/**
* Created primary key using openssl.
*
* <p>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj
* '/C=GB/ST=/L=Manchester/CN=www.example.com' -keyout myrsakey.pem -out /tmp/myrsacert.pem
* openssl pkcs8 -in myrsakey.pem -topk8 -nocrypt -out myrsakey.pk8
*/
private static PrivateKey getPrivateKey() {
String str =
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMPQ5BCMxlUq2TYy\n"
+ "iRIoEUsz6HGTJhHuasS2nx1Se4Co3lxwxyubVdFj8AuhHNJSmJvjlpbTsGOjLZpr\n"
+ "HyDEDdJmf1Fensh1MhUnBZ4a7uLrZrKzFHHJdamX9pxapB89vLeHlCot9hVXdrZH\n"
+ "nNtg6FdmRKH/8gbs8iDyIayFvzYDAgMBAAECgYA+c9MpTBy9cQsR9BAvkEPjvkx2\n"
+ "XL4ZnfbDgpNA4Nuu7yzsQrPjPomiXMNkkiAFHH67yVxwAlgRjyuuQlgNNTpKvyQt\n"
+ "XcHxffnU0820VmE23M+L7jg2TlB3+rUnEDmDvCoyjlwGDR6lNb7t7Fgg2iR+iaov\n"
+ "0iVzz+l9w0slRlyGsQJBAPWXW2m3NmFgqfDxtw8fsKC2y8o17/cnPjozRGtWb8LQ\n"
+ "g3VCb8kbOFHOYNGazq3M7+wD1qILF2h/HecgK9eQrZ0CQQDMHXoJMfKKbrFrTKgE\n"
+ "zyggO1gtuT5OXYeFewMEb5AbDI2FfSc2YP7SHij8iQ2HdukBrbTmi6qxh3HmIR58\n"
+ "I/AfAkEA0Y9vr0tombsUB8cZv0v5OYoBZvCTbMANtzfb4AOHpiKqqbohDOevLQ7/\n"
+ "SpvgVCmVaDz2PptcRAyEBZ5MCssneQJAB2pmvaDH7Ambfod5bztLfOhLCtY5EkXJ\n"
+ "n6rZcDbRaHorRhdG7m3VtDKOUKZ2DF7glkQGV33phKukErVPUzlHBwJAScD9TqaG\n"
+ "wJ3juUsVtujV23SnH43iMggXT7m82STpPGam1hPfmqu2Z0niePFo927ogQ7H1EMJ\n"
+ "UHgqXmuvk2X/Ww==";
try {
KeyFactory fac = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec privKeySpec =
new PKCS8EncodedKeySpec(DatatypeConverter.parseBase64Binary(str));
return fac.generatePrivate(privKeySpec);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public void setPrvKey(byte[] x, byte[] p, byte[] q, byte[] g) throws Exception {
DSAPrivateKeySpec dsaPrivKeySpec =
new DSAPrivateKeySpec(
new BigInteger(x), new BigInteger(p), new BigInteger(q), new BigInteger(g));
PrivateKey prvKey = keyFactory.generatePrivate(dsaPrivKeySpec);
signature.initSign(prvKey);
}
/**
* Converts a PEM-encoded PKCS#8 private key into an RSAPrivateKey instance useable with JCE
*
* @param privateKey private key in PKCS#8 format and PEM-encoded
* @return RSAPrivateKey instance containing the key
*/
private static RSAPrivateKey rsaPrivateKeyDecode(final String privateKey) {
try {
final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
final KeySpec ks = new PKCS8EncodedKeySpec(Base64.decodePadded(privateKey));
return (RSAPrivateKey) keyFactory.generatePrivate(ks);
} catch (final Exception e) {
throw new RuntimeException("Failed to decode built-in private key", e);
}
}
public static VotifierKeyPair read(JsonObject source) throws Exception {
byte[] publicKeyEnc = Base64.getDecoder().decode(source.get("public_key").getAsString());
byte[] privateKeyEnc = Base64.getDecoder().decode(source.get("private_key").getAsString());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(publicKeyEnc));
PrivateKey privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKeyEnc));
return new VotifierKeyPair(new KeyPair(publicKey, privateKey));
}
private PrivateKey getPrivateKey(BigInteger privExp, BigInteger modulus)
throws InvalidKeySpecException {
RSAPrivateKeySpec privSpec = new RSAPrivateKeySpec(modulus, privExp);
KeyFactory keyFactory = null;
try {
keyFactory = KeyFactory.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return keyFactory.generatePrivate(privSpec);
}
/**
* Convert a byte array to an EC private key by decoding the D number parameter.
*
* @param keyBytes Bytes to be converted to the EC private key.
* @return An instance of EC private key decoded from the input bytes.
* @throws InvalidKeySpecException The provided key bytes are not a valid EC private key.
*/
@Override
public PrivateKey convertBytesToPrivateKey(byte[] keyBytes) throws InvalidKeySpecException {
try {
KeyFactory kf = KeyFactory.getInstance("ECDH", getProviderName());
BigInteger keyInteger = new BigInteger(keyBytes);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
ECPrivateKeySpec pubSpec = new ECPrivateKeySpec(keyInteger, ecSpec);
ECPrivateKey privateKey = (ECPrivateKey) kf.generatePrivate(pubSpec);
return privateKey;
} catch (NoSuchAlgorithmException | NoSuchProviderException ex) {
Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, null, ex);
}
return null;
}
/**
* Construct a private key from its encoding.
*
* @param encodedKey the encoding of a private key.
* @param encodedKeyAlgorithm the algorithm the wrapped key is for.
* @return a private key constructed from the encodedKey.
*/
private static final PrivateKey constructPrivateKey(byte[] encodedKey, String encodedKeyAlgorithm)
throws InvalidKeyException, NoSuchAlgorithmException {
try {
KeyFactory keyFactory = KeyFactory.getInstance(encodedKeyAlgorithm);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
return keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException nsae) {
throw new NoSuchAlgorithmException(
"No installed providers "
+ "can create keys for the "
+ encodedKeyAlgorithm
+ "algorithm",
nsae);
} catch (InvalidKeySpecException ike) {
throw new InvalidKeyException("Cannot construct private key", ike);
}
}
/*
* 产生签名
*/
public String generateSHA1withRSASigature(String src, String priKey) {
try {
Signature sigEng = Signature.getInstance("SHA1withRSA");
byte[] pribyte = hexStrToBytes(priKey.trim());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pribyte);
KeyFactory fac = KeyFactory.getInstance("RSA");
// RSAPublicKey pubKey = (RSAPublicKey)fac.generatePublic(keySpec);
RSAPrivateKey privateKey = (RSAPrivateKey) fac.generatePrivate(keySpec);
sigEng.initSign(privateKey);
sigEng.update(src.getBytes());
byte[] signature = sigEng.sign();
return bytesToHexStr(signature);
} catch (Exception e) {
System.err.println(e);
e.printStackTrace(System.err);
return null;
}
}
public RSAPrivateKey decodePrivateKeyFromPKCSBytes(byte[] keySpecBytes)
throws GeneralSecurityException {
KeySpec keySpec = new PKCS8EncodedKeySpec(keySpecBytes);
KeyFactory keyFact = KeyFactory.getInstance("RSA", PROVIDER_NAME);
return (RSAPrivateKey) keyFact.generatePrivate(keySpec);
}
/**
* Returns the key associated with the given alias, using the given password to recover it.
*
* @param alias the alias name
* @param password the password for recovering the key. This password is used internally as the
* key is exported in a PKCS12 format.
* @return the requested key, or null if the given alias does not exist or does not identify a
* <i>key entry</i>.
* @exception NoSuchAlgorithmException if the algorithm for recovering the key cannot be found
* @exception UnrecoverableKeyException if the key cannot be recovered (e.g., the given password
* is wrong).
*/
public Key engineGetKey(String alias, char[] password)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
permissionCheck();
// An empty password is rejected by MacOS API, no private key data
// is exported. If no password is passed (as is the case when
// this implementation is used as browser keystore in various
// deployment scenarios like Webstart, JFX and applets), create
// a dummy password so MacOS API is happy.
if (password == null || password.length == 0) {
// Must not be a char array with only a 0, as this is an empty
// string.
if (random == null) {
random = new SecureRandom();
}
password = Long.toString(random.nextLong()).toCharArray();
}
Object entry = entries.get(alias.toLowerCase());
if (entry == null || !(entry instanceof KeyEntry)) {
return null;
}
// This call gives us a PKCS12 bag, with the key inside it.
byte[] exportedKeyInfo = _getEncodedKeyData(((KeyEntry) entry).keyRef, password);
if (exportedKeyInfo == null) {
return null;
}
PrivateKey returnValue = null;
try {
byte[] pkcs8KeyData = fetchPrivateKeyFromBag(exportedKeyInfo);
byte[] encryptedKey;
AlgorithmParameters algParams;
ObjectIdentifier algOid;
try {
// get the encrypted private key
EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(pkcs8KeyData);
encryptedKey = encrInfo.getEncryptedData();
// parse Algorithm parameters
DerValue val = new DerValue(encrInfo.getAlgorithm().encode());
DerInputStream in = val.toDerInputStream();
algOid = in.getOID();
algParams = parseAlgParameters(in);
} catch (IOException ioe) {
UnrecoverableKeyException uke =
new UnrecoverableKeyException(
"Private key not stored as " + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
uke.initCause(ioe);
throw uke;
}
// Use JCE to decrypt the data using the supplied password.
SecretKey skey = getPBEKey(password);
Cipher cipher = Cipher.getInstance(algOid.toString());
cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
byte[] decryptedPrivateKey = cipher.doFinal(encryptedKey);
PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(decryptedPrivateKey);
// Parse the key algorithm and then use a JCA key factory to create the private key.
DerValue val = new DerValue(decryptedPrivateKey);
DerInputStream in = val.toDerInputStream();
// Ignore this -- version should be 0.
int i = in.getInteger();
// Get the Algorithm ID next
DerValue[] value = in.getSequence(2);
AlgorithmId algId = new AlgorithmId(value[0].getOID());
String algName = algId.getName();
// Get a key factory for this algorithm. It's likely to be 'RSA'.
KeyFactory kfac = KeyFactory.getInstance(algName);
returnValue = kfac.generatePrivate(kspec);
} catch (Exception e) {
UnrecoverableKeyException uke =
new UnrecoverableKeyException("Get Key failed: " + e.getMessage());
uke.initCause(e);
throw uke;
}
return returnValue;
}
/*public static PrivateKey readPrivateKey(String filenameDer) throws Exception
{
byte[] keyBytes = readAllBytes(filenameDer);
logger.debug("Key = " + Hex.encodeHexString(keyBytes));
return readPrivateKey(keyBytes);
}*/
public static PrivateKey readPrivateKey(byte[] keyBytes) throws Exception {
KeyFactory keyFactory = newKeyFactory();
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
return keyFactory.generatePrivate(spec);
}
public void setPrvKey(byte[] d, byte[] n) throws Exception {
RSAPrivateKeySpec rsaPrivKeySpec = new RSAPrivateKeySpec(new BigInteger(n), new BigInteger(d));
PrivateKey prvKey = keyFactory.generatePrivate(rsaPrivKeySpec);
signature.initSign(prvKey);
}
