下面列出了怎么用java.security.interfaces.RSAKey的API类实例代码及写法,或者点击链接到github查看源代码。
/**
*
* @param kpair test key pair
* @param pubExponent expected public exponent.
* @return true if test passed. false if test failed.
*/
private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
boolean passed = true;
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.out.println("priv.getModulus() = " + priv.getModulus());
System.out.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
System.out.println("pubExponent = " + pubExponent);
System.out.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
}
return passed;
}
/**
*
* @param kpair test key pair
* @param pubExponent expected public exponent.
* @return true if test passed. false if test failed.
*/
private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
boolean passed = true;
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.out.println("priv.getModulus() = " + priv.getModulus());
System.out.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
System.out.println("pubExponent = " + pubExponent);
System.out.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
}
return passed;
}
/**
*
* @param kpair test key pair
* @param pubExponent expected public exponent.
* @return true if test passed. false if test failed.
*/
private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
boolean passed = true;
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.out.println("priv.getModulus() = " + priv.getModulus());
System.out.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
System.out.println("pubExponent = " + pubExponent);
System.out.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
}
return passed;
}
/**
*
* @param kpair test key pair
* @param pubExponent expected public exponent.
* @return true if test passed. false if test failed.
*/
private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
boolean passed = true;
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
System.err.println("pubExponent = " + pubExponent);
System.err.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
}
return passed;
}
/**
*
* @param kpair test key pair
* @param pubExponent expected public exponent.
* @return true if test passed. false if test failed.
*/
private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
boolean passed = true;
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.out.println("priv.getModulus() = " + priv.getModulus());
System.out.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
System.out.println("pubExponent = " + pubExponent);
System.out.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
}
return passed;
}
/**
* Get the key size of a public key.
*
* @param pubKey The public key
* @return The key size, {@link #UNKNOWN_KEY_SIZE} if not known
*/
public static int getKeyLength(PublicKey pubKey)
{
if (pubKey instanceof RSAKey)
{
return ((RSAKey) pubKey).getModulus().bitLength();
}
else if (pubKey instanceof DSAKey)
{
return ((DSAKey) pubKey).getParams().getP().bitLength();
}
else if (pubKey instanceof DHKey)
{
return ((DHKey) pubKey).getParams().getP().bitLength();
}
else if (pubKey instanceof ECKey)
{
// TODO: how to get key size from these?
return UNKNOWN_KEY_SIZE;
}
LOG.warning("Don't know how to get key size from key " + pubKey);
return UNKNOWN_KEY_SIZE;
}
/**
*
* @param kpair test key pair
* @param pubExponent expected public exponent.
* @return true if test passed. false if test failed.
*/
private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
boolean passed = true;
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
System.err.println("pubExponent = " + pubExponent);
System.err.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
}
return passed;
}
/**
*
* @param kpair test key pair
* @param pubExponent expected public exponent.
* @return true if test passed. false if test failed.
*/
private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
boolean passed = true;
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.out.println("priv.getModulus() = " + priv.getModulus());
System.out.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
System.out.println("pubExponent = " + pubExponent);
System.out.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
}
return passed;
}
/**
* Get the key size of a public key.
*
* @param pubKey The public key
* @return The key size, {@link #UNKNOWN_KEY_SIZE} if not known
*/
public static int getKeyLength(PublicKey pubKey)
{
if (pubKey instanceof RSAKey)
{
return ((RSAKey) pubKey).getModulus().bitLength();
}
else if (pubKey instanceof DSAKey)
{
return ((DSAKey) pubKey).getParams().getP().bitLength();
}
else if (pubKey instanceof DHKey)
{
return ((DHKey) pubKey).getParams().getP().bitLength();
}
else if (pubKey instanceof ECKey)
{
// TODO: how to get key size from these?
return UNKNOWN_KEY_SIZE;
}
_logger.warn("Don't know how to get key size from key " + pubKey);
return UNKNOWN_KEY_SIZE;
}
public static ReconSignature sign(PrivateKey privateKey, Value payload,
Value protectedHeader, Value unprotectedHeader) {
if (privateKey instanceof RSAKey) {
return signRsa(privateKey, payload, protectedHeader, unprotectedHeader);
} else {
throw new IllegalArgumentException("unsupported signing key type");
}
}
private static String algorithm(Key key) {
if (key instanceof RSAKey) {
return rsaAlgorithm((RSAKey) key);
} else {
return null;
}
}
public static JsonWebSignature sign(PrivateKey privateKey, Value unprotectedHeader,
Value protectedHeader, Data payloadData) {
if (privateKey instanceof ECKey) {
return signECDSA(privateKey, unprotectedHeader, protectedHeader, payloadData);
} else if (privateKey instanceof RSAKey) {
return signRSA(privateKey, unprotectedHeader, protectedHeader, payloadData);
} else {
throw new IllegalArgumentException("unsupported signing key type");
}
}
static int rsaKeyLength(Key key) {
final int bitLength = ((RSAKey) key).getModulus().bitLength();
if (bitLength <= 2048) {
return 32;
} else if (bitLength <= 3072) {
return 48;
} else if (bitLength <= 4096) {
return 64;
} else {
throw new IllegalArgumentException("unsupported key size");
}
}
public RSAKey rsaKey() {
if (this.value.containsKey("d")) {
return rsaPrivateKey();
} else {
return rsaPublicKey();
}
}
/**
* Returns the type of digital signature used with the specified signing key.
*
* @param signingKey private key that will be used to sign a certificate (or something else)
* @return a string representing the digital signature type (ECDSA, RSA, etc.)
*/
public static String getDigitalSignatureType(Key signingKey) {
if (signingKey instanceof ECKey) {
return "ECDSA";
} else if (signingKey instanceof RSAKey) {
return "RSA";
} else if (signingKey instanceof DSAKey) {
return "DSA";
} else {
throw new IllegalArgumentException("Cannot determine digital signature encryption type for unknown key type: " + signingKey.getClass().getCanonicalName());
}
}
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
/**
* Returns the type of digital signature used with the specified signing key.
*
* @param signingKey private key that will be used to sign a certificate (or something else)
* @return a string representing the digital signature type (ECDSA, RSA, etc.)
*/
public static String getDigitalSignatureType(Key signingKey) {
if (signingKey instanceof ECKey) {
return "ECDSA";
} else if (signingKey instanceof RSAKey) {
return "RSA";
} else if (signingKey instanceof DSAKey) {
return "DSA";
} else {
throw new IllegalArgumentException("Cannot determine digital signature encryption type for unknown key type: " + signingKey.getClass().getCanonicalName());
}
}
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
public RsaSigner(SignatureAlgorithm alg, Key key) {
super(alg, key);
// https://github.com/jwtk/jjwt/issues/68
// Instead of checking for an instance of RSAPrivateKey, check for PrivateKey and RSAKey:
if (!(key instanceof PrivateKey && key instanceof RSAKey)) {
String msg = "RSA signatures must be computed using an RSA PrivateKey. The specified key of type " +
key.getClass().getName() + " is not an RSA PrivateKey.";
throw new IllegalArgumentException(msg);
}
}
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
@Override
protected int engineGetKeySize(Key key) throws InvalidKeyException {
if (!(key instanceof RSAKey)) {
throw new InvalidKeyException("RSAKey required. Got: " +
key.getClass().getName());
}
int n = ((RSAKey)key).getModulus().bitLength();
// strip off the leading extra 0x00 byte prefix
int realByteSize = (n + 7) >> 3;
return realByteSize * 8;
}
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
/**
* Gets the APK Signature Scheme v2 signature algorithms to be used for signing an APK using the
* provided key.
*
* @param minSdkVersion minimum API Level of the platform on which the APK may be installed (see
* AndroidManifest.xml minSdkVersion attribute).
*
* @throws InvalidKeyException if the provided key is not suitable for signing APKs using
* APK Signature Scheme v2
*/
public static List<SignatureAlgorithm> getSuggestedSignatureAlgorithms(
PublicKey signingKey, int minSdkVersion) throws InvalidKeyException {
String keyAlgorithm = signingKey.getAlgorithm();
if ("RSA".equalsIgnoreCase(keyAlgorithm)) {
// Use RSASSA-PKCS1-v1_5 signature scheme instead of RSASSA-PSS to guarantee
// deterministic signatures which make life easier for OTA updates (fewer files
// changed when deterministic signature schemes are used).
// Pick a digest which is no weaker than the key.
int modulusLengthBits = ((RSAKey) signingKey).getModulus().bitLength();
if (modulusLengthBits <= 3072) {
// 3072-bit RSA is roughly 128-bit strong, meaning SHA-256 is a good fit.
return Collections.singletonList(SignatureAlgorithm.RSA_PKCS1_V1_5_WITH_SHA256);
} else {
// Keys longer than 3072 bit need to be paired with a stronger digest to avoid the
// digest being the weak link. SHA-512 is the next strongest supported digest.
return Collections.singletonList(SignatureAlgorithm.RSA_PKCS1_V1_5_WITH_SHA512);
}
} else if ("DSA".equalsIgnoreCase(keyAlgorithm)) {
// DSA is supported only with SHA-256.
return Collections.singletonList(SignatureAlgorithm.DSA_WITH_SHA256);
} else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
// Pick a digest which is no weaker than the key.
int keySizeBits = ((ECKey) signingKey).getParams().getOrder().bitLength();
if (keySizeBits <= 256) {
// 256-bit Elliptic Curve is roughly 128-bit strong, meaning SHA-256 is a good fit.
return Collections.singletonList(SignatureAlgorithm.ECDSA_WITH_SHA256);
} else {
// Keys longer than 256 bit need to be paired with a stronger digest to avoid the
// digest being the weak link. SHA-512 is the next strongest supported digest.
return Collections.singletonList(SignatureAlgorithm.ECDSA_WITH_SHA512);
}
} else {
throw new InvalidKeyException("Unsupported key algorithm: " + keyAlgorithm);
}
}
private static Algorithm getAlgorithm(String algo, String key, boolean IsKeyASignerKey)
throws IllegalArgumentException, UnsupportedEncodingException {
if (algo.equals(HS256.getAlgorithm())) {
return Algorithm.HMAC256(key);
}
if (algo.equals(HS384.getAlgorithm())) {
return Algorithm.HMAC384(key);
}
if (algo.equals(HS512.getAlgorithm())) {
return Algorithm.HMAC512(key);
}
if (algo.equals(ES256.getAlgorithm())) {
return Algorithm.ECDSA256((ECKey) getKeyInstance(key, "EC", IsKeyASignerKey));
}
if (algo.equals(ES384.getAlgorithm())) {
return Algorithm.ECDSA384((ECKey) getKeyInstance(key, "EC", IsKeyASignerKey));
}
if (algo.equals(ES512.getAlgorithm())) {
return Algorithm.ECDSA512((ECKey) getKeyInstance(key, "EC",IsKeyASignerKey));
}
if (algo.equals(RS256.getAlgorithm())) {
return Algorithm.RSA256((RSAKey) getKeyInstance(key, "RSA", IsKeyASignerKey));
}
if (algo.equals(RS384.getAlgorithm())) {
return Algorithm.RSA384((RSAKey) getKeyInstance(key, "RSA", IsKeyASignerKey));
}
if (algo.equals(RS512.getAlgorithm())) {
return Algorithm.RSA512((RSAKey) getKeyInstance(key, "RSA", IsKeyASignerKey));
}
return Algorithm.none();
}
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}
/**
* Return the length of the key in bits.
*
* @param key the key
* @return the length in bites of the provided key.
*/
public static int getKeyLength(Key key) {
if (key instanceof ECKey) {
int bytes;
if (key instanceof ECPublicKey) {
ECPublicKey ecPublicKey = (ECPublicKey) key;
bytes = ecPublicKey.getW().getAffineX().toByteArray().length;
} else {
ECPrivateKey ecPrivateKey = (ECPrivateKey) key;
bytes = ecPrivateKey.getS().toByteArray().length;
}
if (bytes >= 63 && bytes <= 66) {
return 521;
}
// If bytes is not a multiple of 8, add one byte
if (bytes % 8 != 0) {
bytes = bytes + 1;
}
return ((bytes / 8) * 8) * 8;
} else if (key instanceof RSAKey) {
return ((RSAKey) key).getModulus().bitLength();
}
throw new IllegalArgumentException();
}
/**
* Sets the path to a PKCS8 PEM file containing the RSA private key to use for signing tokens asserting the
* registration status of devices.
*
* @param keyPath The absolute path to the file.
* @throws NullPointerException if the path is {@code null}.
* @throws IllegalArgumentException if the key cannot be read from the file.
*/
protected final void setPrivateKey(final String keyPath) {
Objects.requireNonNull(keyPath);
key = KeyLoader.fromFiles(vertx, keyPath, null).getPrivateKey();
if (key == null) {
throw new IllegalArgumentException("cannot load private key: " + keyPath);
} else if (key instanceof ECKey) {
algorithm = SignatureAlgorithm.ES256;
} else if (key instanceof RSAKey) {
algorithm = SignatureAlgorithm.RS256;
} else {
throw new IllegalArgumentException("unsupported private key type: " + key.getClass());
}
}
/**
* Sets the path to a PEM file containing a certificate holding a public key to use for validating the signature of
* tokens asserting the registration status of devices.
*
* @param keyPath The absolute path to the file.
* @throws NullPointerException if the path is {@code null}.
* @throws IllegalArgumentException if the key cannot be read from the file.
*/
protected final void setPublicKey(final String keyPath) {
Objects.requireNonNull(keyPath);
key = KeyLoader.fromFiles(vertx, null, keyPath).getPublicKey();
if (key == null) {
throw new IllegalArgumentException("cannot load public key: " + keyPath);
} else if (key instanceof ECKey) {
algorithm = SignatureAlgorithm.ES256;
} else if (key instanceof RSAKey) {
algorithm = SignatureAlgorithm.RS256;
} else {
throw new IllegalArgumentException("unsupported public key type: " + key.getClass());
}
}
/**
* @param kpair test key pair.
* @return true if test passed. false if test failed.
*/
private static boolean sizeTest(KeyPair kpair) {
RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
System.err.println("priv.getModulus() = " + priv.getModulus());
System.err.println("pub.getModulus() = " + pub.getModulus());
return false;
}
}
return true;
}