Examples of java.security.KeyPair

• java.security.KeyPair
  This class is a simple holder for a key pair (a public key and a private key). It does not enforce any security, and, when initialized, should be treated like a PrivateKey. @see PublicKey @see PrivateKey @version 1.16 05/11/17 @author Benjamin Renaud

        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(keyStoreStream, "store456".toCharArray());
        X509Certificate certificate = (X509Certificate) keyStore.getCertificate("servercert");
        PublicKey publicKey = certificate.getPublicKey();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey("servercert", "pass456".toCharArray());
        keyPair = new KeyPair(publicKey, privateKey);
    }

     * <p>
     * DH is also useful as a coin-toss algorithm. Two parties get the same random number without trusting
     * each other.
     */
    public KeyAgreement diffieHellman(boolean side) throws IOException, GeneralSecurityException {
        KeyPair keyPair;
        PublicKey otherHalf;

        if (side) {
            AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH");
            paramGen.init(512);

            KeyPairGenerator dh = KeyPairGenerator.getInstance("DH");
            dh.initialize(paramGen.generateParameters().getParameterSpec(DHParameterSpec.class));
            keyPair = dh.generateKeyPair();

            // send a half and get a half
            writeKey(keyPair.getPublic());
            otherHalf = KeyFactory.getInstance("DH").generatePublic(readKey());
        } else {
            otherHalf = KeyFactory.getInstance("DH").generatePublic(readKey());

            KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("DH");
            keyPairGen.initialize(((DHPublicKey) otherHalf).getParams());
            keyPair = keyPairGen.generateKeyPair();

            // send a half and get a half
            writeKey(keyPair.getPublic());
        }

        KeyAgreement ka = KeyAgreement.getInstance("DH");
        ka.init(keyPair.getPrivate());
        ka.doPhase(otherHalf, true);

        return ka;
    }

                File f = new File(args.get(1));
                if (!f.exists()) {
                    printUsage(Messages.CLI_NoSuchFileExists(f));
                    return -1;
                }
                KeyPair kp = null;
                try {
                    kp = loadKey(f);
                } catch (IOException e) {
                    //if the PEM file is encrypted, IOException is thrown
                    kp = tryEncryptedFile(f);

        if (key instanceof com.trilead.ssh2.signature.DSAPrivateKey) {
            com.trilead.ssh2.signature.DSAPrivateKey x = (com.trilead.ssh2.signature.DSAPrivateKey)key;
            KeyFactory kf = KeyFactory.getInstance("DSA");
//            System.out.println("ssh-dsa " + new String(Base64.encode(DSASHA1Verify.encodeSSHDSAPublicKey(x.getPublicKey()))));

            return new KeyPair(
                    kf.generatePublic(new DSAPublicKeySpec(x.getY(), x.getP(), x.getQ(), x.getG())),
                    kf.generatePrivate(new DSAPrivateKeySpec(x.getX(), x.getP(), x.getQ(), x.getG())));
        }

        throw new UnsupportedOperationException("Unrecognizable key format: "+key);

    public static KeyPair loadKey(String pemString) throws IOException, GeneralSecurityException {
      return loadKey(pemString, null);
    }

    private static KeyPair tryEncryptedFile(File f) throws IOException, GeneralSecurityException{
        KeyPair kp = null;
        if(isPemEncrypted(f)){
            String passwd = askForPasswd(f.getCanonicalPath());
            kp = loadKey(f,passwd);
        }
        return kp;

            }
        }

        if (sftpConfig.getKeyPair() != null) {
            LOG.debug("Using private key information from key pair");
            KeyPair keyPair = sftpConfig.getKeyPair();
            if (keyPair.getPrivate() != null && keyPair.getPublic() != null) {
                if (keyPair.getPrivate() instanceof RSAPrivateKey && keyPair.getPublic() instanceof RSAPublicKey) {
                    jsch.addIdentity(new RSAKeyPairIdentity("ID", keyPair), null);
                } else if (keyPair.getPrivate() instanceof DSAPrivateKey && keyPair.getPublic() instanceof DSAPublicKey) {
                    jsch.addIdentity(new DSAKeyPairIdentity("ID", keyPair), null);
                } else {
                    LOG.warn("Only RSA and DSA key pairs are supported");
                }
            } else {

                keyPairProvider = getKeyPairProvider();
            }

            if (keyPairProvider != null) {
                log.debug("Attempting to authenticate username '{}' using Key...", getUsername());
                KeyPair pair = keyPairProvider.loadKey(getKeyType());
                authResult = session.authPublicKey(getUsername(), pair);
            } else {
                log.debug("Attempting to authenticate username '{}' using Password...", getUsername());
                authResult = session.authPassword(getUsername(), getPassword());
            }

    // OK... this is weird... we sign the project cert with the project cert.
    // It sort of makes sense, in that we don't want to share the project signing cert outside the auth server

    ProjectId projectId = getProjectId();

    KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
    List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);

    if (keyPair == null) {
      keyPair = RsaUtils.generateRsaKeyPair();
      privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
    }

    if (chain == null) {
      AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector()
          .getInstance(AuthenticationTokenValidator.class);

      ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
      String projectKey = projectAuthorization.getName();

      if (!projectKey.equals(projectId.getKey())) {
        throw new IllegalStateException();
      }

      PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
      Csr csr = Csr.buildCsr(keyPair, getX500Principal());
      chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());

      privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
    }

    // privateData.getOrCreate(projectId, null, sshKeyName, user)
    // String sshKeyName = getSshKeyName();
    // return privateData.getOrCreate(getProjectId(), null, sshKeyName, "root");
    // return "project-" + getProjectId().getKey();
    //
    // KeyPair keyPair = projectContext.getSshKey().getKeyPair();
    // X500Principal subject = getX500Principal();

    return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
  }

        if (privateKey instanceof RSAPrivateCrtKey) {
          RSAPrivateCrtKey rsaPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
          RSAPublicKeySpec publicKeySpec = new java.security.spec.RSAPublicKeySpec(
              rsaPrivateCrtKey.getModulus(), rsaPrivateCrtKey.getPublicExponent());
          PublicKey publicKey = kf.generatePublic(publicKeySpec);
          key = new KeyPair(publicKey, privateKey);
        } else {
          key = privateKey;
        }
      } catch (Exception e) {
        log.debug("Error reading pem data", e);

  PrivateDataHelper privateData;

  @Deprecated
  public SshKey findOtherServiceKey(ServiceType serviceType) throws OpsException {
    ServiceConfiguration serviceConfiguration = opsContext.getServiceConfiguration();
    KeyPair sshKeyPair = privateData.findSshKey(serviceConfiguration.getProject(), serviceType);
    return new SshKey(null, "root", sshKeyPair);
  }