Search in sources :

Example 1 with RuntimeCryptoException

use of org.bouncycastle.crypto.RuntimeCryptoException in project xipki by xipki.

the class P11RSAContentSigner method getSignature.

@Override
public byte[] getSignature() {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        byte[] hashValue = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
        dataToSign = new byte[digestPkcsPrefix.length + hashValue.length];
        System.arraycopy(digestPkcsPrefix, 0, dataToSign, 0, digestPkcsPrefix.length);
        System.arraycopy(hashValue, 0, dataToSign, digestPkcsPrefix.length, hashValue.length);
    }
    try {
        if (mechanism == PKCS11Constants.CKM_RSA_X_509) {
            dataToSign = SignerUtil.EMSA_PKCS1_v1_5_encoding(dataToSign, modulusBitLen);
        }
        return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign);
    } catch (XiSecurityException | P11TokenException ex) {
        LogUtil.error(LOG, ex, "could not sign");
        throw new RuntimeCryptoException("SignerException: " + ex.getMessage());
    }
}
Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream)

Example 2 with RuntimeCryptoException

use of org.bouncycastle.crypto.RuntimeCryptoException in project ranger by apache.

the class RangerGoogleCloudHSMProvider method encryptZoneKey.

@Override
public byte[] encryptZoneKey(Key zoneKey) throws Exception {
    if (logger.isDebugEnabled()) {
        logger.debug("==> GCP encryptZoneKey()");
    }
    // Data to encrypt i.e a zoneKey
    byte[] primaryEncodedZoneKey = zoneKey.getEncoded();
    CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
    EncryptResponse encryptResponse = this.client.encrypt(keyName, ByteString.copyFrom(primaryEncodedZoneKey));
    if (encryptResponse == null) {
        throw new RuntimeCryptoException("Got null response for encrypt zone key operation, Please reverify/check configs!");
    }
    if (logger.isDebugEnabled()) {
        logger.debug("<== GCP encryptZoneKey() : EncryptResponse - { " + encryptResponse + " }");
    }
    return encryptResponse.getCiphertext().toByteArray();
}
Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) EncryptResponse(com.google.cloud.kms.v1.EncryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)

Example 3 with RuntimeCryptoException

use of org.bouncycastle.crypto.RuntimeCryptoException in project ranger by apache.

the class RangerGoogleCloudHSMProvider method decryptZoneKey.

@Override
public byte[] decryptZoneKey(byte[] encryptedByte) throws Exception {
    CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
    if (logger.isDebugEnabled()) {
        logger.debug("==> GCP decryptZoneKey() : CryptoKeyName - { " + keyName + " }");
    }
    DecryptResponse response = client.decrypt(keyName, ByteString.copyFrom(encryptedByte));
    if (response == null) {
        throw new RuntimeCryptoException("Got null response for decrypt zone key operation!");
    } else if (response.getPlaintext() == null || StringUtils.isEmpty(response.getPlaintext().toString())) {
        throw new RuntimeCryptoException("Error - Received null or empty decrypted zone key : " + response.getPlaintext());
    }
    if (logger.isDebugEnabled()) {
        logger.debug("<== GCP decryptZoneKey() : DecryptResponse - { " + response + " }");
    }
    return response.getPlaintext().toByteArray();
}
Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) DecryptResponse(com.google.cloud.kms.v1.DecryptResponse) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)

Example 4 with RuntimeCryptoException

use of org.bouncycastle.crypto.RuntimeCryptoException in project xipki by xipki.

the class P11MacContentSigner method getSignature.

@Override
public byte[] getSignature() {
    try {
        byte[] dataToSign = outputStream.toByteArray();
        outputStream.reset();
        return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign);
    } catch (XiSecurityException ex) {
        LogUtil.warn(LOG, ex);
        throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage());
    } catch (Throwable th) {
        LogUtil.warn(LOG, th);
        throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage());
    }
}
Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) XiSecurityException(org.xipki.security.exception.XiSecurityException)

Example 5 with RuntimeCryptoException

use of org.bouncycastle.crypto.RuntimeCryptoException in project ranger by apache.

the class RangerGoogleCloudHSMProvider method generateMasterKey.

@Override
public boolean generateMasterKey(String unused_password) throws Throwable {
    // The ENCRYPT_DECRYPT key purpose enables symmetric encryption.
    // All keys with key purpose ENCRYPT_DECRYPT use the GOOGLE_SYMMETRIC_ENCRYPTION algorithm.
    // No parameters are used with this algorithm.
    CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setProtectionLevel(ProtectionLevel.HSM).setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).build();
    // Create the key.
    CryptoKey createdKey = null;
    try {
        createdKey = client.createCryptoKey(this.keyRingName, this.gcpMasterKeyName, key);
    } catch (Exception e) {
        if (e instanceof AlreadyExistsException) {
            logger.info("MasterKey with the name '" + this.gcpMasterKeyName + "' already exist.");
            return true;
        } else {
            throw new RuntimeCryptoException("Failed to create master key with name '" + this.gcpMasterKeyName + "', Error - " + e.getMessage());
        }
    }
    if (createdKey == null) {
        logger.info("Failed to create master key : " + this.gcpMasterKeyName);
        return false;
    }
    logger.info("Master Key Created Successfully On Google Cloud HSM : " + this.gcpMasterKeyName);
    return true;
}
Also used : RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException) AlreadyExistsException(com.google.api.gax.rpc.AlreadyExistsException) CryptoKey(com.google.cloud.kms.v1.CryptoKey) AlreadyExistsException(com.google.api.gax.rpc.AlreadyExistsException) RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException)

Aggregations

RuntimeCryptoException (org.bouncycastle.crypto.RuntimeCryptoException)6 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)2 XiSecurityException (org.xipki.security.exception.XiSecurityException)2 AlreadyExistsException (com.google.api.gax.rpc.AlreadyExistsException)1 CryptoKey (com.google.cloud.kms.v1.CryptoKey)1 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)1 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)1 KeyRing (com.google.cloud.kms.v1.KeyRing)1 ByteString (com.google.protobuf.ByteString)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 P11TokenException (org.xipki.security.exception.P11TokenException)1