List of usage examples for org.bouncycastle.jcajce.provider.asymmetric.util EC5Util convertSpec
public static ECParameterSpec convertSpec(EllipticCurve ellipticCurve, org.bouncycastle.jce.spec.ECParameterSpec spec)
From source file:com.yahoo.athenz.zts.store.DataStore.java
License:Apache License
JWK getJWK(final String pemKey, final String keyId) { PublicKey publicKey;//from ww w . j a va 2s.c om try { publicKey = Crypto.loadPublicKey(Crypto.ybase64DecodeString(pemKey)); } catch (Exception ex) { LOGGER.error("Invalid public key: {}", ex.getMessage()); return null; } JWK jwk = null; final Base64.Encoder encoder = Base64.getUrlEncoder(); switch (publicKey.getAlgorithm()) { case ZTSConsts.RSA: jwk = new JWK(); jwk.setKid(keyId); jwk.setUse("sig"); jwk.setKty("RSA"); jwk.setAlg("RS256"); final RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey; jwk.setN(new String(encoder.encode(rsaPublicKey.getModulus().toByteArray()))); jwk.setE(new String(encoder.encode(rsaPublicKey.getPublicExponent().toByteArray()))); break; case ZTSConsts.ECDSA: jwk = new JWK(); jwk.setKid(keyId); jwk.setUse("sig"); jwk.setKty("EC"); jwk.setAlg("ES256"); final ECPublicKey ecPublicKey = (ECPublicKey) publicKey; final ECPoint ecPoint = ecPublicKey.getW(); jwk.setX(new String(encoder.encode(ecPoint.getAffineX().toByteArray()))); jwk.setY(new String(encoder.encode(ecPoint.getAffineY().toByteArray()))); jwk.setCrv(getCurveName(EC5Util.convertSpec(ecPublicKey.getParams(), false))); break; } return jwk; }
From source file:org.cesecore.keys.util.KeyTools.java
License:Open Source License
/** * An ECDSA key can be stripped of the curve parameters so it only contains the public point, and this is not enough to use the key for * verification. However, if we know the curve name we can fill in the curve parameters and get a usable EC public key * /*from w w w . j ava 2 s . c o m*/ * @param pk * PublicKey, org.ejbca.cvc.PublicKeyEC, that might miss parameters, if parameters are there we do not touch the public key just return it unchanged * @param pkwithparams * PublicKey, org.ejbca.cvc.PublicKeyEC, that contains all parameters. * @return PublicKey with parameters from the named curve * * @throws InvalidKeySpecException if the key specification in pkwithparams was invalid */ public static PublicKey getECPublicKeyWithParams(final PublicKey pk, final PublicKey pkwithparams) throws InvalidKeySpecException { PublicKey ret = pk; if ((pk instanceof PublicKeyEC) && (pkwithparams instanceof PublicKeyEC)) { final PublicKeyEC pkec = (PublicKeyEC) pk; // The public key of IS and DV certificate do not have any parameters so we have to do some magic to get a complete EC public key final ECParameterSpec spec = pkec.getParams(); if (spec == null) { final PublicKeyEC pkecp = (PublicKeyEC) pkwithparams; final ECParameterSpec pkspec = pkecp.getParams(); if (pkspec != null) { final org.bouncycastle.jce.spec.ECParameterSpec bcspec = EC5Util.convertSpec(pkspec, false); final java.security.spec.ECPoint p = pkec.getW(); final org.bouncycastle.math.ec.ECPoint ecp = EC5Util.convertPoint(pkspec, p, false); final ECPublicKeySpec pubKey = new ECPublicKeySpec(ecp, bcspec); KeyFactory keyfact; try { keyfact = KeyFactory.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("ECDSA was an unknown algorithm", e); } catch (NoSuchProviderException e) { throw new IllegalStateException("BouncyCastle was not found as a provider.", e); } ret = keyfact.generatePublic(pubKey); } else { log.info("pkwithparams does not have any params."); } } } else { log.info("Either pk or pkwithparams is not a PublicKeyEC: " + pk.toString() + ", " + pkwithparams.toString()); } return ret; }
From source file:org.xipki.commons.security.pkcs11.emulator.EmulatorP11Slot.java
License:Open Source License
private void savePkcs11PublicKey(final byte[] id, final String label, final PublicKey publicKey) throws P11TokenException { String hexId = Hex.toHexString(id).toLowerCase(); StringBuilder sb = new StringBuilder(100); sb.append(PROP_ID).append('=').append(hexId).append('\n'); sb.append(PROP_LABEL).append('=').append(label).append('\n'); if (publicKey instanceof RSAPublicKey) { sb.append(PROP_ALGORITHM).append('='); sb.append(PKCSObjectIdentifiers.rsaEncryption.getId()); sb.append('\n'); sb.append(PROP_RSA_MODUS).append('='); RSAPublicKey rsaKey = (RSAPublicKey) publicKey; sb.append(Hex.toHexString(rsaKey.getModulus().toByteArray())); sb.append('\n'); sb.append(PROP_RSA_PUBLIC_EXPONENT).append('='); sb.append(Hex.toHexString(rsaKey.getPublicExponent().toByteArray())); sb.append('\n'); } else if (publicKey instanceof DSAPublicKey) { sb.append(PROP_ALGORITHM).append('='); sb.append(X9ObjectIdentifiers.id_dsa.getId()); sb.append('\n'); sb.append(PROP_DSA_PRIME).append('='); DSAPublicKey dsaKey = (DSAPublicKey) publicKey; sb.append(Hex.toHexString(dsaKey.getParams().getP().toByteArray())); sb.append('\n'); sb.append(PROP_DSA_SUBPRIME).append('='); sb.append(Hex.toHexString(dsaKey.getParams().getQ().toByteArray())); sb.append('\n'); sb.append(PROP_DSA_BASE).append('='); sb.append(Hex.toHexString(dsaKey.getParams().getG().toByteArray())); sb.append('\n'); sb.append(PROP_DSA_VALUE).append('='); sb.append(Hex.toHexString(dsaKey.getY().toByteArray())); sb.append('\n'); } else if (publicKey instanceof ECPublicKey) { sb.append(PROP_ALGORITHM).append('='); sb.append(X9ObjectIdentifiers.id_ecPublicKey.getId()); sb.append('\n'); ECPublicKey ecKey = (ECPublicKey) publicKey; ECParameterSpec paramSpec = ecKey.getParams(); // ecdsaParams org.bouncycastle.jce.spec.ECParameterSpec bcParamSpec = EC5Util.convertSpec(paramSpec, false); ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(bcParamSpec); if (curveOid == null) { throw new P11TokenException("EC public key is not of namedCurve"); }//from w w w .j a v a 2 s . com byte[] encodedParams; try { if (namedCurveSupported) { encodedParams = curveOid.getEncoded(); } else { encodedParams = ECNamedCurveTable.getByOID(curveOid).getEncoded(); } } catch (IOException | NullPointerException ex) { throw new P11TokenException(ex.getMessage(), ex); } sb.append(PROP_EC_ECDSA_PARAMS).append('='); sb.append(Hex.toHexString(encodedParams)); sb.append('\n'); // EC point java.security.spec.ECPoint pointW = ecKey.getW(); int keysize = (paramSpec.getOrder().bitLength() + 7) / 8; byte[] ecPoint = new byte[1 + keysize * 2]; ecPoint[0] = 4; // uncompressed bigIntToBytes("Wx", pointW.getAffineX(), ecPoint, 1, keysize); bigIntToBytes("Wy", pointW.getAffineY(), ecPoint, 1 + keysize, keysize); byte[] encodedEcPoint; try { encodedEcPoint = new DEROctetString(ecPoint).getEncoded(); } catch (IOException ex) { throw new P11TokenException("could not ASN.1 encode the ECPoint"); } sb.append(PROP_EC_EC_POINT).append('='); sb.append(Hex.toHexString(encodedEcPoint)); sb.append('\n'); } else { throw new IllegalArgumentException("unsupported public key " + publicKey.getClass().getName()); } try { IoUtil.save(new File(pubKeyDir, hexId + INFO_FILE_SUFFIX), sb.toString().getBytes()); } catch (IOException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
From source file:org.xipki.commons.security.util.KeyUtil.java
License:Open Source License
private static ASN1ObjectIdentifier detectCurveOid(final ECParameterSpec paramSpec) { org.bouncycastle.jce.spec.ECParameterSpec bcParamSpec = EC5Util.convertSpec(paramSpec, false); return ECUtil.getNamedCurveOid(bcParamSpec); }