2 * Copyright (c) 2017 Brocade Communication Systems and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.encrypt;
10 import java.io.ByteArrayOutputStream;
11 import java.io.DataOutputStream;
12 import java.io.FileInputStream;
13 import java.io.IOException;
14 import java.io.InputStreamReader;
15 import java.io.Reader;
16 import java.io.StringReader;
17 import java.math.BigInteger;
18 import java.nio.charset.StandardCharsets;
19 import java.security.GeneralSecurityException;
20 import java.security.KeyFactory;
21 import java.security.KeyPair;
22 import java.security.NoSuchAlgorithmException;
23 import java.security.Provider;
24 import java.security.PublicKey;
25 import java.security.Security;
26 import java.security.interfaces.DSAParams;
27 import java.security.interfaces.DSAPublicKey;
28 import java.security.interfaces.RSAPublicKey;
29 import java.security.spec.DSAPublicKeySpec;
30 import java.security.spec.ECPoint;
31 import java.security.spec.ECPublicKeySpec;
32 import java.security.spec.RSAPublicKeySpec;
33 import java.util.Arrays;
34 import java.util.Base64;
35 import java.util.HashMap;
37 import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
38 import org.bouncycastle.jce.ECNamedCurveTable;
39 import org.bouncycastle.jce.ECPointUtil;
40 import org.bouncycastle.jce.provider.BouncyCastleProvider;
41 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
42 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
43 import org.bouncycastle.openssl.PEMDecryptorProvider;
44 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
45 import org.bouncycastle.openssl.PEMKeyPair;
46 import org.bouncycastle.openssl.PEMParser;
47 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
48 import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
51 * PKI related utilities.
53 public class PKIUtil {
55 private interface KeyFactorySupplier {
56 KeyFactory get() throws NoSuchAlgorithmException;
59 private static final Provider BCPROV;
62 final Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
63 BCPROV = prov != null ? prov : new BouncyCastleProvider();
66 private static final String KEY_FACTORY_TYPE_RSA = "RSA";
67 private static final String KEY_FACTORY_TYPE_DSA = "DSA";
68 private static final String KEY_FACTORY_TYPE_ECDSA = "EC";
70 private static final KeyFactorySupplier RSA_KEY_FACTORY_SUPPLIER = resolveKeyFactory(KEY_FACTORY_TYPE_RSA);
71 private static final KeyFactorySupplier DSA_KEY_FACTORY_SUPPLIER = resolveKeyFactory(KEY_FACTORY_TYPE_DSA);
72 private static final KeyFactorySupplier ECDSA_KEY_FACTORY_SUPPLIER = resolveKeyFactory(KEY_FACTORY_TYPE_ECDSA);
74 private static KeyFactorySupplier resolveKeyFactory(final String algorithm) {
75 final KeyFactory factory;
77 factory = KeyFactory.getInstance(algorithm);
78 } catch (NoSuchAlgorithmException e) {
86 private static final Map<String, String> ECDSA_CURVES = new HashMap<>();
89 ECDSA_CURVES.put("nistp256", "secp256r1");
90 ECDSA_CURVES.put("nistp384", "secp384r1");
91 ECDSA_CURVES.put("nistp512", "secp512r1");
94 private static final String ECDSA_SUPPORTED_CURVE_NAME = "nistp256";
95 private static final String ECDSA_SUPPORTED_CURVE_NAME_SPEC = ECDSA_CURVES.get(ECDSA_SUPPORTED_CURVE_NAME);
96 private static final int ECDSA_THIRD_STR_LEN = 65;
97 private static final int ECDSA_TOTAL_STR_LEN = 104;
99 private static final String KEY_TYPE_RSA = "ssh-rsa";
100 private static final String KEY_TYPE_DSA = "ssh-dss";
101 private static final String KEY_TYPE_ECDSA = "ecdsa-sha2-" + ECDSA_SUPPORTED_CURVE_NAME;
103 private byte[] bytes = new byte[0];
106 public PublicKey decodePublicKey(final String keyLine) throws GeneralSecurityException {
108 // look for the Base64 encoded part of the line to decode
109 // both ssh-rsa and ssh-dss begin with "AAAA" due to the length bytes
110 bytes = Base64.getDecoder().decode(keyLine.getBytes(StandardCharsets.UTF_8));
111 if (bytes.length == 0) {
112 throw new IllegalArgumentException("No Base64 part to decode in " + keyLine);
116 String type = decodeType();
117 if (type.equals(KEY_TYPE_RSA)) {
118 return decodeAsRSA();
121 if (type.equals(KEY_TYPE_DSA)) {
122 return decodeAsDSA();
125 if (type.equals(KEY_TYPE_ECDSA)) {
126 return decodeAsECDSA();
129 throw new IllegalArgumentException("Unknown decode key type " + type + " in " + keyLine);
132 @SuppressWarnings("AbbreviationAsWordInName")
133 private PublicKey decodeAsECDSA() throws GeneralSecurityException {
134 KeyFactory ecdsaFactory = ECDSA_KEY_FACTORY_SUPPLIER.get();
136 ECNamedCurveParameterSpec spec256r1 = ECNamedCurveTable.getParameterSpec(ECDSA_SUPPORTED_CURVE_NAME_SPEC);
137 ECNamedCurveSpec params256r1 = new ECNamedCurveSpec(ECDSA_SUPPORTED_CURVE_NAME_SPEC, spec256r1.getCurve(),
138 spec256r1.getG(), spec256r1.getN());
139 // The total length is 104 bytes, and the X and Y encoding uses the last 65 of these 104 bytes.
140 ECPoint point = ECPointUtil.decodePoint(params256r1.getCurve(), Arrays.copyOfRange(bytes, ECDSA_TOTAL_STR_LEN
141 - ECDSA_THIRD_STR_LEN, ECDSA_TOTAL_STR_LEN));
142 ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params256r1);
144 return ecdsaFactory.generatePublic(pubKeySpec);
147 private PublicKey decodeAsDSA() throws GeneralSecurityException {
148 KeyFactory dsaFactory = DSA_KEY_FACTORY_SUPPLIER.get();
149 BigInteger var1 = decodeBigInt();
150 BigInteger var2 = decodeBigInt();
151 BigInteger var3 = decodeBigInt();
152 BigInteger var4 = decodeBigInt();
153 DSAPublicKeySpec spec = new DSAPublicKeySpec(var4, var1, var2, var3);
155 return dsaFactory.generatePublic(spec);
158 private PublicKey decodeAsRSA() throws GeneralSecurityException {
159 KeyFactory rsaFactory = RSA_KEY_FACTORY_SUPPLIER.get();
160 BigInteger exponent = decodeBigInt();
161 BigInteger modulus = decodeBigInt();
162 RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
164 return rsaFactory.generatePublic(spec);
167 private String decodeType() {
168 int len = decodeInt();
169 String type = new String(bytes, pos, len, StandardCharsets.UTF_8);
174 private int decodeInt() {
175 return (bytes[pos++] & 0xFF) << 24 | (bytes[pos++] & 0xFF) << 16 | (bytes[pos++] & 0xFF) << 8
176 | bytes[pos++] & 0xFF;
179 private BigInteger decodeBigInt() {
180 int len = decodeInt();
181 byte[] bigIntBytes = new byte[len];
182 System.arraycopy(bytes, pos, bigIntBytes, 0, len);
184 return new BigInteger(bigIntBytes);
187 public String encodePublicKey(final PublicKey publicKey) throws IOException {
188 ByteArrayOutputStream byteOs = new ByteArrayOutputStream();
189 if (publicKey instanceof RSAPublicKey rsaPublicKey
190 && rsaPublicKey.getAlgorithm().equals(KEY_FACTORY_TYPE_RSA)) {
191 DataOutputStream dataOutputStream = new DataOutputStream(byteOs);
192 dataOutputStream.writeInt(KEY_TYPE_RSA.getBytes(StandardCharsets.UTF_8).length);
193 dataOutputStream.write(KEY_TYPE_RSA.getBytes(StandardCharsets.UTF_8));
194 dataOutputStream.writeInt(rsaPublicKey.getPublicExponent().toByteArray().length);
195 dataOutputStream.write(rsaPublicKey.getPublicExponent().toByteArray());
196 dataOutputStream.writeInt(rsaPublicKey.getModulus().toByteArray().length);
197 dataOutputStream.write(rsaPublicKey.getModulus().toByteArray());
198 } else if (publicKey instanceof DSAPublicKey dsaPublicKey
199 && dsaPublicKey.getAlgorithm().equals(KEY_FACTORY_TYPE_DSA)) {
200 DSAParams dsaParams = dsaPublicKey.getParams();
201 DataOutputStream dataOutputStream = new DataOutputStream(byteOs);
202 dataOutputStream.writeInt(KEY_TYPE_DSA.getBytes(StandardCharsets.UTF_8).length);
203 dataOutputStream.write(KEY_TYPE_DSA.getBytes(StandardCharsets.UTF_8));
204 dataOutputStream.writeInt(dsaParams.getP().toByteArray().length);
205 dataOutputStream.write(dsaParams.getP().toByteArray());
206 dataOutputStream.writeInt(dsaParams.getQ().toByteArray().length);
207 dataOutputStream.write(dsaParams.getQ().toByteArray());
208 dataOutputStream.writeInt(dsaParams.getG().toByteArray().length);
209 dataOutputStream.write(dsaParams.getG().toByteArray());
210 dataOutputStream.writeInt(dsaPublicKey.getY().toByteArray().length);
211 dataOutputStream.write(dsaPublicKey.getY().toByteArray());
212 } else if (publicKey instanceof BCECPublicKey ecPublicKey
213 && ecPublicKey.getAlgorithm().equals(KEY_FACTORY_TYPE_ECDSA)) {
214 DataOutputStream dataOutputStream = new DataOutputStream(byteOs);
215 dataOutputStream.writeInt(KEY_TYPE_ECDSA.getBytes(StandardCharsets.UTF_8).length);
216 dataOutputStream.write(KEY_TYPE_ECDSA.getBytes(StandardCharsets.UTF_8));
217 dataOutputStream.writeInt(ECDSA_SUPPORTED_CURVE_NAME.getBytes(StandardCharsets.UTF_8).length);
218 dataOutputStream.write(ECDSA_SUPPORTED_CURVE_NAME.getBytes(StandardCharsets.UTF_8));
219 byte[] affineXCoord = ecPublicKey.getQ().getAffineXCoord().getEncoded();
220 byte[] affineYCoord = ecPublicKey.getQ().getAffineYCoord().getEncoded();
221 dataOutputStream.writeInt(affineXCoord.length + affineYCoord.length + 1);
222 dataOutputStream.writeByte(0x04);
223 dataOutputStream.write(affineXCoord);
224 dataOutputStream.write(affineYCoord);
226 throw new IllegalArgumentException("Unknown public key encoding: " + publicKey.getAlgorithm());
229 return Base64.getEncoder().encodeToString(byteOs.toByteArray());
233 public KeyPair decodePrivateKey(final StringReader reader, final String passphrase) throws IOException {
234 return doDecodePrivateKey(reader, passphrase);
237 public KeyPair decodePrivateKey(final String keyPath, final String passphrase) throws IOException {
238 try (Reader reader = new InputStreamReader(new FileInputStream(keyPath), StandardCharsets.UTF_8)) {
239 return doDecodePrivateKey(reader, passphrase);
243 private static KeyPair doDecodePrivateKey(final Reader reader, final String passphrase) throws IOException {
244 try (PEMParser keyReader = new PEMParser(reader)) {
245 JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
246 PEMDecryptorProvider decryptionProv = new JcePEMDecryptorProviderBuilder().setProvider(BCPROV)
247 .build(passphrase.toCharArray());
249 Object privateKey = keyReader.readObject();
251 if (privateKey instanceof PEMEncryptedKeyPair pemPrivateKey) {
252 keyPair = converter.getKeyPair(pemPrivateKey.decryptKeyPair(decryptionProv));
254 keyPair = converter.getKeyPair((PEMKeyPair) privateKey);