com.unbound.client.Client Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
There is a newer version: 42761
Show newest version
package com.unbound.client;

import com.dyadicsec.cryptoki.Native;
import com.unbound.client.kmip.KMIPClient;
import com.unbound.client.pkcs11.PKCS11Client;
import com.unbound.common.Config;
import com.unbound.common.Converter;
import com.unbound.common.crypto.EC;
import com.unbound.common.crypto.RSA;
import com.unbound.common.crypto.SHA256;

import javax.security.auth.x500.X500Principal;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;

public abstract class Client
{
  private static Client instance = null;
  private static int pkcs11Mode = -1;

  public static Client getInstance()
  {
    if (instance==null)
    {
      instance = isNative() ? PKCS11Client.getInstance() : KMIPClient.getInstance();
    }
    return instance;
  }

  public static boolean isNative()
  {
    if (pkcs11Mode==-1)
    {
      if (Config.getEnvBool("UKC_NO_NATIVE")) pkcs11Mode = 0;
      else pkcs11Mode = Native.loaded ? 1 : 0;
    }
    return pkcs11Mode > 0;
  }

  public abstract void initProviders(String[] servers, KeyStore trusted);
  public abstract Partition getPartition(String name);
  public abstract Partition initProvider(String config);
  public abstract Partition initProvider(KeyStore pfx, String pfxPass);

  public abstract X509Certificate selfSign(PrivateKeyObject key, String hashAlg, String subject, BigInteger serialNumber, int days) throws CertificateException;
  public abstract CipherOper newCipherOperation();
  public abstract MacOper newMacOperation();
  public abstract SignatureOper newSignatureOperation();
  public abstract DeriveOper newDeriveOperation();

  static PublicKey getRsaPublicKey(RSAPrivateKeyObject prv)
  {
    return RSA.newPublicKey(prv.getModulus(), prv.getPublicExponent());
  }

  public static long getRsaUid(RSAPublicKey pub)
  {
    return getRsaUid(pub.getModulus());
  }

  public static long getRsaUid(BigInteger N)
  {
    byte[] hash = SHA256.hash(N.toByteArray());
    return Converter.getBE8(hash, 0);
  }

  static PublicKey getRsaPublicKey(RSAPublicKeyObject prv)
  {
    return RSA.newPublicKey(prv.getModulus(), prv.getPublicExponent());
  }

  public static long getEcUid(ECPublicKey pub)
  {
    EC.Curve curve = EC.getCurve(pub);
    byte[] hash = SHA256.hash(curve.toDer(pub.getW()));
    return Converter.getBE8(hash, 0);
  }

  public static long getEcUid(ECPrivateKey prv)
  {
    return getEcUid(EC.getPublicKey(prv));
  }

  static PublicKey getEcPublicKey(ECPrivateKeyObject prv)
  {
    return prv.getCurve().getPublicKey(prv.getPoint());
  }

  static PublicKey getEcPublicKey(ECPrivateKey prv)
  {
    return EC.getPublicKey(prv);
  }


  public static PublicKey getPublicKey(PrivateKeyObject prv)
  {
    if (prv.getType()==ObjectType.RSAPrv) return getRsaPublicKey((RSAPrivateKeyObject)prv);
    if (prv.getType()==ObjectType.ECPrv) return getEcPublicKey((ECPrivateKeyObject)prv);
    throw new ProviderException("Unsupported key type");
  }

  public static long getCertKeyUid(X509Certificate x509)
  {
    PublicKey pub = x509.getPublicKey();
    if (pub instanceof RSAPublicKey) return getRsaUid((RSAPublicKey)pub);
    if (pub instanceof ECPublicKey) return getEcUid((ECPublicKey)pub);

    throw new ProviderException("Unsupported certificate type");
  }

  static PublicKey getPublicKey(PublicKeyObject pub)
  {
    if (pub.getType()==ObjectType.RSAPub) return getRsaPublicKey((RSAPublicKeyObject)pub);
    throw new ProviderException("Unsupported key type");
  }
}