📄 xkmsutil.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/package org.ejbca.core.protocol.xkms.common;import gnu.inet.encoding.Stringprep;import gnu.inet.encoding.StringprepException;import java.io.UnsupportedEncodingException;import java.math.BigInteger;import java.security.InvalidKeyException;import java.security.KeyFactory;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.interfaces.RSAPrivateCrtKey;import java.security.interfaces.RSAPrivateKey;import java.security.spec.InvalidKeySpecException;import java.security.spec.RSAPrivateCrtKeySpec;import javax.crypto.Mac;import javax.crypto.SecretKey;import javax.crypto.spec.SecretKeySpec;import javax.xml.bind.JAXBContext;import javax.xml.bind.JAXBElement;import javax.xml.bind.JAXBException;import javax.xml.bind.Marshaller;import javax.xml.bind.PropertyException;import javax.xml.bind.Unmarshaller;import javax.xml.parsers.DocumentBuilder;import javax.xml.parsers.DocumentBuilderFactory;import javax.xml.parsers.ParserConfigurationException;import org.apache.log4j.Logger;import org.apache.xml.security.algorithms.SignatureAlgorithm;import org.apache.xml.security.encryption.EncryptedData;import org.apache.xml.security.encryption.XMLCipher;import org.apache.xml.security.encryption.XMLEncryptionException;import org.apache.xml.security.exceptions.XMLSecurityException;import org.apache.xml.security.transforms.Transforms;import org.apache.xml.security.utils.EncryptionConstants;import org.ejbca.util.CertTools;import org.w3._2001._04.xmlenc_.EncryptedDataType;import org.w3._2002._03.xkms_.ObjectFactory;import org.w3._2002._03.xkms_.PrivateKeyType;import org.w3._2002._03.xkms_.RSAKeyPairType;import org.w3c.dom.Document;import org.w3c.dom.Element;/** * A util class containing static help methods to process various * XKMS messages * * * @author Philip Vendil 2006 dec 30 * * @version $Id: XKMSUtil.java,v 1.1.2.1 2007/02/02 09:34:04 anatom Exp $ */public class XKMSUtil { /** HMAC-SHA1 initial key values */ public static final byte[] KEY_AUTHENTICATION = {0x1}; public static final byte[] KEY_REVOCATIONCODEIDENTIFIER_PASS1 = {0x2}; public static final byte[] KEY_REVOCATIONCODEIDENTIFIER_PASS2 = {0x3}; public static final byte[] KEY_PRIVATEKEYDATA = {0x4}; private static final String ENCRYPTION_ALGORITHMURI = XMLCipher.TRIPLEDES; private static final String SHAREDSECRET_HASH_ALGORITH = "http://www.w3.org/2000/09/xmldsig#hmac-sha1"; private static Logger log = Logger.getLogger(XKMSUtil.class); private static ObjectFactory xKMSObjectFactory = new ObjectFactory(); private static JAXBContext jAXBContext = null; private static Marshaller marshaller = null; private static Unmarshaller unmarshaller = null; private static DocumentBuilderFactory dbf = null; static{ try { CertTools.installBCProvider(); org.apache.xml.security.Init.init(); jAXBContext = JAXBContext.newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_"); marshaller = jAXBContext.createMarshaller(); try { marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper",new XKMSNamespacePrefixMapper()); } catch( PropertyException e ) { log.error("Error registering namespace mapper property",e); } dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); unmarshaller = jAXBContext.createUnmarshaller(); } catch (JAXBException e) { log.error("Error initializing RequestAbstractTypeResponseGenerator",e); } } /** * Encrypting a java RSA Private key into a PrivateKeyType object used in register,reissue and recover respolses. * using the shared secret. * * The method uses the HMAC-SHA1 for generating the shared secret * and tripple des for encryption * * @param rSAPrivateKey the privatekey * @param sharedSecret the shared secret, cannot be null. * @return The Document with the encrypted key included. * @throws StringprepException if the shared secret doesn't conform with the SASLprep profile as specified in the XKMS specification. * @throws XMLEncryptionException if any other exception occurs during the processing. */ public static PrivateKeyType getEncryptedXMLFromPrivateKey(RSAPrivateCrtKey rSAPrivateKey, String sharedSecret) throws StringprepException, XMLEncryptionException{ PrivateKeyType privateKeyType = null; try{ DocumentBuilder db = dbf.newDocumentBuilder(); Document rSAKeyPairDoc = db.newDocument(); SecretKey sk = getSecretKeyFromPassphrase(sharedSecret,true, 24, KEY_PRIVATEKEYDATA); RSAKeyPairType rSAKeyPairType = xKMSObjectFactory.createRSAKeyPairType(); rSAKeyPairType.setModulus(rSAPrivateKey.getModulus().toByteArray()); rSAKeyPairType.setExponent(rSAPrivateKey.getPublicExponent().toByteArray()); rSAKeyPairType.setP(rSAPrivateKey.getPrimeP().toByteArray()); rSAKeyPairType.setQ(rSAPrivateKey.getPrimeQ().toByteArray()); rSAKeyPairType.setDP(rSAPrivateKey.getPrimeExponentP().toByteArray()); rSAKeyPairType.setDQ(rSAPrivateKey.getPrimeExponentQ().toByteArray()); rSAKeyPairType.setInverseQ(rSAPrivateKey.getCrtCoefficient().toByteArray()); rSAKeyPairType.setD(rSAPrivateKey.getPrivateExponent().toByteArray()); JAXBElement<RSAKeyPairType> rSAKeyPair = xKMSObjectFactory.createRSAKeyPair(rSAKeyPairType); marshaller.marshal( rSAKeyPair, rSAKeyPairDoc ); Document envelopedDoc = db.newDocument(); Element unencryptedElement = envelopedDoc.createElement("PrivateKey"); envelopedDoc.appendChild(unencryptedElement); Element node = (Element) envelopedDoc.adoptNode(rSAKeyPairDoc.getDocumentElement()); unencryptedElement.appendChild(node); Element rootElement = envelopedDoc.getDocumentElement(); XMLCipher xmlCipher = XMLCipher.getProviderInstance(ENCRYPTION_ALGORITHMURI,"BC"); xmlCipher.init(XMLCipher.ENCRYPT_MODE, sk); EncryptedData encryptedData = xmlCipher.getEncryptedData(); encryptedData.setMimeType("text/xml"); xmlCipher.doFinal(envelopedDoc,rootElement,true); JAXBElement unmarshalledData = (JAXBElement) unmarshaller.unmarshal(envelopedDoc.getDocumentElement().getFirstChild()); EncryptedDataType encryptedDataType = (EncryptedDataType) unmarshalledData.getValue(); privateKeyType = xKMSObjectFactory.createPrivateKeyType(); privateKeyType.setEncryptedData(encryptedDataType); } catch (ParserConfigurationException e) { log.error("Error encryption private key", e); throw new XMLEncryptionException(e.getMessage(),e); } catch (XMLSecurityException e) { log.error("Error encryption private key", e); throw new XMLEncryptionException(e.getMessage(),e); } catch (JAXBException e) { log.error("Error encryption private key", e); throw new XMLEncryptionException(e.getMessage(),e); } catch (Exception e) { log.error("Error encryption private key", e); throw new XMLEncryptionException(e.getMessage(),e); } return privateKeyType; } /** * Method to get the private key from an XKMS message with an encrypted * PrivateKey tag. The method uses the HMAC-SHA1 for generating the shared secret * and tripple des for encryption. * ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -