下面列出了怎么用org.bouncycastle.crypto.params.RSAKeyParameters的API类实例代码及写法,或者点击链接到github查看源代码。
private KeyPair createKeyPair() throws InvalidKeySpecException, NoSuchAlgorithmException {
final RSAKeyPairGenerator gen = new RSAKeyPairGenerator();
gen.init(new RSAKeyGenerationParameters(BigInteger.valueOf(3), new SecureRandom(), 1024, 80));
final AsymmetricCipherKeyPair keypair = gen.generateKeyPair();
final RSAKeyParameters publicKey = (RSAKeyParameters) keypair.getPublic();
final RSAPrivateCrtKeyParameters privateKey = (RSAPrivateCrtKeyParameters) keypair.getPrivate();
final PublicKey pubKey = KeyFactory.getInstance("RSA").generatePublic(
new RSAPublicKeySpec(publicKey.getModulus(), publicKey.getExponent()));
final PrivateKey privKey = KeyFactory.getInstance("RSA").generatePrivate(
new RSAPrivateCrtKeySpec(publicKey.getModulus(), publicKey.getExponent(),
privateKey.getExponent(), privateKey.getP(), privateKey.getQ(),
privateKey.getDP(), privateKey.getDQ(), privateKey.getQInv()));
return new KeyPair(pubKey, privKey);
}
@Override
public KeyPair rsaGenerate() {
RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
keyGen.init(new RSAKeyGenerationParameters(E, new SecureRandom(), RSA_KEY_SIZE,
PrimeCertaintyCalculator.getDefaultCertainty(RSA_KEY_SIZE)));
AsymmetricCipherKeyPair pair = keyGen.generateKeyPair();
RSAKeyParameters pub = (RSAKeyParameters) pair.getPublic();
RSAPrivateCrtKeyParameters priv = (RSAPrivateCrtKeyParameters) pair.getPrivate();
// As in BCRSAPrivateKey / BCRSAPublicKey
AlgorithmIdentifier algo = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
byte[] publicKey = KeyUtil.getEncodedSubjectPublicKeyInfo(algo, new RSAPublicKey(pub.getModulus(),
pub.getExponent()));
byte[] privateKey = KeyUtil.getEncodedPrivateKeyInfo(algo, new RSAPrivateKey(priv.getModulus(),
priv.getPublicExponent(), priv.getExponent(), priv.getP(), priv.getQ(), priv.getDP(), priv.getDQ(),
priv.getQInv()));
return new KeyPair(privateKey, publicKey);
}
/**
* Get the key size of a key represented by key parameters.
*
* @param keyParams The key parameters
* @return The key size, {@link #UNKNOWN_KEY_SIZE} if not known
*/
public static int getKeyLength(AsymmetricKeyParameter keyParams)
{
if (keyParams instanceof RSAKeyParameters)
{
return ((RSAKeyParameters) keyParams).getModulus().bitLength();
}
else if (keyParams instanceof DSAKeyParameters)
{
return ((DSAKeyParameters) keyParams).getParameters().getP().bitLength();
}
else if (keyParams instanceof DHKeyParameters)
{
return ((DHKeyParameters) keyParams).getParameters().getP().bitLength();
}
else if (keyParams instanceof ECKeyParameters)
{
// TODO: how to get key length from these?
return UNKNOWN_KEY_SIZE;
}
LOG.warning("Don't know how to get key size from parameters " + keyParams);
return UNKNOWN_KEY_SIZE;
}
/**
* Get the key size of a key represented by key parameters.
*
* @param keyParams The key parameters
* @return The key size, {@link #UNKNOWN_KEY_SIZE} if not known
*/
public static int getKeyLength(AsymmetricKeyParameter keyParams)
{
if (keyParams instanceof RSAKeyParameters)
{
return ((RSAKeyParameters) keyParams).getModulus().bitLength();
}
else if (keyParams instanceof DSAKeyParameters)
{
return ((DSAKeyParameters) keyParams).getParameters().getP().bitLength();
}
else if (keyParams instanceof DHKeyParameters)
{
return ((DHKeyParameters) keyParams).getParameters().getP().bitLength();
}
else if (keyParams instanceof ECKeyParameters)
{
// TODO: how to get key length from these?
return UNKNOWN_KEY_SIZE;
}
_logger.warn("Don't know how to get key size from parameters " + keyParams);
return UNKNOWN_KEY_SIZE;
}
public static PrivateKey getPrivateKeyFromKeyPair(AsymmetricCipherKeyPair keyPair) throws Exception {
Security.addProvider(new BouncyCastleProvider());
RSAPrivateCrtKeyParameters privateKey = (RSAPrivateCrtKeyParameters)keyPair.getPrivate();
RSAKeyParameters publicKey = (RSAKeyParameters)keyPair.getPublic();
return KeyFactory.getInstance("RSA").generatePrivate(
new RSAPrivateCrtKeySpec(privateKey.getModulus(), publicKey.getExponent(), privateKey.getExponent(), privateKey.getP(), privateKey.getQ(), privateKey.getDP(), privateKey.getDQ(),
privateKey.getQInv()));
}
private X509Certificate createCert(KeyPair keyPair, String signatureAlgoritm, String domainName)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, OperatorCreationException, CertificateException, IOException {
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgoritm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BcContentSignerBuilder sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
ASN1InputStream publicKeyStream = new ASN1InputStream(rsaPublicKey.getEncoded());
SubjectPublicKeyInfo pubKey = SubjectPublicKeyInfo.getInstance(publicKeyStream.readObject());
publicKeyStream.close();
X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(
new X500Name("CN=" + domainName + ", OU=None, O=None L=None, C=None"),
BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())),
new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)),
new X500Name("CN=" + domainName + ", OU=None, O=None L=None, C=None"),
pubKey);
RSAKeyParameters keyParams = new RSAKeyParameters(true, rsaPrivateKey.getPrivateExponent(), rsaPrivateKey.getModulus());
ContentSigner contentSigner = sigGen.build(keyParams);
X509CertificateHolder certificateHolder = v3CertBuilder.build(contentSigner);
JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter().setProvider("BC");
return certConverter.getCertificate(certificateHolder);
}
private static String doSign(byte[] message, String instanceKeyPem) throws CryptoException {
RSAPrivateKeySpec privateKey = PemObject.fromKey(instanceKeyPem).getRSAKeySpec();
PSSSigner signer = new PSSSigner(new RSAEngine(), new SHA256Digest(), SALT_LENGTH);
signer.init(true, new RSAKeyParameters(true, privateKey.getModulus(), privateKey.getPrivateExponent()));
signer.update(message, 0, message.length);
byte[] signature = signer.generateSignature();
return Base64Utils.encodeToUrlSafeString(signature);
}
private ContentSigner createSigner(KeyPair keyPair) throws PropertyConfigurationException, OperatorCreationException {
ContentSigner signer;
String hashAlgo = propertyConfigurationService.getConfigValue(CERT_HASH_ALGORITHM);
if (keyPair.getPrivate() instanceof RSAPrivateKey) {
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(hashAlgo + "withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(
new RSAKeyParameters(true, privateKey.getModulus(), privateKey.getPrivateExponent())
);
} else {
throw new KeyGenerationRuntimeException("Unsupported key type");
}
return signer;
}
public static PublicKey getRSAPublicKey(byte[] encodedPubKey) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
RSAPublicKey pubKey8 = RSAPublicKey.getInstance(encodedPubKey);
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false, pubKey8.getModulus(), pubKey8.getPublicExponent()));
X509EncodedKeySpec spec = new X509EncodedKeySpec(info.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(spec);
}
public static RSAKeyParameters generateRSAPrivateKeyParameter(RSAPrivateKey key) {
Args.notNull(key, "key");
if (key instanceof RSAPrivateCrtKey) {
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
return new RSAPrivateCrtKeyParameters(rsaKey.getModulus(), rsaKey.getPublicExponent(),
rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(),
rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
} else {
return new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent());
}
}
public static AsymmetricKeyParameter generatePublicKeyParameter(PublicKey key)
throws InvalidKeyException {
Args.notNull(key, "key");
if (key instanceof RSAPublicKey) {
RSAPublicKey rsaKey = (RSAPublicKey) key;
return new RSAKeyParameters(false, rsaKey.getModulus(), rsaKey.getPublicExponent());
} else if (key instanceof ECPublicKey) {
return ECUtil.generatePublicKeyParameter(key);
} else if (key instanceof DSAPublicKey) {
return DSAUtil.generatePublicKeyParameter(key);
} else if (key instanceof XDHKey || key instanceof EdDSAKey) {
byte[] encoded = key.getEncoded();
String algorithm = key.getAlgorithm().toUpperCase();
if (EdECConstants.X25519.equals(algorithm)) {
return new X25519PublicKeyParameters(encoded, encoded.length - 32);
} else if (EdECConstants.ED25519.equals(algorithm)) {
return new Ed25519PublicKeyParameters(encoded, encoded.length - 32);
} else if (EdECConstants.X448.equals(algorithm)) {
return new X448PublicKeyParameters(encoded, encoded.length - 56);
} else if (EdECConstants.ED448.equals(algorithm)) {
return new Ed448PublicKeyParameters(encoded, encoded.length - 57);
} else {
throw new InvalidKeyException("unknown Edwards key " + algorithm);
}
} else {
throw new InvalidKeyException("unknown key " + key.getClass().getName());
}
}
private static AsymmetricKeyParameter generatePublicKeyParameter(PublicKey key)
throws InvalidKeyException {
Args.notNull(key, "key");
if (key instanceof RSAPublicKey) {
RSAPublicKey rsaKey = (RSAPublicKey) key;
return new RSAKeyParameters(false, rsaKey.getModulus(), rsaKey.getPublicExponent());
} else if (key instanceof ECPublicKey) {
return ECUtil.generatePublicKeyParameter(key);
} else if (key instanceof DSAPublicKey) {
return DSAUtil.generatePublicKeyParameter(key);
} else {
throw new InvalidKeyException("unknown key " + key.getClass().getName());
}
}
/**
* Sign function signs a Certificate.
* @param config - Security Config.
* @param caPrivate - CAs private Key.
* @param caCertificate - CA Certificate.
* @param validFrom - Begin Da te
* @param validTill - End Date
* @param certificationRequest - Certification Request.
* @param scmId - SCM id.
* @param clusterId - Cluster id.
* @return Signed Certificate.
* @throws IOException - On Error
* @throws OperatorCreationException - on Error.
*/
@SuppressWarnings("ParameterNumber")
public X509CertificateHolder sign(
SecurityConfig config,
PrivateKey caPrivate,
X509CertificateHolder caCertificate,
Date validFrom,
Date validTill,
PKCS10CertificationRequest certificationRequest,
String scmId,
String clusterId) throws IOException, OperatorCreationException {
AlgorithmIdentifier sigAlgId = new
DefaultSignatureAlgorithmIdentifierFinder().find(
config.getSignatureAlgo());
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder()
.find(sigAlgId);
AsymmetricKeyParameter asymmetricKP = PrivateKeyFactory.createKey(caPrivate
.getEncoded());
SubjectPublicKeyInfo keyInfo =
certificationRequest.getSubjectPublicKeyInfo();
// Get scmId and cluster Id from subject name.
X500Name x500Name = certificationRequest.getSubject();
String csrScmId = x500Name.getRDNs(BCStyle.OU)[0].getFirst().getValue().
toASN1Primitive().toString();
String csrClusterId = x500Name.getRDNs(BCStyle.O)[0].getFirst().getValue().
toASN1Primitive().toString();
if (!scmId.equals(csrScmId) || !clusterId.equals(csrClusterId)) {
if (csrScmId.equalsIgnoreCase("null") &&
csrClusterId.equalsIgnoreCase("null")) {
// Special case to handle DN certificate generation as DN might not know
// scmId and clusterId before registration. In secure mode registration
// will succeed only after datanode has a valid certificate.
String cn = x500Name.getRDNs(BCStyle.CN)[0].getFirst().getValue()
.toASN1Primitive().toString();
x500Name = SecurityUtil.getDistinguishedName(cn, scmId, clusterId);
} else {
// Throw exception if scmId and clusterId doesn't match.
throw new SCMSecurityException("ScmId and ClusterId in CSR subject" +
" are incorrect.");
}
}
RSAKeyParameters rsa =
(RSAKeyParameters) PublicKeyFactory.createKey(keyInfo);
if (rsa.getModulus().bitLength() < config.getSize()) {
throw new SCMSecurityException("Key size is too small in certificate " +
"signing request");
}
X509v3CertificateBuilder certificateGenerator =
new X509v3CertificateBuilder(
caCertificate.getSubject(),
// Serial is not sequential but it is monotonically increasing.
BigInteger.valueOf(Time.monotonicNowNanos()),
validFrom,
validTill,
x500Name, keyInfo);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
.build(asymmetricKP);
return certificateGenerator.build(sigGen);
}
public static PublicKey getPublicKeyFromKeyPair(AsymmetricCipherKeyPair keyPair) throws Exception {
Security.addProvider(new BouncyCastleProvider());
RSAKeyParameters publicKey = (RSAKeyParameters)keyPair.getPublic();
return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(publicKey.getModulus(), publicKey.getExponent()));
}
public RSAKeyParameters getPublicKey() {
return new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent());
}
@Override
protected boolean removeEldestEntry(Map.Entry<String, RSAKeyParameters> eldest) {
return size() > MAX_CACHE_SIZE;
}
@Override
public Object apply(WarpScriptStack stack) throws WarpScriptException {
Object top = stack.pop();
if (!(top instanceof Long)) {
throw new WarpScriptException(getName() + " expects a key length.");
}
int strength = ((Number) top).intValue();
top = stack.pop();
BigInteger exponent = new BigInteger(top.toString());
RSAKeyPairGenerator gen = new RSAKeyPairGenerator();
// For explanation of 'certainty', refer to http://bouncy-castle.1462172.n4.nabble.com/Questions-about-RSAKeyGenerationParameters-td1463186.html
RSAKeyGenerationParameters params = new RSAKeyGenerationParameters(exponent, CryptoHelper.getSecureRandom(), strength, 64);
gen.init(params);
final AsymmetricCipherKeyPair keypair = gen.generateKeyPair();
Map<String,String> keyparams = new HashMap<String,String>();
keyparams.put(Constants.KEY_MODULUS, ((RSAKeyParameters) keypair.getPrivate()).getModulus().toString());
keyparams.put(Constants.KEY_ALGORITHM, "RSA");
keyparams.put(Constants.KEY_EXPONENT, ((RSAKeyParameters) keypair.getPrivate()).getExponent().toString());
stack.push(keyparams);
keyparams = new HashMap<String,String>();
keyparams.put(Constants.KEY_MODULUS, ((RSAKeyParameters) keypair.getPublic()).getModulus().toString());
keyparams.put(Constants.KEY_ALGORITHM, "RSA");
keyparams.put(Constants.KEY_EXPONENT, ((RSAKeyParameters) keypair.getPublic()).getExponent().toString());
stack.push(keyparams);
return stack;
}