java.security.interfaces.RSAPrivateCrtKey Java Examples

/**
 * Sets the private key for the keystore entry.
 */
void setPrivateKey(RSAPrivateCrtKey key)
    throws InvalidKeyException, KeyStoreException
{
    byte[] modulusBytes = key.getModulus().toByteArray();

    // Adjust key length due to sign bit
    int keyBitLength = (modulusBytes[0] == 0)
        ? (modulusBytes.length - 1) * 8
        : modulusBytes.length * 8;

    byte[] keyBlob = generatePrivateKeyBlob(
        keyBitLength,
        modulusBytes,
        key.getPublicExponent().toByteArray(),
        key.getPrivateExponent().toByteArray(),
        key.getPrimeP().toByteArray(),
        key.getPrimeQ().toByteArray(),
        key.getPrimeExponentP().toByteArray(),
        key.getPrimeExponentQ().toByteArray(),
        key.getCrtCoefficient().toByteArray());

    privateKey = storePrivateKey(Objects.requireNonNull(keyBlob),
        "{" + UUID.randomUUID().toString() + "}", keyBitLength);
}
 

/**
 * Sets the private key for the keystore entry.
 */
void setPrivateKey(RSAPrivateCrtKey key)
    throws InvalidKeyException, KeyStoreException
{
    byte[] modulusBytes = key.getModulus().toByteArray();

    // Adjust key length due to sign bit
    int keyBitLength = (modulusBytes[0] == 0)
        ? (modulusBytes.length - 1) * 8
        : modulusBytes.length * 8;

    byte[] keyBlob = generatePrivateKeyBlob(
        keyBitLength,
        modulusBytes,
        key.getPublicExponent().toByteArray(),
        key.getPrivateExponent().toByteArray(),
        key.getPrimeP().toByteArray(),
        key.getPrimeQ().toByteArray(),
        key.getPrimeExponentP().toByteArray(),
        key.getPrimeExponentQ().toByteArray(),
        key.getCrtCoefficient().toByteArray());

    privateKey = storePrivateKey(keyBlob,
        "{" + UUID.randomUUID().toString() + "}", keyBitLength);
}
 

/**
   * 从KeyStore获取公钥
   * @param location
   * @param alias
   * @param storeType
   * @param storePass
   * @param keyPass
   * @return
   */
  public static PublicKey loadPublicKeyFromKeyStore(String location,String alias,String storeType,String storePass,String keyPass){
      try {			
      	storeType = null == storeType ? KeyStore.getDefaultType() : storeType;
      	keyPass = keyPass == null ? storePass : keyPass;
      	KeyStore keyStore = KeyStore.getInstance(storeType);
      	InputStream is = new FileInputStream(location);
      	keyStore.load(is, storePass.toCharArray());
      	
      	RSAPrivateCrtKey key = (RSAPrivateCrtKey) keyStore.getKey(alias, keyPass.toCharArray());
	RSAPublicKeySpec spec = new RSAPublicKeySpec(key.getModulus(),
			key.getPublicExponent());
	PublicKey publicKey = KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(spec);
          return publicKey;
} catch (Exception e) {
	throw new RuntimeException(e);
}
  }
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

private static void generateTestVector(int rsaKeyBits, int suffix) throws Exception {
  KeyPair pair = generateKeyPair(rsaKeyBits);
  RSAPrivateCrtKey priv = (RSAPrivateCrtKey) pair.getPrivate();

  // The core RSA private key operation is doing the modPow for the two components.
  BigInteger p = priv.getPrimeP();
  BigInteger dp = priv.getPrimeExponentP();
  BigInteger q = priv.getPrimeQ();
  BigInteger dq = priv.getPrimeExponentQ();

  byte[] random = new byte[rsaKeyBits / 8];
  SECURE_RANDOM.nextBytes(random);
  // Clear the top bit to ensure it fits.
  random[0] &= 0x7F;
  BigInteger message = new BigInteger(1, random);
  BigInteger pResult = message.modPow(dp, p);
  BigInteger qResult = message.modPow(dq, q);

  System.out.println("public static final TestVector VECTOR" + suffix + " = ");
  new TestVector(message, p, dp, pResult, q, dq, qResult).printJavaConstructorFor();
  System.out.println();
}
 

/**
 * Sets the private key for the keystore entry.
 */
void setPrivateKey(RSAPrivateCrtKey key)
    throws InvalidKeyException, KeyStoreException
{
    byte[] modulusBytes = key.getModulus().toByteArray();

    // Adjust key length due to sign bit
    int keyBitLength = (modulusBytes[0] == 0)
        ? (modulusBytes.length - 1) * 8
        : modulusBytes.length * 8;

    byte[] keyBlob = generatePrivateKeyBlob(
        keyBitLength,
        modulusBytes,
        key.getPublicExponent().toByteArray(),
        key.getPrivateExponent().toByteArray(),
        key.getPrimeP().toByteArray(),
        key.getPrimeQ().toByteArray(),
        key.getPrimeExponentP().toByteArray(),
        key.getPrimeExponentQ().toByteArray(),
        key.getCrtCoefficient().toByteArray());

    privateKey = storePrivateKey(keyBlob,
        "{" + UUID.randomUUID().toString() + "}", keyBitLength);
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

public KeyPair getKeyPair(String alias, char[] password) {
	try {
		synchronized (lock) {
			if (store == null) {
				synchronized (lock) {
					store = KeyStore.getInstance("jks");
					store.load(resource.getInputStream(), this.password);
				}
			}
		}
		RSAPrivateCrtKey key = (RSAPrivateCrtKey) store.getKey(alias, password);
		RSAPublicKeySpec spec = new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent());
		PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(spec);
		return new KeyPair(publicKey, key);
	}
	catch (Exception e) {
		throw new IllegalStateException("Cannot load keys from store: " + resource, e);
	}
}
 

/**
 * Sets the private key for the keystore entry.
 */
void setPrivateKey(RSAPrivateCrtKey key)
    throws InvalidKeyException, KeyStoreException
{
    byte[] modulusBytes = key.getModulus().toByteArray();

    // Adjust key length due to sign bit
    int keyBitLength = (modulusBytes[0] == 0)
        ? (modulusBytes.length - 1) * 8
        : modulusBytes.length * 8;

    byte[] keyBlob = generatePrivateKeyBlob(
        keyBitLength,
        modulusBytes,
        key.getPublicExponent().toByteArray(),
        key.getPrivateExponent().toByteArray(),
        key.getPrimeP().toByteArray(),
        key.getPrimeQ().toByteArray(),
        key.getPrimeExponentP().toByteArray(),
        key.getPrimeExponentQ().toByteArray(),
        key.getCrtCoefficient().toByteArray());

    privateKey = storePrivateKey(Objects.requireNonNull(keyBlob),
        "{" + UUID.randomUUID().toString() + "}", keyBitLength);
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

/**
 * Sets the private key for the keystore entry.
 */
void setPrivateKey(RSAPrivateCrtKey key)
    throws InvalidKeyException, KeyStoreException
{
    byte[] modulusBytes = key.getModulus().toByteArray();

    // Adjust key length due to sign bit
    int keyBitLength = (modulusBytes[0] == 0)
        ? (modulusBytes.length - 1) * 8
        : modulusBytes.length * 8;

    byte[] keyBlob = generatePrivateKeyBlob(
        keyBitLength,
        modulusBytes,
        key.getPublicExponent().toByteArray(),
        key.getPrivateExponent().toByteArray(),
        key.getPrimeP().toByteArray(),
        key.getPrimeQ().toByteArray(),
        key.getPrimeExponentP().toByteArray(),
        key.getPrimeExponentQ().toByteArray(),
        key.getCrtCoefficient().toByteArray());

    privateKey = storePrivateKey(Objects.requireNonNull(keyBlob),
        "{" + UUID.randomUUID().toString() + "}", keyBitLength);
}
 

protected Key engineTranslateKey(
    Key key)
    throws InvalidKeyException
{
    if (key instanceof RSAPublicKey)
    {
        return new BCRSAPublicKey((RSAPublicKey)key);
    }
    else if (key instanceof RSAPrivateCrtKey)
    {
        return new BCRSAPrivateCrtKey((RSAPrivateCrtKey)key);
    }
    else if (key instanceof java.security.interfaces.RSAPrivateKey)
    {
        return new BCRSAPrivateKey((java.security.interfaces.RSAPrivateKey)key);
    }

    throw new InvalidKeyException("key type unknown");
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

/**
 * Sets the private key for the keystore entry.
 */
void setPrivateKey(RSAPrivateCrtKey key)
    throws InvalidKeyException, KeyStoreException
{
    byte[] modulusBytes = key.getModulus().toByteArray();

    // Adjust key length due to sign bit
    int keyBitLength = (modulusBytes[0] == 0)
        ? (modulusBytes.length - 1) * 8
        : modulusBytes.length * 8;

    byte[] keyBlob = generatePrivateKeyBlob(
        keyBitLength,
        modulusBytes,
        key.getPublicExponent().toByteArray(),
        key.getPrivateExponent().toByteArray(),
        key.getPrimeP().toByteArray(),
        key.getPrimeQ().toByteArray(),
        key.getPrimeExponentP().toByteArray(),
        key.getPrimeExponentQ().toByteArray(),
        key.getCrtCoefficient().toByteArray());

    privateKey = storePrivateKey(keyBlob,
        "{" + UUID.randomUUID().toString() + "}", keyBitLength);
}
 

private byte[] getPvkEncodedPrivateKey(PrivateKey privateKey, int keyType, Password password,
		boolean strongEncryption) throws CryptoException, IOException {
	byte[] encoded = null;

	if (password != null) {
		if (privateKey instanceof RSAPrivateCrtKey) {
			encoded = MsPvkUtil.getEncrypted((RSAPrivateCrtKey) privateKey, keyType, password, strongEncryption);
		} else {
			encoded = MsPvkUtil.getEncrypted((DSAPrivateKey) privateKey, password, strongEncryption);
		}
	} else {
		if (privateKey instanceof RSAPrivateCrtKey) {
			encoded = MsPvkUtil.get((RSAPrivateCrtKey) privateKey, keyType);
		} else {
			encoded = MsPvkUtil.get((DSAPrivateKey) privateKey);
		}
	}

	return encoded;
}
 

/**
 * Returns XML suitable for use in .NET code with the RSACryptoServiceProvider.FromXmlString method.
 * This RSACryptoServiceProvider object can be used in the .NET version of the OAuth libraries in the areas
 * where we use a PrivateKey object in the Java libraries. 
 * An explanation of the XML used for key formats is here: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa.toxmlstring.aspx
 * Thanks to http://www.jensign.com/JavaScience/PvkConvert/ for pointing out that leading zeros must be trimmed for .NET.
 */
public static String privateKeyToDotNetXml(PrivateKey privateKey) {
    try{
        StringBuilder sb = new StringBuilder();
        RSAPrivateCrtKey rsaPrivateKey = (RSAPrivateCrtKey)privateKey;
        sb.append("<RSAKeyValue>") ;
        sb.append("<Modulus>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getModulus().toByteArray())) + "</Modulus>");
        sb.append("<Exponent>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPublicExponent().toByteArray())) + "</Exponent>");
        sb.append("<P>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeP().toByteArray())) + "</P>");
        sb.append("<Q>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeQ().toByteArray())) + "</Q>");
        sb.append("<DP>" +Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeExponentP().toByteArray())) + "</DP>");
        sb.append("<DQ>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrimeExponentQ().toByteArray())) + "</DQ>");
        sb.append("<InverseQ>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getCrtCoefficient().toByteArray())) + "</InverseQ>");
        sb.append("<D>" + Base64Util.encode(removeLeadingZeros(rsaPrivateKey.getPrivateExponent().toByteArray())) + "</D>");
        sb.append("</RSAKeyValue>") ;
        return sb.toString();
    } catch(Exception e) {
        throw new IllegalArgumentException("Could not convert PrivateKey to Dot Net XML.", e);
    }   
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

private static void writePrivateKeyBlobHeader(ByteBuffer bb, long keyType, PrivateKey privateKey)
		throws IOException {
	// Write Key blob type - private key
	UnsignedUtil.putByte(bb, PRIVATE_KEY_BLOB);

	// Write Blob version
	UnsignedUtil.putByte(bb, CUR_BLOB_VERSION);

	// Write Reserved value
	UnsignedUtil.putShort(bb, BLOB_RESERVED);

	// Write Algorithm ID - differs depending on key type and key pair type
	if (keyType == PVK_KEY_SIGNATURE) {
		if (privateKey instanceof RSAPrivateCrtKey) {
			UnsignedUtil.putInt(bb, CALG_RSA_SIGN); // RSA signature
		} else {
			UnsignedUtil.putInt(bb, CALG_DSS_SIGN); // DSA signature
		}
	} else {
		UnsignedUtil.putInt(bb, CALG_RSA_KEYX); // Key exchange - RSA only
	}
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

/**
 * Converts RSA key pair to JSON web key.
 * 
 * @param keyPair
 *            RSA key pair
 * @return the JSON web key, converted from RSA key pair.
 */
public static JsonWebKey fromRSA(KeyPair keyPair) {

    RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) keyPair.getPrivate();
    JsonWebKey key = null;

    if (privateKey != null) {

        key = new JsonWebKey().withKty(JsonWebKeyType.RSA).withN(toByteArray(privateKey.getModulus()))
                .withE(toByteArray(privateKey.getPublicExponent()))
                .withD(toByteArray(privateKey.getPrivateExponent())).withP(toByteArray(privateKey.getPrimeP()))
                .withQ(toByteArray(privateKey.getPrimeQ())).withDp(toByteArray(privateKey.getPrimeExponentP()))
                .withDq(toByteArray(privateKey.getPrimeExponentQ()))
                .withQi(toByteArray(privateKey.getCrtCoefficient()));
    } else {

        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();

        key = new JsonWebKey().withKty(JsonWebKeyType.RSA).withN(toByteArray(publicKey.getModulus()))
                .withE(toByteArray(publicKey.getPublicExponent())).withD(null).withP(null).withQ(null).withDp(null)
                .withDq(null).withQi(null);
    }

    return key;
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

/**
 * Sets the private key for the keystore entry.
 */
void setPrivateKey(RSAPrivateCrtKey key)
    throws InvalidKeyException, KeyStoreException
{
    byte[] modulusBytes = key.getModulus().toByteArray();

    // Adjust key length due to sign bit
    int keyBitLength = (modulusBytes[0] == 0)
        ? (modulusBytes.length - 1) * 8
        : modulusBytes.length * 8;

    byte[] keyBlob = generatePrivateKeyBlob(
        keyBitLength,
        modulusBytes,
        key.getPublicExponent().toByteArray(),
        key.getPrivateExponent().toByteArray(),
        key.getPrimeP().toByteArray(),
        key.getPrimeQ().toByteArray(),
        key.getPrimeExponentP().toByteArray(),
        key.getPrimeExponentQ().toByteArray(),
        key.getCrtCoefficient().toByteArray());

    privateKey = storePrivateKey(Objects.requireNonNull(keyBlob),
        "{" + UUID.randomUUID().toString() + "}", keyBitLength);
}
 

public boolean equals(Object o)
{
    if (o == this)
    {
        return true;
    }

    if (!(o instanceof RSAPrivateCrtKey))
    {
        return false;
    }

    RSAPrivateCrtKey key = (RSAPrivateCrtKey)o;

    return this.getModulus().equals(key.getModulus())
     && this.getPublicExponent().equals(key.getPublicExponent())
     && this.getPrivateExponent().equals(key.getPrivateExponent())
     && this.getPrimeP().equals(key.getPrimeP())
     && this.getPrimeQ().equals(key.getPrimeQ())
     && this.getPrimeExponentP().equals(key.getPrimeExponentP())
     && this.getPrimeExponentQ().equals(key.getPrimeExponentQ())
     && this.getCrtCoefficient().equals(key.getCrtCoefficient());
}
 

private static void check(String encodedBlob) throws Exception {
    byte[] blob = new byte[encodedBlob.length() * 2];
    for (int i = 0; i < blob.length; ) {
        final char ch = encodedBlob.charAt(i / 2);
        blob[i++] = (byte) (ch >> 8);
        blob[i++] = (byte) ch;
    }
    KeyStore store = KeyStore.getInstance("PKCS12");
    store.load(new ByteArrayInputStream(blob), new char[0]);
    if (!store.aliases().nextElement().equals("test"))
        throw new Exception("test alias not found");
    KeyStore.PrivateKeyEntry e =
        (KeyStore.PrivateKeyEntry) store.getEntry("test",
                new KeyStore.PasswordProtection(new char[0]));
    X509Certificate cert = (X509Certificate) e.getCertificateChain()[0];
    if (!cert.getSubjectDN().toString().equals("CN=Test Key"))
        throw new Exception("invalid certificate subject DN");
    RSAPrivateCrtKey key = (RSAPrivateCrtKey) e.getPrivateKey();
    if (!key.getPublicExponent().equals(BigInteger.valueOf(65537)))
        throw new Exception("invalid public exponent");
}
 

/**
 * OpenSSL encode a private key and PEM the encoding.
 *
 * @return The PEM'd encoding
 * @param privateKey
 *            The private key
 * @throws CryptoException
 *             Problem encountered while getting the encoded private key
 */
public static String getPem(PrivateKey privateKey) throws CryptoException {
	byte[] openSsl = get(privateKey);

	String pemType = null;

	if (privateKey instanceof RSAPrivateCrtKey) {
		pemType = OPENSSL_RSA_PVK_PEM_TYPE;
	} else if (privateKey instanceof ECPrivateKey) {
		pemType = OPENSSL_EC_PVK_PEM_TYPE;
	} else {
		pemType = OPENSSL_DSA_PVK_PEM_TYPE;
	}

	PemInfo pemInfo = new PemInfo(pemType, null, openSsl);
	String openSslPem = PemUtil.encode(pemInfo);

	return openSslPem;
}
 

protected void fillPrivateTypeSpecificParams(Map<String,Object> params)
{
    RSAPrivateKey rsaPrivateKey = getRsaPrivateKey();
    
    if (rsaPrivateKey != null) 
    {
        putBigIntAsBase64UrlEncodedParam(params, PRIVATE_EXPONENT_MEMBER_NAME, rsaPrivateKey.getPrivateExponent());

     if (rsaPrivateKey instanceof RSAPrivateCrtKey)
     {
         RSAPrivateCrtKey crt = (RSAPrivateCrtKey) rsaPrivateKey;
         putBigIntAsBase64UrlEncodedParam(params, FIRST_PRIME_FACTOR_MEMBER_NAME, crt.getPrimeP());
         putBigIntAsBase64UrlEncodedParam(params, SECOND_PRIME_FACTOR_MEMBER_NAME, crt.getPrimeQ());
         putBigIntAsBase64UrlEncodedParam(params, FIRST_FACTOR_CRT_EXPONENT_MEMBER_NAME, crt.getPrimeExponentP());
         putBigIntAsBase64UrlEncodedParam(params, SECOND_FACTOR_CRT_EXPONENT_MEMBER_NAME, crt.getPrimeExponentQ());
         putBigIntAsBase64UrlEncodedParam(params, FIRST_CRT_COEFFICIENT_MEMBER_NAME, crt.getCrtCoefficient());
     }
    }
}
 

public static RsaPrivateKeyDef from(RSAPrivateKey key) {
  if (key instanceof RSAMultiPrimePrivateCrtKey) {
    return from((RSAMultiPrimePrivateCrtKey) key);
  } else if (key instanceof RSAPrivateCrtKey) {
    return from((RSAPrivateCrtKey) key);
  } else {
    return new RsaPrivateKeyDef(key.getModulus(), key.getPrivateExponent(), key);
  }
}
 

public static RSAKeyParameters generateRSAPrivateKeyParameter(RSAPrivateKey key) {
  Args.notNull(key, "key");
  if (key instanceof RSAPrivateCrtKey) {
    RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;

    return new RSAPrivateCrtKeyParameters(rsaKey.getModulus(), rsaKey.getPublicExponent(),
        rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(),
        rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
  } else {
    return new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent());
  }
}