Examples with CryptoException org.hyperledger.fabric.sdk.exception.CryptoException used on opensource projects

Example 1 with CryptoException

use of org.hyperledger.fabric.sdk.exception.CryptoException in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method setProperties.

// /* (non-Javadoc)
// * @see org.hyperledger.fabric.sdk.security.CryptoSuite#setProperties(java.util.Properties)
// */
// @Override
void setProperties(Properties properties) throws CryptoException, InvalidArgumentException {
    if (properties == null) {
        throw new InvalidArgumentException("properties must not be null");
    }
    // if (properties != null) {
    hashAlgorithm = Optional.ofNullable(properties.getProperty(Config.HASH_ALGORITHM)).orElse(hashAlgorithm);
    String secLevel = Optional.ofNullable(properties.getProperty(Config.SECURITY_LEVEL)).orElse(Integer.toString(securityLevel));
    securityLevel = Integer.parseInt(secLevel);
    if (properties.containsKey(Config.SECURITY_CURVE_MAPPING)) {
        securityCurveMapping = Config.parseSecurityCurveMappings(properties.getProperty(Config.SECURITY_CURVE_MAPPING));
    } else {
        securityCurveMapping = config.getSecurityCurveMapping();
    }
    final String providerName = properties.containsKey(Config.SECURITY_PROVIDER_CLASS_NAME) ? properties.getProperty(Config.SECURITY_PROVIDER_CLASS_NAME) : config.getSecurityProviderClassName();
    try {
        SECURITY_PROVIDER = setUpExplictProvider(providerName);
    } catch (Exception e) {
        throw new InvalidArgumentException(format("Getting provider for class name: %s", providerName), e);
    }
    CERTIFICATE_FORMAT = Optional.ofNullable(properties.getProperty(Config.CERTIFICATE_FORMAT)).orElse(CERTIFICATE_FORMAT);
    DEFAULT_SIGNATURE_ALGORITHM = Optional.ofNullable(properties.getProperty(Config.SIGNATURE_ALGORITHM)).orElse(DEFAULT_SIGNATURE_ALGORITHM);
    resetConfiguration();
}

Example 2 with CryptoException

use of org.hyperledger.fabric.sdk.exception.CryptoException in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method ecdsaSignToBytes.

/**
 * Sign data with the specified elliptic curve private key.
 *
 * @param privateKey elliptic curve private key.
 * @param data       data to sign
 * @return the signed data.
 * @throws CryptoException
 */
private byte[] ecdsaSignToBytes(ECPrivateKey privateKey, byte[] data) throws CryptoException {
    try {
        X9ECParameters params = ECNamedCurveTable.getByName(curveName);
        BigInteger curveN = params.getN();
        Signature sig = SECURITY_PROVIDER == null ? Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM) : Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM, SECURITY_PROVIDER);
        sig.initSign(privateKey);
        sig.update(data);
        byte[] signature = sig.sign();
        BigInteger[] sigs = decodeECDSASignature(signature);
        sigs = preventMalleability(sigs, curveN);
        ByteArrayOutputStream s = new ByteArrayOutputStream();
        DERSequenceGenerator seq = new DERSequenceGenerator(s);
        seq.addObject(new ASN1Integer(sigs[0]));
        seq.addObject(new ASN1Integer(sigs[1]));
        seq.close();
        return s.toByteArray();
    } catch (Exception e) {
        throw new CryptoException("Could not sign the message using private key", e);
    }
}

Example 3 with CryptoException

use of org.hyperledger.fabric.sdk.exception.CryptoException in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method addCACertificateToTrustStore.

/**
 * addCACertificateToTrustStore adds a CA cert to the set of certificates used for signature validation
 *
 * @param caCertPem an X.509 certificate in PEM format
 * @param alias     an alias associated with the certificate. Used as shorthand for the certificate during crypto operations
 * @throws CryptoException
 * @throws InvalidArgumentException
 */
public void addCACertificateToTrustStore(File caCertPem, String alias) throws CryptoException, InvalidArgumentException {
    if (caCertPem == null) {
        throw new InvalidArgumentException("The certificate cannot be null");
    }
    if (alias == null || alias.isEmpty()) {
        throw new InvalidArgumentException("You must assign an alias to a certificate when adding to the trust store");
    }
    BufferedInputStream bis;
    try {
        bis = new BufferedInputStream(new ByteArrayInputStream(FileUtils.readFileToByteArray(caCertPem)));
        Certificate caCert = cf.generateCertificate(bis);
        addCACertificateToTrustStore(caCert, alias);
    } catch (CertificateException | IOException e) {
        throw new CryptoException("Unable to add CA certificate to trust store. Error: " + e.getMessage(), e);
    }
}

Example 4 with CryptoException

use of org.hyperledger.fabric.sdk.exception.CryptoException in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method verify.

@Override
public boolean verify(byte[] pemCertificate, String signatureAlgorithm, byte[] signature, byte[] plainText) throws CryptoException {
    boolean isVerified = false;
    if (plainText == null || signature == null || pemCertificate == null) {
        return false;
    }
    if (config.extraLogLevel(10)) {
        if (null != diagnosticFileDumper) {
            StringBuilder sb = new StringBuilder(10000);
            sb.append("plaintext in hex: " + DatatypeConverter.printHexBinary(plainText));
            sb.append("\n");
            sb.append("signature in hex: " + DatatypeConverter.printHexBinary(signature));
            sb.append("\n");
            sb.append("PEM cert in hex: " + DatatypeConverter.printHexBinary(pemCertificate));
            logger.trace("verify :  " + diagnosticFileDumper.createDiagnosticFile(sb.toString()));
        }
    }
    try {
        X509Certificate certificate = getX509Certificate(pemCertificate);
        if (certificate != null) {
            isVerified = validateCertificate(certificate);
            if (isVerified) {
                // only proceed if cert is trusted
                Signature sig = Signature.getInstance(signatureAlgorithm);
                sig.initVerify(certificate);
                sig.update(plainText);
                isVerified = sig.verify(signature);
            }
        }
    } catch (InvalidKeyException e) {
        CryptoException ex = new CryptoException("Cannot verify signature. Error is: " + e.getMessage() + "\r\nCertificate: " + DatatypeConverter.printHexBinary(pemCertificate), e);
        logger.error(ex.getMessage(), ex);
        throw ex;
    } catch (NoSuchAlgorithmException | SignatureException e) {
        CryptoException ex = new CryptoException("Cannot verify. Signature algorithm is invalid. Error is: " + e.getMessage(), e);
        logger.error(ex.getMessage(), ex);
        throw ex;
    }
    return isVerified;
}

Example 5 with CryptoException

use of org.hyperledger.fabric.sdk.exception.CryptoException in project fabric-sdk-java by hyperledger.

the class CryptoPrimitives method createTrustStore.

private void createTrustStore() throws CryptoException {
    try {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        setTrustStore(keyStore);
    } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException | InvalidArgumentException e) {
        throw new CryptoException("Cannot create trust store. Error: " + e.getMessage(), e);
    }
}