@Override public SubjectPublicKeyInfo fetchPublicKey(String keyID) throws IOException { if (sharedPublicKeyMap.containsKey(keyID)) { Share<ECPoint> share = sharedPublicKeyMap.getShare(keyID, TIME_OUT, TimeUnit.SECONDS); if (share != null) { ECPoint q = share.getValue(); ECDomainParameters params = paramsMap.get(keyID); return SubjectPublicKeyInfo.getInstance(SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new ECPublicKeyParameters(q, params)).getEncoded()); } } return null; }
@Override public PartialPublicKeyInfo fetchPartialPublicKey(String keyID) throws IOException { if (sharedPrivateKeyMap.containsKey(keyID)) { ECDomainParameters params = paramsMap.get(keyID); Share<BigInteger> share = sharedPrivateKeyMap.getShare(keyID, TIME_OUT, TimeUnit.SECONDS); BigInteger d = share.getValue(); ECPoint Q = params.getG().multiply(d); return new PartialPublicKeyInfo(share.getSequenceNo(), SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new ECPublicKeyParameters(Q, params))); } return null; }
public static PublicKey getRSAPublicKey(byte[] encodedPubKey) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { RSAPublicKey pubKey8 = RSAPublicKey.getInstance(encodedPubKey); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false, pubKey8.getModulus(), pubKey8.getPublicExponent())); X509EncodedKeySpec spec = new X509EncodedKeySpec(info.getEncoded()); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); return keyFactory.generatePublic(spec); }
public static KeyPair convertToJca(AsymmetricCipherKeyPair keyPair) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { SubjectPublicKeyInfo publicKey = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(keyPair.getPublic()); PrivateKeyInfo privateKey = PrivateKeyInfoFactory.createPrivateKeyInfo(keyPair.getPrivate()); KeyFactory keyFactory = new DefaultJcaJceHelper().createKeyFactory("RSA"); // TODO should we really assume RSA? return new KeyPair( keyFactory.generatePublic(new X509EncodedKeySpec(publicKey.getEncoded())), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKey.getEncoded())) ); }
private PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception{ X500Name subject=new X500Name(dn); PublicKey pubKey=kp.getPublic(); PrivateKey privKey=kp.getPrivate(); AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded()); SubjectPublicKeyInfo publicKeyInfo=SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam); PKCS10CertificationRequestBuilder builder=new PKCS10CertificationRequestBuilder(subject, publicKeyInfo); AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA); BcRSAContentSignerBuilder signerBuilder=new BcRSAContentSignerBuilder( signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1)); AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded()); ContentSigner signer=signerBuilder.build(pkParam); return builder.build(signer); }
private org.bouncycastle.pkcs.PKCS10CertificationRequest generateCertificationRequest(String dn, KeyPair kp) throws Exception{ X500Name subject=new X500Name(dn); PublicKey pubKey=kp.getPublic(); PrivateKey privKey=kp.getPrivate(); AsymmetricKeyParameter pubkeyParam = PublicKeyFactory.createKey(pubKey.getEncoded()); SubjectPublicKeyInfo publicKeyInfo=SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(pubkeyParam); PKCS10CertificationRequestBuilder builder=new PKCS10CertificationRequestBuilder(subject, publicKeyInfo); AlgorithmIdentifier signatureAi = new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA); BcRSAContentSignerBuilder signerBuilder=new BcRSAContentSignerBuilder( signatureAi, AlgorithmIdentifier.getInstance(OIWObjectIdentifiers.idSHA1)); AsymmetricKeyParameter pkParam = PrivateKeyFactory.createKey(privKey.getEncoded()); ContentSigner signer=signerBuilder.build(pkParam); return builder.build(signer); }
public AuthorityKeyIdentifier createAuthorityKeyIdentifier( AsymmetricKeyParameter publicKey) throws IOException { return super.createAuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey)); }
private List<byte[]> verifyPoints(ECPair[] cipherText, ECDomainParameters domainParams, String[] nodeNames, AsymmetricKeyParameter[] pubKeys, List<byte[]>[] partialDecrypts, BigInteger[] weights, int messageIndex) throws ServiceConnectionException { List<byte[]> proofList = new ArrayList<>(); for (int wIndex = 0; wIndex < weights.length; wIndex++) { if (weights[wIndex] != null) { ECPublicKeyParameters nodeKey = (ECPublicKeyParameters)pubKeys[wIndex]; PairSequenceWithProofs pairSequenceWithProofs = PairSequenceWithProofs.getInstance(domainParams.getCurve(), partialDecrypts[wIndex].get(messageIndex)); ECDecryptionProof[] proofs = pairSequenceWithProofs.getECProofs(); ECPair[] partials = pairSequenceWithProofs.getECPairs(); if (proofs.length != partials.length) { eventNotifier.notify(EventNotifier.Level.ERROR, "Partial decrypts and proofs differ in length from node " + nodeNames[wIndex]); throw new ServiceConnectionException("Partial decrypts and proofs differ in length"); } ECPoint[] decrypts = new ECPoint[partials.length]; for (int i = 0; i != partials.length; i++) { decrypts[i] = partials[i].getX(); } boolean hasPassed = true; for (int i = 0; i != partials.length; i++) { if (!proofs[i].isVerified(nodeKey, cipherText[i].getX(), partials[i].getX())) { hasPassed = false; } } try { proofList.add(new ChallengeLogMessage(messageIndex, wIndex, hasPassed, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(nodeKey), decrypts, proofs).getEncoded()); if (hasPassed) { eventNotifier.notify(EventNotifier.Level.INFO, "Proof for message " + messageIndex + " for node " + nodeNames[wIndex] + " passed."); } else { eventNotifier.notify(EventNotifier.Level.ERROR, "Proof for message " + messageIndex + " for node " + nodeNames[wIndex] + " failed!"); } } catch (Exception e) { eventNotifier.notify(EventNotifier.Level.ERROR, "Partial decrypts failed to encode from " + nodeNames[wIndex] + ": " + e.getMessage(), e); throw new ServiceConnectionException("Partial decrypts failed to encode from " + nodeNames[wIndex] + ": " + e.getMessage(), e); } } } return proofList; }
@Test public void testSingleKeyStoreAndLoad() throws Exception { ECKeyManager keyManager = new ECKeyManager(new TestUtils.BasicNodeContext("Test")); X9ECParameters ecParameters = CustomNamedCurves.getByName("secp256r1"); ECDomainParameters domainParameters = new ECDomainParameters(ecParameters.getCurve(), ecParameters.getG(), ecParameters.getN(), ecParameters.getH()); ECPoint h = domainParameters.getG().multiply(BigInteger.valueOf(1000001)); AsymmetricCipherKeyPair kp = keyManager.generateKeyPair("Test1", Algorithm.EC_ELGAMAL, 1, domainParameters, h); ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)kp.getPrivate(); ECPublicKeyParameters pubKey = (ECPublicKeyParameters)kp.getPublic(); ECPoint commitment = pubKey.getParameters().getG().multiply(privKey.getD()).add(h); keyManager.buildSharedKey("Test1", new ECCommittedSecretShareMessage(0, privKey.getD(), BigInteger.ONE, new ECPoint[]{commitment}, pubKey.getQ(), new ECPoint[]{pubKey.getQ()})); keyManager.fetchPublicKey("Test1"); // make sure we've synced up byte[] p12enc = keyManager.getEncoded(passwd); KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); keyStore.load(new ByteArrayInputStream(p12enc), passwd); Assert.assertEquals(1, keyStore.size()); Assert.assertTrue(keyStore.containsAlias("Test1")); ECKeyManager rebuiltKeyManager = new ECKeyManager(new TestUtils.BasicNodeContext("Test")); rebuiltKeyManager.load(passwd, p12enc); Assert.assertFalse(keyManager.isSigningKey("Test1")); Assert.assertFalse(rebuiltKeyManager.isSigningKey("Test1")); Assert.assertEquals(SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(kp.getPublic()), keyManager.fetchPublicKey("Test1")); Assert.assertEquals(((ECPrivateKeyParameters)kp.getPrivate()).getD(), keyManager.getPartialPrivateKey("Test1")); Assert.assertEquals(keyManager.fetchPublicKey("Test1"), rebuiltKeyManager.fetchPublicKey("Test1")); Assert.assertEquals(keyManager.getPartialPrivateKey("Test1"), rebuiltKeyManager.getPartialPrivateKey("Test1")); }
/** * Return a RFC 3280 type 1 key identifier. As in: * <pre> * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the * value of the BIT STRING subjectPublicKey (excluding the tag, * length, and number of unused bits). * </pre> * @param publicKey the key object containing the key identifier is to be based on. * @return the key identifier. */ public SubjectKeyIdentifier createSubjectKeyIdentifier( AsymmetricKeyParameter publicKey) throws IOException { return super.createSubjectKeyIdentifier(SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey)); }
/** * Initialise the builder using an AsymmetricKeyParameter. * * @param issuer X500Name representing the issuer of this certificate. * @param serial the serial number for the certificate. * @param notBefore date before which the certificate is not valid. * @param notAfter date after which the certificate is not valid. * @param subject X500Name representing the subject of this certificate. * @param publicKey the public key to be associated with the certificate. */ public BcX509v1CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, AsymmetricKeyParameter publicKey) throws IOException { super(issuer, serial, notBefore, notAfter, subject, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey)); }
/** * Initialise the builder using a PublicKey. * * @param issuer X500Name representing the issuer of this certificate. * @param serial the serial number for the certificate. * @param notBefore date before which the certificate is not valid. * @param notAfter date after which the certificate is not valid. * @param subject X500Name representing the subject of this certificate. * @param publicKey the public key to be associated with the certificate. */ public BcX509v3CertificateBuilder(X500Name issuer, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, AsymmetricKeyParameter publicKey) throws IOException { super(issuer, serial, notBefore, notAfter, subject, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey)); }
/** * Initialise the builder using the subject from the passed in issuerCert as the issuer, as well as * passing through and converting the other objects provided. * * @param issuerCert holder for certificate who's subject is the issuer of the certificate we are building. * @param serial the serial number for the certificate. * @param notBefore date before which the certificate is not valid. * @param notAfter date after which the certificate is not valid. * @param subject principal representing the subject of this certificate. * @param publicKey the public key to be associated with the certificate. */ public BcX509v3CertificateBuilder(X509CertificateHolder issuerCert, BigInteger serial, Date notBefore, Date notAfter, X500Name subject, AsymmetricKeyParameter publicKey) throws IOException { super(issuerCert.getSubject(), serial, notBefore, notAfter, subject, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey)); }
/** * Create a PKCS#10 builder for the passed in subject and JCA public key. * * @param subject an X500Name containing the subject associated with the request we are building. * @param publicKey a JCA public key that is to be associated with the request we are building. * @throws IOException if there is a problem encoding the public key. */ public BcPKCS10CertificationRequestBuilder(X500Name subject, AsymmetricKeyParameter publicKey) throws IOException { super(subject, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey)); }
