From e670f1fdbc43f0d0854896a1afe2815f8a9f4c87 Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Mon, 11 Apr 2022 15:06:48 +0200 Subject: fixing DOSIPAS algorithm names and supported EC curves --- .../java/org/uic/barcode/utils/SecurityUtils.java | 129 +++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 src/main/java/org/uic/barcode/utils/SecurityUtils.java (limited to 'src/main/java/org/uic/barcode/utils/SecurityUtils.java') diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java new file mode 100644 index 0000000..542208b --- /dev/null +++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java @@ -0,0 +1,129 @@ +package org.uic.barcode.utils; + +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; + +public class SecurityUtils { + + public static KeyFactory findKeyFactory(String oid, byte[] keyBytes) { + + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); + + String name = null; + try { + name = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_KEY_GENERATOR_ALG, oid); + } catch (Exception e2) { + return null; + } + if (name == null || name.length() == 0) { + return null; + } + + KeyFactory keyFactory = null; + + Provider[] provs = Security.getProviders(); + for (Provider provider : provs) { + try { + keyFactory = KeyFactory.getInstance(name,provider); + } catch (NoSuchAlgorithmException e1) { + //try next + } + if (keyFactory != null) { + try { + keyFactory.generatePublic(keySpec); + return keyFactory; + } catch (Exception e) { + //try next + } + } + } + return null; + + } + + + public static Provider findPrivateKeyProvider(PrivateKey key) { + + String name = key.getAlgorithm(); + byte[] keyBytes = key.getEncoded(); + + + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); + + + KeyFactory keyFactory = null; + + Provider[] provs = Security.getProviders(); + for (Provider provider : provs) { + try { + keyFactory = KeyFactory.getInstance(name,provider); + } catch (NoSuchAlgorithmException e1) { + //try next + } + if (keyFactory != null) { + try { + keyFactory.generatePrivate(keySpec); + return provider; + } catch (Exception e) { + provider = null; + //try next + } + } + } + + return null; + } + + + + public static PublicKey convertPublicKey(PublicKey key) { + + + PublicKey publicKey; + try { + publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(key.getEncoded())); + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + return key; + } + + return publicKey; + + } + + + public static PublicKey convert(PublicKey key, Provider provider) { + + PublicKey publicKey; + try { + publicKey = KeyFactory.getInstance("RSA", provider).generatePublic(new X509EncodedKeySpec(key.getEncoded())); + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + return key; + } + + return publicKey; + + + } + + + public static PrivateKey convertPrivateKey(PrivateKey key) { + + + PrivateKey privateKey; + try { + privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())); + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + return key; + } + + return privateKey; + + } +} -- cgit v1.2.3 From 6ef85723cca938e298b318dc6d564318b83ab4ba Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Mon, 11 Apr 2022 16:30:32 +0200 Subject: use one provider only within validation --- .../java/org/uic/barcode/utils/SecurityUtils.java | 77 ++++++++++++++++------ 1 file changed, 58 insertions(+), 19 deletions(-) (limited to 'src/main/java/org/uic/barcode/utils/SecurityUtils.java') diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java index 542208b..af1a65a 100644 --- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java +++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java @@ -4,6 +4,7 @@ import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; +import java.security.Provider.Service; import java.security.PublicKey; import java.security.Security; import java.security.spec.InvalidKeySpecException; @@ -81,28 +82,22 @@ public class SecurityUtils { return null; } - - - public static PublicKey convertPublicKey(PublicKey key) { - - - PublicKey publicKey; - try { - publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(key.getEncoded())); - } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { - return key; - } - - return publicKey; - - } public static PublicKey convert(PublicKey key, Provider provider) { PublicKey publicKey; + KeyFactory keyFactory = null; + try { - publicKey = KeyFactory.getInstance("RSA", provider).generatePublic(new X509EncodedKeySpec(key.getEncoded())); + if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) { + keyFactory = KeyFactory.getInstance("DSA",provider); + } else { + return key; + } + publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(key.getEncoded())); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { return key; } @@ -113,17 +108,61 @@ public class SecurityUtils { } - public static PrivateKey convertPrivateKey(PrivateKey key) { - + public static PrivateKey convert(PrivateKey key, Provider provider) { PrivateKey privateKey; + KeyFactory keyFactory = null; + try { - privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())); + if (key.getAlgorithm() != null && key.getAlgorithm().toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else if (key.getAlgorithm() != null && key.getAlgorithm().length() > 0 ) { + keyFactory = KeyFactory.getInstance("DSA",provider); + } else { + return key; + } + privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { return key; } return privateKey; + + } + + public static Provider findSignatureProvider(byte[] encoded, String oid) { + + KeyFactory keyFactory = null; + String signatureAlgorithmName = null; + + Provider[] provs = Security.getProviders(); + for (Provider provider : provs) { + try { + Service service = provider.getService(AlgorithmNameResolver.TYPE_SIGNATURE_ALG, oid); + if (service != null) { + signatureAlgorithmName = service.getAlgorithm(); + if (signatureAlgorithmName != null && signatureAlgorithmName.length() > 0) { + if (signatureAlgorithmName.toUpperCase().contains("EC") ) { + keyFactory = KeyFactory.getInstance("EC",provider); + } else { + keyFactory = KeyFactory.getInstance("DSA",provider); + } + if (keyFactory != null) { + X509EncodedKeySpec spec = new X509EncodedKeySpec(encoded); + //try to encode the key + keyFactory.generatePublic(spec); + } + } + } + } catch (Exception e1) { + keyFactory = null; + } + if (keyFactory != null) { + return keyFactory.getProvider(); + } + } + + return null; } } -- cgit v1.2.3 From 58bafb860b060c609a01815657b4df22ce8fbffc Mon Sep 17 00:00:00 2001 From: CGantert345 <57003061+CGantert345@users.noreply.github.com> Date: Tue, 12 Apr 2022 12:54:16 +0200 Subject: test on algorithm name resolver --- .../java/org/uic/barcode/utils/SecurityUtils.java | 57 +++++++++++++++++----- 1 file changed, 46 insertions(+), 11 deletions(-) (limited to 'src/main/java/org/uic/barcode/utils/SecurityUtils.java') diff --git a/src/main/java/org/uic/barcode/utils/SecurityUtils.java b/src/main/java/org/uic/barcode/utils/SecurityUtils.java index af1a65a..1fcc18a 100644 --- a/src/main/java/org/uic/barcode/utils/SecurityUtils.java +++ b/src/main/java/org/uic/barcode/utils/SecurityUtils.java @@ -11,22 +11,30 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; +/** + * The Class SecurityUtils. + */ public class SecurityUtils { - public static KeyFactory findKeyFactory(String oid, byte[] keyBytes) { + /** + * Find provider by public key. + * + * @param algorithmOid the algorithm oid used to generate the key + * @param keyBytes the encoded bytes of the public key + * @return the provider + */ + public static Provider findPublicKeyProvider(String keyAlgorithmOid, byte[] keyBytes) { + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); - String name = null; + String name; try { - name = AlgorithmNameResolver.getName(AlgorithmNameResolver.TYPE_KEY_GENERATOR_ALG, oid); + name = AlgorithmNameResolver.getAlgorithmName(AlgorithmNameResolver.TYPE_KEY_GENERATOR_ALG, keyAlgorithmOid, null); } catch (Exception e2) { return null; } - if (name == null || name.length() == 0) { - return null; - } - + KeyFactory keyFactory = null; Provider[] provs = Security.getProviders(); @@ -39,17 +47,23 @@ public class SecurityUtils { if (keyFactory != null) { try { keyFactory.generatePublic(keySpec); - return keyFactory; + return provider; } catch (Exception e) { + provider = null; //try next } } } - return null; - + + return null; } - + /** + * Find private key provider. + * + * @param key the private key + * @return the provider + */ public static Provider findPrivateKeyProvider(PrivateKey key) { String name = key.getAlgorithm(); @@ -84,6 +98,13 @@ public class SecurityUtils { + /** + * Convert. + * + * @param key the key + * @param provider the provider + * @return the public key + */ public static PublicKey convert(PublicKey key, Provider provider) { PublicKey publicKey; @@ -108,6 +129,13 @@ public class SecurityUtils { } + /** + * Convert. + * + * @param key the key + * @param provider the provider + * @return the private key + */ public static PrivateKey convert(PrivateKey key, Provider provider) { PrivateKey privateKey; @@ -131,6 +159,13 @@ public class SecurityUtils { } + /** + * Find signature provider. + * + * @param encoded the encoded + * @param oid the oid + * @return the provider + */ public static Provider findSignatureProvider(byte[] encoded, String oid) { KeyFactory keyFactory = null; -- cgit v1.2.3