pkernel_jce 0.3 → 0.7.0

data/lib/pkernel_jce/io_utils.rb

@@ -21,6 +21,8 @@ module PkernelJce
     def IoUtils.ensure_java_bytes(bin)
       if not bin.java_kind_of?(Java::byte[])
         bin.to_java_bytes
+      elsif bin.is_a?(String)
+        bin = bin.to_java.getBytes
       else
         bin
       end

data/lib/pkernel_jce/jfile.rb

@@ -0,0 +1,134 @@
+
+
+module PkernelJce
+  module JFile
+    def JFile.create_temp_file(opts = { })
+      prefix = opts[:prefix]
+      suffix = opts[:suffix]
+      dir = opts[:directory]
+      java.io.File.createTempFile(prefix,suffix,dir)
+    end # create_temp_file
+
+    def JFile.absolute_path(file)
+      if file.nil?
+        raise PkernelJce::Error, "Cannot get absolute path for file is nil"
+      else
+        file.absolute_path
+      end
+    end # absolute_path
+
+    def JFile.equal?(*files,&block)
+      if files.length > 1
+        
+        if block
+          bufLen = block.call(:bufLen)
+        end
+        bufLen = bufLen || 102400
+
+        equal = false
+        result = nil
+        md = java.security.MessageDigest.getInstance("SHA256")
+        files.each do |f|
+          ff = java.io.File.new(f)  
+          if ff.exist?
+            buf = Java::byte[bufLen].new
+            fis = java.io.FileInputStream.new(ff)
+            while((read = fis.read(buf,0,buf.length)) != -1)
+              md.update(buf,0,read)
+            end
+            res = md.digest
+            if result.nil?
+              result = res
+            elsif not java.util.Arrays.is_equals(res, result)
+              equal = false
+              break
+            else
+              result = res
+            end
+            
+            md.reset
+          else
+            raise PkernelJce::Error, "Given file to compare equal '#{f}' does not exist"
+          end
+        end
+
+        equal
+      else
+        true
+      end
+    end # equals?
+
+    def JFile.copy(src,dest,opts = { },&block)
+      raise PkernelJce::Error, "Source cannot be nil or empty" if src.nil? or src.empty?
+      raise PkernelJce::Error, "Destination cannot be nil" if dest.nil?
+     
+      if src.is_a?(java.io.InputStream)
+        src = src
+        srcLength = src.length
+      elsif src.is_a?(String)
+        # assume is file path?
+        f = java.io.File.new(src)
+        raise PkernelJce::Error, "Given file doesn't exist [#{f.absolute_path}]" if not f.exists
+        raise PkernelJce::Error, "Cannot read source file from a directory [#{f.absolute_path}]" if f.is_directory?
+        src = java.io.FileInputStream.new(f)
+        srcLength = f.length
+      else
+        raise PkernelJce::Error, "Unsupported source file type #{src.class}"
+      end
+
+      if dest.is_a?(java.io.OutputStream)
+        PkernelJce::GConf.instance.glog.debug "Given dest is an OutputStream. Direct use the object."
+        os = dest
+      elsif dest.is_a?(String)
+        # assume is file path?
+        f = java.io.File.new(dest)
+        raise PkernelJce::Error, "Cannot write dest to a directory [#{f.absolute_path}]" if f.is_directory?
+        
+        PkernelJce::GConf.instance.glog.debug "Opening given path #{f.absolute_path} to copy file into"
+        os = java.io.FileOutputStream.new(f)
+        
+      else
+        raise PkernelJce::Error, "Unsupported destination type #{dest.class}"
+      end
+
+      bufSize = opts[:bufSize] || 1024000
+      b = Java::byte[bufSize].new
+      totalWritten = 0
+      while((read = src.read(b,0,b.length)) != -1)
+        if block
+          block.call(:before_write, { buf: b, from: 0, len: read })
+        end
+        
+        os.write(b,0,read)  
+
+        totalWritten += read
+        if block
+          block.call(:progress, { total: srcLength, written: read, processed: totalWritten })
+        end
+      end
+      
+    end # copy
+
+    def to_memory(file, opts = { }, &block) 
+      raise PkernelJce::Error, "No file given" if file.nil?
+      f = java.io.File.new(file)
+      raise PkernelJce::Error, "Given file #{f.absolute_path} does not exist" if not f.exists
+      raise PkernelJce::Error, "Given file #{f.absolute_path} is a directory" if f.directory?
+
+      total = f.length
+      bufSize = opts[:bufSize] || 1024000
+      b = Java::byte[bufSize].new
+      baos = java.io.ByteArrayOutputStream.new
+      processed = 0
+      fis = java.io.FileInputStream.new(f)
+      while((read = fis.read(b,0,b.length)) != -1)
+        baos.write(b,0,read)
+        processed += read
+
+        block.call(:progress, { total: total, processed: processed, wwritten: read }) if block
+      end
+
+      baos.toByteArray
+    end # to_memory
+  end # module JFile
+end

data/lib/pkernel_jce/jmembuf.rb

@@ -0,0 +1,7 @@
+
+
+module PkernelJce
+  module JMemBuf
+
+  end
+end

data/lib/pkernel_jce/keypair.rb

@@ -4,19 +4,11 @@ require 'pkernel'
 require_relative 'provider'
 require_relative 'global'
 
+require_relative 'converter'
+
 module PkernelJce
   module KeyPair
 
-    def KeyPair.capabilities(type)
-      case type
-      when :rsa
-      when :dsa
-      when :ecc
-      else
-        {}
-      end
-    end
-
     def generate(algo, conf = {})
      
       log = conf[:log]
@@ -40,6 +32,7 @@ module PkernelJce
         
         kpg.java_send :initialize, [Java::int], len
         kpg.generate_key_pair
+
       when "DSA"
         len = conf[:len] || 2048
         log.debug "Generating DSA #{len} bits with provider #{prov == nil ? 'default' : prov.name}"
@@ -54,6 +47,17 @@ module PkernelJce
       when "ECC","EC"
         # this only supported by bc?
         curve = conf[:curve] || "prime256v1"
+        curve.strip!
+        # Fp
+        # X9.62 : prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, prime256v1
+        # SEC : secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1
+        # NIST: P-224, P-256, P-384, P-521
+        # F 2m
+        # X9.62 : c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176w1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359v1, c2pnb368w1, c2tnb431r1
+        # SEC: sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1
+        # NIST : B-163, B-233, B-283, B-409, B-571
+        # Teletrust : brainpoolp160r1, brainpoolp160t1, brainpoolp192r1, brainpoolp192t1, brainpoolp224r1, brainpoolp224t1, brainpoolp256r1, brainpoolp256t1, brainpoolp320r1, brainpoolp320t1, brainpoolp384r1, brainpoolp384t1, brainpoolp512r1, brainpoolp512t1
+        # GostR3410-2001-CryptoPro-A, GostR3410-2001-CryptoPro-XchB, GostR3410-2001-CryptoPro-XchA, GostR3410-2001-CryptoPro-C, GostR3410-2001-CryptoPro-B
         if prov.nil?
           #kpg = java.security.KeyPairGenerator.getInstance("ECDSA")
           # default Java does not have ECDSA yet as of Java 8
@@ -65,6 +69,48 @@ module PkernelJce
         kpg = java.security.KeyPairGenerator.getInstance("ECDSA", prov)
         kpg.java_send :initialize, [java.security.spec.AlgorithmParameterSpec, java.security.SecureRandom], java.security.spec.ECGenParameterSpec.new(curve), java.security.SecureRandom.new
         kpg.generate_key_pair
+
+      when "DH"
+
+        len = conf[:len] || 1024
+        certainty = conf[:certainty] || org.bouncycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator.getDefaultCertainty(len)
+        # for DH key, these two values can be shared...
+        # https://news.ycombinator.com/item?id=10397326
+        # this two values shall be in hex
+        p = conf[:p]
+        g = conf[:g]
+
+        if not p.nil?
+          p = java.math.BigInteger.new(p,16)
+        end
+
+        if not g.nil?
+          g = java.math.BigInteger.new(g,16)
+        end
+
+        prov = PkernelJce::Provider::DefProvider
+
+        if not (p.nil? and g.nil?)
+          log.debug "Generating DH key from given p and g"
+          gparam = org.bouncycastle.crypto.params.DHParameters.new(p,g)
+
+        else
+        
+          log.debug "Generating DH #{len} bits with provider #{prov.name}, certainty : #{certainty}."
+          if len > 1024
+            log.warn "Generating #{len} bits of DH key may take some time... so be patient..."
+          end
+
+          dhParamGen = org.bouncycastle.crypto.generators.DHParametersGenerator.new
+          dhParamGen.init(len,certainty, java.security.SecureRandom.new)
+          gparam = dhParamGen.generate_parameters
+        end
+
+        kgParam = org.bouncycastle.crypto.params.DHKeyGenerationParameters.new(java.security.SecureRandom.new, gparam)
+        kpg = org.bouncycastle.crypto.generators.DHKeyPairGenerator.new
+        kpg.init(kgParam)
+        kpg.generateKeyPair
+         
       else
         log.error "Unknown '#{algo}' for java keypair"
         raise PkernelJce::Error, "Unknown algo '#{algo}' for java keypair"
@@ -74,20 +120,28 @@ module PkernelJce
     # 
 
     def KeyPair.key_type(key)
-      if key.java_kind_of?(java.security.KeyPair)
+
+      case key
+      when java.security.KeyPair, org.bouncycastle.crypto.AsymmetricCipherKeyPair
         privKey = key.getPrivate
       else
         # given is private key
-        privKey = key
+        if KeyPair.is_private_key?(key)
+          privKey = key
+        else
+          raise PkernelJce::Error, "key_type API only check for keypair and private key. For public key type shall  call pub_key_type() API. Given key is #{key}"
+        end
       end
-      
+     
       case privKey
-      when java.security.interfaces.RSAPrivateCrtKey
+      when java.security.interfaces.RSAPrivateCrtKey, Java::OrgBouncycastleCryptoParams::RSAPrivateCrtKeyParameters
         Pkernel::KeyPair::RSA_KEY_NAME
-      when Java::sun.security.provider.DSAPrivateKey, org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPrivateKey
+      when Java::sun.security.provider.DSAPrivateKey, org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPrivateKey, Java::OrgBouncycastleCryptoParams::DSAPrivateKeyParameters
         Pkernel::KeyPair::DSA_KEY_NAME
-      when org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey
+      when org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey, Java::OrgBouncycastleCryptoParams::ECPrivateKeyParameters, Java::SunSecurityEc::ECPrivateKeyImpl
         Pkernel::KeyPair::EC_KEY_NAME
+      when org.bouncycastle.crypto.params.DHPrivateKeyParameters
+        Pkernel::KeyPair::DH_KEY_NAME
       else
         raise PkernelJce::Error, "Unknown priv key type '#{privKey.class}'"
       end
@@ -96,6 +150,19 @@ module PkernelJce
     # end get_key_type
     # 
 
+    def KeyPair.is_private_key?(key)
+      if key.nil?
+        false
+      else
+        case key
+        when java.security.interfaces.RSAPrivateCrtKey, Java::sun.security.provider.DSAPrivateKey, org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPrivateKey, org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey, Java::OrgBouncycastleCryptoParams::RSAPrivateCrtKeyParameters,  Java::OrgBouncycastleCryptoParams::DSAPrivateKeyParameters, Java::OrgBouncycastleCryptoParams::ECPrivateKeyParameters, Java::SunSecurityEc::ECPrivateKeyImpl, org.bouncycastle.crypto.AsymmetricCipherKeyPair, java.security.KeyPair
+          true
+        else
+          false
+        end
+      end
+    end
+
     def KeyPair.pub_key_type(key)
       if key.java_kind_of?(java.security.KeyPair)
         pubKey = key.public
@@ -110,8 +177,10 @@ module PkernelJce
         Pkernel::KeyPair::RSA_KEY_NAME
       when Java::sun.security.provider.DSAPublicKey, Java::OrgBouncycastleJcajceProviderAsymmetricDsa::BCDSAPublicKey
         Pkernel::KeyPair::DSA_KEY_NAME
-      when Java::OrgBouncycastleJcajceProviderAsymmetricEc::BCECPublicKey
+      when Java::OrgBouncycastleJcajceProviderAsymmetricEc::BCECPublicKey, Java::SunSecurityEc::ECPublicKeyImpl
         Pkernel::KeyPair::EC_KEY_NAME  
+      when org.bouncycastle.crypto.params.DHPublicKeyParameters
+        Pkernel::KeyPair::DH_KEY_NAME  
       else
         raise PkernelJce::Error, "Unknown pub key type '#{pubKey.class}'"
       end
@@ -134,19 +203,6 @@ module PkernelJce
       end
     end
 
-    def KeyPair.is_private_key?(key)
-      if key.nil?
-        false
-      else
-        case key
-        when java.security.interfaces.RSAPrivateCrtKey, Java::sun.security.provider.DSAPrivateKey, org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPrivateKey, org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey
-          true
-        else
-          false
-        end
-      end
-    end
-
     def KeyPair.is_keypair?(key)
       if key.nil?
         false
@@ -160,7 +216,7 @@ module PkernelJce
       end
     end
 
-    def KeyPair.public_key(priv)
+    def KeyPair.public_key(priv, opts = { })
       if priv.nil?
         raise PkernelJce::Error, "Cannot derive public key from nil key"
       else
@@ -177,11 +233,40 @@ module PkernelJce
             prov = PkernelJce::Provider.add_default
             java.security.KeyFactory.getInstance("DSA",prov).generatePublic(spec)
           when Pkernel::KeyPair::EC_KEY_NAME
-            d = priv.d;
-            q = priv.parameters.g.to_java.multiply(d);
-            pubSpec = org.bouncycastle.jce.spec.ECPublicKeySpec.new(q, priv.parameters);
-            prov = PkernelJce::Provider.add_default
-            java.security.KeyFactory.getInstance("EC",prov).generatePublic(pubSpec)
+            case priv
+              # No way to recover public key using SUN provider yet
+            #when Java::SunSecurityEc::ECPrivateKeyImpl
+              # this uses BC also so add provider first
+              #pProv = PkernelJce::Provider.add_default
+              #curveName = priv.params.name.split(" ")[0]
+
+              #ecSpec = org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util.convertSpec(priv.params,false)
+              #q = ecSpec.g.to_java.multiply(priv.s)
+              #bcW = ecSpec.curve.decodePoint(q.getEncoded(false))
+              ##w = org.bouncycastle.math.ec.ECPoint.new(bcW.getAffineXCoord.toBigInteger, bcW.getAffineYCoord.toBigInteger)
+              #w = java.security.spec.ECPoint.new(bcW.getAffineXCoord.toBigInteger, bcW.getAffineYCoord.toBigInteger)
+              #curveParam = org.bouncycastle.jce.ECNamedCurveTable.getParameterSpec(curveName)
+              ##keySpec = org.bouncycastle.jce.spec.ECPublicKeySpec.new(w,curveParam)
+              #keySpec = java.security.spec.ECPublicKeySpec.new(w,curveParam)
+
+              ##java.security.KeyFactory.getInstance("EC",pProv).generatePublic(keySpec)
+
+            when Java::OrgBouncycastleCryptoParams::ECPrivateKeyParameters, org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey
+              d = priv.d
+              q = priv.parameters.g.to_java.multiply(d)
+              pubSpec = org.bouncycastle.jce.spec.ECPublicKeySpec.new(q, priv.parameters)
+              prov = PkernelJce::Provider.add_default
+              java.security.KeyFactory.getInstance("EC",prov).generatePublic(pubSpec)
+            else
+              raise PkernelJce::Error, "Haven't figure out how to convert #{priv.class} into public key yet..."
+            end
+            #p priv
+            #p priv.methods.sort
+            #d = priv.d;
+            #q = priv.parameters.g.to_java.multiply(d);
+            #pubSpec = org.bouncycastle.jce.spec.ECPublicKeySpec.new(q, priv.parameters);
+            #prov = PkernelJce::Provider.add_default
+            #java.security.KeyFactory.getInstance("EC",prov).generatePublic(pubSpec)
           else
           end
         elsif priv.java_kind_of?(java.security.PublicKey)
@@ -200,6 +285,21 @@ module PkernelJce
     # end public_key(priv)
     # 
 
+    # 
+    # Compare 2 public keys
+    #
+    def KeyPair.is_public_key_equals?(pub1, pub2)
+      if not (pub1.nil? and pub2.nil?)
+        pubkey1 = KeyPair.public_key(pub1)
+        pubkey2 = KeyPair.public_key(pub2)
+
+        pubkey1.equals(pubkey2)
+
+      else
+        false
+      end
+    end # is_public_key_equals?
+
     # harmonize the private key acquiring
     # There are BC and Java, keypair and private key
     def KeyPair.private_key(kp)
@@ -247,7 +347,48 @@ module PkernelJce
       end 
     end
 
-    def dump(keypair, options = {})
+    def KeyPair.key_size(kp)
+      if KeyPair.is_keypair?(kp)
+        type = PkernelJce::KeyPair.key_type(KeyPair.private_key(kp))
+      elsif KeyPair.is_public_key?(kp)
+        type = PkernelJce::KeyPair.pub_key_type(kp)
+      elsif Certificate.is_cert_object?(kp)
+        type = PkernelJce::KeyPair.pub_key_type(Certificate.public_key(kp))
+      elsif KeyPair.is_private_key?(kp)
+        type = PkernelJce::KeyPair.key_type(kp)
+      else
+        raise PkernelJce::Error, "Unknown key type to derive signing key algo from"
+      end
+
+      case type
+      when Pkernel::KeyPair::RSA_KEY_NAME
+        if PkernelJce::KeyPair::is_keypair?(kp)
+          rsaKey = PkernelJce::KeyPair.private_key(kp)
+        elsif PkernelJce::KeyPair::is_private_key?(kp)
+          rsaKey = PkernelJce::KeyPair.private_key(kp)
+        elsif PkernelJce::KeyPair::is_public_key?(kp)
+          rsaKey = PkernelJce::KeyPair::public_key(kp)
+        end
+
+        rsaKey.modulus.bit_length
+
+      when Pkernel::KeyPair::DSA_KEY_NAME
+        if PkernelJce::KeyPair::is_keypair?(kp)
+          dsaKey = PkernelJce::KeyPair.private_key(kp)
+        elsif PkernelJce::KeyPair::is_private_key?(kp)
+          dsaKey = PkernelJce::KeyPair.private_key(kp)
+        elsif PkernelJce::KeyPair::is_public_key?(kp)
+          dsaKey = PkernelJce::KeyPair::public_key(kp)
+        end
+       
+        dsaKey.params.p.bit_length 
+
+      when Pkernel::KeyPair::EC_KEY_NAME
+
+      end
+    end
+
+    def dump(keypair, options = {} ,&block)
       if keypair.nil?
         raise PkernelJce::Error, "Keypair is nil during writing PEM"
       end
@@ -257,43 +398,115 @@ module PkernelJce
       file = options[:file]
       pass = options[:password]
       
-      binOut = java.io.ByteArrayOutputStream.new
+      #binOut = java.io.ByteArrayOutputStream.new
       
-      if file.nil?
-        PkernelJce::GConf.instance.glog.debug "Dump output to memory"
-        # return binary to caller
-        writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(binOut));
-      else
-        PkernelJce::GConf.instance.glog.debug "Dump output to file '#{file}'"
-        out = java.io.FileOutputStream.new(file)
-        writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(out));
+      if (pass.nil? or pass.empty?) and block
+        pass = block.call(:prompt_pass)
       end
 
-      begin
-        if pass.nil? or pass.empty?
-          writer.writeObject(keypair.getPrivate)
-        else
-          builder = org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder.new(org.bouncycastle.openssl.PKCS8Generator::AES_256_CBC).setProvider(PkernelJce::Provider::DefProvider).setPasssword(pass.to_java.toCharArray());
+      ## BC API
+      #if file.nil?
+      #  PkernelJce::GConf.instance.glog.debug "Dump output to memory"
+      #  # return binary to caller
+      #  writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(binOut));
+      #else
+      #  PkernelJce::GConf.instance.glog.debug "Dump output to file '#{file}'"
+      #  out = java.io.FileOutputStream.new(file)
+      #  writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(out));
+      #end
+
+      #begin
+      #  if pass.nil? or pass.empty?
+      #    writer.writeObject(keypair.getPrivate)
+      #  else
+      #    builder = org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder.new(org.bouncycastle.openssl.PKCS8Generator::AES_256_CBC).setProvider(PkernelJce::Provider::DefProvider).setPasssword(pass.to_java.toCharArray());
+
+      #    pkcs8 = org.bouncycastle.openssl.jcajce.JcaPKCS8Generator.new(keypair.getPrivate, builder.build);
+      #    writer.writeObject(pkcs8)
+      #  end
+      #ensure
+      #  writer.flush
+      #  writer.close
+      #end
+
+      # Java API
+      prov = options[:provider]
+      if not prov.nil?
+        prov = PkernelJce::Provider.add_provider(prov)
+      end
 
-          pkcs8 = org.bouncycastle.openssl.jcajce.JcaPKCS8Generator.new(keypair.getPrivate, builder.build);
-          writer.writeObject(pkcs8)
+      if pass.nil? or pass.empty?
+        PkernelJce::GConf.instance.glog.warn "Dumping of private key without password!"
+        encInfo = java.security.spec.PKCS8EncodedKeySpec.new(PkernelJce::KeyPair.private_key(keypair).encoded)
+      else
+        pbeAlgo = options[:pbeAlgo]
+        # todo test this algo with openssl and see...
+        pbeAlgo = "PBEWithSHA1AndRC4_128" if pbeAlgo.nil? or pbeAlgo.empty?
+
+        salt = Java::byte[32].new
+        Java::JavaSecurity::SecureRandom.new.nextBytes(salt)
+        pbeParamSpec = Java::JavaxCryptoSpec::PBEParameterSpec.new(salt,88)
+        pbeKeySpec = Java::JavaxCryptoSpec::PBEKeySpec.new(pass.to_java.toCharArray)
+        if not prov.nil?
+
+          secKeyFact = Java::JavaxCrypto::SecretKeyFactory.getInstance(pbeAlgo,prov)
+          pbeKey = secKeyFact.generateSecret(pbeKeySpec)
+          cipher = Java::JavaxCrypto::Cipher.getInstance(pbeAlgo,prov)
+          cipher.init(Java::JavaxCrypto::Cipher::ENCRYPT_MODE,pbeKey,pbeParamSpec)
+          output = cipher.doFinal(PkernelJce::KeyPair.private_key(keypair).getEncoded())
+          algoParam = Java::JavaSecurity::AlgorithmParameters.getInstance(pbeAlgo,prov)
+
+        else
+          secKeyFact = Java::JavaxCrypto::SecretKeyFactory.getInstance(pbeAlgo)
+          pbeKey = secKeyFact.generateSecret(pbeKeySpec)
+          cipher = Java::JavaxCrypto::Cipher.getInstance(pbeAlgo)
+          cipher.init(Java::JavaxCrypto::Cipher::ENCRYPT_MODE,pbeKey,pbeParamSpec)
+          output = cipher.doFinal(PkernelJce::KeyPair.private_key(keypair).getEncoded())
+          algoParam = Java::JavaSecurity::AlgorithmParameters.getInstance(pbeAlgo)
         end
-      ensure
-        writer.flush
-        writer.close
+
+        algoParam.init(pbeParamSpec)
+        encPrivInfo = Java::JavaxCrypto::EncryptedPrivateKeyInfo.new(algoParam,output)
+        encInfo = encPrivInfo
       end
 
-      if file.nil?
-        binOut.toByteArray  
+      cont = []
+      keyType = KeyPair.key_type(keypair)
+      case keyType
+      when Pkernel::KeyPair::RSA_KEY_NAME
+        cont << "-----BEGIN RSA PRIVATE KEY-----" 
+        cont << PkernelJce::Converter.to_mb64(encInfo.getEncoded)
+        cont << "-----END RSA PRIVATE KEY-----" 
+      when Pkernel::KeyPair::DSA_KEY_NAME
+        cont << "-----BEGIN DSA PRIVATE KEY-----" 
+        cont << PkernelJce::Converter.to_mb64(encInfo.getEncoded)
+        cont << "-----END DSA PRIVATE KEY-----" 
+      when Pkernel::KeyPair::EC_KEY_NAME
+        cont << "-----BEGIN EC PRIVATE KEY-----" 
+        cont << PkernelJce::Converter.to_mb64(encInfo.getEncoded)
+        cont << "-----END EC PRIVATE KEY-----" 
+      else
+        raise PkernelJce::Error, "Unsupported key type #{keyType}"
       end
+
+      pkcs8Envelope = cont.join("\n")
+
+      #pkcs8Envelope = encPrivInfo.getEncoded()
+
+      if not file.nil?
+        fos = java.io.FileOutputStream.new(file)
+        fos.write(pkcs8Envelope.to_java.getBytes)
+        fos.flush
+        fos.close
+      end
+
+      pkcs8Envelope
+
     end
     # end dump
 
     def load(opts = {}, &block)
-      #is = opts[:inputStream]
-      #if is.nil? 
-      #  raise PkernelJce::Error, "InputStream not given"
-      #end 
+      
       file = opts[:file]
       bin = opts[:bin]
 
@@ -319,40 +532,145 @@ module PkernelJce
         raise PkernelJce::Error, "No 'file' or 'bin' is defined to load keypair"
       end
 
-      prov = opts[:provider] || PkernelJce::Provider::DefProvider
-      prov = PkernelJce::Provider.add_provider(prov)
-
-      reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(baos.toByteArray)))
-      obj = reader.readObject
-      #p obj.inspect
-      #p obj.methods.sort
-      #p obj.java_kind_of?(org.bouncycastle.openssl.PEMEncryptedKeyPair)
-      if obj.is_a?(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
-        pass = opts[:password]
-        if pass.nil?
-          if block
-            pass = block.call(:password)
-          else
-            raise PkernelJce::Error, "PEM key is encrypted. Please provide a password to load the key."
-          end
+      prov = opts[:provider]
+      if not prov.nil?
+        prov = PkernelJce::Provider.add_provider(prov)
+      end
+
+      pass = opts[:password]
+      if (pass.nil? or pass.empty?) and block
+        pass = block.call(:prompt_pass) 
+      end
+
+      cont = String.from_java_bytes(baos.toByteArray)
+      cont.gsub!("-----BEGIN RSA PRIVATE KEY-----","")
+      cont.gsub!("-----END RSA PRIVATE KEY-----","")
+      cont.gsub!("-----BEGIN DSA PRIVATE KEY-----","")
+      cont.gsub!("-----END DSA PRIVATE KEY-----","")
+      cont.gsub!("-----BEGIN EC PRIVATE KEY-----","")
+      cont.gsub!("-----END EC PRIVATE KEY-----","")
+      econt = PkernelJce::Converter.from_mb64(cont)
+      #fos = java.io.FileOutputStream.new("test.bin")
+      #fos.write(econt)
+      #fos.flush
+      #fos.close
+
+      # Java API
+      if not (pass.nil? or pass.empty?)
+
+        PkernelJce::GConf.instance.glog.debug "Password protected envelope"
+        encPrivInfo = Java::JavaxCrypto::EncryptedPrivateKeyInfo.new(econt)
+        cipher = Java::JavaxCrypto::Cipher::getInstance(encPrivInfo.getAlgName())
+        pbeKeySpec = Java::JavaxCryptoSpec::PBEKeySpec.new(pass.to_java.toCharArray)
+        if(prov != nil)
+          secKeyFact = Java::JavaxCrypto::SecretKeyFactory.getInstance(encPrivInfo.getAlgName(),prov)
+        else
+          secKeyFact = Java::JavaxCrypto::SecretKeyFactory.getInstance(encPrivInfo.getAlgName())
         end
-        decProv = org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder.new.setProvider(PkernelJce::Provider::DefProvider).build(pass.to_java.toCharArray)
-        keyinfo = obj.decryptPrivateKeyInfo(decProv)
+        pbeKey = secKeyFact.generateSecret(pbeKeySpec)
+
+        cipher.init(Java::JavaxCrypto::Cipher::DECRYPT_MODE, pbeKey,encPrivInfo.getAlgParameters())
 
-        converter = org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.new
-        converter.getPrivateKey(keyinfo)
+        pkcs8KeySpec = encPrivInfo.getKeySpec(cipher)
+        #privKeyParam = Java::OrgBouncycastleCryptoUtil::PrivateKeyFactory::createKey(pkcs8KeySpec)
       else
-        keySpec = java.security.spec.PKCS8EncodedKeySpec.new(obj.getPrivateKeyInfo.encoded)
-        # Now it's in a PKCS#8 PrivateKeyInfo structure. Read its Algorithm
-        # OID and use that to construct a KeyFactory.
-        bIn = org.bouncycastle.asn1.ASN1InputStream.new(java.io.ByteArrayInputStream.new(keySpec.getEncoded()));
-        pki = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(bIn.readObject());
-        algOid = pki.getPrivateKeyAlgorithm().getAlgorithm().getId();
-        java.security.KeyFactory.getInstance(algOid,prov).generatePrivate(keySpec);
+        pkcs8KeySpec = java.security.spec.PKCS8EncodedKeySpec.new(econt)
+      end
+
+			key = org.bouncycastle.crypto.util.PrivateKeyFactory::createKey(java.io.ByteArrayInputStream.new(pkcs8KeySpec.getEncoded))
+      keyType = KeyPair.key_type(key)
+      case keyType
+      when Pkernel::KeyPair::RSA_KEY_NAME
         
-        #privKey = java.security.KeyFactory.getInstance("RSA").generatePrivate(keySpec)
-        #privKey
+        if prov.nil?
+          keyFact = Java::JavaSecurity::KeyFactory.getInstance("RSA")
+        else
+          keyFact = Java::JavaSecurity::KeyFactory.getInstance("RSA",prov)
+        end
+				#privKey = keyFact.generatePrivate(pkcs8KeySpec)
+				## here is how to convert into RSAPublicKey, become keypair!
+				#pubKeySpec = Java::JavaSecuritySpec::RSAPublicKeySpec.new(privKey.getModulus(),privKey.getPublicExponent())
+				#pubKey = keyFact.generatePublic(pubKeySpec)
+
+				#Java::JavaSecurity::KeyPair.new(pubKey,privKey)
+
+      when Pkernel::KeyPair::DSA_KEY_NAME
+
+        if prov.nil?
+          keyFact = Java::JavaSecurity::KeyFactory.getInstance("DSA")
+        else
+          keyFact = Java::JavaSecurity::KeyFactory.getInstance("DSA",prov)
+        end
+        
+      when Pkernel::KeyPair::EC_KEY_NAME
+
+        if prov.nil?
+          keyFact = Java::JavaSecurity::KeyFactory.getInstance("EC")
+        else
+          keyFact = Java::JavaSecurity::KeyFactory.getInstance("EC",prov)
+        end
+
+      else
+        
+        raise PkernelJce::Error, "Unknown key type #{keyType}"
+ 
       end
+
+      privKey = keyFact.generatePrivate(pkcs8KeySpec)
+      ## here is how to convert into RSAPublicKey, become keypair!
+      #pubKeySpec = Java::JavaSecuritySpec::RSAPublicKeySpec.new(privKey.getModulus(),privKey.getPublicExponent())
+      #pubKey = keyFact.generatePublic(pubKeySpec)
+
+      #pubKey = PkernelJce::KeyPair.public_key(privKey)
+      #Java::JavaSecurity::KeyPair.new(pubKey,privKey)
+
+      privKey
+
+
+			#if key.java_kind_of? org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters
+			#	keyFact = Java::JavaSecurity::KeyFactory.getInstance("RSA")
+			#	privKey = keyFact.generatePrivate(pkcs8KeySpec)
+			#	# here is how to convert into RSAPublicKey, become keypair!
+			#	pubKeySpec = Java::JavaSecuritySpec::RSAPublicKeySpec.new(privKey.getModulus(),privKey.getPublicExponent())
+			#	pubKey = keyFact.generatePublic(pubKeySpec)
+
+			#	Java::JavaSecurity::KeyPair.new(pubKey,privKey)
+			#else
+			#	raise PkernelJce::Error, "Unsupported PKCS8 store of type #{key}"
+			#end
+ 
+      # BC API
+      #reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(baos.toByteArray)))
+      #obj = reader.readObject
+      ##p obj.inspect
+      ##p obj.methods.sort
+      ##p obj.java_kind_of?(org.bouncycastle.openssl.PEMEncryptedKeyPair)
+      #if obj.is_a?(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
+      #  pass = opts[:password]
+      #  if pass.nil?
+      #    if block
+      #      pass = block.call(:password)
+      #    else
+      #      raise PkernelJce::Error, "PEM key is encrypted. Please provide a password to load the key."
+      #    end
+      #  end
+      #  decProv = org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder.new.setProvider(PkernelJce::Provider::DefProvider).build(pass.to_java.toCharArray)
+      #  keyinfo = obj.decryptPrivateKeyInfo(decProv)
+
+      #  converter = org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.new
+      #  converter.getPrivateKey(keyinfo)
+      #else
+      #  keySpec = java.security.spec.PKCS8EncodedKeySpec.new(obj.getPrivateKeyInfo.encoded)
+      #  # Now it's in a PKCS#8 PrivateKeyInfo structure. Read its Algorithm
+      #  # OID and use that to construct a KeyFactory.
+      #  bIn = org.bouncycastle.asn1.ASN1InputStream.new(java.io.ByteArrayInputStream.new(keySpec.getEncoded()));
+      #  pki = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(bIn.readObject());
+      #  algOid = pki.getPrivateKeyAlgorithm().getAlgorithm().getId();
+      #  java.security.KeyFactory.getInstance(algOid,prov).generatePrivate(keySpec);
+      #  
+      #  #privKey = java.security.KeyFactory.getInstance("RSA").generatePrivate(keySpec)
+      #  #privKey
+      #end
         
     end
     # end load()