类java.security.KeyStore.SecretKeyEntry源码实例Demo

下面列出了怎么用java.security.KeyStore.SecretKeyEntry的API类实例代码及写法,或者点击链接到github查看源代码。

源代码1 项目: android_9.0.0_r45   文件: ApplicationKeyStorage.java
public void setSymmetricKeyEntry(int userId, int uid, String alias, byte[] secretKey)
        throws KeyStoreException {
    Log.i(TAG, String.format(Locale.US, "Set %d/%d/%s: %d bytes of key material",
            userId, uid, alias, secretKey.length));
    try {
        mKeyStore.setEntry(
            getInternalAlias(userId, uid, alias),
            new SecretKeyEntry(
                new SecretKeySpec(secretKey, KeyProperties.KEY_ALGORITHM_AES)),
            new KeyProtection.Builder(
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                .build());
    } catch (KeyStoreException e) {
        throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
    }
}
 
源代码2 项目: lams   文件: KeyStoreCredentialResolver.java
/**
 * Build a credential instance from the key store entry.
 * 
 * @param keyStoreEntry the key store entry to process
 * @param entityID the entityID to include in the credential
 * @param usage the usage type to include in the credential
 * @return the new credential instance, appropriate to the type of key store entry being processed
 * @throws SecurityException throw if there is a problem building a credential from the key store entry
 */
protected Credential buildCredential(KeyStore.Entry keyStoreEntry, String entityID, UsageType usage)
        throws SecurityException {

    log.debug("Building credential from keystore entry for entityID {}, usage type {}", entityID, usage);

    Credential credential = null;
    if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
        credential = processPrivateKeyEntry((KeyStore.PrivateKeyEntry) keyStoreEntry, entityID, keystoreUsage);
    } else if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
        credential = processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) keyStoreEntry, entityID,
                keystoreUsage);
    } else if (keyStoreEntry instanceof KeyStore.SecretKeyEntry) {
        credential = processSecretKeyEntry((KeyStore.SecretKeyEntry) keyStoreEntry, entityID, keystoreUsage);
    } else {
        throw new SecurityException("KeyStore entry was of an unsupported type: "
                + keyStoreEntry.getClass().getName());
    }
    return credential;
}
 
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
        if (materials.encryptionEntry instanceof SecretKeyEntry) {
            return materials.symRawMaterials;
        } else {
            try {
                return makeAsymMaterials(materials, context.getMaterialDescription());
            } catch (GeneralSecurityException ex) {
                throw new DynamoDBMappingException("Unable to decrypt envelope key", ex);
            }
        }
    } else {
        return null;
    }
}
 
public CurrentMaterials(Entry encryptionEntry, Entry signingEntry) {
    super();
    this.encryptionEntry = encryptionEntry;
    this.signingEntry = signingEntry;

    if (encryptionEntry instanceof SecretKeyEntry) {
        if (signingEntry instanceof SecretKeyEntry) {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    ((SecretKeyEntry) signingEntry).getSecretKey(),
                    description);
        } else {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    entry2Pair(signingEntry),
                    description);
        }
    } else {
        this.symRawMaterials = null;
    }
}
 
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
        if (materials.encryptionEntry instanceof SecretKeyEntry) {
            return materials.symRawMaterials;
        } else {
            try {
                return makeAsymMaterials(materials, context.getMaterialDescription());
            } catch (GeneralSecurityException ex) {
                throw new DynamoDbEncryptionException("Unable to decrypt envelope key", ex);
            }
        }
    } else {
        return null;
    }
}
 
public CurrentMaterials(Entry encryptionEntry, Entry signingEntry) {
    super();
    this.encryptionEntry = encryptionEntry;
    this.signingEntry = signingEntry;

    if (encryptionEntry instanceof SecretKeyEntry) {
        if (signingEntry instanceof SecretKeyEntry) {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    ((SecretKeyEntry) signingEntry).getSecretKey(),
                    description);
        } else {
            this.symRawMaterials = new SymmetricRawMaterials(
                    ((SecretKeyEntry) encryptionEntry).getSecretKey(),
                    entry2Pair(signingEntry),
                    description);
        }
    } else {
        this.symRawMaterials = null;
    }
}
 
源代码7 项目: fido2   文件: Main.java
private static void listaccesskeys(String keystorelocation, String password) throws Exception {
    KeyStore keystore = KeyStore.getInstance("BCFKS", BC_FIPS_PROVIDER);
    keystore.load(new FileInputStream(keystorelocation), password.toCharArray());
    java.util.SortedSet<String> hsmobj = new java.util.TreeSet<>();
    for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements();) {
        hsmobj.add(e.nextElement());
    }
    System.out.println("===> Objects in keystore:");
    for (String s : hsmobj) {
        if (keystore.entryInstanceOf(s, SecretKeyEntry.class)) {
            System.out.println(String.format("%-24s %-20s %-48s", s, "SecretKey", "created on " + keystore.getCreationDate(s)));
        }
    }
}
 
源代码8 项目: presto   文件: KeyStoreUtils.java
public static String readEntity(KeyStore keyStore, String entityAlias, String entityPassword)
        throws GeneralSecurityException
{
    SecretKeyEntry secretKeyEntry = (SecretKeyEntry) keyStore.getEntry(entityAlias, new PasswordProtection(entityPassword.toCharArray()));

    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
    PBEKeySpec keySpec = (PBEKeySpec) factory.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class);

    return new String(keySpec.getPassword());
}
 
源代码9 项目: lams   文件: KeyStoreCredentialResolver.java
/**
 * Build a Credential from a keystore secret key entry.
 * 
 * @param secretKeyEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new Credential instance
 */
protected Credential processSecretKeyEntry(SecretKeyEntry secretKeyEntry, String entityID, UsageType usage) {
    log.debug("Processing SecretKeyEntry from keystore");

    BasicCredential credential = new BasicCredential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    credential.setSecretKey(secretKeyEntry.getSecretKey());

    return credential;
}
 
源代码10 项目: balzac   文件: ECKeyStore.java
public String addKey(PrivateKey key) throws KeyStoreException {
    String keyID = getUniqueID(key);
    SecretKey secretKey = new SecretKeySpec(key.getBytes(), "EC");
    SecretKeyEntry kEntry = new SecretKeyEntry(secretKey);
    ks.setEntry(keyID, kEntry, new PasswordProtection(password));
    netwotkTypeMap.put(keyID, key.getNetworkType());
    return keyID;
}
 
源代码11 项目: aws-encryption-sdk-java   文件: KeyStoreProvider.java
private JceMasterKey internalGetMasterKey(final String provider, final String keyId) {
    final Entry entry;
    try {
        entry = keystore_.getEntry(keyId, keystore_.isKeyEntry(keyId) ? protection_ : null);
    } catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
        throw new UnsupportedProviderException(e);
    }
    if (entry == null) {
        throw new NoSuchMasterKeyException();
    }
    if (entry instanceof SecretKeyEntry) {
        final SecretKeyEntry skEntry = (SecretKeyEntry) entry;
        if (!skEntry.getSecretKey().getAlgorithm().equals(keyAlgorithm_)) {
            return null;
        }
        return JceMasterKey.getInstance(skEntry.getSecretKey(), provider, keyId, wrappingAlgorithm_);
    } else if (entry instanceof PrivateKeyEntry) {
        final PrivateKeyEntry pkEntry = (PrivateKeyEntry) entry;
        if (!pkEntry.getPrivateKey().getAlgorithm().equals(keyAlgorithm_)) {
            return null;
        }
        return JceMasterKey.getInstance(pkEntry.getCertificate().getPublicKey(), pkEntry.getPrivateKey(), provider,
                keyId, wrappingAlgorithm_);
    } else if (entry instanceof TrustedCertificateEntry) {
        final TrustedCertificateEntry certEntry = (TrustedCertificateEntry) entry;
        if (!certEntry.getTrustedCertificate().getPublicKey().getAlgorithm().equals(keyAlgorithm_)) {
            return null;
        }
        return JceMasterKey.getInstance(certEntry.getTrustedCertificate().getPublicKey(), null, provider, keyId,
                wrappingAlgorithm_);
    } else {
        throw new NoSuchMasterKeyException();
    }
}
 
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (materials.encryptionEntry instanceof SecretKeyEntry) {
        return materials.symRawMaterials;
    } else {
        try {
            return makeAsymMaterials(materials, description);
        } catch (GeneralSecurityException ex) {
            throw new DynamoDBMappingException("Unable to encrypt envelope key", ex);
        }
    }
}
 
private AsymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials,
        Map<String, String> description) throws GeneralSecurityException {
    KeyPair encryptionPair = entry2Pair(materials.encryptionEntry);
    if (materials.signingEntry instanceof SecretKeyEntry) {
        return new AsymmetricRawMaterials(encryptionPair,
                ((SecretKeyEntry) materials.signingEntry).getSecretKey(), description);
    } else {
        return new AsymmetricRawMaterials(encryptionPair, entry2Pair(materials.signingEntry),
                description);
    }
}
 
@BeforeClass
public static void setUpBeforeClass() throws Exception {

    KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256");
    macGen.init(256, Utils.getRng());
    macKey = macGen.generateKey();

    KeyGenerator aesGen = KeyGenerator.getInstance("AES");
    aesGen.init(128, Utils.getRng());
    encryptionKey = aesGen.generateKey();

    keyStore = KeyStore.getInstance("jceks");
    keyStore.load(null, password.toCharArray());

    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.decode(keyPem));
    privateKey = kf.generatePrivate(rsaSpec);
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.decode(certPem)));


    keyStore.setEntry("enc", new SecretKeyEntry(encryptionKey), passwordProtection);
    keyStore.setEntry("sig", new SecretKeyEntry(macKey), passwordProtection);
    keyStore.setEntry("enc-a", new PrivateKeyEntry(privateKey, new Certificate[]{certificate}), passwordProtection);
    keyStore.setEntry("sig-a", new PrivateKeyEntry(privateKey, new Certificate[]{certificate}), passwordProtection);
    keyStore.setCertificateEntry("trustedCert", certificate);
}
 
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
    CurrentMaterials materials = currMaterials.get();
    if (materials.encryptionEntry instanceof SecretKeyEntry) {
        return materials.symRawMaterials;
    } else {
        try {
            return makeAsymMaterials(materials, description);
        } catch (GeneralSecurityException ex) {
            throw new DynamoDbEncryptionException("Unable to encrypt envelope key", ex);
        }
    }
}
 
private AsymmetricRawMaterials makeAsymMaterials(CurrentMaterials materials,
        Map<String, String> description) throws GeneralSecurityException {
    KeyPair encryptionPair = entry2Pair(materials.encryptionEntry);
    if (materials.signingEntry instanceof SecretKeyEntry) {
        return new AsymmetricRawMaterials(encryptionPair,
                ((SecretKeyEntry) materials.signingEntry).getSecretKey(), description);
    } else {
        return new AsymmetricRawMaterials(encryptionPair, entry2Pair(materials.signingEntry),
                description);
    }
}
 
@BeforeClass
public static void setUpBeforeClass() throws Exception {
    
    KeyGenerator macGen = KeyGenerator.getInstance("HmacSHA256");
    macGen.init(256, Utils.getRng());
    macKey = macGen.generateKey();
    
    KeyGenerator aesGen = KeyGenerator.getInstance("AES");
    aesGen.init(128, Utils.getRng());
    encryptionKey = aesGen.generateKey();
    
    keyStore = KeyStore.getInstance("jceks");
    keyStore.load(null, password.toCharArray());
    
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec rsaSpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(keyPem));
    privateKey = kf.generatePrivate(rsaSpec);
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    certificate = cf.generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(certPem)));
    
    
    keyStore.setEntry("enc", new SecretKeyEntry(encryptionKey), passwordProtection);
    keyStore.setEntry("sig", new SecretKeyEntry(macKey), passwordProtection);
    keyStore.setEntry("enc-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection);
    keyStore.setEntry("sig-a", new PrivateKeyEntry(privateKey, new Certificate[] {certificate}), passwordProtection);
    keyStore.setCertificateEntry("trustedCert", certificate);
}
 
 类所在包
 同包方法