java.security.spec.RSAPrivateCrtKeySpec Java Examples

The following examples show how to use java.security.spec.RSAPrivateCrtKeySpec. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PEMFile.java    From Tomcat8-Source-Read with MIT License 7 votes vote down vote up
private RSAPrivateCrtKeySpec parsePKCS1(byte[] source) {
    Asn1Parser p = new Asn1Parser(source);

    // https://en.wikipedia.org/wiki/X.690#BER_encoding
    // https://tools.ietf.org/html/rfc8017#page-55

    // Type
    p.parseTag(0x30);
    // Length
    p.parseFullLength();

    BigInteger version = p.parseInt();
    if (version.intValue() == 1) {
        // JRE doesn't provide a suitable constructor for multi-prime
        // keys
        throw new IllegalArgumentException(sm.getString("pemFile.noMultiPrimes"));
    }
    return new RSAPrivateCrtKeySpec(p.parseInt(), p.parseInt(), p.parseInt(), p.parseInt(),
            p.parseInt(), p.parseInt(), p.parseInt(), p.parseInt());
}
 
Example #2
Source File: CipherHelper.java    From flow-platform-x with Apache License 2.0 7 votes vote down vote up
private static PrivateKey toPrivateKey(String key)
        throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
    byte[] bytes = Base64.getDecoder().decode(content);

    DerInputStream derReader = new DerInputStream(bytes);
    DerValue[] seq = derReader.getSequence(0);

    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();

    RSAPrivateCrtKeySpec keySpec =
            new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);

    return keyFactory.generatePrivate(keySpec);
}
 
Example #3
Source File: SslClientCertificateImplTest.java    From hivemq-community-edition with Apache License 2.0 7 votes vote down vote up
private KeyPair createKeyPair() throws InvalidKeySpecException, NoSuchAlgorithmException {

        final RSAKeyPairGenerator gen = new RSAKeyPairGenerator();

        gen.init(new RSAKeyGenerationParameters(BigInteger.valueOf(3), new SecureRandom(), 1024, 80));
        final AsymmetricCipherKeyPair keypair = gen.generateKeyPair();

        final RSAKeyParameters publicKey = (RSAKeyParameters) keypair.getPublic();
        final RSAPrivateCrtKeyParameters privateKey = (RSAPrivateCrtKeyParameters) keypair.getPrivate();

        final PublicKey pubKey = KeyFactory.getInstance("RSA").generatePublic(
                new RSAPublicKeySpec(publicKey.getModulus(), publicKey.getExponent()));

        final PrivateKey privKey = KeyFactory.getInstance("RSA").generatePrivate(
                new RSAPrivateCrtKeySpec(publicKey.getModulus(), publicKey.getExponent(),
                        privateKey.getExponent(), privateKey.getP(), privateKey.getQ(),
                        privateKey.getDP(), privateKey.getDQ(), privateKey.getQInv()));

        return new KeyPair(pubKey, privKey);
    }
 
Example #4
Source File: FileBasedKeyResolver.java    From cellery-security with Apache License 2.0 6 votes vote down vote up
private void readPrivateKeyPKCS1PEM(String privateKeyPath) throws IOException, NoSuchAlgorithmException,
        InvalidKeySpecException {

    String content = new String(
            Files.readAllBytes(Paths.get(privateKeyPath)), Charset.forName("UTF-8"));
    content = content.replaceAll("\\n", "").replace(START_RSA_PRIVATE_KEY, "")
            .replace(END_RSA_PRIVATE_KEY, "");
    byte[] bytes = Base64.getDecoder().decode(content);

    DerInputStream derReader = new DerInputStream(bytes);
    DerValue[] seq = derReader.getSequence(0);
    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();

    RSAPrivateCrtKeySpec keySpec =
            new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    privateKey = keyFactory.generatePrivate(keySpec);
}
 
Example #5
Source File: Ssh2RsaPrivateCrtKey.java    From j2ssh-maverick with GNU Lesser General Public License v3.0 6 votes vote down vote up
public Ssh2RsaPrivateCrtKey(BigInteger modulus, BigInteger publicExponent,
		BigInteger privateExponent, BigInteger primeP, BigInteger primeQ,
		BigInteger primeExponentP, BigInteger primeExponentQ,
		BigInteger crtCoefficient) throws NoSuchAlgorithmException,
		InvalidKeySpecException {

	KeyFactory keyFactory = JCEProvider
			.getProviderForAlgorithm(JCEAlgorithms.JCE_RSA) == null ? KeyFactory
			.getInstance(JCEAlgorithms.JCE_RSA) : KeyFactory.getInstance(
			JCEAlgorithms.JCE_RSA,
			JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_RSA));
	RSAPrivateCrtKeySpec spec = new RSAPrivateCrtKeySpec(modulus,
			publicExponent, privateExponent, primeP, primeQ,
			primeExponentP, primeExponentQ, crtCoefficient);
	prv = (RSAPrivateCrtKey) keyFactory.generatePrivate(spec);
}
 
Example #6
Source File: SoftKeymasterBlob.java    From keystore-decryptor with Apache License 2.0 6 votes vote down vote up
private static RSAPrivateKey toJcaPrivateKey(
        org.bouncycastle.asn1.pkcs.RSAPrivateKey rsaPrivateKey)
        throws GeneralSecurityException {
    RSAPrivateCrtKeySpec spec = new RSAPrivateCrtKeySpec(rsaPrivateKey.getModulus(),
                                                         rsaPrivateKey.getPublicExponent(),
                                                         rsaPrivateKey.getPrivateExponent(),
                                                         rsaPrivateKey.getPrime1(),
                                                         rsaPrivateKey.getPrime2(),
                                                         rsaPrivateKey.getExponent1(),
                                                         rsaPrivateKey.getExponent2(),
                                                         rsaPrivateKey.getCoefficient());
    KeyFactory kf = KeyFactory.getInstance("RSA", "BC");
    RSAPrivateKey privateKey = (RSAPrivateKey) kf.generatePrivate(spec);

    return privateKey;
}
 
Example #7
Source File: KeyOperationsTest.java    From azure-keyvault-java with MIT License 6 votes vote down vote up
private static KeyPair getWellKnownKey() throws Exception {
    BigInteger modulus = new BigInteger("27266783713040163753473734334021230592631652450892850648620119914958066181400432364213298181846462385257448168605902438305568194683691563208578540343969522651422088760509452879461613852042845039552547834002168737350264189810815735922734447830725099163869215360401162450008673869707774119785881115044406101346450911054819448375712432746968301739007624952483347278954755460152795801894283389540036131881712321193750961817346255102052653789197325341350920441746054233522546543768770643593655942246891652634114922277138937273034902434321431672058220631825053788262810480543541597284376261438324665363067125951152574540779");
    BigInteger publicExponent = new BigInteger("65537");
    BigInteger privateExponent = new BigInteger("10466613941269075477152428927796086150095892102279802916937552172064636326433780566497000814207416485739683286961848843255766652023400959086290344987308562817062506476465756840999981989957456897020361717197805192876094362315496459535960304928171129585813477132331538577519084006595335055487028872410579127692209642938724850603554885478763205394868103298473476811627231543504190652483290944218004086457805431824328448422034887148115990501701345535825110962804471270499590234116100216841170344686381902328362376624405803648588830575558058257742073963036264273582756620469659464278207233345784355220317478103481872995809");
    BigInteger primeP = new BigInteger("175002941104568842715096339107566771592009112128184231961529953978142750732317724951747797764638217287618769007295505214923187971350518217670604044004381362495186864051394404165602744235299100790551775147322153206730562450301874236875459336154569893255570576967036237661594595803204808064127845257496057219227");
    BigInteger primeQ = new BigInteger("155807574095269324897144428622185380283967159190626345335083690114147315509962698765044950001909553861571493035240542031420213144237033208612132704562174772894369053916729901982420535940939821673277140180113593951522522222348910536202664252481405241042414183668723338300649954708432681241621374644926879028977");
    BigInteger primeExponentP = new BigInteger("79745606804504995938838168837578376593737280079895233277372027184693457251170125851946171360348440134236338520742068873132216695552312068793428432338173016914968041076503997528137698610601222912385953171485249299873377130717231063522112968474603281996190849604705284061306758152904594168593526874435238915345");
    BigInteger primeExponentQ = new BigInteger("80619964983821018303966686284189517841976445905569830731617605558094658227540855971763115484608005874540349730961777634427740786642996065386667564038755340092176159839025706183161615488856833433976243963682074011475658804676349317075370362785860401437192843468423594688700132964854367053490737073471709030801");
    BigInteger crtCoefficient = new BigInteger("2157818511040667226980891229484210846757728661751992467240662009652654684725325675037512595031058612950802328971801913498711880111052682274056041470625863586779333188842602381844572406517251106159327934511268610438516820278066686225397795046020275055545005189953702783748235257613991379770525910232674719428");

    KeySpec publicKeySpec = new RSAPublicKeySpec(modulus, publicExponent);
    KeySpec privateKeySpec = new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient);
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    return new KeyPair(keyFactory.generatePublic(publicKeySpec), keyFactory.generatePrivate(privateKeySpec));
}
 
Example #8
Source File: DKIMSign.java    From james-project with Apache License 2.0 6 votes vote down vote up
private PrivateKey extractPrivateKey(InputStream rawKey, char[] passphrase) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    try (InputStreamReader pemReader = new InputStreamReader(rawKey)) {
        try (PEMParser pemParser = new PEMParser(pemReader)) {
            Object pemObject = pemParser.readObject();
            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
            KeyPair keyPair;
            if (pemObject instanceof PrivateKeyInfo) {
                return converter.getPrivateKey((PrivateKeyInfo)pemObject);
            }
            if (pemObject instanceof PEMEncryptedKeyPair) {
                PEMEncryptedKeyPair pemEncryptedKeyPair = (PEMEncryptedKeyPair) pemObject;
                PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passphrase);
                keyPair = converter.getKeyPair(pemEncryptedKeyPair.decryptKeyPair(decProv));
            } else {
                keyPair = converter.getKeyPair((PEMKeyPair) pemObject);
            }

            KeyFactory keyFac = KeyFactory.getInstance("RSA");
            RSAPrivateCrtKeySpec privateKeySpec = keyFac.getKeySpec(keyPair.getPrivate(), RSAPrivateCrtKeySpec.class);

            return keyFac.generatePrivate(privateKeySpec);
        }
    }
}
 
Example #9
Source File: SSLUtils.java    From java with Apache License 2.0 6 votes vote down vote up
public static RSAPrivateCrtKeySpec decodePKCS1(byte[] keyBytes) throws IOException {
  DerParser parser = new DerParser(keyBytes);
  Asn1Object sequence = parser.read();
  sequence.validateSequence();
  parser = new DerParser(sequence.getValue());
  parser.read();

  return new RSAPrivateCrtKeySpec(
      next(parser),
      next(parser),
      next(parser),
      next(parser),
      next(parser),
      next(parser),
      next(parser),
      next(parser));
}
 
Example #10
Source File: SharedVaultResponseMapper.java    From vault-crd with Apache License 2.0 6 votes vote down vote up
private PrivateKey getPrivateKey(String pem) throws GeneralSecurityException, IOException {
    String pemContent = pem.replaceAll("\\n", "").replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", "");
    DerInputStream derReader = new DerInputStream(Base64.getDecoder().decode(pemContent));

    DerValue[] seq = derReader.getSequence(0);

    if (seq.length < 9) {
        throw new GeneralSecurityException("Could not parse a PKCS1 private key.");
    }

    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();

    RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);

    KeyFactory factory = KeyFactory.getInstance("RSA");

    return factory.generatePrivate(keySpec);
}
 
Example #11
Source File: CertUtils.java    From mockwebserver with Apache License 2.0 6 votes vote down vote up
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
    CertificateFactory certFactory = CertificateFactory.getInstance("X509");
    X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream);

    byte[] keyBytes = decodePem(keyInputStream);

    PrivateKey privateKey;

    KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo);
    try {
        // First let's try PKCS8
        privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
    } catch (InvalidKeySpecException e) {
        // Otherwise try PKCS8
        RSAPrivateCrtKeySpec keySpec = PKCS1Util.decodePKCS1(keyBytes);
        privateKey = keyFactory.generatePrivate(keySpec);
    }

    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(null, clientKeyPassphrase);

    String alias = cert.getSubjectX500Principal().getName();
    keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[]{cert});

    return keyStore;
}
 
Example #12
Source File: CipherHelper.java    From flow-platform-x with Apache License 2.0 6 votes vote down vote up
private static PrivateKey toPrivateKey(String key)
    throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
    byte[] bytes = Base64.getDecoder().decode(content);

    DerInputStream derReader = new DerInputStream(bytes);
    DerValue[] seq = derReader.getSequence(0);

    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();

    RSAPrivateCrtKeySpec keySpec =
        new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);

    return keyFactory.generatePrivate(keySpec);
}
 
Example #13
Source File: PemUtil.java    From openemm with GNU Affero General Public License v3.0 6 votes vote down vote up
public static final PrivateKey readRSAPrivateKeyFromDerEncodedBinaryData(final byte[] keyData) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
	try(final ByteArrayInputStream bais = new ByteArrayInputStream(keyData)) {
		try(final DerInputStream dis = new DerInputStream(bais)) {
			dis.read();										// Skip header of DER structure
			dis.readLength();								// Skip size of DER structure
			
			/*final BigInteger version = */dis.readInteger();	// Skip version indicator
			
			final BigInteger modulus = dis.readInteger();
			final BigInteger publicExponent = dis.readInteger();
			final BigInteger privateExponent = dis.readInteger();
			final BigInteger prime1 = dis.readInteger();
			final BigInteger prime2 = dis.readInteger();
			final BigInteger exponent1 = dis.readInteger();
			final BigInteger exponent2 = dis.readInteger();
			final BigInteger coefficient = dis.readInteger();

			final KeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, prime1, prime2, exponent1, exponent2, coefficient);
					final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
					final PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
					
			return privateKey;
		}
	}
}
 
Example #14
Source File: PKCS1EncodedKeySpec.java    From sakai with Educational Community License v2.0 5 votes vote down vote up
/**
 * Decode PKCS#1 encoded private key into RSAPrivateCrtKeySpec.
 * 
 * <p/>The ASN.1 syntax for the private key with CRT is
 * 
 * <pre>
 * -- 
 * -- Representation of RSA private key with information for the CRT algorithm.
 * --
 * RSAPrivateKey ::= SEQUENCE {
 *   version           Version, 
 *   modulus           INTEGER,  -- n
 *   publicExponent    INTEGER,  -- e
 *   privateExponent   INTEGER,  -- d
 *   prime1            INTEGER,  -- p
 *   prime2            INTEGER,  -- q
 *   exponent1         INTEGER,  -- d mod (p-1)
 *   exponent2         INTEGER,  -- d mod (q-1) 
 *   coefficient       INTEGER,  -- (inverse of q) mod p
 *   otherPrimeInfos   OtherPrimeInfos OPTIONAL 
 * }
 * </pre>
 * 
 * @param keyBytes PKCS#1 encoded key
 * @throws IOException
 */

private void decode(byte[] keyBytes) throws IOException  {

    DerParser parser = new DerParser(keyBytes);

    Asn1Object sequence = parser.read();
    if (sequence.getType() != DerParser.SEQUENCE)
        throw new IOException("Invalid DER: not a sequence"); //$NON-NLS-1$

    // Parse inside the sequence
    parser = sequence.getParser();

    parser.read(); // Skip version
    BigInteger modulus = parser.read().getInteger();
    BigInteger publicExp = parser.read().getInteger();
    BigInteger privateExp = parser.read().getInteger();
    BigInteger prime1 = parser.read().getInteger();
    BigInteger prime2 = parser.read().getInteger();
    BigInteger exp1 = parser.read().getInteger();
    BigInteger exp2 = parser.read().getInteger();
    BigInteger crtCoef = parser.read().getInteger();

    keySpec = new RSAPrivateCrtKeySpec(
            modulus, publicExp, privateExp, prime1, prime2,
            exp1, exp2, crtCoef);
}
 
Example #15
Source File: BCRSAPrivateCrtKey.java    From RipplePower with Apache License 2.0 5 votes vote down vote up
/**
 * construct a private key from an RSAPrivateCrtKeySpec
 *
 * @param spec the spec to be used in construction.
 */
BCRSAPrivateCrtKey(
    RSAPrivateCrtKeySpec spec)
{
    this.modulus = spec.getModulus();
    this.publicExponent = spec.getPublicExponent();
    this.privateExponent = spec.getPrivateExponent();
    this.primeP = spec.getPrimeP();
    this.primeQ = spec.getPrimeQ();
    this.primeExponentP = spec.getPrimeExponentP();
    this.primeExponentQ = spec.getPrimeExponentQ();
    this.crtCoefficient = spec.getCrtCoefficient();
}
 
Example #16
Source File: RSAPrivateCrtKeySpecTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up
/**
 * Test for <code>getPrivateExponent()</code> method<br>
 * Assertion: returns private exponent
 */
public final void testGetPrivateExponent() {
    RSAPrivateCrtKeySpec ks = new RSAPrivateCrtKeySpec(
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.valueOf(5L),
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE);
    assertTrue(BigInteger.valueOf(5L).equals(ks.getPrivateExponent()));
}
 
Example #17
Source File: RSAPrivateCrtKeySpecTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up
/**
 * Test for <code>getModulus()</code> method<br>
 * Assertion: returns modulus
 */
public final void testGetModulus() {
    RSAPrivateCrtKeySpec ks = new RSAPrivateCrtKeySpec(
            BigInteger.valueOf(5L),
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE);
    assertTrue(BigInteger.valueOf(5L).equals(ks.getModulus()));
}
 
Example #18
Source File: RSAPrivateCrtKeySpecTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up
/**
 * Test for <code>getPublicExponent()</code> method<br>
 * Assertion: returns public exponent
 */
public final void testGetPublicExponent() {
    RSAPrivateCrtKeySpec ks = new RSAPrivateCrtKeySpec(
            BigInteger.ONE,
            BigInteger.valueOf(5L),
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE,
            BigInteger.ONE);
    assertTrue(BigInteger.valueOf(5L).equals(ks.getPublicExponent()));
}
 
Example #19
Source File: JCERSAPrivateCrtKey.java    From RipplePower with Apache License 2.0 5 votes vote down vote up
/**
 * construct a private key from an RSAPrivateCrtKeySpec
 *
 * @param spec the spec to be used in construction.
 */
JCERSAPrivateCrtKey(
    RSAPrivateCrtKeySpec spec)
{
    this.modulus = spec.getModulus();
    this.publicExponent = spec.getPublicExponent();
    this.privateExponent = spec.getPrivateExponent();
    this.primeP = spec.getPrimeP();
    this.primeQ = spec.getPrimeQ();
    this.primeExponentP = spec.getPrimeExponentP();
    this.primeExponentQ = spec.getPrimeExponentQ();
    this.crtCoefficient = spec.getCrtCoefficient();
}
 
Example #20
Source File: PEMDecoder.java    From fusionauth-jwt with Apache License 2.0 5 votes vote down vote up
private PEM decode_PKCS_1_Private(String encodedKey) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
  byte[] bytes = getKeyBytes(encodedKey, PKCS_1_PRIVATE_KEY_PREFIX, PKCS_1_PRIVATE_KEY_SUFFIX);
  DerValue[] sequence = new DerInputStream(bytes).getSequence();

  // DER Encoded PKCS#1 structure
  // https://tools.ietf.org/html/rfc3447#appendix-A.1
  // ------------------------------------------------------
  // RSAPrivateKey ::= SEQUENCE {
  //   version           Version,
  //   modulus           INTEGER,  -- n
  //   publicExponent    INTEGER,  -- e
  //   privateExponent   INTEGER,  -- d
  //   prime1            INTEGER,  -- p
  //   prime2            INTEGER,  -- q
  //   exponent1         INTEGER,  -- d mod (p-1)
  //   exponent2         INTEGER,  -- d mod (q-1)
  //   coefficient       INTEGER,  -- (inverse of q) mod p
  //   otherPrimeInfos   OtherPrimeInfos OPTIONAL
  // }

  if (sequence.length < 9) {
    throw new PEMDecoderException(
        new InvalidKeyException("Could not build a PKCS#1 private key. Expected at least 9 values in the DER encoded sequence."));
  }

  // Ignoring the version value in the sequence
  BigInteger n = sequence[1].getBigInteger();
  BigInteger e = sequence[2].getBigInteger();
  BigInteger d = sequence[3].getBigInteger();
  BigInteger p = sequence[4].getBigInteger();
  BigInteger q = sequence[5].getBigInteger();
  BigInteger d_mod_p1 = sequence[6].getBigInteger();
  BigInteger d_mod_q1 = sequence[7].getBigInteger();
  BigInteger mod_p = sequence[8].getBigInteger();

  PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(n, e, d, p, q, d_mod_p1, d_mod_q1, mod_p));
  PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(n, e));

  return new PEM(privateKey, publicKey);
}
 
Example #21
Source File: CertUtils.java    From kubernetes-client with Apache License 2.0 5 votes vote down vote up
private static PrivateKey handleOtherKeys(InputStream keyInputStream, String clientKeyAlgo) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
  byte[] keyBytes = decodePem(keyInputStream);
  KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo);
  try {
    // First let's try PKCS8
    return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
  } catch (InvalidKeySpecException e) {
    // Otherwise try PKCS8
    RSAPrivateCrtKeySpec keySpec = PKCS1Util.decodePKCS1(keyBytes);
    return keyFactory.generatePrivate(keySpec);
  }
}
 
Example #22
Source File: CryptoUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
                                             byte[] publicExponentBytes,
                                             byte[] privateExponentBytes,
                                             byte[] primePBytes,
                                             byte[] primeQBytes,
                                             byte[] primeExpPBytes,
                                             byte[] primeExpQBytes,
                                             byte[] crtCoefficientBytes) {
//CHECKSTYLE:ON
    BigInteger modulus = toBigInteger(modulusBytes);
    BigInteger publicExponent = toBigInteger(publicExponentBytes);
    BigInteger privateExponent = toBigInteger(privateExponentBytes);
    BigInteger primeP = toBigInteger(primePBytes);
    BigInteger primeQ = toBigInteger(primeQBytes);
    BigInteger primeExpP = toBigInteger(primeExpPBytes);
    BigInteger primeExpQ = toBigInteger(primeExpQBytes);
    BigInteger crtCoefficient = toBigInteger(crtCoefficientBytes);
    try {
        KeyFactory factory = KeyFactory.getInstance("RSA");
        return (RSAPrivateKey)factory.generatePrivate(
            new RSAPrivateCrtKeySpec(modulus,
                                     publicExponent,
                                     privateExponent,
                                     primeP,
                                     primeQ,
                                     primeExpP,
                                     primeExpQ,
                                     crtCoefficient));
    } catch (Exception ex) {
        throw new SecurityException(ex);
    }
}
 
Example #23
Source File: PKCS1Util.java    From kubernetes-client with Apache License 2.0 5 votes vote down vote up
public static RSAPrivateCrtKeySpec decodePKCS1(byte[] keyBytes) throws IOException {
  DerParser parser = new DerParser(keyBytes);
  Asn1Object sequence = parser.read();
  sequence.validateSequence();
  parser = new DerParser(sequence.getValue());
  parser.read();

  return new RSAPrivateCrtKeySpec(next(parser), next(parser),
    next(parser), next(parser),
    next(parser), next(parser),
    next(parser), next(parser));
}
 
Example #24
Source File: CertificateStreamProvider.java    From jgroups-kubernetes with Apache License 2.0 5 votes vote down vote up
private static KeyManager[] configureClientCert(String clientCertFile, String clientKeyFile, char[] clientKeyPassword, String clientKeyAlgo) throws Exception {
    try {
        InputStream certInputStream = openFile(clientCertFile);
        CertificateFactory certFactory = CertificateFactory.getInstance("X509");
        X509Certificate cert = (X509Certificate)certFactory.generateCertificate(certInputStream);

        InputStream keyInputStream = openFile(clientKeyFile);
        PEMReader reader = new PEMReader(keyInputStream);
        RSAPrivateCrtKeySpec keySpec = new PKCS1EncodedKeySpec(reader.getDerBytes()).getKeySpec();
        KeyFactory kf = KeyFactory.getInstance(clientKeyAlgo);
        RSAPrivateKey privKey = (RSAPrivateKey)kf.generatePrivate(keySpec);

        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);

        String alias = cert.getSubjectX500Principal().getName();
        keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new Certificate[]{cert});

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, clientKeyPassword);

        return keyManagerFactory.getKeyManagers();
    } catch (Exception e) {
        log.log(Level.SEVERE, "Could not create key manager for " + clientCertFile + " (" + clientKeyFile + ")", e);
        throw e;
    }
}
 
Example #25
Source File: PKCS1EncodedKeySpec.java    From jgroups-kubernetes with Apache License 2.0 5 votes vote down vote up
/**
 * Decode PKCS#1 encoded private key into RSAPrivateCrtKeySpec.
 * 
 * <p/>The ASN.1 syntax for the private key with CRT is
 * 
 * <pre>
 * -- 
 * -- Representation of RSA private key with information for the CRT algorithm.
 * --
 * RSAPrivateKey ::= SEQUENCE {
 *   version           Version, 
 *   modulus           INTEGER,  -- n
 *   publicExponent    INTEGER,  -- e
 *   privateExponent   INTEGER,  -- d
 *   prime1            INTEGER,  -- p
 *   prime2            INTEGER,  -- q
 *   exponent1         INTEGER,  -- d mod (p-1)
 *   exponent2         INTEGER,  -- d mod (q-1) 
 *   coefficient       INTEGER,  -- (inverse of q) mod p
 *   otherPrimeInfos   OtherPrimeInfos OPTIONAL 
 * }
 * </pre>
 * 
 * @param keyBytes PKCS#1 encoded key
 * @throws IOException
 */

private void decode(byte[] keyBytes) throws IOException  {

    DerParser parser = new DerParser(keyBytes);

    Asn1Object sequence = parser.read();
    if (sequence.getType() != DerParser.SEQUENCE)
        throw new IOException("Invalid DER: not a sequence"); //$NON-NLS-1$

    // Parse inside the sequence
    parser = sequence.getParser();

    parser.read(); // Skip version
    BigInteger modulus = parser.read().getInteger();
    BigInteger publicExp = parser.read().getInteger();
    BigInteger privateExp = parser.read().getInteger();
    BigInteger prime1 = parser.read().getInteger();
    BigInteger prime2 = parser.read().getInteger();
    BigInteger exp1 = parser.read().getInteger();
    BigInteger exp2 = parser.read().getInteger();
    BigInteger crtCoef = parser.read().getInteger();

    keySpec = new RSAPrivateCrtKeySpec(
            modulus, publicExp, privateExp, prime1, prime2,
            exp1, exp2, crtCoef);
}
 
Example #26
Source File: PKCS1EncodedKeySpec.java    From sakai with Educational Community License v2.0 5 votes vote down vote up
/**
 * Decode PKCS#1 encoded private key into RSAPrivateCrtKeySpec.
 * 
 * <p/>The ASN.1 syntax for the private key with CRT is
 * 
 * <pre>
 * -- 
 * -- Representation of RSA private key with information for the CRT algorithm.
 * --
 * RSAPrivateKey ::= SEQUENCE {
 *   version           Version, 
 *   modulus           INTEGER,  -- n
 *   publicExponent    INTEGER,  -- e
 *   privateExponent   INTEGER,  -- d
 *   prime1            INTEGER,  -- p
 *   prime2            INTEGER,  -- q
 *   exponent1         INTEGER,  -- d mod (p-1)
 *   exponent2         INTEGER,  -- d mod (q-1) 
 *   coefficient       INTEGER,  -- (inverse of q) mod p
 *   otherPrimeInfos   OtherPrimeInfos OPTIONAL 
 * }
 * </pre>
 * 
 * @param keyBytes PKCS#1 encoded key
 * @throws IOException
 */

private void decode(byte[] keyBytes) throws IOException  {

    DerParser parser = new DerParser(keyBytes);

    Asn1Object sequence = parser.read();
    if (sequence.getType() != DerParser.SEQUENCE)
        throw new IOException("Invalid DER: not a sequence"); //$NON-NLS-1$

    // Parse inside the sequence
    parser = sequence.getParser();

    parser.read(); // Skip version
    BigInteger modulus = parser.read().getInteger();
    BigInteger publicExp = parser.read().getInteger();
    BigInteger privateExp = parser.read().getInteger();
    BigInteger prime1 = parser.read().getInteger();
    BigInteger prime2 = parser.read().getInteger();
    BigInteger exp1 = parser.read().getInteger();
    BigInteger exp2 = parser.read().getInteger();
    BigInteger crtCoef = parser.read().getInteger();

    keySpec = new RSAPrivateCrtKeySpec(
            modulus, publicExp, privateExp, prime1, prime2,
            exp1, exp2, crtCoef);
}
 
Example #27
Source File: RsaKeyUtil.java    From Jose4j with Apache License 2.0 5 votes vote down vote up
public RSAPrivateKey privateKey(BigInteger modulus, BigInteger publicExponent, BigInteger privateExponent, BigInteger primeP,
                                BigInteger primeQ, BigInteger primeExponentP, BigInteger primeExponentQ,
                                BigInteger crtCoefficient) throws JoseException
{
    RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus,
            publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient);
    return getRsaPrivateKey(keySpec);
}
 
Example #28
Source File: CertificateStreamProvider.java    From openshift-ping with Apache License 2.0 5 votes vote down vote up
private KeyManager[] configureClientCert(String clientCertFile, String clientKeyFile, char[] clientKeyPassword, String clientKeyAlgo) throws Exception {
    try {
        InputStream certInputStream = openFile(clientCertFile);
        CertificateFactory certFactory = CertificateFactory.getInstance("X509");
        X509Certificate cert = (X509Certificate)certFactory.generateCertificate(certInputStream);

        InputStream keyInputStream = openFile(clientKeyFile);
        PEMReader reader = new PEMReader(keyInputStream);
        RSAPrivateCrtKeySpec keySpec = new PKCS1EncodedKeySpec(reader.getDerBytes()).getKeySpec();
        KeyFactory kf = KeyFactory.getInstance(clientKeyAlgo);
        RSAPrivateKey privKey = (RSAPrivateKey)kf.generatePrivate(keySpec);

        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);

        String alias = cert.getSubjectX500Principal().getName();
        keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new Certificate[]{cert});

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, clientKeyPassword);

        return keyManagerFactory.getKeyManagers();
    } catch (Exception e) {
        log.log(Level.SEVERE, "Could not create key manager for " + clientCertFile + " (" + clientKeyFile + ")", e);
        throw e;
    }
}
 
Example #29
Source File: BCRSAPrivateCrtKey.java    From ripple-lib-java with ISC License 5 votes vote down vote up
/**
 * construct a private key from an RSAPrivateCrtKeySpec
 *
 * @param spec the spec to be used in construction.
 */
BCRSAPrivateCrtKey(
    RSAPrivateCrtKeySpec spec)
{
    this.modulus = spec.getModulus();
    this.publicExponent = spec.getPublicExponent();
    this.privateExponent = spec.getPrivateExponent();
    this.primeP = spec.getPrimeP();
    this.primeQ = spec.getPrimeQ();
    this.primeExponentP = spec.getPrimeExponentP();
    this.primeExponentQ = spec.getPrimeExponentQ();
    this.crtCoefficient = spec.getCrtCoefficient();
}
 
Example #30
Source File: KeyFactorySpi.java    From ripple-lib-java with ISC License 5 votes vote down vote up
protected PrivateKey engineGeneratePrivate(
    KeySpec keySpec)
    throws InvalidKeySpecException
{
    if (keySpec instanceof PKCS8EncodedKeySpec)
    {
        try
        {
            return generatePrivate(PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded()));
        }
        catch (Exception e)
        {
            //
            // in case it's just a RSAPrivateKey object... -- openSSL produces these
            //
            try
            {
                return new BCRSAPrivateCrtKey(
                    RSAPrivateKey.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded()));
            }
            catch (Exception ex)
            {
                throw new ExtendedInvalidKeySpecException("unable to process key spec: " + e.toString(), e);
            }
        }
    }
    else if (keySpec instanceof RSAPrivateCrtKeySpec)
    {
        return new BCRSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec);
    }
    else if (keySpec instanceof RSAPrivateKeySpec)
    {
        return new BCRSAPrivateKey((RSAPrivateKeySpec)keySpec);
    }

    throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
}