下面列出了怎么用java.security.KeyStore.SecretKeyEntry的API类实例代码及写法,或者点击链接到github查看源代码。
public void setSymmetricKeyEntry(int userId, int uid, String alias, byte[] secretKey)
throws KeyStoreException {
Log.i(TAG, String.format(Locale.US, "Set %d/%d/%s: %d bytes of key material",
userId, uid, alias, secretKey.length));
try {
mKeyStore.setEntry(
getInternalAlias(userId, uid, alias),
new SecretKeyEntry(
new SecretKeySpec(secretKey, KeyProperties.KEY_ALGORITHM_AES)),
new KeyProtection.Builder(
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build());
} catch (KeyStoreException e) {
throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
}
}
/**
* Build a credential instance from the key store entry.
*
* @param keyStoreEntry the key store entry to process
* @param entityID the entityID to include in the credential
* @param usage the usage type to include in the credential
* @return the new credential instance, appropriate to the type of key store entry being processed
* @throws SecurityException throw if there is a problem building a credential from the key store entry
*/
protected Credential buildCredential(KeyStore.Entry keyStoreEntry, String entityID, UsageType usage)
throws SecurityException {
log.debug("Building credential from keystore entry for entityID {}, usage type {}", entityID, usage);
Credential credential = null;
if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
credential = processPrivateKeyEntry((KeyStore.PrivateKeyEntry) keyStoreEntry, entityID, keystoreUsage);
} else if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
credential = processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) keyStoreEntry, entityID,
keystoreUsage);
} else if (keyStoreEntry instanceof KeyStore.SecretKeyEntry) {
credential = processSecretKeyEntry((KeyStore.SecretKeyEntry) keyStoreEntry, entityID, keystoreUsage);
} else {
throw new SecurityException("KeyStore entry was of an unsupported type: "
+ keyStoreEntry.getClass().getName());
}
return credential;
}
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials, context.getMaterialDescription());
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to decrypt envelope key", ex);
}
}
} else {
return null;
}
}
public CurrentMaterials(Entry encryptionEntry, Entry signingEntry) {
super();
this.encryptionEntry = encryptionEntry;
this.signingEntry = signingEntry;
if (encryptionEntry instanceof SecretKeyEntry) {
if (signingEntry instanceof SecretKeyEntry) {
this.symRawMaterials = new SymmetricRawMaterials(
((SecretKeyEntry) encryptionEntry).getSecretKey(),
((SecretKeyEntry) signingEntry).getSecretKey(),
description);
} else {
this.symRawMaterials = new SymmetricRawMaterials(
((SecretKeyEntry) encryptionEntry).getSecretKey(),
entry2Pair(signingEntry),
description);
}
} else {
this.symRawMaterials = null;
}
}
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials, context.getMaterialDescription());
} catch (GeneralSecurityException ex) {
throw new DynamoDbEncryptionException("Unable to decrypt envelope key", ex);
}
}
} else {
return null;
}
}
public CurrentMaterials(Entry encryptionEntry, Entry signingEntry) {
super();
this.encryptionEntry = encryptionEntry;
this.signingEntry = signingEntry;
if (encryptionEntry instanceof SecretKeyEntry) {
if (signingEntry instanceof SecretKeyEntry) {
this.symRawMaterials = new SymmetricRawMaterials(
((SecretKeyEntry) encryptionEntry).getSecretKey(),
((SecretKeyEntry) signingEntry).getSecretKey(),
description);
} else {
this.symRawMaterials = new SymmetricRawMaterials(
((SecretKeyEntry) encryptionEntry).getSecretKey(),
entry2Pair(signingEntry),
description);
}
} else {
this.symRawMaterials = null;
}
}
private static void listaccesskeys(String keystorelocation, String password) throws Exception {
KeyStore keystore = KeyStore.getInstance("BCFKS", BC_FIPS_PROVIDER);
keystore.load(new FileInputStream(keystorelocation), password.toCharArray());
java.util.SortedSet<String> hsmobj = new java.util.TreeSet<>();
for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements();) {
hsmobj.add(e.nextElement());
}
System.out.println("===> Objects in keystore:");
for (String s : hsmobj) {
if (keystore.entryInstanceOf(s, SecretKeyEntry.class)) {
System.out.println(String.format("%-24s %-20s %-48s", s, "SecretKey", "created on " + keystore.getCreationDate(s)));
}
}
}
public static String readEntity(KeyStore keyStore, String entityAlias, String entityPassword)
throws GeneralSecurityException
{
SecretKeyEntry secretKeyEntry = (SecretKeyEntry) keyStore.getEntry(entityAlias, new PasswordProtection(entityPassword.toCharArray()));
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
PBEKeySpec keySpec = (PBEKeySpec) factory.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class);
return new String(keySpec.getPassword());
}
/**
* Build a Credential from a keystore secret key entry.
*
* @param secretKeyEntry the entry being processed
* @param entityID the entityID to set
* @param usage the usage type to set
* @return new Credential instance
*/
protected Credential processSecretKeyEntry(SecretKeyEntry secretKeyEntry, String entityID, UsageType usage) {
log.debug("Processing SecretKeyEntry from keystore");
BasicCredential credential = new BasicCredential();
credential.setEntityId(entityID);
credential.setUsageType(usage);
credential.setSecretKey(secretKeyEntry.getSecretKey());
return credential;
}
public String addKey(PrivateKey key) throws KeyStoreException {
String keyID = getUniqueID(key);
SecretKey secretKey = new SecretKeySpec(key.getBytes(), "EC");
SecretKeyEntry kEntry = new SecretKeyEntry(secretKey);
ks.setEntry(keyID, kEntry, new PasswordProtection(password));
netwotkTypeMap.put(keyID, key.getNetworkType());
return keyID;
}
private JceMasterKey internalGetMasterKey(final String provider, final String keyId) {
final Entry entry;
try {
entry = keystore_.getEntry(keyId, keystore_.isKeyEntry(keyId) ? protection_ : null);
} catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
throw new UnsupportedProviderException(e);
}
if (entry == null) {
throw new NoSuchMasterKeyException();
}
if (entry instanceof SecretKeyEntry) {
final SecretKeyEntry skEntry = (SecretKeyEntry) entry;
if (!skEntry.getSecretKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(skEntry.getSecretKey(), provider, keyId, wrappingAlgorithm_);
} else if (entry instanceof PrivateKeyEntry) {
final PrivateKeyEntry pkEntry = (PrivateKeyEntry) entry;
if (!pkEntry.getPrivateKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(pkEntry.getCertificate().getPublicKey(), pkEntry.getPrivateKey(), provider,
keyId, wrappingAlgorithm_);
} else if (entry instanceof TrustedCertificateEntry) {
final TrustedCertificateEntry certEntry = (TrustedCertificateEntry) entry;
if (!certEntry.getTrustedCertificate().getPublicKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(certEntry.getTrustedCertificate().getPublicKey(), null, provider, keyId,
wrappingAlgorithm_);
} else {
throw new NoSuchMasterKeyException();
}
}
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials, description);
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to encrypt envelope key", ex);
}
}
}
private AsymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials,
Map<String, String> description) throws GeneralSecurityException {
KeyPair encryptionPair = entry2Pair(materials.encryptionEntry);
if (materials.signingEntry instanceof SecretKeyEntry) {
return new AsymmetricRawMaterials(encryptionPair,
((SecretKeyEntry) materials.signingEntry).getSecretKey(), description);
} else {
return new AsymmetricRawMaterials(encryptionPair, entry2Pair(materials.signingEntry),
description);
}
}
@BeforeClass
public static void setUpBeforeClass() throws Exception {
KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256");
macGen.init(256, Utils.getRng());
macKey = macGen.generateKey();
KeyGenerator aesGen = KeyGenerator.getInstance("AES");
aesGen.init(128, Utils.getRng());
encryptionKey = aesGen.generateKey();
keyStore = KeyStore.getInstance("jceks");
keyStore.load(null, password.toCharArray());
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.decode(keyPem));
privateKey = kf.generatePrivate(rsaSpec);
CertificateFactory cf = CertificateFactory.getInstance("X509");
certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.decode(certPem)));
keyStore.setEntry("enc", new SecretKeyEntry(encryptionKey), passwordProtection);
keyStore.setEntry("sig", new SecretKeyEntry(macKey), passwordProtection);
keyStore.setEntry("enc-a", new PrivateKeyEntry(privateKey, new Certificate[]{certificate}), passwordProtection);
keyStore.setEntry("sig-a", new PrivateKeyEntry(privateKey, new Certificate[]{certificate}), passwordProtection);
keyStore.setCertificateEntry("trustedCert", certificate);
}
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials, description);
} catch (GeneralSecurityException ex) {
throw new DynamoDbEncryptionException("Unable to encrypt envelope key", ex);
}
}
}
private AsymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials,
Map<String, String> description) throws GeneralSecurityException {
KeyPair encryptionPair = entry2Pair(materials.encryptionEntry);
if (materials.signingEntry instanceof SecretKeyEntry) {
return new AsymmetricRawMaterials(encryptionPair,
((SecretKeyEntry) materials.signingEntry).getSecretKey(), description);
} else {
return new AsymmetricRawMaterials(encryptionPair, entry2Pair(materials.signingEntry),
description);
}
}
@BeforeClass
public static void setUpBeforeClass() throws Exception {
KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256");
macGen.init(256, Utils.getRng());
macKey = macGen.generateKey();
KeyGenerator aesGen = KeyGenerator.getInstance("AES");
aesGen.init(128, Utils.getRng());
encryptionKey = aesGen.generateKey();
keyStore = KeyStore.getInstance("jceks");
keyStore.load(null, password.toCharArray());
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(keyPem));
privateKey = kf.generatePrivate(rsaSpec);
CertificateFactory cf = CertificateFactory.getInstance("X509");
certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(certPem)));
keyStore.setEntry("enc", new SecretKeyEntry(encryptionKey), passwordProtection);
keyStore.setEntry("sig", new SecretKeyEntry(macKey), passwordProtection);
keyStore.setEntry("enc-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection);
keyStore.setEntry("sig-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection);
keyStore.setCertificateEntry("trustedCert", certificate);
}