add an ASN1 encoded EC (private) key reader

kares · kares · commit f9d390f3fe45 · 2016-06-01T13:01:57.000+02:00
... including a hack for keeping the curve name oid around
diff --git a/src/main/java/org/jruby/ext/openssl/impl/ECPrivateKeyWithName.java b/src/main/java/org/jruby/ext/openssl/impl/ECPrivateKeyWithName.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2016 Karol Bucek.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.jruby.ext.openssl.impl;
+
+import java.math.BigInteger;
+import java.security.interfaces.ECPrivateKey;
+import java.security.spec.ECParameterSpec;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+/**
+ * a trick to keep the curve name around
+ * (since {@link java.security.KeyPair} is final).
+ *
+ * @author kares
+ */
+public final class ECPrivateKeyWithName implements ECPrivateKey {
+
+    private final ECPrivateKey realKey;
+    // private final String curveNameId;
+    private final ASN1ObjectIdentifier curveNameOID;
+
+    public static ECPrivateKeyWithName wrap(ECPrivateKey realKey, ASN1ObjectIdentifier nameOID) {
+        return new ECPrivateKeyWithName(realKey, nameOID);
+    }
+
+    private ECPrivateKeyWithName(ECPrivateKey realKey, ASN1ObjectIdentifier nameOID) {
+        this.realKey = realKey; this.curveNameOID = nameOID;
+    }
+
+    //private ECPrivateKeyWithName(ECPrivateKey realKey, String curveNameId) {
+    //    this.realKey = realKey;
+    //    this.curveNameId = curveNameId;
+    //}
+
+    //public String getCurveNameId() {
+    //    return curveNameId;
+    //}
+
+    public ASN1ObjectIdentifier getCurveNameOID() {
+        return curveNameOID;
+    }
+
+    public ECPrivateKey unwrap() {
+        return realKey;
+    }
+
+    public BigInteger getS() {
+        return realKey.getS();
+    }
+
+    public String getAlgorithm() {
+        return realKey.getAlgorithm();
+    }
+
+    public String getFormat() {
+        return realKey.getFormat();
+    }
+
+    public byte[] getEncoded() {
+        return realKey.getEncoded();
+    }
+
+    public ECParameterSpec getParams() {
+        return realKey.getParams();
+    }
+
+    @Override
+    public String toString() {
+        return realKey.toString();
+    }
+
+}
diff --git a/src/main/java/org/jruby/ext/openssl/impl/PKey.java b/src/main/java/org/jruby/ext/openssl/impl/PKey.java
@@ -30,7 +30,6 @@
 import java.io.IOException;
 import java.math.BigInteger;
 
-import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
@@ -39,21 +38,37 @@
 import java.security.interfaces.DSAParams;
 import java.security.interfaces.DSAPrivateKey;
 import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPrivateCrtKey;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.DSAPrivateKeySpec;
 import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPrivateKeySpec;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 import javax.crypto.spec.DHParameterSpec;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DLSequence;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+import org.bouncycastle.jce.spec.ECPublicKeySpec;
 
 import org.jruby.ext.openssl.SecurityHelper;
 
@@ -65,7 +80,8 @@
  */
 public class PKey {
 
-    public static KeyPair readPrivateKey(byte[] input, String type) throws IOException, GeneralSecurityException {
+    public static KeyPair readPrivateKey(final byte[] input, final String type)
+        throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
         KeySpec pubSpec; KeySpec privSpec;
         ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
         if ( type.equals("RSA") ) {
@@ -80,7 +96,8 @@ public static KeyPair readPrivateKey(byte[] input, String type) throws IOExcepti
             pubSpec = new RSAPublicKeySpec(mod.getValue(), pubExp.getValue());
             privSpec = new RSAPrivateCrtKeySpec(mod.getValue(), pubExp.getValue(), privExp.getValue(), p1.getValue(), p2.getValue(), exp1.getValue(),
                     exp2.getValue(), crtCoef.getValue());
-        } else { // assume "DSA" for now.
+        }
+        else if ( type.equals("DSA") ) {
             ASN1Integer p = (ASN1Integer) seq.getObjectAt(1);
             ASN1Integer q = (ASN1Integer) seq.getObjectAt(2);
             ASN1Integer g = (ASN1Integer) seq.getObjectAt(3);
@@ -89,6 +106,12 @@ public static KeyPair readPrivateKey(byte[] input, String type) throws IOExcepti
             privSpec = new DSAPrivateKeySpec(x.getValue(), p.getValue(), q.getValue(), g.getValue());
             pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
         }
+        else if ( type.equals("ECDSA") ) {
+            return readECPrivateKey(input);
+        }
+        else {
+            throw new IllegalStateException("unsupported type: " + type);
+        }
         KeyFactory fact = SecurityHelper.getKeyFactory(type);
         return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
     }
@@ -147,7 +170,6 @@ public static KeyPair readRSAPrivateKey(final byte[] input)
 
     public static KeyPair readRSAPrivateKey(final KeyFactory rsaFactory, final byte[] input)
         throws IOException, InvalidKeySpecException {
-        // KeyFactory fact = SecurityHelper.getKeyFactory("RSA");
         ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
         if ( seq.size() == 9 ) {
             BigInteger mod = ((ASN1Integer) seq.getObjectAt(1)).getValue();
@@ -232,6 +254,36 @@ public static DHParameterSpec readDHParameter(final byte[] input) throws IOExcep
         return new DHParameterSpec(p, g);
     }
 
+    public static KeyPair readECPrivateKey(final byte[] input)
+        throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        return readECPrivateKey(SecurityHelper.getKeyFactory("ECDSA"), input);
+    }
+
+    public static KeyPair readECPrivateKey(final KeyFactory ecFactory, final byte[] input)
+        throws IOException, InvalidKeySpecException {
+        try {
+            ECPrivateKeyStructure pKey = new ECPrivateKeyStructure((ASN1Sequence) ASN1Primitive.fromByteArray(input));
+            AlgorithmIdentifier   algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
+            PrivateKeyInfo        privInfo = new PrivateKeyInfo(algId, pKey.toASN1Primitive());
+            SubjectPublicKeyInfo  pubInfo = new SubjectPublicKeyInfo(algId, pKey.getPublicKey().getBytes());
+            PKCS8EncodedKeySpec   privSpec = new PKCS8EncodedKeySpec(privInfo.getEncoded());
+            X509EncodedKeySpec    pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
+            //KeyFactory            fact = KeyFactory.getInstance("ECDSA", provider);
+
+            ECPrivateKey privateKey = (ECPrivateKey) ecFactory.generatePrivate(privSpec);
+            if ( algId.getParameters() instanceof ASN1ObjectIdentifier ) {
+                privateKey = ECPrivateKeyWithName.wrap(privateKey, (ASN1ObjectIdentifier) algId.getParameters());
+            }
+            return new KeyPair(ecFactory.generatePublic(pubSpec), privateKey);
+        }
+        catch (ClassCastException ex) {
+            throw new IOException("wrong ASN.1 object found in stream", ex);
+        }
+        //catch (Exception ex) {
+        //    throw new IOException("problem parsing EC private key: " + ex);
+        //}
+    }
+
     public static byte[] toDerRSAKey(RSAPublicKey pubKey, RSAPrivateCrtKey privKey) throws IOException {
         ASN1EncodableVector vec = new ASN1EncodableVector();
         if ( pubKey != null && privKey == null ) {
@@ -268,7 +320,7 @@ public static byte[] toDerDSAKey(DSAPublicKey pubKey, DSAPrivateKey privKey) thr
             return new DLSequence(vec).getEncoded();
         }
         if ( privKey == null ) {
-            throw new IllegalArgumentException("passed private key as well as public key are null");
+            throw new IllegalArgumentException("private key as well as public key are null");
         }
         return privKey.getEncoded();
     }
