• Home
• com.github.unbound-tech
• unbound-java-provider
• 2.0.2007.46455
• source code
• KMIPECPrivateKey.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.unbound.client.kmip.KMIPECPrivateKey Maven / Gradle / Ivy

package com.unbound.client.kmip;

import com.unbound.client.Client;
import com.unbound.client.ECPrivateKeyObject;
import com.unbound.client.ObjectType;
import com.unbound.common.Converter;
import com.unbound.common.Log;
import com.unbound.common.crypto.EC;
import com.unbound.common.crypto.SHA256;
import com.unbound.common.crypto.SystemProvider;
import com.unbound.kmip.KMIP;
import com.unbound.kmip.attribute.*;
import com.unbound.kmip.object.ManagedObject;
import com.unbound.kmip.request.CreateKeyPairRequest;
import com.unbound.kmip.request.RegisterRequest;
import com.unbound.provider.KeyParameters;

import java.security.KeyFactory;
import java.security.ProviderException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;


public class KMIPECPrivateKey extends KMIPObject implements ECPrivateKeyObject
{
  private EC.Curve curve = null;
  private ECPoint point = null;

  KMIPECPrivateKey(KMIPSession session, long uid)
  {
    super(ObjectType.ECPrv, uid);
    read(session);
  }

  static TemplateAttribute getTemplate(String name, KeyParameters kp)
  {
    TemplateAttribute template = new TemplateAttribute();
    if (kp!=null)
    {
      if (name==null) name = kp.getName();

      boolean ecdsaExp = kp.isSetSign();
      boolean ecdsa = kp.isAllowSign();
      boolean ecdhExp = kp.isSetDerive();
      boolean ecdh = kp.isAllowDerive();

      boolean isEcdh = ecdhExp && ecdh && (!ecdsaExp || !ecdsa);
      if (isEcdh)
      {
        template.attrs.add(new BoolAttribute(KMIP.Tag.CKA_SIGN, false));
        template.attrs.add(new BoolAttribute(KMIP.Tag.CKA_DERIVE, true));
        //template.attrs.add(new BoolAttribute(KMIP.Tag.CKA_ENCRYPT, kp.isAllowEncrypt()));
        template.attrs.add(new BoolAttribute(KMIP.Tag.CKA_DECRYPT, kp.isAllowDecrypt()));
      }
      else
      {
        template.attrs.add(new BoolAttribute(KMIP.Tag.CKA_SIGN, true));
        template.attrs.add(new BoolAttribute(KMIP.Tag.CKA_DERIVE, false));
      }
      makeExportLevel(template, kp);
    }
    else template.attrs.add(new IntAttribute(KMIP.Tag.CryptographicUsageMask, KMIP.CryptographicUsageMask.Sign));

    template.attrs.add(new EnumAttribute(KMIP.Tag.CryptographicAlgorithm, KMIP.CryptographicAlgorithm.EC));
    if (name!=null) template.attrs.add(new Name(name));

    return template;
  }


  @Override
  void acceptManagedObject(ManagedObject managedObject)
  {
    com.unbound.kmip.object.PrivateKey kmipPrivateKey = (com.unbound.kmip.object.PrivateKey)managedObject;
    try
    {
      X509EncodedKeySpec spec = new X509EncodedKeySpec(kmipPrivateKey.keyBlock.buf);
      KeyFactory kf = SystemProvider.KeyFactory.getInstance("EC");
      ECPublicKey ecc = (ECPublicKey) kf.generatePublic(spec);
      curve = EC.getCurve(ecc);
      point = ecc.getW();
    }
    catch (InvalidKeySpecException e) { throw new ProviderException(e); }
  }

  @Override
  public EC.Curve getCurve()
  {
    return curve;
  }

  @Override
  public ECPoint getPoint() { return point; }

  static KMIPECPrivateKey importKey(KMIPSession session, String name, ECPrivateKey keyValue, KeyParameters kp)
  {
    long uid = 0;
    Log log = Log.func("KMIPECPrivateKey.importKey").end(); try
    {
      wipeDeletedObject(session, Client.getEcUid(keyValue));

      RegisterRequest req = new RegisterRequest();
      req.objectType = KMIP.ObjectType.PrivateKey;
      req.template = getTemplate(name, kp);

      com.unbound.kmip.object.PrivateKey mo = new com.unbound.kmip.object.PrivateKey();
      req.object = mo;
      mo.keyBlock.formatType = KMIP.KeyFormatType.PKCS_8;
      mo.keyBlock.buf = keyValue.getEncoded();
      mo.keyBlock.algorithm = KMIP.CryptographicAlgorithm.EC;

      uid = register(session, req);
      return new KMIPECPrivateKey(session, uid);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("uid", uid).end(); }
  }

  static KMIPECPrivateKey generate(KMIPSession session, String name, EC.Curve curve, KeyParameters kp)
  {
    long uid = 0;
    if (kp!=null && name==null) name = kp.getName();

    Log log = Log.func("KMIPECPrivateKey.generate").log("curve", curve.name).end(); try
    {
      TemplateAttribute template = getTemplate(name, kp);
      template.attrs.add(new EnumAttribute(KMIP.Tag.RecommendedCurve, curve.kmipCode));

      CreateKeyPairRequest req = new CreateKeyPairRequest();
      req.prv = template;
      uid = createKeyPair(session, req);
      return new KMIPECPrivateKey(session, uid);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("UID", uid).end(); }
  }
}