List of usage examples for java.security.interfaces ECPublicKey getParams
ECParameterSpec getParams();
From source file:org.apache.xml.security.stax.ext.XMLSecurityUtils.java
public static void createKeyValueTokenStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, PublicKey publicKey) throws XMLStreamException, XMLSecurityException { if (publicKey == null) { throw new XMLSecurityException("stax.signature.publicKeyOrCertificateMissing"); }//from ww w . ja v a 2 s . com String algorithm = publicKey.getAlgorithm(); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyValue, true, null); if ("RSA".equals(algorithm)) { RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey; abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_RSAKeyValue, false, null); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Modulus, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }).encodeToString(rsaPublicKey.getModulus().toByteArray())); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Modulus); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Exponent, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }) .encodeToString(rsaPublicKey.getPublicExponent().toByteArray())); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Exponent); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_RSAKeyValue); } else if ("DSA".equals(algorithm)) { DSAPublicKey dsaPublicKey = (DSAPublicKey) publicKey; BigInteger j = dsaPublicKey.getParams().getP().subtract(BigInteger.ONE) .divide(dsaPublicKey.getParams().getQ()); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DSAKeyValue, false, null); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_P, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }) .encodeToString(dsaPublicKey.getParams().getP().toByteArray())); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_P); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Q, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }) .encodeToString(dsaPublicKey.getParams().getQ().toByteArray())); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Q); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_G, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }) .encodeToString(dsaPublicKey.getParams().getG().toByteArray())); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_G); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Y, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }).encodeToString(dsaPublicKey.getY().toByteArray())); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Y); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_J, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }).encodeToString(j.toByteArray())); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_J); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_DSAKeyValue); } else if ("EC".equals(algorithm)) { ECPublicKey ecPublicKey = (ECPublicKey) publicKey; List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1); attributes.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_URI, "urn:oid:" + ECDSAUtils.getOIDFromPublicKey(ecPublicKey))); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig11_ECKeyValue, true, null); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig11_NamedCurve, false, attributes); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig11_NamedCurve); abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig11_PublicKey, false, null); abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[] { '\n' }).encodeToString( ECDSAUtils.encodePoint(ecPublicKey.getW(), ecPublicKey.getParams().getCurve()))); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig11_PublicKey); abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig11_ECKeyValue); } abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyValue); }
From source file:org.cesecore.certificates.util.AlgorithmTools.java
/** * Gets the key specification from a public key. Example: "2048" for a RSA * or DSA key or "secp256r1" for EC key. The EC curve is only detected * if <i>publickey</i> is an object known by the bouncy castle provider. * @param publicKey The public key to get the key specification from * @return The key specification, "unknown" if it could not be determined and * null if the key algorithm is not supported *///ww w .ja va2 s . com public static String getKeySpecification(final PublicKey publicKey) { if (log.isTraceEnabled()) { log.trace(">getKeySpecification"); } String keyspec = null; if (publicKey instanceof RSAPublicKey) { keyspec = Integer.toString(((RSAPublicKey) publicKey).getModulus().bitLength()); } else if (publicKey instanceof DSAPublicKey) { keyspec = Integer.toString(((DSAPublicKey) publicKey).getParams().getP().bitLength()); } else if (publicKey instanceof ECPublicKey) { final ECPublicKey ecPublicKey = (ECPublicKey) publicKey; if (ecPublicKey.getParams() instanceof ECNamedCurveSpec) { keyspec = ((ECNamedCurveSpec) ecPublicKey.getParams()).getName(); // Prefer to return a curve name alias that also works with the default and BC provider for (String keySpecAlias : getEcKeySpecAliases(keyspec)) { if (isNamedECKnownInDefaultProvider(keySpecAlias)) { keyspec = keySpecAlias; break; } } } else { keyspec = KEYSPEC_UNKNOWN; // Try to detect if it is a curve name known by BC even though the public key isn't a BC key final ECParameterSpec namedCurve = ecPublicKey.getParams(); if (namedCurve != null) { final int c1 = namedCurve.getCofactor(); final EllipticCurve ec1 = namedCurve.getCurve(); final BigInteger a1 = ec1.getA(); final BigInteger b1 = ec1.getB(); final int fs1 = ec1.getField().getFieldSize(); //final byte[] s1 = ec1.getSeed(); final ECPoint g1 = namedCurve.getGenerator(); final BigInteger ax1 = g1.getAffineX(); final BigInteger ay1 = g1.getAffineY(); final BigInteger o1 = namedCurve.getOrder(); if (log.isDebugEnabled()) { log.debug("a1=" + a1 + " b1=" + b1 + " fs1=" + fs1 + " ax1=" + ax1 + " ay1=" + ay1 + " o1=" + o1 + " c1=" + c1); } @SuppressWarnings("unchecked") final Enumeration<String> ecNamedCurves = ECNamedCurveTable.getNames(); while (ecNamedCurves.hasMoreElements()) { final String ecNamedCurveBc = ecNamedCurves.nextElement(); final ECNamedCurveParameterSpec parameterSpec2 = ECNamedCurveTable .getParameterSpec(ecNamedCurveBc); final ECCurve ec2 = parameterSpec2.getCurve(); final BigInteger a2 = ec2.getA().toBigInteger(); final BigInteger b2 = ec2.getB().toBigInteger(); final int fs2 = ec2.getFieldSize(); final org.bouncycastle.math.ec.ECPoint g2 = parameterSpec2.getG(); final BigInteger ax2 = g2.getX().toBigInteger(); final BigInteger ay2 = g2.getY().toBigInteger(); final BigInteger h2 = parameterSpec2.getH(); final BigInteger n2 = parameterSpec2.getN(); if (a1.equals(a2) && ax1.equals(ax2) && b1.equals(b2) && ay1.equals(ay2) && fs1 == fs2 && o1.equals(n2) && c1 == h2.intValue()) { // We have a matching curve here! if (log.isDebugEnabled()) { log.debug("a2=" + a2 + " b2=" + b2 + " fs2=" + fs2 + " ax2=" + ax2 + " ay2=" + ay2 + " h2=" + h2 + " n2=" + n2 + " " + ecNamedCurveBc); } // Since this public key is a SUN PKCS#11 pub key if we get here, we only return an alias if it is recognized by the provider if (isNamedECKnownInDefaultProvider(ecNamedCurveBc)) { keyspec = ecNamedCurveBc; break; } } } } } } if (log.isTraceEnabled()) { log.trace("<getKeySpecification: " + keyspec); } return keyspec; }
From source file:org.cesecore.keys.util.KeyTools.java
/** * Gets the key AlgorithmParameterSpec of supported keys. Can be used to initialize a KeyPairGenerator to generate a key of equal type and size. * /*from w ww .j a va2 s.com*/ * @param pk * PublicKey used to derive the AlgorithmParameterSpec * @return null if key is unsupported or pk is null, otherwise a AlgorithmParameterSpec. */ public static AlgorithmParameterSpec getKeyGenSpec(final PublicKey pk) { if (pk == null) { return null; } AlgorithmParameterSpec ret = null; if (pk instanceof RSAPublicKey) { log.debug("getKeyGenSpec: RSA"); final RSAPublicKey rpk = (RSAPublicKey) pk; ret = new RSAKeyGenParameterSpec(getKeyLength(pk), rpk.getPublicExponent()); } else if (pk instanceof DSAPublicKey) { log.debug("getKeyGenSpec: DSA"); final DSAPublicKey dpk = (DSAPublicKey) pk; final DSAParams params = dpk.getParams(); ret = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); } else if (pk instanceof ECPublicKey) { log.debug("getKeyGenSpec: ECPublicKey"); final ECPublicKey ecpub = (ECPublicKey) pk; final java.security.spec.ECParameterSpec sunsp = ecpub.getParams(); final EllipticCurve ecurve = new EllipticCurve(sunsp.getCurve().getField(), sunsp.getCurve().getA(), sunsp.getCurve().getB()); // ECParameterSpec par = new ECNamedCurveSpec(null, sunsp.getCurve(), sunsp.getGenerator(), sunsp.getOrder(), // BigInteger.valueOf(sunsp.getCofactor())); final ECParameterSpec params = new ECParameterSpec(ecurve, sunsp.getGenerator(), sunsp.getOrder(), sunsp.getCofactor()); if (log.isDebugEnabled()) { log.debug("Fieldsize: " + params.getCurve().getField().getFieldSize()); final EllipticCurve curve = params.getCurve(); log.debug("CurveA: " + curve.getA().toString(16)); log.debug("CurveB: " + curve.getB().toString(16)); log.debug("CurveSeed: " + curve.getSeed()); final ECFieldFp field = (ECFieldFp) curve.getField(); log.debug("CurveSfield: " + field.getP().toString(16)); final ECPoint p = params.getGenerator(); log.debug("Generator: " + p.getAffineX().toString(16) + ", " + p.getAffineY().toString(16)); log.debug("Order: " + params.getOrder().toString(16)); log.debug("CoFactor: " + params.getCofactor()); } ret = params; } else if (pk instanceof JCEECPublicKey) { log.debug("getKeyGenSpec: JCEECPublicKey"); final JCEECPublicKey ecpub = (JCEECPublicKey) pk; final org.bouncycastle.jce.spec.ECParameterSpec bcsp = ecpub.getParameters(); final ECCurve curve = bcsp.getCurve(); // TODO: this probably does not work for key generation with the Sun PKCS#11 provider. Maybe seed needs to be set to null as above? Or // something else, the BC curve is it the same? final ECParameterSpec params = new ECNamedCurveSpec(null, curve, bcsp.getG(), bcsp.getN(), bcsp.getH()); ret = params; // EllipticCurve ecc = new EllipticCurve(curve.) // ECParameterSpec sp = new ECParameterSpec(, bcsp.getG(), bcsp.getN(), bcsp.getH().intValue()); } return ret; }
From source file:org.cesecore.util.CertTools.java
public static X509Certificate genSelfCertForPurpose(String dn, long validity, String policyId, PrivateKey privKey, PublicKey pubKey, String sigAlg, boolean isCA, int keyusage, Date privateKeyNotBefore, Date privateKeyNotAfter, String provider, boolean ldapOrder, List<Extension> additionalExtensions) throws CertificateParsingException, IOException, OperatorCreationException { // Create self signed certificate Date firstDate = new Date(); // Set back startdate ten minutes to avoid some problems with wrongly set clocks. firstDate.setTime(firstDate.getTime() - (10 * 60 * 1000)); Date lastDate = new Date(); // validity in days = validity*24*60*60*1000 milliseconds lastDate.setTime(lastDate.getTime() + (validity * (24 * 60 * 60 * 1000))); // Transform the PublicKey to be sure we have it in a format that the X509 certificate generator handles, it might be // a CVC public key that is passed as parameter PublicKey publicKey = null;//from w w w . j a va2s.c om if (pubKey instanceof RSAPublicKey) { RSAPublicKey rsapk = (RSAPublicKey) pubKey; RSAPublicKeySpec rSAPublicKeySpec = new RSAPublicKeySpec(rsapk.getModulus(), rsapk.getPublicExponent()); try { publicKey = KeyFactory.getInstance("RSA").generatePublic(rSAPublicKeySpec); } catch (InvalidKeySpecException e) { log.error("Error creating RSAPublicKey from spec: ", e); publicKey = pubKey; } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("RSA was not a known algorithm", e); } } else if (pubKey instanceof ECPublicKey) { ECPublicKey ecpk = (ECPublicKey) pubKey; try { ECPublicKeySpec ecspec = new ECPublicKeySpec(ecpk.getW(), ecpk.getParams()); // will throw NPE if key is "implicitlyCA" final String algo = ecpk.getAlgorithm(); if (algo.equals(AlgorithmConstants.KEYALGORITHM_ECGOST3410)) { try { publicKey = KeyFactory.getInstance("ECGOST3410").generatePublic(ecspec); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("ECGOST3410 was not a known algorithm", e); } } else if (algo.equals(AlgorithmConstants.KEYALGORITHM_DSTU4145)) { try { publicKey = KeyFactory.getInstance("DSTU4145").generatePublic(ecspec); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("DSTU4145 was not a known algorithm", e); } } else { try { publicKey = KeyFactory.getInstance("EC").generatePublic(ecspec); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("EC was not a known algorithm", e); } } } catch (InvalidKeySpecException e) { log.error("Error creating ECPublicKey from spec: ", e); publicKey = pubKey; } catch (NullPointerException e) { log.debug("NullPointerException, probably it is implicitlyCA generated keys: " + e.getMessage()); publicKey = pubKey; } } else { log.debug("Not converting key of class. " + pubKey.getClass().getName()); publicKey = pubKey; } // Serialnumber is random bits, where random generator is initialized with Date.getTime() when this // bean is created. byte[] serno = new byte[8]; SecureRandom random; try { random = SecureRandom.getInstance("SHA1PRNG"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("SHA1PRNG was not a known algorithm", e); } random.setSeed(new Date().getTime()); random.nextBytes(serno); SubjectPublicKeyInfo pkinfo; try { pkinfo = new SubjectPublicKeyInfo((ASN1Sequence) ASN1Primitive.fromByteArray(publicKey.getEncoded())); } catch (IOException e) { throw new IllegalArgumentException("Provided public key could not be read to ASN1Primitive", e); } X509v3CertificateBuilder certbuilder = new X509v3CertificateBuilder( CertTools.stringToBcX500Name(dn, ldapOrder), new BigInteger(serno).abs(), firstDate, lastDate, CertTools.stringToBcX500Name(dn, ldapOrder), pkinfo); // Basic constranits is always critical and MUST be present at-least in CA-certificates. BasicConstraints bc = new BasicConstraints(isCA); certbuilder.addExtension(Extension.basicConstraints, true, bc); // Put critical KeyUsage in CA-certificates if (isCA || keyusage != 0) { X509KeyUsage ku = new X509KeyUsage(keyusage); certbuilder.addExtension(Extension.keyUsage, true, ku); } if ((privateKeyNotBefore != null) || (privateKeyNotAfter != null)) { final ASN1EncodableVector v = new ASN1EncodableVector(); if (privateKeyNotBefore != null) { v.add(new DERTaggedObject(false, 0, new DERGeneralizedTime(privateKeyNotBefore))); } if (privateKeyNotAfter != null) { v.add(new DERTaggedObject(false, 1, new DERGeneralizedTime(privateKeyNotAfter))); } certbuilder.addExtension(Extension.privateKeyUsagePeriod, false, new DERSequence(v)); } // Subject and Authority key identifier is always non-critical and MUST be present for certificates to verify in Firefox. try { if (isCA) { ASN1InputStream sAsn1InputStream = new ASN1InputStream( new ByteArrayInputStream(publicKey.getEncoded())); ASN1InputStream aAsn1InputStream = new ASN1InputStream( new ByteArrayInputStream(publicKey.getEncoded())); try { SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo( (ASN1Sequence) sAsn1InputStream.readObject()); X509ExtensionUtils x509ExtensionUtils = new BcX509ExtensionUtils(); SubjectKeyIdentifier ski = x509ExtensionUtils.createSubjectKeyIdentifier(spki); SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo( (ASN1Sequence) aAsn1InputStream.readObject()); AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki); certbuilder.addExtension(Extension.subjectKeyIdentifier, false, ski); certbuilder.addExtension(Extension.authorityKeyIdentifier, false, aki); } finally { sAsn1InputStream.close(); aAsn1InputStream.close(); } } } catch (IOException e) { // do nothing } // CertificatePolicies extension if supplied policy ID, always non-critical if (policyId != null) { PolicyInformation pi = new PolicyInformation(new ASN1ObjectIdentifier(policyId)); DERSequence seq = new DERSequence(pi); certbuilder.addExtension(Extension.certificatePolicies, false, seq); } // Add any additional if (additionalExtensions != null) { for (final Extension extension : additionalExtensions) { certbuilder.addExtension(extension.getExtnId(), extension.isCritical(), extension.getParsedValue()); } } final ContentSigner signer = new BufferingContentSigner( new JcaContentSignerBuilder(sigAlg).setProvider(provider).build(privKey), 20480); final X509CertificateHolder certHolder = certbuilder.build(signer); final X509Certificate selfcert = (X509Certificate) CertTools.getCertfromByteArray(certHolder.getEncoded()); return selfcert; }
From source file:org.eclipse.leshan.standalone.servlet.json.SecuritySerializer.java
@Override public JsonElement serialize(SecurityInfo src, Type typeOfSrc, JsonSerializationContext context) { JsonObject element = new JsonObject(); element.addProperty("endpoint", src.getEndpoint()); if (src.getIdentity() != null) { JsonObject psk = new JsonObject(); psk.addProperty("identity", src.getIdentity()); psk.addProperty("key", Hex.encodeHexString(src.getPreSharedKey())); element.add("psk", psk); }// w w w . ja v a2 s . c om if (src.getRawPublicKey() != null) { JsonObject rpk = new JsonObject(); PublicKey rawPublicKey = src.getRawPublicKey(); if (rawPublicKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) rawPublicKey; // Get x coordinate byte[] x = ecPublicKey.getW().getAffineX().toByteArray(); if (x[0] == 0) x = Arrays.copyOfRange(x, 1, x.length); rpk.addProperty("x", Hex.encodeHexString(x)); // Get Y coordinate byte[] y = ecPublicKey.getW().getAffineY().toByteArray(); if (y[0] == 0) y = Arrays.copyOfRange(y, 1, y.length); rpk.addProperty("y", Hex.encodeHexString(y)); // Get Curves params rpk.addProperty("params", ecPublicKey.getParams().toString()); } else { throw new JsonParseException("Unsupported Public Key Format (only ECPublicKey supported)."); } element.add("rpk", rpk); } return element; }
From source file:org.ejbca.util.CertTools.java
public static X509Certificate genSelfCertForPurpose(String dn, long validity, String policyId, PrivateKey privKey, PublicKey pubKey, String sigAlg, boolean isCA, int keyusage, String provider) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateEncodingException, IllegalStateException, NoSuchProviderException { // Create self signed certificate Date firstDate = new Date(); // Set back startdate ten minutes to avoid some problems with wrongly set clocks. firstDate.setTime(firstDate.getTime() - (10 * 60 * 1000)); Date lastDate = new Date(); // validity in days = validity*24*60*60*1000 milliseconds lastDate.setTime(lastDate.getTime() + (validity * (24 * 60 * 60 * 1000))); X509V3CertificateGenerator certgen = new X509V3CertificateGenerator(); // Transform the PublicKey to be sure we have it in a format that the X509 certificate generator handles, it might be // a CVC public key that is passed as parameter PublicKey publicKey = null;//from w w w.ja v a 2 s. com if (pubKey instanceof RSAPublicKey) { RSAPublicKey rsapk = (RSAPublicKey) pubKey; RSAPublicKeySpec rSAPublicKeySpec = new RSAPublicKeySpec(rsapk.getModulus(), rsapk.getPublicExponent()); try { publicKey = KeyFactory.getInstance("RSA").generatePublic(rSAPublicKeySpec); } catch (InvalidKeySpecException e) { log.error("Error creating RSAPublicKey from spec: ", e); publicKey = pubKey; } } else if (pubKey instanceof ECPublicKey) { ECPublicKey ecpk = (ECPublicKey) pubKey; try { ECPublicKeySpec ecspec = new ECPublicKeySpec(ecpk.getW(), ecpk.getParams()); // will throw NPE if key is "implicitlyCA" publicKey = KeyFactory.getInstance("EC").generatePublic(ecspec); } catch (InvalidKeySpecException e) { log.error("Error creating ECPublicKey from spec: ", e); publicKey = pubKey; } catch (NullPointerException e) { log.debug("NullPointerException, probably it is implicitlyCA generated keys: " + e.getMessage()); publicKey = pubKey; } } else { log.debug("Not converting key of class. " + pubKey.getClass().getName()); publicKey = pubKey; } // Serialnumber is random bits, where random generator is initialized with Date.getTime() when this // bean is created. byte[] serno = new byte[8]; SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed(new Date().getTime()); random.nextBytes(serno); certgen.setSerialNumber(new java.math.BigInteger(serno).abs()); certgen.setNotBefore(firstDate); certgen.setNotAfter(lastDate); certgen.setSignatureAlgorithm(sigAlg); certgen.setSubjectDN(CertTools.stringToBcX509Name(dn)); certgen.setIssuerDN(CertTools.stringToBcX509Name(dn)); certgen.setPublicKey(publicKey); // Basic constranits is always critical and MUST be present at-least in CA-certificates. BasicConstraints bc = new BasicConstraints(isCA); certgen.addExtension(X509Extensions.BasicConstraints.getId(), true, bc); // Put critical KeyUsage in CA-certificates if (isCA) { X509KeyUsage ku = new X509KeyUsage(keyusage); certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku); } // Subject and Authority key identifier is always non-critical and MUST be present for certificates to verify in Firefox. try { if (isCA) { SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())) .readObject()); SubjectKeyIdentifier ski = new SubjectKeyIdentifier(spki); SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())) .readObject()); AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki); certgen.addExtension(X509Extensions.SubjectKeyIdentifier.getId(), false, ski); certgen.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(), false, aki); } } catch (IOException e) { // do nothing } // CertificatePolicies extension if supplied policy ID, always non-critical if (policyId != null) { PolicyInformation pi = new PolicyInformation(new DERObjectIdentifier(policyId)); DERSequence seq = new DERSequence(pi); certgen.addExtension(X509Extensions.CertificatePolicies.getId(), false, seq); } X509Certificate selfcert = certgen.generate(privKey, provider); return selfcert; }
From source file:org.ejbca.util.keystore.KeyTools.java
/** * Gets the key AlgorithmParameterSpec of supported keys. Can be used to initialize a KeyPairGenerator to generate a key of equal type and size. * @param pk PublicKey used to derive the AlgorithmParameterSpec * @return null if key is unsupported or pk is null, otherwise a AlgorithmParameterSpec. *//*from www.j a v a2 s . co m*/ public static AlgorithmParameterSpec getKeyGenSpec(final PublicKey pk) { if (pk == null) { return null; } AlgorithmParameterSpec ret = null; if (pk instanceof RSAPublicKey) { log.debug("getKeyGenSpec: RSA"); final RSAPublicKey rpk = (RSAPublicKey) pk; ret = new RSAKeyGenParameterSpec(getKeyLength(pk), rpk.getPublicExponent()); } else if (pk instanceof DSAPublicKey) { log.debug("getKeyGenSpec: DSA"); final DSAPublicKey dpk = (DSAPublicKey) pk; final DSAParams params = dpk.getParams(); ret = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); } else if (pk instanceof ECPublicKey) { log.debug("getKeyGenSpec: ECPublicKey"); final ECPublicKey ecpub = (ECPublicKey) pk; final java.security.spec.ECParameterSpec sunsp = ecpub.getParams(); final EllipticCurve ecurve = new EllipticCurve(sunsp.getCurve().getField(), sunsp.getCurve().getA(), sunsp.getCurve().getB()); //ECParameterSpec par = new ECNamedCurveSpec(null, sunsp.getCurve(), sunsp.getGenerator(), sunsp.getOrder(), BigInteger.valueOf(sunsp.getCofactor())); final ECParameterSpec params = new ECParameterSpec(ecurve, sunsp.getGenerator(), sunsp.getOrder(), sunsp.getCofactor()); if (log.isDebugEnabled()) { log.debug("Fieldsize: " + params.getCurve().getField().getFieldSize()); final EllipticCurve curve = params.getCurve(); log.debug("CurveA: " + curve.getA().toString(16)); log.debug("CurveB: " + curve.getB().toString(16)); log.debug("CurveSeed: " + curve.getSeed()); final ECFieldFp field = (ECFieldFp) curve.getField(); log.debug("CurveSfield: " + field.getP().toString(16)); final ECPoint p = params.getGenerator(); log.debug("Generator: " + p.getAffineX().toString(16) + ", " + p.getAffineY().toString(16)); log.debug("Order: " + params.getOrder().toString(16)); log.debug("CoFactor: " + params.getCofactor()); } ret = params; } else if (pk instanceof JCEECPublicKey) { log.debug("getKeyGenSpec: JCEECPublicKey"); final JCEECPublicKey ecpub = (JCEECPublicKey) pk; final org.bouncycastle.jce.spec.ECParameterSpec bcsp = ecpub.getParameters(); final ECCurve curve = bcsp.getCurve(); //TODO: this probably does not work for key generation with the Sun PKCS#11 provider. Maybe seed needs to be set to null as above? Or something else, the BC curve is it the same? final ECParameterSpec params = new ECNamedCurveSpec(null, curve, bcsp.getG(), bcsp.getN(), bcsp.getH()); ret = params; //EllipticCurve ecc = new EllipticCurve(curve.) //ECParameterSpec sp = new ECParameterSpec(, bcsp.getG(), bcsp.getN(), bcsp.getH().intValue()); } return ret; }
From source file:org.keycloak.jose.jwk.JWKBuilder.java
public JWK ec(Key key) { ECPublicKey ecKey = (ECPublicKey) key; ECPublicJWK k = new ECPublicJWK(); String kid = this.kid != null ? this.kid : KeyUtils.createKeyId(key); int fieldSize = ecKey.getParams().getCurve().getField().getFieldSize(); BigInteger affineX = ecKey.getW().getAffineX(); BigInteger affineY = ecKey.getW().getAffineY(); k.setKeyId(kid);/* w ww . java 2 s . com*/ k.setKeyType(KeyType.EC); k.setAlgorithm(algorithm); k.setPublicKeyUse(DEFAULT_PUBLIC_KEY_USE); k.setCrv("P-" + fieldSize); k.setX(Base64Url.encode(toIntegerBytes(ecKey.getW().getAffineX()))); k.setY(Base64Url.encode(toIntegerBytes(ecKey.getW().getAffineY()))); return k; }