Package java.security.spec

Examples of java.security.spec.AlgorithmParameterSpec

145
146
147
148
149
150
151
152
153
154
155
            log.trace(">genKeys("+keySpec+", "+keyAlg+")");       
      }

      final KeyPairGenerator keygen = KeyPairGenerator.getInstance(keyAlg, "BC");
        if (StringUtils.equals(keyAlg, AlgorithmConstants.KEYALGORITHM_ECDSA)) {
          AlgorithmParameterSpec ecSpec = null;
          if ( (keySpec != null) && !StringUtils.equals(keySpec,"implicitlyCA") ) {
            log.debug("Generating named curve ECDSA key pair: "+keySpec);
              // We have EC keys
              ecSpec = ECNamedCurveTable.getParameterSpec(keySpec);
              if (ecSpec == null) {
View Full Code Here
293
294
295
296
297
298
299
300
301
302
303
     */
  public static AlgorithmParameterSpec getKeyGenSpec(final PublicKey pk) {
    if (pk == null) {
      return null;
    }
    AlgorithmParameterSpec ret = null;
    if (pk instanceof RSAPublicKey) {
      log.debug("getKeyGenSpec: RSA");
      final RSAPublicKey rpk = (RSAPublicKey)pk;
      ret = new RSAKeyGenParameterSpec(getKeyLength(pk), rpk.getPublicExponent());
    } else if (pk instanceof DSAPublicKey) {
View Full Code Here
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
    }
   
    public void test07GenKeysECDSAAlgorithmSpec() throws Exception {
        log.trace(">test07GenKeysECDSAAlgorithmSpec()");
        KeyPairGenerator keygen = KeyPairGenerator.getInstance("EC", "BC");
        AlgorithmParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
      keygen.initialize(ecSpec);
      KeyPair keys = keygen.generateKeyPair();
      assertEquals("EC", keys.getPublic().getAlgorithm());
      String spec = AlgorithmTools.getKeySpecification(keys.getPublic());
      assertEquals("secp256r1", spec);
    AlgorithmParameterSpec paramspec = KeyTools.getKeyGenSpec(keys.getPublic());         

        KeyPair keys2 = KeyTools.genKeys(null, paramspec, AlgorithmConstants.KEYALGORITHM_ECDSA);
      assertEquals("ECDSA", keys2.getPublic().getAlgorithm());
      ECPublicKey pk1 = (ECPublicKey)keys.getPublic();
      ECPublicKey pk2 = (ECPublicKey)keys2.getPublic();
View Full Code Here
112
113
114
115
116
117
118
119
120
121
122
            // changed only this line of code, which went :
            // ecipher = Cipher.getInstance( key.getAlgorithm() ); and raised an exception
            dcipher = Cipher.getInstance( "PBEWithMD5AndDES" );

            // Prepare the parameters to the ciphers
            AlgorithmParameterSpec paramSpec = new PBEParameterSpec( salt, iterationCount );

            ecipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
            dcipher.init( Cipher.DECRYPT_MODE, key, paramSpec );

        }
View Full Code Here
720
721
722
723
724
725
726
727
728
729
730
        if (!WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) {
            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "badC14nAlgo");
        }

        // Not allowed HMAC OutputLength
        AlgorithmParameterSpec parameterSpec =
            xmlSignature.getSignedInfo().getSignatureMethod().getParameterSpec();
        if (parameterSpec instanceof HMACParameterSpec) {
            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "R5401");
        }
       
View Full Code Here
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
            // If the user did not specify this, we try to generate a key with the same specification as the currently used key.
      String keyspec = info.getSignKeySpec(); // can be "unknown"
      if (StringUtils.equals(keyspec, AlgorithmTools.KEYSPEC_UNKNOWN)) {
        keyspec = null;
      }
      AlgorithmParameterSpec paramspec = KeyTools.getKeyGenSpec(previousPubSign);         
      if (log.isDebugEnabled()) {
        if (keyspec != null) {
          log.debug("Generating new Soft key with specified spec "+keyspec+" with label "+SoftCAToken.PRIVATESIGNKEYALIAS);           
        } else {
          int keySize = KeyTools.getKeyLength(previousPubSign);
          String alg = previousPubSign.getAlgorithm();
          log.debug("Generating new Soft "+alg+" key with spec "+paramspec+" (size="+keySize+") with label "+SoftCAToken.PRIVATESIGNKEYALIAS);
        }
      }
      // Generate signature keys.
      KeyPair newsignkeys = KeyTools.genKeys(keyspec, paramspec, info.getSignKeyAlgorithm());

      // Create the new keystore and add the new signature keys
      KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
      keystore.load(null, null);

      // PLay with aliases depending on if we activate the new key or not
      String newSignKeyAlias = SoftCAToken.PRIVATESIGNKEYALIAS;
      String previousSignKeyAlias = SoftCAToken.PREVIOUSPRIVATESIGNKEYALIAS;
      if (!activate) {
        // If the new keys are not activated we must still use the old key as active signing key (PRIVATESIGNKEYALIAS)
        newSignKeyAlias = SoftCAToken.NEXTPRIVATESIGNKEYALIAS;
        previousSignKeyAlias = SoftCAToken.PRIVATESIGNKEYALIAS;
      }
      log.debug("Setting newsignkeys as "+newSignKeyAlias+" in soft CA token.");
      Certificate[] certchain = new Certificate[1]; // generate dummy certificate
      String sigAlg = (String)AlgorithmTools.getSignatureAlgorithms(newsignkeys.getPublic()).iterator().next();
      certchain[0] = CertTools.genSelfCert("CN=dummy", 36500, null, newsignkeys.getPrivate(), newsignkeys.getPublic(), sigAlg, true);
      keystore.setKeyEntry(newSignKeyAlias, newsignkeys.getPrivate(), null, certchain);
      if (!activate) {
        log.debug("Set next sequence: "+newSequence);
        properties.setProperty(ICAToken.NEXT_SEQUENCE_PROPERTY, newSequence);       
        log.debug("Set nextCertSignKey: "+newSignKeyAlias);
        properties.setProperty(KeyStrings.CAKEYPURPOSE_CERTSIGN_STRING_NEXT, newSignKeyAlias);
      }

      // If we have an old key (i.e. generating new keys), we will store the old one as "previous"
      if (previousPrivSign != null) {
        log.debug("Setting previousPrivSign as "+previousSignKeyAlias+" in soft CA token.");
        sigAlg = (String)AlgorithmTools.getSignatureAlgorithms(previousPubSign).iterator().next();
        certchain[0] = CertTools.genSelfCert("CN=dummy2", 36500, null, previousPrivSign, previousPubSign, sigAlg, true);       
        keystore.setKeyEntry(previousSignKeyAlias, previousPrivSign, null, certchain);  
        // Now this keystore should have this previous key
        if (activate) {
          // This key pair is now moved down to previous sign key
          properties.setProperty(KeyStrings.CAKEYPURPOSE_CERTSIGN_STRING_PREVIOUS, previousSignKeyAlias);         
          // Set previous sequence so we can create link certificates
          log.debug("Set previous sequence : "+oldSequence);
          properties.setProperty(ICAToken.PREVIOUS_SEQUENCE_PROPERTY, oldSequence);
        } else {
          // If we have an old previous key and we are not activating the new key, we will keep this one as "previous"
          // If the new keys are activate the old previous keys are trashed and replaced by the old active signature key
          String prevProp = properties.getProperty(KeyStrings.CAKEYPURPOSE_CERTSIGN_STRING_PREVIOUS); // If we don't have a previous key don't try to add it
          if ( (oldPreviousPrivSign != null) && (prevProp != null) ) {
            log.debug("Setting old previousprivatesignkeyalias as "+SoftCAToken.PREVIOUSPRIVATESIGNKEYALIAS+" in soft CA token.");
            sigAlg = (String)AlgorithmTools.getSignatureAlgorithms(oldPreviousPubSign).iterator().next();
            certchain[0] = CertTools.genSelfCert("CN=dummy3", 36500, null, oldPreviousPrivSign, oldPreviousPubSign, sigAlg, true);       
            keystore.setKeyEntry(SoftCAToken.PREVIOUSPRIVATESIGNKEYALIAS, oldPreviousPrivSign, null, certchain);  
            properties.setProperty(KeyStrings.CAKEYPURPOSE_CERTSIGN_STRING_PREVIOUS, SoftCAToken.PREVIOUSPRIVATESIGNKEYALIAS);
          } else {
            log.debug("No previousprivatesignkeyalias exists, not setting any previous key.");           
          }
        }
      }
     
      // Finally install the old encryption/decryption keys as well
      sigAlg = (String)AlgorithmTools.getSignatureAlgorithms(pubEnc).iterator().next();
      certchain[0] = CertTools.genSelfCert("CN=dummy2", 36500, null, privEnc, pubEnc, sigAlg, true);
      keystore.setKeyEntry(SoftCAToken.PRIVATEDECKEYALIAS, privEnc, null, certchain)
     
      storeSoftKeyStore(authCode, info, properties, keystore);
      tokentype = "Soft"; // for logging
    } else if (catokeninfo instanceof HardCATokenInfo) {
      ICAToken token = getCAToken();
      if (token instanceof PKCS11CAToken) {
        Properties properties = getProperties();
        PublicKey pubK = token.getPublicKey(SecConst.CAKEYPURPOSE_CERTSIGN);
        String keyLabel = token.getKeyLabel(SecConst.CAKEYPURPOSE_CERTSIGN);
        log.debug("Old key label is: "+keyLabel);
        String crlKeyLabel = token.getKeyLabel(SecConst.CAKEYPURPOSE_CRLSIGN);
        // The key label to use for the new key
        // Remove the old sequence from the end of the key label and replace it with the
        // new label. If no label was present just concatenate the new label
        String newKeyLabel = StringUtils.removeEnd(keyLabel, oldSequence)+newSequence;
        log.debug("New key label is: "+newKeyLabel);

        final KeyStore.PasswordProtection pwp = new KeyStore.PasswordProtection(authCode);

              // As first choice we check if the used have specified which type of key should be generated, this can be different from the currently used key
              // If the user did not specify this, we try to generate a key with the same specification as the currently used key.
        String keyspec = properties.getProperty(ICAToken.KEYSPEC_PROPERTY); // can be null, and that is ok
        AlgorithmParameterSpec paramspec = KeyTools.getKeyGenSpec(pubK);         
        if (log.isDebugEnabled()) {
          String sharedLibrary = properties.getProperty(PKCS11CAToken.SHLIB_LABEL_KEY);
          String slot = properties.getProperty(PKCS11CAToken.SLOT_LABEL_KEY);
          String attributesFile = properties.getProperty(PKCS11CAToken.ATTRIB_LABEL_KEY);
          if (keyspec != null) {
View Full Code Here
210
211
212
213
214
215
216
217
218
219
220
            }
           
            if (vec == null) {
                cipher.init(cipherMode, key);
            } else {
                AlgorithmParameterSpec aps;
                if (cipherAlgorithm == CipherAlgorithm.rc2) {
                    aps = new RC2ParameterSpec(key.getEncoded().length*8, vec);
                } else {
                    aps = new IvParameterSpec(vec);
                }
View Full Code Here
719
720
721
722
723
724
725
726
727
728
729
        if (!WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) {
            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "badC14nAlgo");
        }

        // Not allowed HMAC OutputLength
        AlgorithmParameterSpec parameterSpec =
            xmlSignature.getSignedInfo().getSignatureMethod().getParameterSpec();
        if (parameterSpec instanceof HMACParameterSpec) {
            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "R5401");
        }
       
View Full Code Here
725
726
727
728
729
730
731
732
733
734
735
        if (!WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(c14nMethod)) {
            bspEnforcer.handleBSPRule(BSPRule.R5404);
        }

        // Not allowed HMAC OutputLength
        AlgorithmParameterSpec parameterSpec =
            xmlSignature.getSignedInfo().getSignatureMethod().getParameterSpec();
        if (parameterSpec instanceof HMACParameterSpec) {
            bspEnforcer.handleBSPRule(BSPRule.R5401);
        }
       
View Full Code Here
279
280
281
282
283
284
285
286
287
288
289
                try {
                    //encrypt the symmetric session key with the public key from the receiver:
                    String jceid = JCEAlgorithmMapper.translateURItoJCEID(encryptionKeyTransportAlgorithm);
                    Cipher cipher = Cipher.getInstance(jceid);

                    AlgorithmParameterSpec algorithmParameterSpec = null;
                    if (XMLSecurityConstants.NS_XENC11_RSAOAEP.equals(encryptionKeyTransportAlgorithm) ||
                            XMLSecurityConstants.NS_XENC_RSAOAEPMGF1P.equals(encryptionKeyTransportAlgorithm)) {

                        String jceDigestAlgorithm = "SHA-1";
                        String encryptionKeyTransportDigestAlgorithm = getSecurityProperties().getEncryptionKeyTransportDigestAlgorithm();
View Full Code Here
TOP

Related Classes of java.security.spec.AlgorithmParameterSpec

  • artofillusion.spmanager.StringEncrypter
  • com.cedarsoftware.util.EncryptionUtilities
  • com.hazelcast.nio.CipherHelper$SymmetricCipherBuilder
  • com.nimbusds.jose.crypto.RSA_OAEP_256
  • com.openkm.openoffice.util.Encryption
  • com.stimulus.archiva.authentication.BasicIdentity
  • com.stimulus.archiva.domain.Archiver
  • com.stimulus.util.Crypto
  • com.sun.crypto.provider.OAEPParameters
  • com.sun.xml.wss.impl.dsig.SignatureProcessor
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.