecParam = null; if (pemObj instanceof ASN1ObjectIdentifier) { // make sure this is EC Parameter we're handling. In which case // we'll store it and read the next object which should be our // EC Public Key ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj; ecParam = ECNamedCurveTable.getByOID(ecOID); if (ecParam == null) { throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId()); } pemObj = pemReader.readObject(); } else if (pemObj instanceof X9ECParameters) { ecParam = (X9ECParameters) pemObj; pemObj = pemReader.readObject(); } if (pemObj instanceof org.bouncycastle.cert.X509CertificateHolder) { keyInfo = ((org.bouncycastle.cert.X509CertificateHolder) pemObj).getSubjectPublicKeyInfo(); } else { keyInfo = (SubjectPublicKeyInfo) pemObj; } publicKey = pemConverter.getPublicKey(keyInfo); if (ecParam != null && ECDSA.equals(publicKey.getAlgorithm())) { ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed()); KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME); ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) publicKey).getQ(), ecSpec); publicKey = (PublicKey) keyFactory.generatePublic(keySpec); } } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) { throw new Exception(e); } return publicKey; }
From source file:org.apache.pulsar.client.impl.MessageCrypto.java
License:Apache License
private PrivateKey loadPrivateKey(byte[] keyBytes) throws Exception { Reader keyReader = new StringReader(new String(keyBytes)); PrivateKey privateKey = null; try (PEMParser pemReader = new PEMParser(keyReader)) { X9ECParameters ecParam = null;//from w w w . j a v a 2s. c o m Object pemObj = pemReader.readObject(); if (pemObj instanceof ASN1ObjectIdentifier) { // make sure this is EC Parameter we're handling. In which case // we'll store it and read the next object which should be our // EC Private Key ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj; ecParam = ECNamedCurveTable.getByOID(ecOID); if (ecParam == null) { throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ecOID.getId()); } pemObj = pemReader.readObject(); } else if (pemObj instanceof X9ECParameters) { ecParam = (X9ECParameters) pemObj; pemObj = pemReader.readObject(); } if (pemObj instanceof PEMKeyPair) { PrivateKeyInfo pKeyInfo = ((PEMKeyPair) pemObj).getPrivateKeyInfo(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); privateKey = pemConverter.getPrivateKey(pKeyInfo); } // if our private key is EC type and we have parameters specified // then we need to set it accordingly if (ecParam != null && ECDSA.equals(privateKey.getAlgorithm())) { ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed()); KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME); ECPrivateKeySpec keySpec = new ECPrivateKeySpec(((BCECPrivateKey) privateKey).getS(), ecSpec); privateKey = (PrivateKey) keyFactory.generatePrivate(keySpec); } } catch (IOException e) { throw new Exception(e); } return privateKey; }
From source file:org.xipki.commons.security.pkcs11.emulator.EmulatorP11Slot.java
License:Open Source License
private void savePkcs11PublicKey(final byte[] id, final String label, final PublicKey publicKey) throws P11TokenException { String hexId = Hex.toHexString(id).toLowerCase(); StringBuilder sb = new StringBuilder(100); sb.append(PROP_ID).append('=').append(hexId).append('\n'); sb.append(PROP_LABEL).append('=').append(label).append('\n'); if (publicKey instanceof RSAPublicKey) { sb.append(PROP_ALGORITHM).append('='); sb.append(PKCSObjectIdentifiers.rsaEncryption.getId()); sb.append('\n'); sb.append(PROP_RSA_MODUS).append('='); RSAPublicKey rsaKey = (RSAPublicKey) publicKey; sb.append(Hex.toHexString(rsaKey.getModulus().toByteArray())); sb.append('\n'); sb.append(PROP_RSA_PUBLIC_EXPONENT).append('='); sb.append(Hex.toHexString(rsaKey.getPublicExponent().toByteArray())); sb.append('\n'); } else if (publicKey instanceof DSAPublicKey) { sb.append(PROP_ALGORITHM).append('='); sb.append(X9ObjectIdentifiers.id_dsa.getId()); sb.append('\n'); sb.append(PROP_DSA_PRIME).append('='); DSAPublicKey dsaKey = (DSAPublicKey) publicKey; sb.append(Hex.toHexString(dsaKey.getParams().getP().toByteArray())); sb.append('\n'); sb.append(PROP_DSA_SUBPRIME).append('='); sb.append(Hex.toHexString(dsaKey.getParams().getQ().toByteArray())); sb.append('\n'); sb.append(PROP_DSA_BASE).append('='); sb.append(Hex.toHexString(dsaKey.getParams().getG().toByteArray())); sb.append('\n'); sb.append(PROP_DSA_VALUE).append('='); sb.append(Hex.toHexString(dsaKey.getY().toByteArray())); sb.append('\n'); } else if (publicKey instanceof ECPublicKey) { sb.append(PROP_ALGORITHM).append('='); sb.append(X9ObjectIdentifiers.id_ecPublicKey.getId()); sb.append('\n'); ECPublicKey ecKey = (ECPublicKey) publicKey; ECParameterSpec paramSpec = ecKey.getParams(); // ecdsaParams org.bouncycastle.jce.spec.ECParameterSpec bcParamSpec = EC5Util.convertSpec(paramSpec, false); ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(bcParamSpec); if (curveOid == null) { throw new P11TokenException("EC public key is not of namedCurve"); }//from ww w . java2 s.c o m byte[] encodedParams; try { if (namedCurveSupported) { encodedParams = curveOid.getEncoded(); } else { encodedParams = ECNamedCurveTable.getByOID(curveOid).getEncoded(); } } catch (IOException | NullPointerException ex) { throw new P11TokenException(ex.getMessage(), ex); } sb.append(PROP_EC_ECDSA_PARAMS).append('='); sb.append(Hex.toHexString(encodedParams)); sb.append('\n'); // EC point java.security.spec.ECPoint pointW = ecKey.getW(); int keysize = (paramSpec.getOrder().bitLength() + 7) / 8; byte[] ecPoint = new byte[1 + keysize * 2]; ecPoint[0] = 4; // uncompressed bigIntToBytes("Wx", pointW.getAffineX(), ecPoint, 1, keysize); bigIntToBytes("Wy", pointW.getAffineY(), ecPoint, 1 + keysize, keysize); byte[] encodedEcPoint; try { encodedEcPoint = new DEROctetString(ecPoint).getEncoded(); } catch (IOException ex) { throw new P11TokenException("could not ASN.1 encode the ECPoint"); } sb.append(PROP_EC_EC_POINT).append('='); sb.append(Hex.toHexString(encodedEcPoint)); sb.append('\n'); } else { throw new IllegalArgumentException("unsupported public key " + publicKey.getClass().getName()); } try { IoUtil.save(new File(pubKeyDir, hexId + INFO_FILE_SUFFIX), sb.toString().getBytes()); } catch (IOException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
From source file:org.xipki.commons.security.pkcs11.iaik.IaikP11Slot.java
License:Open Source License
@Override protected P11Identity doGenerateECKeypair(final ASN1ObjectIdentifier curveId, final String label) throws P11TokenException { ECDSAPrivateKey privateKey = new ECDSAPrivateKey(); ECDSAPublicKey publicKey = new ECDSAPublicKey(); setKeyAttributes(label, P11Constants.CKK_EC, publicKey, privateKey); byte[] encodedCurveId; try {/* w w w . j a v a 2 s.c o m*/ encodedCurveId = curveId.getEncoded(); } catch (IOException ex) { throw new P11TokenException(ex.getMessage(), ex); } try { publicKey.getEcdsaParams().setByteArrayValue(encodedCurveId); return generateKeyPair(P11Constants.CKM_EC_KEY_PAIR_GEN, privateKey, publicKey); } catch (P11TokenException ex) { X9ECParameters ecParams = ECNamedCurveTable.getByOID(curveId); if (ecParams == null) { throw new IllegalArgumentException("could not get X9ECParameters for curve " + curveId.getId()); } try { publicKey.getEcdsaParams().setByteArrayValue(ecParams.getEncoded()); } catch (IOException ex2) { throw new P11TokenException(ex.getMessage(), ex); } return generateKeyPair(P11Constants.CKM_EC_KEY_PAIR_GEN, privateKey, publicKey); } }
From source file:org.xipki.security.p11.iaik.IaikP11Slot.java
License:Open Source License
@Override public P11KeypairGenerationResult generateECDSAKeypairAndCert(final String curveNameOrOid, final String label, final String subject, final Integer keyUsage, final List<ASN1ObjectIdentifier> extendedKeyusage) throws Exception { ParamChecker.assertNotBlank("curveNameOrOid", curveNameOrOid); ParamChecker.assertNotBlank("label", label); ASN1ObjectIdentifier curveId = getCurveId(curveNameOrOid); if (curveId == null) { throw new IllegalArgumentException("unknown curve " + curveNameOrOid); }/*from w w w .j a v a 2s. c o m*/ X9ECParameters ecParams = ECNamedCurveTable.getByOID(curveId); if (ecParams == null) { throw new IllegalArgumentException("unknown curve " + curveNameOrOid); } Session session = borrowWritableSession(); try { if (IaikP11Util.labelExists(session, label)) { throw new IllegalArgumentException("label " + label + " exists, please specify another one"); } byte[] id = IaikP11Util.generateKeyID(session); PrivateKeyAndPKInfo privateKeyAndPKInfo = generateECDSAKeyPair(session, curveId, ecParams, id, label); int keyBitLength = ecParams.getN().bitLength(); ASN1ObjectIdentifier sigAlgOid; if (keyBitLength > 384) { sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA512; } else if (keyBitLength > 256) { sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA384; } else if (keyBitLength > 224) { sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA256; } else if (keyBitLength > 160) { sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA224; } else { sigAlgOid = X9ObjectIdentifiers.ecdsa_with_SHA1; } X509CertificateHolder certificate = generateCertificate(session, id, label, subject, new AlgorithmIdentifier(sigAlgOid, DERNull.INSTANCE), privateKeyAndPKInfo, keyUsage, extendedKeyusage); return new P11KeypairGenerationResult(id, label, certificate); } finally { returnWritableSession(session); } }
From source file:org.xipki.security.p11.sun.SunNamedCurveExtender.java
License:Open Source License
private static void addNamedCurves_jdk17() { final Class<?>[] Param_NamedCurve_add = new Class[] { String.class, String.class, int.class, String.class, String.class, String.class, String.class, String.class, String.class, int.class }; final Class<?>[] Param_getCurve = new Class[] { String.class }; Method method_add = getMethod(class_NamedCurve, "add", Param_NamedCurve_add); if (method_add == null) { return;//from w w w . j av a 2 s .co m } Method method_getCurve = getMethod(class_NamedCurve, "getECParameterSpec", Param_getCurve); if (method_getCurve == null) { return; } Field field_SPLIT_PATTERN = getField(class_NamedCurve, "SPLIT_PATTERN"); if (field_SPLIT_PATTERN == null) { return; } try { field_SPLIT_PATTERN.set(null, SPLIT_PATTERN); } catch (IllegalArgumentException | IllegalAccessException e) { final String message = "could not set Field SPLIT_PATTERN"; if (LOG.isWarnEnabled()) { LOG.warn(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage()); } LOG.debug(message, e); return; } Set<String> processedCurveOids = new HashSet<>(); Map<String, String> addedCurves = new HashMap<>(); Enumeration<?> curveNames = ECNamedCurveTable.getNames(); while (curveNames.hasMoreElements()) { String curveName = (String) curveNames.nextElement(); ASN1ObjectIdentifier curveId = getCurveId(curveName); if (curveId == null) { LOG.info("cound not find curve OID for curve {}, ignore it", curveName); continue; } String curveDesc = "named curve " + curveName + " (" + curveId + ")"; if (processedCurveOids.contains(curveId.getId())) { LOG.debug("{} is already processed, ignore it", curveDesc); continue; } processedCurveOids.add(curveId.getId()); if (curve_isRegistered(method_getCurve, curveId)) { LOG.debug("{} is already registered, ignore it", curveDesc); continue; } X9ECParameters params = ECNamedCurveTable.getByOID(curveId); ECCurve curve = params.getCurve(); if (curve instanceof ECCurve.Fp || curve instanceof ECCurve.F2m) { CurveData c = new CurveData(params); boolean added = NamedCurve_add(method_add, curveName, curveId.getId(), c.type, c.sfield, c.a, c.b, c.x, c.y, c.n, c.h); if (added) { LOG.debug("added {}", curveDesc); addedCurves.put(curveName, curveId.getId()); } else { LOG.warn("could not add {}", curveDesc); } } else { LOG.info("unknown curve type {}", curve.getClass().getName()); } } try { field_SPLIT_PATTERN.set(null, null); } catch (IllegalArgumentException | IllegalAccessException e) { final String message = "could not set Field SPLIT_PATTERN"; if (LOG.isWarnEnabled()) { LOG.warn(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage()); } LOG.debug(message, e); return; } logAddedCurves(addedCurves); }
From source file:org.xipki.security.p11.sun.SunNamedCurveExtender.java
License:Open Source License
private static void addNamedCurves_jdk18on() { final Class<?>[] Param_CurveDB_add = new Class[] { String.class, String.class, int.class, String.class, String.class, String.class, String.class, String.class, String.class, int.class, Pattern.class }; final Class<?>[] Param_getCurve = new Class[] { String.class }; Method method_add = getMethod(class_CurveDB, "add", Param_CurveDB_add); if (method_add == null) { return;//w ww. j a va2s. com } Method method_getCurve = getMethod(class_CurveDB, "lookup", Param_getCurve); if (method_getCurve == null) { return; } Field field_oidMap = getField(class_CurveDB, "oidMap"); if (field_oidMap == null) { return; } Field field_specCollection = getField(class_CurveDB, "specCollection"); if (field_specCollection == null) { return; } Set<String> processedCurveOids = new HashSet<>(); Map<String, String> addedCurves = new HashMap<>(); Enumeration<?> curveNames = ECNamedCurveTable.getNames(); while (curveNames.hasMoreElements()) { String curveName = (String) curveNames.nextElement(); ASN1ObjectIdentifier curveId = getCurveId(curveName); if (curveId == null) { LOG.debug("cound not find curve OID for curve {}, ignore it", curveName); continue; } String curveDesc = "named curve " + curveName + " (" + curveId + ")"; if (processedCurveOids.contains(curveId.getId())) { LOG.debug("{} is already processed, ignore it", curveDesc); continue; } processedCurveOids.add(curveId.getId()); if (curve_isRegistered(method_getCurve, curveId)) { LOG.info("{} is already registered, ignore it", curveDesc); continue; } X9ECParameters params = ECNamedCurveTable.getByOID(curveId); ECCurve curve = params.getCurve(); if (curve instanceof ECCurve.Fp || curve instanceof ECCurve.F2m) { CurveData c = new CurveData(params); boolean added = CurveDB_add(method_add, curveName, curveId.getId(), c.type, c.sfield, c.a, c.b, c.x, c.y, c.n, c.h); if (added) { LOG.debug("added {}", curveDesc); addedCurves.put(curveName, curveId.getId()); } else { LOG.warn("could not add {}", curveDesc); } } else { LOG.info("unknown curve type {}", curve.getClass().getName()); } } try { Map<?, ?> oidMap = (Map<?, ?>) field_oidMap.get(null); Collection<?> namedCurves = Collections.unmodifiableCollection(oidMap.values()); field_specCollection.set(null, namedCurves); } catch (IllegalArgumentException | IllegalAccessException | ClassCastException e) { final String message = "could not update change the value of field CurveDB.specCollection."; if (LOG.isWarnEnabled()) { LOG.warn(LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), e.getMessage()); } LOG.debug(message, e); } logAddedCurves(addedCurves); }