Exemplo n.º 1
0
  /**
   * Decrypt an encrypted PKCS 8 format private key.
   *
   * <p>Based on ghstark's post on Aug 6, 2006 at
   * http://forums.sun.com/thread.jspa?threadID=758133&messageID=4330949
   *
   * @param encryptedPrivateKey The raw data of the private key
   * @param keyFile The file containing the private key
   */
  private KeySpec decryptPrivateKey(byte[] encryptedPrivateKey, String keyPassword)
      throws GeneralSecurityException {
    EncryptedPrivateKeyInfo epkInfo;
    try {
      epkInfo = new EncryptedPrivateKeyInfo(encryptedPrivateKey);
    } catch (IOException ex) {
      // Probably not an encrypted key.
      return null;
    }

    char[] keyPasswd = keyPassword.toCharArray();

    SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName());
    Key key = skFactory.generateSecret(new PBEKeySpec(keyPasswd));

    Cipher cipher = Cipher.getInstance(epkInfo.getAlgName());
    cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters());

    try {
      return epkInfo.getKeySpec(cipher);
    } catch (InvalidKeySpecException ex) {
      getLogger().error("signapk: Password for private key may be bad.");
      throw ex;
    }
  }
Exemplo n.º 2
0
 private static KeySpec decryptPrivateKey(byte[] encryptedPrivateKey)
     throws GeneralSecurityException {
   EncryptedPrivateKeyInfo epkInfo;
   try {
     epkInfo = new EncryptedPrivateKeyInfo(encryptedPrivateKey);
   } catch (IOException ex) {
     return null;
   }
   SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName());
   Key key = skFactory.generateSecret(new PBEKeySpec("".toCharArray()));
   Cipher cipher = Cipher.getInstance(epkInfo.getAlgName());
   cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters());
   return epkInfo.getKeySpec(cipher);
 }
Exemplo n.º 3
0
  private static KeySpec getKeySpec(byte[] encodedKey, String password) throws Exception {
    KeySpec keySpec;
    if (password == null) {
      keySpec = new PKCS8EncodedKeySpec(encodedKey);
    } else {
      // decrypt private key
      PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());

      EncryptedPrivateKeyInfo privateKeyInfo = new EncryptedPrivateKeyInfo(encodedKey);
      String algorithmName = privateKeyInfo.getAlgName();
      Cipher cipher = Cipher.getInstance(algorithmName);
      SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithmName);

      Key pbeKey = secretKeyFactory.generateSecret(pbeKeySpec);
      AlgorithmParameters algParams = privateKeyInfo.getAlgParameters();
      cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
      keySpec = privateKeyInfo.getKeySpec(cipher);
    }
    return keySpec;
  }
Exemplo n.º 4
0
  public PrivateKey getPrivateKey(String alias) {
    RandomAccessFile raf = null;
    try {
      if (key == null && keyfile != null) // If keyfile is null, we do not load the key
      { // The private key must be loaded
        if (cert == null) { // We need the certificate for the algorithm
          if (getCertificateChain("user") == null) return null; // getCertificateChain failed...
        }

        try {
          raf = new RandomAccessFile(new File(keyfile), "r");
        } catch (FileNotFoundException ex) {
          if (!defaultfile) { // It is not an error if there is no file at the default location
            throw ex;
          }
          return null;
        }
        byte[] keydata = new byte[(int) raf.length()];
        raf.readFully(keydata);
        raf.close();
        raf = null;

        KeyFactory kf = KeyFactory.getInstance(cert[0].getPublicKey().getAlgorithm());
        try {
          KeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keydata);
          key = kf.generatePrivate(pkcs8KeySpec);
        } catch (InvalidKeySpecException ex) // The key might be password protected
        {
          EncryptedPrivateKeyInfo ePKInfo = new EncryptedPrivateKeyInfo(keydata);
          Cipher cipher;
          try {
            cipher = Cipher.getInstance(ePKInfo.getAlgName());
          } catch (
              NoSuchPaddingException
                  npex) { // Why is it not a subclass of NoSuchAlgorithmException?
            throw new NoSuchAlgorithmException(npex.getMessage(), npex);
          }
          // We call back for the password
          PasswordCallback pwdcb = new PasswordCallback(GT.tr("Enter SSL password: "******"Console is not available".equals(ucex.getMessage()))) {
              error =
                  new PSQLException(
                      GT.tr(
                          "Could not read password for SSL key file, console is not available.",
                          null),
                      PSQLState.CONNECTION_FAILURE,
                      ucex);
            } else {
              error =
                  new PSQLException(
                      GT.tr(
                          "Could not read password for SSL key file by callbackhandler {0}.",
                          new Object[] {cbh.getClass().getName()}),
                      PSQLState.CONNECTION_FAILURE,
                      ucex);
            }
            return null;
          }
          try {
            PBEKeySpec pbeKeySpec = new PBEKeySpec(pwdcb.getPassword());
            // Now create the Key from the PBEKeySpec
            SecretKeyFactory skFac = SecretKeyFactory.getInstance(ePKInfo.getAlgName());
            Key pbeKey = skFac.generateSecret(pbeKeySpec);
            // Extract the iteration count and the salt
            AlgorithmParameters algParams = ePKInfo.getAlgParameters();
            cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
            // Decrypt the encryped private key into a PKCS8EncodedKeySpec
            KeySpec pkcs8KeySpec = ePKInfo.getKeySpec(cipher);
            key = kf.generatePrivate(pkcs8KeySpec);
          } catch (GeneralSecurityException ikex) {
            error =
                new PSQLException(
                    GT.tr("Could not decrypt SSL key file {0}.", new Object[] {keyfile}),
                    PSQLState.CONNECTION_FAILURE,
                    ikex);
            return null;
          }
        }
      }
    } catch (IOException ioex) {
      if (raf != null) {
        try {
          raf.close();
        } catch (IOException ex) {
        }
        ;
      }

      error =
          new PSQLException(
              GT.tr("Could not read SSL key file {0}.", new Object[] {keyfile}),
              PSQLState.CONNECTION_FAILURE,
              ioex);
    } catch (NoSuchAlgorithmException ex) {
      error =
          new PSQLException(
              GT.tr(
                  "Could not find a java cryptographic algorithm: {0}.",
                  new Object[] {ex.getMessage()}),
              PSQLState.CONNECTION_FAILURE,
              ex);
      return null;
    }

    return key;
  }