use of org.bouncycastle.crypto.RuntimeCryptoException in project xipki by xipki.
the class P11RSAContentSigner method getSignature.
@Override
public byte[] getSignature() {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
byte[] hashValue = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
dataToSign = new byte[digestPkcsPrefix.length + hashValue.length];
System.arraycopy(digestPkcsPrefix, 0, dataToSign, 0, digestPkcsPrefix.length);
System.arraycopy(hashValue, 0, dataToSign, digestPkcsPrefix.length, hashValue.length);
}
try {
if (mechanism == PKCS11Constants.CKM_RSA_X_509) {
dataToSign = SignerUtil.EMSA_PKCS1_v1_5_encoding(dataToSign, modulusBitLen);
}
return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign);
} catch (XiSecurityException | P11TokenException ex) {
LogUtil.error(LOG, ex, "could not sign");
throw new RuntimeCryptoException("SignerException: " + ex.getMessage());
}
}
use of org.bouncycastle.crypto.RuntimeCryptoException in project ranger by apache.
the class RangerGoogleCloudHSMProvider method encryptZoneKey.
@Override
public byte[] encryptZoneKey(Key zoneKey) throws Exception {
if (logger.isDebugEnabled()) {
logger.debug("==> GCP encryptZoneKey()");
}
// Data to encrypt i.e a zoneKey
byte[] primaryEncodedZoneKey = zoneKey.getEncoded();
CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
EncryptResponse encryptResponse = this.client.encrypt(keyName, ByteString.copyFrom(primaryEncodedZoneKey));
if (encryptResponse == null) {
throw new RuntimeCryptoException("Got null response for encrypt zone key operation, Please reverify/check configs!");
}
if (logger.isDebugEnabled()) {
logger.debug("<== GCP encryptZoneKey() : EncryptResponse - { " + encryptResponse + " }");
}
return encryptResponse.getCiphertext().toByteArray();
}
use of org.bouncycastle.crypto.RuntimeCryptoException in project ranger by apache.
the class RangerGoogleCloudHSMProvider method decryptZoneKey.
@Override
public byte[] decryptZoneKey(byte[] encryptedByte) throws Exception {
CryptoKeyName keyName = CryptoKeyName.of(this.gcpProjectId, this.gcpLocationId, this.gcpKeyRingId, this.gcpMasterKeyName);
if (logger.isDebugEnabled()) {
logger.debug("==> GCP decryptZoneKey() : CryptoKeyName - { " + keyName + " }");
}
DecryptResponse response = client.decrypt(keyName, ByteString.copyFrom(encryptedByte));
if (response == null) {
throw new RuntimeCryptoException("Got null response for decrypt zone key operation!");
} else if (response.getPlaintext() == null || StringUtils.isEmpty(response.getPlaintext().toString())) {
throw new RuntimeCryptoException("Error - Received null or empty decrypted zone key : " + response.getPlaintext());
}
if (logger.isDebugEnabled()) {
logger.debug("<== GCP decryptZoneKey() : DecryptResponse - { " + response + " }");
}
return response.getPlaintext().toByteArray();
}
use of org.bouncycastle.crypto.RuntimeCryptoException in project xipki by xipki.
the class P11MacContentSigner method getSignature.
@Override
public byte[] getSignature() {
try {
byte[] dataToSign = outputStream.toByteArray();
outputStream.reset();
return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign);
} catch (XiSecurityException ex) {
LogUtil.warn(LOG, ex);
throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage());
} catch (Throwable th) {
LogUtil.warn(LOG, th);
throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage());
}
}
use of org.bouncycastle.crypto.RuntimeCryptoException in project ranger by apache.
the class RangerGoogleCloudHSMProvider method generateMasterKey.
@Override
public boolean generateMasterKey(String unused_password) throws Throwable {
// The ENCRYPT_DECRYPT key purpose enables symmetric encryption.
// All keys with key purpose ENCRYPT_DECRYPT use the GOOGLE_SYMMETRIC_ENCRYPTION algorithm.
// No parameters are used with this algorithm.
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setProtectionLevel(ProtectionLevel.HSM).setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).build();
// Create the key.
CryptoKey createdKey = null;
try {
createdKey = client.createCryptoKey(this.keyRingName, this.gcpMasterKeyName, key);
} catch (Exception e) {
if (e instanceof AlreadyExistsException) {
logger.info("MasterKey with the name '" + this.gcpMasterKeyName + "' already exist.");
return true;
} else {
throw new RuntimeCryptoException("Failed to create master key with name '" + this.gcpMasterKeyName + "', Error - " + e.getMessage());
}
}
if (createdKey == null) {
logger.info("Failed to create master key : " + this.gcpMasterKeyName);
return false;
}
logger.info("Master Key Created Successfully On Google Cloud HSM : " + this.gcpMasterKeyName);
return true;
}
Aggregations