List of usage examples for java.security.spec ECParameterSpec getCurve
public EllipticCurve getCurve()
From source file:at.gv.egiz.pdfas.lib.util.CertificateUtils.java
public static AlgorithmID[] getAlgorithmIDs(X509Certificate signingCertificate) throws NoSuchAlgorithmException { PublicKey publicKey = signingCertificate.getPublicKey(); String algorithm = publicKey.getAlgorithm(); AlgorithmID[] algorithms = new AlgorithmID[2]; AlgorithmID signatureAlgorithm;//from www . j av a 2 s . co m AlgorithmID digestAlgorithm; if ("DSA".equals(algorithm)) { signatureAlgorithm = AlgorithmID.dsaWithSHA256; digestAlgorithm = AlgorithmID.sha256; } else if ("RSA".equals(algorithm)) { signatureAlgorithm = AlgorithmID.sha256WithRSAEncryption; digestAlgorithm = AlgorithmID.sha256; } else if (("EC".equals(algorithm)) || ("ECDSA".equals(algorithm))) { int fieldSize = 0; if (publicKey instanceof ECPublicKey) { ECParameterSpec params = ((ECPublicKey) publicKey).getParams(); fieldSize = params.getCurve().getField().getFieldSize(); } if (fieldSize >= 512) { signatureAlgorithm = AlgorithmID.ecdsa_With_SHA512; digestAlgorithm = AlgorithmID.sha512; } else if (fieldSize >= 256) { signatureAlgorithm = AlgorithmID.ecdsa_With_SHA256; digestAlgorithm = AlgorithmID.sha256; } else { signatureAlgorithm = AlgorithmID.ecdsa_With_SHA1; digestAlgorithm = AlgorithmID.sha1; } } else { throw new NoSuchAlgorithmException("Public key algorithm '" + algorithm + "' not supported."); } algorithms[0] = signatureAlgorithm; algorithms[1] = digestAlgorithm; return algorithms; }
From source file:org.cesecore.certificates.util.AlgorithmTools.java
/** * Gets the key specification from a public key. Example: "2048" for a RSA * or DSA key or "secp256r1" for EC key. The EC curve is only detected * if <i>publickey</i> is an object known by the bouncy castle provider. * @param publicKey The public key to get the key specification from * @return The key specification, "unknown" if it could not be determined and * null if the key algorithm is not supported *//*ww w. jav a2 s . c o m*/ public static String getKeySpecification(final PublicKey publicKey) { if (log.isTraceEnabled()) { log.trace(">getKeySpecification"); } String keyspec = null; if (publicKey instanceof RSAPublicKey) { keyspec = Integer.toString(((RSAPublicKey) publicKey).getModulus().bitLength()); } else if (publicKey instanceof DSAPublicKey) { keyspec = Integer.toString(((DSAPublicKey) publicKey).getParams().getP().bitLength()); } else if (publicKey instanceof ECPublicKey) { final ECPublicKey ecPublicKey = (ECPublicKey) publicKey; if (ecPublicKey.getParams() instanceof ECNamedCurveSpec) { keyspec = ((ECNamedCurveSpec) ecPublicKey.getParams()).getName(); // Prefer to return a curve name alias that also works with the default and BC provider for (String keySpecAlias : getEcKeySpecAliases(keyspec)) { if (isNamedECKnownInDefaultProvider(keySpecAlias)) { keyspec = keySpecAlias; break; } } } else { keyspec = KEYSPEC_UNKNOWN; // Try to detect if it is a curve name known by BC even though the public key isn't a BC key final ECParameterSpec namedCurve = ecPublicKey.getParams(); if (namedCurve != null) { final int c1 = namedCurve.getCofactor(); final EllipticCurve ec1 = namedCurve.getCurve(); final BigInteger a1 = ec1.getA(); final BigInteger b1 = ec1.getB(); final int fs1 = ec1.getField().getFieldSize(); //final byte[] s1 = ec1.getSeed(); final ECPoint g1 = namedCurve.getGenerator(); final BigInteger ax1 = g1.getAffineX(); final BigInteger ay1 = g1.getAffineY(); final BigInteger o1 = namedCurve.getOrder(); if (log.isDebugEnabled()) { log.debug("a1=" + a1 + " b1=" + b1 + " fs1=" + fs1 + " ax1=" + ax1 + " ay1=" + ay1 + " o1=" + o1 + " c1=" + c1); } @SuppressWarnings("unchecked") final Enumeration<String> ecNamedCurves = ECNamedCurveTable.getNames(); while (ecNamedCurves.hasMoreElements()) { final String ecNamedCurveBc = ecNamedCurves.nextElement(); final ECNamedCurveParameterSpec parameterSpec2 = ECNamedCurveTable .getParameterSpec(ecNamedCurveBc); final ECCurve ec2 = parameterSpec2.getCurve(); final BigInteger a2 = ec2.getA().toBigInteger(); final BigInteger b2 = ec2.getB().toBigInteger(); final int fs2 = ec2.getFieldSize(); final org.bouncycastle.math.ec.ECPoint g2 = parameterSpec2.getG(); final BigInteger ax2 = g2.getX().toBigInteger(); final BigInteger ay2 = g2.getY().toBigInteger(); final BigInteger h2 = parameterSpec2.getH(); final BigInteger n2 = parameterSpec2.getN(); if (a1.equals(a2) && ax1.equals(ax2) && b1.equals(b2) && ay1.equals(ay2) && fs1 == fs2 && o1.equals(n2) && c1 == h2.intValue()) { // We have a matching curve here! if (log.isDebugEnabled()) { log.debug("a2=" + a2 + " b2=" + b2 + " fs2=" + fs2 + " ax2=" + ax2 + " ay2=" + ay2 + " h2=" + h2 + " n2=" + n2 + " " + ecNamedCurveBc); } // Since this public key is a SUN PKCS#11 pub key if we get here, we only return an alias if it is recognized by the provider if (isNamedECKnownInDefaultProvider(ecNamedCurveBc)) { keyspec = ecNamedCurveBc; break; } } } } } } if (log.isTraceEnabled()) { log.trace("<getKeySpecification: " + keyspec); } return keyspec; }
From source file:org.cesecore.keys.util.KeyTools.java
/** * An ECDSA key can be stripped of the curve parameters so it only contains the public point, and this is not enough to use the key for * verification. However, if we know the curve name we can fill in the curve parameters and get a usable EC public key * /*from ww w . j a v a 2 s.c o m*/ * @param pk * PublicKey, org.ejbca.cvc.PublicKeyEC, that might miss parameters, if parameters are there we do not touch the public key just return it unchanged * @param keySpec * name of curve for example brainpoolp224r1 * @return PublicKey with parameters from the named curve * @throws NoSuchProviderException * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException */ public static PublicKey getECPublicKeyWithParams(final PublicKey pk, final String keySpec) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { PublicKey ret = pk; if ((pk instanceof PublicKeyEC) && (keySpec != null)) { final PublicKeyEC pkec = (PublicKeyEC) pk; // The public key of IS and DV certificate do not have any parameters so we have to do some magic to get a complete EC public key final ECParameterSpec spec = pkec.getParams(); if (spec == null) { // we did not have the parameter specs, lets create them because we know which curve we are using final org.bouncycastle.jce.spec.ECParameterSpec bcspec = ECNamedCurveTable .getParameterSpec(keySpec); final java.security.spec.ECPoint p = pkec.getW(); final org.bouncycastle.math.ec.ECPoint ecp = EC5Util.convertPoint(bcspec.getCurve(), p, false); final ECPublicKeySpec pubKey = new ECPublicKeySpec(ecp, bcspec); final KeyFactory keyfact = KeyFactory.getInstance("ECDSA", "BC"); ret = keyfact.generatePublic(pubKey); } } return ret; }
From source file:org.cesecore.keys.util.KeyTools.java
/** * Gets the key AlgorithmParameterSpec of supported keys. Can be used to initialize a KeyPairGenerator to generate a key of equal type and size. * /*from w w w . jav a2 s . c o m*/ * @param pk * PublicKey used to derive the AlgorithmParameterSpec * @return null if key is unsupported or pk is null, otherwise a AlgorithmParameterSpec. */ public static AlgorithmParameterSpec getKeyGenSpec(final PublicKey pk) { if (pk == null) { return null; } AlgorithmParameterSpec ret = null; if (pk instanceof RSAPublicKey) { log.debug("getKeyGenSpec: RSA"); final RSAPublicKey rpk = (RSAPublicKey) pk; ret = new RSAKeyGenParameterSpec(getKeyLength(pk), rpk.getPublicExponent()); } else if (pk instanceof DSAPublicKey) { log.debug("getKeyGenSpec: DSA"); final DSAPublicKey dpk = (DSAPublicKey) pk; final DSAParams params = dpk.getParams(); ret = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); } else if (pk instanceof ECPublicKey) { log.debug("getKeyGenSpec: ECPublicKey"); final ECPublicKey ecpub = (ECPublicKey) pk; final java.security.spec.ECParameterSpec sunsp = ecpub.getParams(); final EllipticCurve ecurve = new EllipticCurve(sunsp.getCurve().getField(), sunsp.getCurve().getA(), sunsp.getCurve().getB()); // ECParameterSpec par = new ECNamedCurveSpec(null, sunsp.getCurve(), sunsp.getGenerator(), sunsp.getOrder(), // BigInteger.valueOf(sunsp.getCofactor())); final ECParameterSpec params = new ECParameterSpec(ecurve, sunsp.getGenerator(), sunsp.getOrder(), sunsp.getCofactor()); if (log.isDebugEnabled()) { log.debug("Fieldsize: " + params.getCurve().getField().getFieldSize()); final EllipticCurve curve = params.getCurve(); log.debug("CurveA: " + curve.getA().toString(16)); log.debug("CurveB: " + curve.getB().toString(16)); log.debug("CurveSeed: " + curve.getSeed()); final ECFieldFp field = (ECFieldFp) curve.getField(); log.debug("CurveSfield: " + field.getP().toString(16)); final ECPoint p = params.getGenerator(); log.debug("Generator: " + p.getAffineX().toString(16) + ", " + p.getAffineY().toString(16)); log.debug("Order: " + params.getOrder().toString(16)); log.debug("CoFactor: " + params.getCofactor()); } ret = params; } else if (pk instanceof JCEECPublicKey) { log.debug("getKeyGenSpec: JCEECPublicKey"); final JCEECPublicKey ecpub = (JCEECPublicKey) pk; final org.bouncycastle.jce.spec.ECParameterSpec bcsp = ecpub.getParameters(); final ECCurve curve = bcsp.getCurve(); // TODO: this probably does not work for key generation with the Sun PKCS#11 provider. Maybe seed needs to be set to null as above? Or // something else, the BC curve is it the same? final ECParameterSpec params = new ECNamedCurveSpec(null, curve, bcsp.getG(), bcsp.getN(), bcsp.getH()); ret = params; // EllipticCurve ecc = new EllipticCurve(curve.) // ECParameterSpec sp = new ECParameterSpec(, bcsp.getG(), bcsp.getN(), bcsp.getH().intValue()); } return ret; }
From source file:org.ejbca.util.keystore.KeyTools.java
/** * Gets the key AlgorithmParameterSpec of supported keys. Can be used to initialize a KeyPairGenerator to generate a key of equal type and size. * @param pk PublicKey used to derive the AlgorithmParameterSpec * @return null if key is unsupported or pk is null, otherwise a AlgorithmParameterSpec. *//*from w w w . j a va2s . c o m*/ public static AlgorithmParameterSpec getKeyGenSpec(final PublicKey pk) { if (pk == null) { return null; } AlgorithmParameterSpec ret = null; if (pk instanceof RSAPublicKey) { log.debug("getKeyGenSpec: RSA"); final RSAPublicKey rpk = (RSAPublicKey) pk; ret = new RSAKeyGenParameterSpec(getKeyLength(pk), rpk.getPublicExponent()); } else if (pk instanceof DSAPublicKey) { log.debug("getKeyGenSpec: DSA"); final DSAPublicKey dpk = (DSAPublicKey) pk; final DSAParams params = dpk.getParams(); ret = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); } else if (pk instanceof ECPublicKey) { log.debug("getKeyGenSpec: ECPublicKey"); final ECPublicKey ecpub = (ECPublicKey) pk; final java.security.spec.ECParameterSpec sunsp = ecpub.getParams(); final EllipticCurve ecurve = new EllipticCurve(sunsp.getCurve().getField(), sunsp.getCurve().getA(), sunsp.getCurve().getB()); //ECParameterSpec par = new ECNamedCurveSpec(null, sunsp.getCurve(), sunsp.getGenerator(), sunsp.getOrder(), BigInteger.valueOf(sunsp.getCofactor())); final ECParameterSpec params = new ECParameterSpec(ecurve, sunsp.getGenerator(), sunsp.getOrder(), sunsp.getCofactor()); if (log.isDebugEnabled()) { log.debug("Fieldsize: " + params.getCurve().getField().getFieldSize()); final EllipticCurve curve = params.getCurve(); log.debug("CurveA: " + curve.getA().toString(16)); log.debug("CurveB: " + curve.getB().toString(16)); log.debug("CurveSeed: " + curve.getSeed()); final ECFieldFp field = (ECFieldFp) curve.getField(); log.debug("CurveSfield: " + field.getP().toString(16)); final ECPoint p = params.getGenerator(); log.debug("Generator: " + p.getAffineX().toString(16) + ", " + p.getAffineY().toString(16)); log.debug("Order: " + params.getOrder().toString(16)); log.debug("CoFactor: " + params.getCofactor()); } ret = params; } else if (pk instanceof JCEECPublicKey) { log.debug("getKeyGenSpec: JCEECPublicKey"); final JCEECPublicKey ecpub = (JCEECPublicKey) pk; final org.bouncycastle.jce.spec.ECParameterSpec bcsp = ecpub.getParameters(); final ECCurve curve = bcsp.getCurve(); //TODO: this probably does not work for key generation with the Sun PKCS#11 provider. Maybe seed needs to be set to null as above? Or something else, the BC curve is it the same? final ECParameterSpec params = new ECNamedCurveSpec(null, curve, bcsp.getG(), bcsp.getN(), bcsp.getH()); ret = params; //EllipticCurve ecc = new EllipticCurve(curve.) //ECParameterSpec sp = new ECParameterSpec(, bcsp.getG(), bcsp.getN(), bcsp.getH().intValue()); } return ret; }