Java Code Examples for
The following examples show how to use .
Example 1
Source File: From microprofile-jwt-auth with Apache License 2.0 | 6 votes |
@Test public void generatePublicKeyFromJWKs() throws Exception { String jsonJwk = TokenUtils.readResource("/signer-keyset4k.jwk"); System.out.printf("jwk: %s\n", jsonJwk); JsonObject jwks = Json.createReader(new StringReader(jsonJwk)).readObject(); JsonArray keys = jwks.getJsonArray("keys"); JsonObject jwk = keys.getJsonObject(0); String e = jwk.getString("e"); String n = jwk.getString("n"); byte[] ebytes = Base64.getUrlDecoder().decode(e); BigInteger publicExponent = new BigInteger(1, ebytes); byte[] nbytes = Base64.getUrlDecoder().decode(n); BigInteger modulus = new BigInteger(1, nbytes); KeyFactory kf = KeyFactory.getInstance("RSA"); RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(modulus, publicExponent); PublicKey publicKey = kf.generatePublic(rsaPublicKeySpec); System.out.printf("publicKey=%s\n", publicKey); String pem = new String(Base64.getEncoder().encode(publicKey.getEncoded())); System.out.printf("pem: %s\n", pem); }
Example 2
Source File: From Bytecoder with Apache License 2.0 | 6 votes |
static ECDHECredentials valueOf(NamedGroup namedGroup, byte[] encodedPoint) throws IOException, GeneralSecurityException { if (namedGroup.spec != NamedGroupSpec.NAMED_GROUP_ECDHE) { throw new RuntimeException( "Credentials decoding: Not ECDHE named group"); } if (encodedPoint == null || encodedPoint.length == 0) { return null; } ECParameterSpec parameters = (ECParameterSpec)namedGroup.keAlgParamSpec; ECPoint point = ECUtil.decodePoint( encodedPoint, parameters.getCurve()); KeyFactory factory = KeyFactory.getInstance("EC"); ECPublicKey publicKey = (ECPublicKey)factory.generatePublic( new ECPublicKeySpec(point, parameters)); return new ECDHECredentials(publicKey, namedGroup); }
Example 3
Source File: From lams with GNU General Public License v2.0 | 6 votes |
private PublicKey getPublicKeyFromPem(String pem) throws GeneralSecurityException, IOException { InputStream stream = new ByteArrayInputStream( pem.getBytes("UTF-8")); PEMReader reader = new PEMReader(stream); byte[] bytes = reader.getDerBytes(); PublicKey pubKey; if (PEMReader.PUBLIC_X509_MARKER.equals(reader.getBeginMarker())) { KeySpec keySpec = new X509EncodedKeySpec(bytes); KeyFactory fac = KeyFactory.getInstance("RSA"); pubKey = fac.generatePublic(keySpec); } else if (PEMReader.CERTIFICATE_X509_MARKER.equals(reader.getBeginMarker())) { pubKey = getPublicKeyFromDerCert(bytes); } else { throw new IOException("Invalid PEM fileL: Unknown marker for " + " public key or cert " + reader.getBeginMarker()); } return pubKey; }
Example 4
Source File: From Bytecoder with Apache License 2.0 | 6 votes |
/** * Internal method to create a new key with inherited key parameters. * * @param keyValueKey key from which to obtain key value * @param keyParamsKey key from which to obtain key parameters * @return new public key having value and parameters * @throws CertPathValidatorException if keys are not appropriate types * for this operation */ static PublicKey makeInheritedParamsKey(PublicKey keyValueKey, PublicKey keyParamsKey) throws CertPathValidatorException { if (!(keyValueKey instanceof DSAPublicKey) || !(keyParamsKey instanceof DSAPublicKey)) throw new CertPathValidatorException("Input key is not " + "appropriate type for " + "inheriting parameters"); DSAParams params = ((DSAPublicKey)keyParamsKey).getParams(); if (params == null) throw new CertPathValidatorException("Key parameters missing"); try { BigInteger y = ((DSAPublicKey)keyValueKey).getY(); KeyFactory kf = KeyFactory.getInstance("DSA"); DSAPublicKeySpec ks = new DSAPublicKeySpec(y, params.getP(), params.getQ(), params.getG()); return kf.generatePublic(ks); } catch (GeneralSecurityException e) { throw new CertPathValidatorException("Unable to generate key with" + " inherited parameters: " + e.getMessage(), e); } }
Example 5
Source File: From protools with Apache License 2.0 | 6 votes |
/** * 用公钥加密 * * @param data * 待加密数据 * @param key * 公钥 * * @return byte[] 加密数据 * * @throws Exception */ public static byte[] encryptByPublicKey(byte[] data, byte[] key) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { // 加入BouncyCastleProvider支持 Security.addProvider(new BouncyCastleProvider()); // 公钥材料转换 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(key); // 实例化密钥工厂 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 生成公钥 Key publicKey = keyFactory.generatePublic(x509KeySpec); // 对数据加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data); }
Example 6
Source File: From guardedbox with GNU Affero General Public License v3.0 | 6 votes |
/** * Verifies a signature. * * @param originalMessage The original message. * @param signedMessage The signature of the original message. * @param signingPublicKey The public key corresponding to the private key used to sign the message. * @return Boolean indicating if the signature is verified. */ public boolean verifySignature( byte[] originalMessage, byte[] signedMessage, byte[] signingPublicKey) { try { KeyFactory keyFactory = KeyFactory.getInstance(cryptographyProperties.getSignatureAlgorithm(), BouncyCastleProvider.PROVIDER_NAME); KeySpec keySpec = new X509EncodedKeySpec(new SubjectPublicKeyInfo(signatureAlgorithmId, signingPublicKey).getEncoded()); PublicKey pubKey = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(cryptographyProperties.getSignatureAlgorithm(), BouncyCastleProvider.PROVIDER_NAME); signature.initVerify(pubKey); signature.update(originalMessage); return signature.verify(signedMessage); } catch (NoSuchAlgorithmException | NoSuchProviderException | IOException | InvalidKeySpecException | InvalidKeyException | SignatureException e) { return false; } }
Example 7
Source File: From MicroCommunity with Apache License 2.0 | 6 votes |
/** * 加载公钥 * * @param publicPemData * @param algorithm * @return * @throws Exception */ public static PublicKey loadPemPublicKey(String publicPemData, String algorithm) throws Exception { String publicKeyPEM = publicPemData.replace("-----BEGIN PUBLIC KEY-----", ""); publicKeyPEM = publicKeyPEM.replace("-----END PUBLIC KEY-----", ""); publicKeyPEM = publicKeyPEM.replace("\n", ""); publicKeyPEM = publicKeyPEM.replace("\r", ""); byte[] decoded = Base64.getDecoder().decode(publicKeyPEM.getBytes()); X509EncodedKeySpec spec = new X509EncodedKeySpec(decoded); KeyFactory keyFactory = KeyFactory.getInstance(algorithm); return keyFactory.generatePublic(spec); }
Example 8
Source File: From EasyEE with MIT License | 5 votes |
/** * 得到公钥 * @param key 密钥字符串(经过base64编码) * @throws Exception */ public static PublicKey getPublicKey(String key) throws Exception { byte[] keyBytes; keyBytes = new Base64Encoder().decode(key); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(keySpec); return publicKey; }
Example 9
Source File: From SecuritySample with Apache License 2.0 | 5 votes |
/** * You can component a publicKey by a specific pair of values - modulus and * exponent. * * @param modulus When you generate a new RSA KeyPair, you'd get a PrivateKey, a * modulus and an exponent. * @param exponent When you generate a new RSA KeyPair, you'd get a PrivateKey, a * modulus and an exponent. * @throws ClassNotFoundException * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException */ private Key convertStringToPublicKey(BigInteger modulus, BigInteger exponent) throws ClassNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException { byte[] modulusByteArry = modulus.toByteArray(); byte[] exponentByteArry = exponent.toByteArray(); // 由接收到的参数构造RSAPublicKeySpec对象 RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(new BigInteger(modulusByteArry), new BigInteger(exponentByteArry)); // 根据RSAPublicKeySpec对象获取公钥对象 KeyFactory kFactory = KeyFactory.getInstance(Algorithm.KEYPAIR_ALGORITHM); PublicKey publicKey = kFactory.generatePublic(rsaPublicKeySpec); return publicKey; }
Example 10
Source File: From danyuan-application with Apache License 2.0 | 5 votes |
/** * <p> * 校验数字签名 * </p> * @param data 已加密数据 * @param publicKey 公钥(BASE64编码) * @param sign 数字签名 * @return * @throws Exception */ public static boolean verify(byte[] data, byte[] publicKey, byte[] sign) throws Exception { byte[] keyBytes = Base64Utils.decode(publicKey); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PublicKey publicK = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(publicK); signature.update(data); return signature.verify(Base64Utils.decode(sign)); }
Example 11
Source File: From keycloak with Apache License 2.0 | 5 votes |
private PublicKey createRSAPublicKey() { BigInteger modulus = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.MODULUS).toString())); BigInteger publicExponent = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.PUBLIC_EXPONENT).toString())); try { KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePublic(new RSAPublicKeySpec(modulus, publicExponent)); } catch (Exception e) { throw new RuntimeException(e); } }
Example 12
Source File: From org.hl7.fhir.core with Apache License 2.0 | 5 votes |
public static PublicKey getPublicKey(String filename) throws Exception { byte[] keyBytes = Files.readAllBytes(Paths.get(filename)); X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes); KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePublic(spec); }
Example 13
Source File: From cxf with Apache License 2.0 | 5 votes |
public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) { try { ECParameterSpec params = getECParameterSpec(curve, false); ECPoint ecPoint = new ECPoint(toBigInteger(xPoint), toBigInteger(yPoint)); ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params); KeyFactory kf = KeyFactory.getInstance("EC"); return (ECPublicKey) kf.generatePublic(keySpec); } catch (Exception ex) { throw new SecurityException(ex); } }
Example 14
Source File: From JWT4B with GNU General Public License v3.0 | 5 votes |
private RSAPublicKey loadPublicKey() { String publicPEM = Config.cveAttackModePublicKey.replaceAll("\\n", "").replace("-----BEGIN PUBLIC KEY-----", "") .replace("-----END PUBLIC KEY-----", ""); ; KeyFactory kf; try { kf = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(Base64.getDecoder().decode(publicPEM)); return (RSAPublicKey) kf.generatePublic(keySpecX509); } catch (Exception e) { e.printStackTrace(); } return null; }
Example 15
Source File: From JavaSteam with MIT License | 5 votes |
private void init(BigInteger mod, BigInteger exp) { try { final RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(mod, exp); final KeyFactory factory = KeyFactory.getInstance("RSA"); RSAPublicKey rsaKey = (RSAPublicKey) factory.generatePublic(publicKeySpec); cipher = Cipher.getInstance("RSA/None/OAEPWithSHA1AndMGF1Padding", CryptoHelper.SEC_PROV); cipher.init(Cipher.ENCRYPT_MODE, rsaKey); } catch (final NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidKeySpecException | NoSuchProviderException e) { logger.debug(e); } }
Example 16
Source File: From encrypt with Apache License 2.0 | 5 votes |
/** * 数字签名校验 * * @param data 二进位组 * @param publicKey 公钥(BASE64编码) * @param sign 数字签名字符串 * @return true:校验成功,false:校验失败 * @throws Exception 异常 */ public static boolean verify(byte[] data, String publicKey, String sign) throws Exception { byte[] keyBytes = Base64.decode(publicKey.getBytes(), Base64.DEFAULT); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = getKeyFactory(); PublicKey publicK = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance("MD5withRSA"); signature.initVerify(publicK); signature.update(data); return signature.verify(Base64.decode(sign.getBytes(), Base64.DEFAULT)); }
Example 17
Source File: From af-pay with Apache License 2.0 | 5 votes |
/** * 根据模数和公钥指数生成公钥 * * @param modulus * @param publicExponent * @return 公钥 */ public static PublicKey generateRSAPublicKey(String modulus, String publicExponent) { try { KeyFactory keyFactory = KeyFactory.getInstance("RSA"); RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger( modulus), new BigInteger(publicExponent)); return keyFactory.generatePublic(pubKeySpec); } catch (Exception e) { throw new RuntimeException(e); } }
Example 18
Source File: From azure-keyvault-java with MIT License | 5 votes |
private static PublicKey getECPublicKey(ECPoint ecPoint, ECParameterSpec curveSpec, Provider provider) { // Create public key spec with given point try { ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, curveSpec); KeyFactory kf = provider != null ? KeyFactory.getInstance("EC", provider) : KeyFactory.getInstance("EC", "SunEC"); return (ECPublicKey) kf.generatePublic(pubSpec); } catch (GeneralSecurityException e) { throw new IllegalStateException(e); } }
Example 19
Source File: From TorrentEngine with GNU General Public License v3.0 | 4 votes |
protected void completeDH( byte[] buffer ) throws IOException { try{ BigInteger other_dh_y = bytesToBigInteger( buffer, 0, DH_SIZE_BYTES ); KeyFactory dh_key_factory = KeyFactory.getInstance("DH"); PublicKey other_public_key = dh_key_factory.generatePublic( new DHPublicKeySpec( other_dh_y, DH_P_BI, DH_G_BI )); key_agreement.doPhase( other_public_key, true ); secret_bytes = key_agreement.generateSecret(); adapter.gotSecret( secret_bytes ); // System.out.println( "secret = " + ByteFormatter.encodeString( secret_bytes )); }catch( Throwable e ){ throw( new IOException( Debug.getNestedExceptionMessage(e))); } }
Example 20
Source File: From openjsse with GNU General Public License v2.0 | 4 votes |
public void consume(ConnectionContext context,
ByteBuffer message) throws IOException {
// The consuming happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;
X509Possession x509Possession = null;
for (SSLPossession possession : shc.handshakePossessions) {
if (possession instanceof X509Possession) {
x509Possession = (X509Possession)possession;
if (x509Possession == null) {
// unlikely, have been checked during cipher suite negotiation.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"No expected EC server cert for ECDH client key exchange");
ECParameterSpec params = x509Possession.getECParameterSpec();
if (params == null) {
// unlikely, have been checked during cipher suite negotiation.
throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
"Not EC server cert for ECDH client key exchange");
NamedGroup namedGroup = NamedGroup.valueOf(params);
if (namedGroup == null) {
// unlikely, have been checked during cipher suite negotiation.
throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
"Unsupported EC server cert for ECDH client key exchange");
SSLKeyExchange ke = SSLKeyExchange.valueOf(
if (ke == null) {
// unlikely
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Not supported key exchange type");
// parse the handshake message
ECDHClientKeyExchangeMessage cke =
new ECDHClientKeyExchangeMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
"Consuming ECDH ClientKeyExchange handshake message", cke);
// create the credentials
try {
ECPoint point =
JsseJce.decodePoint(cke.encodedPoint, params.getCurve());
ECPublicKeySpec spec = new ECPublicKeySpec(point, params);
KeyFactory kf = JsseJce.getKeyFactory("EC");
ECPublicKey peerPublicKey =
// check constraints of peer ECPublicKey
if (!shc.algorithmConstraints.permits(
peerPublicKey)) {
throw new SSLHandshakeException(
"ECPublicKey does not comply to algorithm constraints");
shc.handshakeCredentials.add(new ECDHECredentials(
peerPublicKey, namedGroup));
} catch (GeneralSecurityException | e) {
throw (SSLHandshakeException)(new SSLHandshakeException(
"Could not generate ECPublicKey").initCause(e));
// update the states
SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
SecretKey masterSecret =
masterKD.deriveKey("MasterSecret", null);
SSLTrafficKeyDerivation kd =
if (kd == null) {
// unlikely
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Not supported key derivation: " + shc.negotiatedProtocol);
} else {
shc.handshakeKeyDerivation =
kd.createKeyDerivation(shc, masterSecret);