• Home
• com.github.unbound-tech
• unbound-java-provider
• 2.0.2007.43779
• source code
• UBPrivateKey.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.unbound.provider.UBPrivateKey Maven / Gradle / Ivy

package com.unbound.provider;

import com.dyadicsec.provider.KeyParameters;
import com.unbound.common.Log;
import com.unbound.common.crypto.EC;
import com.unbound.provider.kmip.KMIP;
import com.unbound.provider.kmip.attribute.*;
import com.unbound.provider.kmip.object.ManagedObject;
import com.unbound.provider.kmip.request.*;
import com.unbound.provider.kmip.response.*;

import java.io.IOException;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;

abstract class UBPrivateKey extends UBObject implements java.security.PrivateKey
{
  PublicKey pub = null;

  UBPrivateKey(Partition partition)
  {
    super(partition);
  }

  @Override
  int kmipObjectType()
  {
    return KMIP.ObjectType.PrivateKey;
  }

  abstract int getKmipAlg();
  abstract int getDefaultUsageMask();
  abstract ManagedObject prepareManagedObject(KeySpec keySpec) throws InvalidKeySpecException;
  abstract ManagedObject prepareManagedObject(PrivateKey key) throws InvalidKeySpecException;
  abstract PublicKey convertResponseToPublicKey(GetResponse resp) throws InvalidKeySpecException;
  abstract TemplateAttribute prepareGenerateTemplate(KeyParameters keyParameter, int bitSize, EC.Curve curve);

  UBPrivateKey(Partition partition, long uid, GetAttributesResponse getAttrResp)
  {
    super(partition, uid, getAttrResp);
  }

  static UBPrivateKey newPrivateKey(Partition partition, long uid, GetAttributesResponse getAttrResp, GetResponse getResp) throws InvalidKeySpecException
  {
    int keyType = ((EnumAttribute)getAttrResp.attrs.get(1)).value;
    UBPrivateKey key;
    switch (keyType)
    {
      case KMIP.CryptographicAlgorithm.DyPRF: key = new UBECPrivateKey(partition, uid, getAttrResp); break;
      case KMIP.CryptographicAlgorithm.EC:    key = new UBECPrivateKey(partition, uid, getAttrResp); break;
      case KMIP.CryptographicAlgorithm.RSA:   key = new UBRSAPrivateKey(partition, uid, getAttrResp); break;
      default:                                throw new ProviderException("Unsupported key type");
    }
    key.pub = key.convertResponseToPublicKey(getResp);
    return key;
  }

  static UBPrivateKey newPrivateKey(KeyParameters keyParameter, Partition partition, String alias, Key key) throws InvalidKeySpecException, IOException
  {
    if (key instanceof RSAPrivateCrtKey)
    {
      UBRSAPrivateKey rsa = new UBRSAPrivateKey(partition);
      rsa.register(keyParameter, alias, (PrivateKey) key);
      return rsa;
    }
    if (key instanceof ECPrivateKey)
    {
      UBECPrivateKey ecc = new UBECPrivateKey(partition);
      ecc.register(keyParameter, alias, (PrivateKey) key);
      return ecc;
    }
    throw new ProviderException("Unsupported key type");
  }

  void generate(KeyParameters keyParameter, int bitSize, EC.Curve curve) throws InvalidKeySpecException, IOException
  {
    Log log = Log.func("UBPrivateKey.generate").log("bitSize", bitSize).end(); try
    {
      RequestMessage reqMsg = new RequestMessage();

      CreateKeyPairRequest reqCreateKeyPair = new CreateKeyPairRequest();
      reqMsg.batch.add(reqCreateKeyPair);
      reqCreateKeyPair.prv = prepareGenerateTemplate(keyParameter, bitSize, curve);

      ActivateRequest reqActivate = new ActivateRequest();
      reqMsg.batch.add(reqActivate);

      GetAttributesRequest reqGetAttr = new GetAttributesRequest();
      reqMsg.batch.add(reqGetAttr);
      reqGetAttr.names.add("Name");
      reqGetAttr.names.add("Initial Date");

      GetRequest reqGet = new GetRequest();
      reqMsg.batch.add(reqGet);
      reqGet.formatType = KMIP.KeyFormatType.X_509;

      ResponseMessage respMsg = partition.transmit(reqMsg);

      CreateKeyPairResponse respCreateKeyPair = (CreateKeyPairResponse)respMsg.batch.get(0);
      GetAttributesResponse respGetAttr = (GetAttributesResponse)respMsg.batch.get(2);
      GetResponse respGet = (GetResponse)respMsg.batch.get(3);

      uid = strToUid(respCreateKeyPair.prvUID);
      name = ((Name)respGetAttr.attrs.get(0)).value;
      initialDate = ((DateAttribute)respGetAttr.attrs.get(1)).value;
      pub = convertResponseToPublicKey(respGet);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("UID", uid).end(); }
  }

  void register(KeyParameters keyParameter, String alias, int kmipAlg, int kmipUsage, RegisterRequest reqRegister, ManagedObject managedObject) throws InvalidKeySpecException, IOException
  {
    Log log = Log.func("UBPrivateKey.register").log("kmipAlg", kmipAlg).end(); try
    {
      RequestMessage reqMsg = new RequestMessage();

      if (reqRegister==null) reqRegister = new RegisterRequest();
      reqMsg.batch.add(reqRegister);
      reqRegister.objectType = KMIP.ObjectType.PrivateKey;
      reqRegister.template = new TemplateAttribute();

      if (keyParameter!=null)
      {
        kmipUsage = updateKmipKeyUsageMask(keyParameter, kmipUsage, false);
        updateAttrs(keyParameter, reqRegister.template.attrs);
      }

      reqRegister.template.attrs.add(new EnumAttribute(KMIP.Tag.CryptographicAlgorithm, kmipAlg));
      reqRegister.template.attrs.add(new IntAttribute(KMIP.Tag.CryptographicUsageMask, kmipUsage));
      if (alias!=null) reqRegister.template.attrs.add(new Name(alias));
      reqRegister.object = managedObject;

      ActivateRequest reqActivate = new ActivateRequest();
      reqMsg.batch.add(reqActivate);

      GetAttributesRequest reqGetAttr = new GetAttributesRequest();
      reqMsg.batch.add(reqGetAttr);
      reqGetAttr.names.add("Name");
      reqGetAttr.names.add("Initial Date");

      GetRequest reqGet = new GetRequest();
      reqMsg.batch.add(reqGet);
      reqGet.formatType = KMIP.KeyFormatType.X_509;

      ResponseMessage respMsg = partition.transmit(reqMsg);

      RegisterResponse respRegister = (RegisterResponse)respMsg.batch.get(0);
      GetAttributesResponse respGetAttr = (GetAttributesResponse)respMsg.batch.get(2);
      GetResponse respGet = (GetResponse)respMsg.batch.get(3);

      uid = strToUid(respRegister.uid);
      name = alias==null ? ((Name)respGetAttr.attrs.get(0)).value : alias;
      initialDate = ((DateAttribute)respGetAttr.attrs.get(1)).value;
      pub = convertResponseToPublicKey(respGet);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("uid", uid).end(); }
}

  static UBPrivateKey locate(Partition partition, int kmipAlgType, String alias) throws InvalidKeySpecException, CertificateException, IOException
  {
    long uid = 0;
    Log log = Log.func("UBPrivateKey.locate").log("kmipAlgType", kmipAlgType).log("alias", alias).end(); try
    {
      uid = partition.locate(KMIP.ObjectType.PrivateKey, 0, alias);
      if (uid==0) return null;
      return (UBPrivateKey)UBObject.read(partition, uid, true);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("uid", uid).end(); }
  }

  byte[] sign(byte[] in, int kmipAlg, int kmipSigAlg) throws IOException
  {
    Log log = Log.func("UBPrivateKey.sign").log("kmipAlg", kmipAlg).log("kmipSigAlg", kmipSigAlg).log("in.length", in.length).end(); try
    {
      SignRequest req = new SignRequest();
      req.uid = uidToStr(uid);
      req.data = in;
      req.params = new CryptoParams();
      req.params.cryptoAlg = kmipAlg;
      if (kmipAlg==KMIP.CryptographicAlgorithm.RSA) req.params.padding = KMIP.PaddingMethod.PKCS1_V1_5;
      if (kmipSigAlg!=0) req.params.signingAlg = kmipSigAlg;

      SignResponse resp = (SignResponse) partition.transmit(req);
      return resp.data;
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
  }

  void register(KeyParameters keyParameter, String alias, PrivateKey key) throws InvalidKeySpecException, IOException
  {
    Log log = Log.func("UBPrivateKey.register").log("alias", alias).end(); try
    {
      register(keyParameter, alias, getKmipAlg(), getDefaultUsageMask(), null, prepareManagedObject(key));
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
  }

  void register(KeyParameters keyParameter, KeySpec keySpec) throws InvalidKeySpecException, IOException
  {
    register(keyParameter, null, getKmipAlg(), getDefaultUsageMask(),null, prepareManagedObject(keySpec));
  }

  void unwrap(KeyParameters keyParameter, RegisterRequest req, long unwrappingKeyUid, CryptoParams kmipParams, byte[] wrapped) throws IOException, InvalidKeySpecException
  {
    Log log = Log.func("UBPrivateKey.unwrap").end(); try
    {
      com.unbound.provider.kmip.object.PrivateKey managedObject = new com.unbound.provider.kmip.object.PrivateKey();
      req.objectType = KMIP.ObjectType.PrivateKey;
      req.object = managedObject;
      managedObject.keyBlock.buf = wrapped;
      managedObject.keyBlock.formatType = KMIP.KeyFormatType.Raw;
      managedObject.keyBlock.keyWrap = new KeyWrappingData();
      managedObject.keyBlock.keyWrap.encKey = new KeyWrappingInfo();
      managedObject.keyBlock.keyWrap.encKey.uid = uidToStr(unwrappingKeyUid);
      managedObject.keyBlock.keyWrap.encKey.params = kmipParams;
      register(keyParameter, null, getKmipAlg(), getDefaultUsageMask(), req, managedObject);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("UID", uid).end(); }
  }

}