com.unbound.provider.UBCryptoProvider Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.provider;
import com.unbound.client.Client;
import com.unbound.client.Partition;
import com.unbound.client.PrivateKeyObject;
import com.unbound.common.Log;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public final class UBCryptoProvider extends Provider
{
private final static String name = "UNBOUND";
private final static double version = 1.0;
private final static String info = "UnboundTech UKC security provider";
static boolean allowedPrivateKeyWithoutCertificate = false;
static boolean allowedPublicKey = false;
public static void allowPrivateKeyWithoutCertificate(boolean allow)
{
Log log = Log.func("UBCryptoProvider.allowPrivateKeyWithoutCertificate").log("allow", allow).end();
try { allowedPrivateKeyWithoutCertificate = allow; }
catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
}
public static void allowPublicKey(boolean allow)
{
Log log = Log.func("UBCryptoProvider.allowedPublicKey").log("allow", allow).end();
try { allowedPublicKey = allow; }
catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
}
public static void initialize(String[] servers, KeyStore trusted)
{
Log log = Log.func("UBCryptoProvider.initialize").end();
try { Client.getInstance().initProviders(servers, trusted); }
catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
}
public UBCryptoProvider(String configArg)
{
super(name, version, info);
Log log = Log.func("UBCryptoProvider").log("configArg", configArg).end();
try
{
Partition partition = Client.getInstance().initProvider(configArg);
if (partition==null) return;
Service[] services = register(this, partition);
for (Service s : services) putService(s);
}
catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
}
public UBCryptoProvider(KeyStore pfx, String pfxPass)
{
super(name, version, info);
Log log = Log.func("UBCryptoProvider-pfx").log("name", name).end();
try
{
Partition partition = Client.getInstance().initProvider(pfx, pfxPass);
Service[] services = register(this, partition);
for (Service s : services) putService(s);
}
catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
}
public Provider configure(String configArg)
{
return new UBCryptoProvider(configArg);
}
public UBCryptoProvider()
{
this(null);
}
public static final class KeyEntry extends UBKeyStoreEntry
{
public KeyEntry(PrivateKey key, com.dyadicsec.provider.KeyParameters kp) { super(key); }
public KeyEntry(PublicKey key, KeyParameters kp) { super(key); }
public KeyEntry(PrivateKey key) { super(key); }
public KeyEntry(PublicKey key) { super(key); }
}
public static X509Certificate selfSign(java.security.PrivateKey key, String hashAlg, String subject, BigInteger serialNumber, int days)
throws CertificateException
{
PrivateKeyObject object;
if (key instanceof UBECPrivateKey) object = ((UBECPrivateKey) key).getObject();
else if (key instanceof UBRSAPrivateKey) object = ((UBRSAPrivateKey) key).getObject();
else throw new IllegalArgumentException("Invalid key type");
return Client.getInstance().selfSign(object, hashAlg, subject, serialNumber, days);
}
public X509Certificate SelfSign(java.security.PrivateKey key, String hashAlg, String subject, BigInteger serialNumber, int days) throws CertificateException
{
Log log = Log.func("UBCryptoProvider.SelfSign").log("subject", subject).end();
try { return selfSign(key, hashAlg, subject, serialNumber, days); }
catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
}
private static void appendMode(StringBuffer buf, String a)
{
if (buf.length() > 0) buf.append("|");
buf.append(a);
}
public static Service[] register(Provider provider, Partition partition)
{
final String prefix = UBCryptoProvider.class.getPackage().getName() + ".";
// ------------------- RSA ---------------------
final String rsaKeyClasses = "java.security.interfaces.RSAPrivateKey|java.security.interfaces.RSAPublicKey";
provider.put("KeyFactory.RSA", prefix + "UBRSAKeyFactory");
provider.put("KeyPairGenerator.RSA", prefix + "UBRSAKeyPairGenerator");
provider.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
provider.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
StringBuffer modes = new StringBuffer();
appendMode(modes, "PKCS1PADDING");
appendMode(modes, "NOPADDING");
appendMode(modes, "OAEPPADDING"
+ "|OAEPWITHSHA1ANDMGF1PADDING"
+ "|OAEPWITHSHA-1ANDMGF1PADDING"
+ "|OAEPWITHSHA-256ANDMGF1PADDING"
+ "|OAEPWITHSHA-384ANDMGF1PADDING"
+ "|OAEPWITHSHA-512ANDMGF1PADDING");
if (modes.length() > 0)
{
provider.put("Cipher.RSA", prefix + "UBRSACipher");
provider.put("Cipher.RSA SupportedModes", "ECB");
provider.put("Cipher.RSA SupportedKeyClasses", rsaKeyClasses);
provider.put("Cipher.RSA SupportedPaddings", modes.toString());
}
provider.put("Signature.NONEwithRSA SupportedKeyClasses", rsaKeyClasses);
provider.put("Signature.NONEwithRSA", prefix + "UBRSASignature$NONE");
provider.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
provider.put("Signature.SHA1withRSA", prefix + "UBRSASignature$SHA1");
provider.put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
provider.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
provider.put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
provider.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
provider.put("Signature.SHA256withRSA", prefix + "UBRSASignature$SHA256");
provider.put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA");
provider.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
provider.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
provider.put("Signature.SHA384withRSA", prefix + "UBRSASignature$SHA384");
provider.put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA");
provider.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
provider.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
provider.put("Signature.SHA512withRSA", prefix + "UBRSASignature$SHA512");
provider.put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA");
provider.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
provider.put("Signature.RSASSA-PSS", prefix + "UBRSASignaturePSS");
provider.put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses);
provider.put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS");
provider.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
// --------------------------- EC ----------------------------
String ecKeyClasses = "java.security.interfaces.ECPrivateKey";
provider.put("Alg.Alias.KeyFactory.EllipticCurve", "EC");
provider.put("Signature.NONEwithECDSA", prefix + "UBECDSASignature$Raw");
provider.put("Signature.NONEwithECDSA SupportedKeyClasses", ecKeyClasses);
provider.put("Signature.SHA1withECDSA", prefix + "UBECDSASignature$SHA1");
provider.put("Signature.SHA1withECDSA SupportedKeyClasses", ecKeyClasses);
provider.put("Signature.SHA256withECDSA", prefix + "UBECDSASignature$SHA256");
provider.put("Signature.SHA256withECDSA SupportedKeyClasses", ecKeyClasses);
provider.put("Signature.SHA384withECDSA", prefix + "UBECDSASignature$SHA384");
provider.put("Signature.SHA384withECDSA SupportedKeyClasses", ecKeyClasses);
provider.put("Signature.SHA512withECDSA", prefix + "UBECDSASignature$SHA512");
provider.put("Signature.SHA512withECDSA SupportedKeyClasses", ecKeyClasses);
provider.put("Signature.Schnorr", prefix + "UBSchnorrSignature");
provider.put("Signature.Schnorr SupportedKeyClasses", ecKeyClasses);
provider.put("KeyAgreement.ECDH", prefix + "UBECDHKeyAgreement");
provider.put("KeyAgreement.ECDH SupportedKeyClasses", ecKeyClasses);
if (Client.isNative())
{
// --------------------------- EDDSA -------------------------------
provider.put("KeyPairGenerator.EDDSA", prefix + "UBEDDSAKeyPairGenerator");
provider.put("Alg.Alias.KeyPairGenerator.EDDSA", "EDDSA");
provider.put("Signature.NONEwithEDDSA", prefix + "EDDSASignature$Raw");
provider.put("Signature.NONEwithEDDSA SupportedKeyClasses", "java.security.PublicKey|java.security.PrivateKey");
}
//----------------------- AES ---------------------------------------
String secretKeyClasses = prefix + "UBSecretKey";
provider.put("KeyGenerator.AES", prefix + "UBSecretKeyGenerator$AES");
provider.put("SecretKeyFactory.AES", prefix + "UBSecretKeyFactory$AES");
provider.put("Cipher.AES", prefix + "UBSecretKeyCipher$AES");
provider.put("Cipher.AES SupportedModes", "ECB|CBC|OFB128|CFB128|CTR|GCM");
provider.put("Cipher.AES SupportedPaddings", "NOPADDING|PKCS5PADDING");
provider.put("Cipher.AES SupportedKeyFormats", "RAW");
provider.put("Cipher.AES SupportedKeyClasses", secretKeyClasses);
if (Client.isNative())
{
provider.put("Mac.GMAC", prefix + "UBMac$GMAC");
}
// ------------------------------ HMAC --------------------------------
provider.put("KeyGenerator.Hmac", prefix + "UBSecretKeyGenerator$Hmac");
provider.put("SecretKeyFactory.Hmac", prefix + "UBSecretKeyFactory$Hmac");
provider.put("Mac.Hmac SupportedKeyFormats", "RAW");
provider.put("Mac.Hmac SupportedKeyClasses", secretKeyClasses);
provider.put("Mac.HmacSHA1", prefix + "UBMac$HmacSHA1");
provider.put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
provider.put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
provider.put("Mac.HmacSHA256", prefix + "UBMac$HmacSHA256");
provider.put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
provider.put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
provider.put("Mac.HmacSHA384", prefix + "UBMac$HmacSHA384");
provider.put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
provider.put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
provider.put("Mac.HmacSHA512", prefix + "UBMac$HmacSHA512");
provider.put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
provider.put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
Service[] services = new Service[9];
services[0] = new UBProviderService(provider, "KeyStore", "PKCS11", prefix + "UBKeyStore", partition, UBProviderService.KEY_STORE);
services[1] = new UBProviderService(provider, "KeyFactory", "RSA", prefix + "UBRSAKeyFactory", partition, UBProviderService.RSA_IMPORT);
services[2] = new UBProviderService(provider, "KeyPairGenerator", "RSA", prefix + "UBRSAKeyPairGenerator", partition, UBProviderService.RSA_GEN);
services[3] = new UBProviderService(provider, "KeyFactory", "EC", prefix + "UBECKeyFactory", partition, UBProviderService.EC_IMPORT);
services[4] = new UBProviderService(provider, "KeyPairGenerator", "EC", prefix + "UBECKeyPairGenerator", partition, UBProviderService.EC_GEN);
services[5] = new UBProviderService(provider, "SecretKeyFactory", "AES", prefix + "UBSecretKeyFactory$AES", partition, UBProviderService.AES_IMPORT);
services[6] = new UBProviderService(provider, "KeyGenerator", "AES", prefix + "UBSecretKeyGenerator$AES", partition, UBProviderService.AES_GEN);
services[7] = new UBProviderService(provider, "SecretKeyFactory", "HMAC", prefix + "UBSecretKeyFactory$Hmac", partition, UBProviderService.HMAC_IMPORT);
services[8] = new UBProviderService(provider, "KeyGenerator", "HMAC", prefix + "UBSecretKeyGenerator$Hmac", partition, UBProviderService.HMAC_GEN);
return services;
}
final static class UBProviderService extends Service
{
static final int KEY_STORE = 0;
static final int RSA_GEN = 1;
static final int RSA_IMPORT = 2;
static final int EC_GEN = 3;
static final int EC_IMPORT = 4;
static final int AES_IMPORT = 5;
static final int AES_GEN = 6;
static final int HMAC_IMPORT = 7;
static final int HMAC_GEN = 8;
private Partition partition;
int mode;
UBProviderService(Provider provider, String type, String algorithm, String className, Partition partition, int mode)
{
super(provider, type, algorithm, className, null, null);
this.partition = partition;
this.mode = mode;
}
@Override
public boolean supportsParameter(Object param)
{
return false;
}
@Override
public Object newInstance(Object param)
{
switch (mode)
{
case KEY_STORE: return partition.getKeyStore();
case RSA_GEN: return new UBRSAKeyPairGenerator(partition);
case RSA_IMPORT: return new UBRSAKeyFactory(partition);
case EC_GEN: return new UBECKeyPairGenerator(partition);
case EC_IMPORT: return new UBECKeyFactory(partition);
case AES_IMPORT: return new UBSecretKeyFactory.AES(partition);
case AES_GEN: return new UBSecretKeyGenerator.AES(partition);
case HMAC_IMPORT: return new UBSecretKeyFactory.Hmac(partition);
case HMAC_GEN: return new UBSecretKeyGenerator.Hmac(partition);
}
return null;
}
}
}