Example 1 with CertificateException
use of javax.security.cert.CertificateException in project OpenAttestation by OpenAttestation.
the class ProvisionTPM method takeOwnership.
/**
* Entry point into the program
* @throws Exception
*/
public static void takeOwnership() throws Exception {
// throws InvalidKeyException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, NoSuchProviderException, KeyStoreException, CertificateException, IOException, javax.security.cert.CertificateException {
//get properties file info
final String OWNER_AUTH = "TpmOwnerAuth";
final String EC_VALIDITY = "EcValidityDays";
final String EC_STORAGE = "ecStorage";
final String PRIVACY_CA_URL = "PrivacyCaUrl";
final String TRUST_STORE = "TrustStore";
final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
final String EC_LOCATION = "ecLocation";
String ecStorage = "";
String ecStorageFileName = "";
String PrivacyCaUrl = "";
int EcValidityDays = 0;
String PrivacyCaCertFile = "";
byte[] TpmOwnerAuth = null;
byte[] encryptCert = null;
byte[] pubEkMod = null;
X509Certificate pcaCert = null;
PublicKey publicKey = null;
//This is for logging purpose
String propertiesFileName = ResourceFinder.getLocation("hisprovisioner.properties");
FileInputStream PropertyFile = null;
String tpmOwnerAuth = "";
String homeFolder = "";
try {
File propFile = ResourceFinder.getFile("hisprovisioner.properties");
PropertyFile = new FileInputStream(propFile);
Properties HisProvisionerProperties = new Properties();
HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
homeFolder = propFile.getAbsolutePath();
homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
log.info("Home folder : " + homeFolder);
EcValidityDays = Integer.parseInt(HisProvisionerProperties.getProperty(EC_VALIDITY, ""));
tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
if (tpmOwnerAuth != null) {
TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
}
//else if (tpmOwnerAuth.length() == 40) {
// log.info("owner authentication is hex code formatted");
// TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
//} else {
// log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
//}
//TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH, ""));
PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
log.info("ecStorageFileName:" + ecStorageFileName);
} catch (FileNotFoundException e) {
throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (IOException e) {
throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (NumberFormatException e) {
throw new PrivacyCAException("Error while reading EcValidityDays", e);
} finally {
if (PropertyFile != null) {
try {
PropertyFile.close();
} catch (IOException e) {
log.log(Level.SEVERE, "Error while closing the property file ", e);
}
}
}
String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
boolean hasErrors = false;
if (EcValidityDays == 0) {
errorString += " - \"EcValidityDays\" value must be the number of validity days for the Endorsement Credential\n";
hasErrors = true;
}
if (TpmOwnerAuth == null) {
// || TpmOwnerAuth.length != 20){
errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner auth\n";
hasErrors = true;
}
if (hasErrors) {
throw new PrivacyCAException(errorString);
}
//Provision the TPM
log.info("Performing TPM provisioning...");
Security.addProvider(new BouncyCastleProvider());
SecretKey deskey = TpmUtils.generateSecretKey();
// Take Ownership
byte[] nonce = null;
try {
nonce = TpmUtils.createRandomBytes(20);
TpmModule.takeOwnership(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
if (e.toString().contains(".takeOwnership returned nonzero error: 4")) {
Logger.getLogger(ProvisionTPM.class.getName()).info("Ownership is already taken : ");
if (!System.getProperty("forceCreateEk", "false").equals("true")) {
// feature to help with bug #554 and allow admin to force creating an ek (in case it failed the first time due to a non-tpm error such as java missing classes exception
return;
}
} else
throw e;
} catch (IOException e) {
e.printStackTrace();
}
// Create Endorsement Certificate
try {
nonce = TpmUtils.createRandomBytes(20);
pubEkMod = TpmModule.getEndorsementKeyModulus(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (Exception e) {
System.out.println("Error getting PubEK: " + e.toString());
}
try {
pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
if (pcaCert != null) {
publicKey = (RSAPublicKey) pcaCert.getPublicKey();
}
} catch (Exception e) {
System.out.println("print out error message: " + e.toString());
e.printStackTrace();
}
try {
IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
encryptCert = hisPrivacyCAWebService2.requestGetEC(TpmUtils.encryptDES(pubEkMod, deskey), TpmUtils.encryptRSA(deskey.getEncoded(), publicKey), EcValidityDays);
} catch (Exception e) {
System.out.println("FAILED");
e.printStackTrace();
System.exit(1);
}
//Decrypt and generate endorsement certificate
X509Certificate ekCert = null;
try {
if (encryptCert != null) {
ekCert = TpmUtils.certFromBytes(TpmUtils.decryptDES(encryptCert, deskey));
}
} catch (java.security.cert.CertificateException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
// Store the new EC in NV-RAM or in the file
try {
if (ecStorage.equalsIgnoreCase("file")) {
File ecFile = new File(ecStorageFileName);
FileOutputStream ecFileOut = new FileOutputStream(ecFile);
ecFileOut.write(ekCert.getEncoded());
ecFileOut.flush();
ecFileOut.close();
} else {
TpmModule.setCredential(TpmOwnerAuth, "EC", ekCert.getEncoded());
}
System.out.println(ekCert.getEncoded().length);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println("DONE");
//System.exit(0);
return;
}
Also used :
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(javax.security.cert.CertificateException)
Properties(java.util.Properties)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)
InputStreamReader(java.io.InputStreamReader)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
FileInputStream(java.io.FileInputStream)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IOException(java.io.IOException)
TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(javax.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
SecretKey(javax.crypto.SecretKey)
FileOutputStream(java.io.FileOutputStream)
TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException)
File(java.io.File)
Example 2 with CertificateException
use of javax.security.cert.CertificateException in project robovm by robovm.
the class X509CertificateTest method testVerifyPublicKey.
/**
* @throws SignatureException
* @throws NoSuchProviderException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* @throws CertificateException
* {@link Certificate#verify(PublicKey)}
*/
@SideEffect("Destroys MD5 provider, hurts succeeding tests")
public void testVerifyPublicKey() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, CertificateException {
// Preconditions
assertNotNull(javaxCert.getPublicKey());
assertNotNull(javaxSSCert.getPublicKey());
// here not self signed:
try {
javaxCert.verify(javaxCert.getPublicKey());
} catch (SignatureException e) {
// ok
}
PublicKey k = javaxCert.getPublicKey();
MyModifiablePublicKey changedEncoding = new MyModifiablePublicKey(k);
changedEncoding.setEncoding(new byte[javaxCert.getEncoded().length - 1]);
try {
javaxCert.verify(tbt_cert.getPublicKey());
} catch (InvalidKeyException e) {
// ok
}
try {
javaxCert.verify(null);
} catch (Exception e) {
// ok
}
try {
javaxCert.verify(changedEncoding);
fail("Exception expected");
} catch (Exception e) {
// ok
}
// following test doesn't work because the algorithm is derived from
// somewhere else.
// MyModifiablePublicKey changedAlgo = new MyModifiablePublicKey(k);
// changedAlgo.setAlgorithm("MD5withBla");
// try {
// javaxCert.verify(changedAlgo);
// fail("Exception expected");
// } catch (SignatureException e) {
// // ok
// }
// Security.removeProvider(mySSProvider.getName());
// try {
// javaxSSCert.verify(javaxSSCert.getPublicKey());
// } catch (NoSuchProviderException e) {
// // ok
// }
// Security.addProvider(mySSProvider);
// must always evaluate true for self signed
// javaxSSCert.verify(javaxSSCert.getPublicKey());
}
Also used :
PublicKey(java.security.PublicKey)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
CertificateExpiredException(javax.security.cert.CertificateExpiredException)
CertificateNotYetValidException(javax.security.cert.CertificateNotYetValidException)
CertificateEncodingException(javax.security.cert.CertificateEncodingException)
CertificateException(javax.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
NoSuchProviderException(java.security.NoSuchProviderException)
SideEffect(dalvik.annotation.SideEffect)
Example 3 with CertificateException
use of javax.security.cert.CertificateException in project robovm by robovm.
the class CertificateExceptionTest method testCertificateException02.
/**
* Test for <code>CertificateException(String)</code> constructor
* Assertion: constructs CertificateException with detail message msg.
* Parameter <code>msg</code> is not null.
*/
public void testCertificateException02() {
CertificateException tE;
for (int i = 0; i < msgs.length; i++) {
tE = new CertificateException(msgs[i]);
assertEquals("getMessage() must return: ".concat(msgs[i]), tE.getMessage(), msgs[i]);
assertNull("getCause() must return null", tE.getCause());
}
}
Also used :
CertificateException(javax.security.cert.CertificateException)
Example 4 with CertificateException
use of javax.security.cert.CertificateException in project robovm by robovm.
the class CertificateExceptionTest method testCertificateException03.
/**
* Test for <code>CertificateException(String)</code> constructor
* Assertion: constructs CertificateException when <code>msg</code> is
* null
*/
public void testCertificateException03() {
String msg = null;
CertificateException tE = new CertificateException(msg);
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
Also used :
CertificateException(javax.security.cert.CertificateException)
Example 5 with CertificateException
use of javax.security.cert.CertificateException in project robovm by robovm.
the class CertificateExceptionTest method testCertificateException01.
/**
* Test for <code>CertificateException()</code> constructor Assertion:
* constructs CertificateException with no detail message
*/
public void testCertificateException01() {
CertificateException tE = new CertificateException();
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
Also used :
CertificateException(javax.security.cert.CertificateException)
Aggregations
CertificateException (javax.security.cert.CertificateException)17
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
X509Certificate (java.security.cert.X509Certificate)3
CertificateEncodingException (javax.security.cert.CertificateEncodingException)3
X509Certificate (javax.security.cert.X509Certificate)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
NoSuchProviderException (java.security.NoSuchProviderException)2
PublicKey (java.security.PublicKey)2
LinkedHashMap (java.util.LinkedHashMap)2
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)2
Attribute (cz.metacentrum.perun.core.api.Attribute)1
AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)1
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)1
WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)1
SideEffect (dalvik.annotation.SideEffect)1
TpmModuleException (gov.niarl.his.privacyca.TpmModule.TpmModuleException)1
IHisPrivacyCAWebService2 (gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)1
BasicSSLSessionInfo (io.undertow.server.BasicSSLSessionInfo)1
