Search in sources :

Example 6 with SecretKeyFacade

use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.

the class JSSSecretKeyFactorySpi method generateKeyFromBits.

private SecretKey generateKeyFromBits(byte[] bits, SymmetricKey.Type keyType) throws NoSuchAlgorithmException, TokenException, InvalidKeySpecException, InvalidAlgorithmParameterException {
    try {
        KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.PLAINTEXT);
        wrapper.initUnwrap();
        SymmetricKey symk = wrapper.unwrapSymmetric(bits, keyType, 0);
        return new SecretKeyFacade(symk);
    } catch (InvalidKeyException e) {
        throw new InvalidKeySpecException(e.getMessage());
    }
}
Also used : KeyWrapper(org.mozilla.jss.crypto.KeyWrapper) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidKeyException(java.security.InvalidKeyException)

Example 7 with SecretKeyFacade

use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.

the class JSSKeyStoreSpi method engineSetKeyEntry.

@Override
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException {
    logger.debug("JSSKeyStoreSpi: engineSetKeyEntry(" + alias + ", key, password, chain)");
    if (key instanceof SecretKeyFacade) {
        SecretKeyFacade skf = (SecretKeyFacade) key;
        engineSetKeyEntryNative(alias, skf.key, password, chain);
    } else {
        engineSetKeyEntryNative(alias, key, password, chain);
    }
}
Also used : SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade)

Example 8 with SecretKeyFacade

use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.

the class JSSKeyStoreSpi method engineGetKey.

@Override
public Key engineGetKey(String alias, char[] password) {
    logger.debug("JSSKeyStoreSpi: engineGetKey(" + alias + ")");
    try {
        CryptoManager cm = CryptoManager.getInstance();
        logger.debug("JSSKeyStoreSpi: searching for cert");
        try {
            X509Certificate cert = cm.findCertByNickname(alias);
            logger.debug("JSSKeyStoreSpi: found cert: " + alias);
            PrivateKey privateKey = cm.findPrivKeyByCert(cert);
            logger.debug("JSSKeyStoreSpi: found private key: " + alias);
            return privateKey;
        } catch (ObjectNotFoundException e) {
            logger.debug("JSSKeyStoreSpi: cert/key not found, searching for key");
        }
        String[] parts = parseAlias(alias);
        String tokenName = parts[0];
        String nickname = parts[1];
        CryptoToken token;
        if (tokenName == null) {
            token = cm.getInternalKeyStorageToken();
        } else {
            token = cm.getTokenByName(tokenName);
        }
        CryptoStore store = token.getCryptoStore();
        logger.debug("JSSKeyStoreSpi: searching for private key");
        for (PrivateKey privateKey : store.getPrivateKeys()) {
            // convert key ID into hexadecimal
            String keyID = Utils.HexEncode(privateKey.getUniqueID());
            logger.debug("JSSKeyStoreSpi: - " + keyID);
            if (nickname.equals(keyID)) {
                logger.debug("JSSKeyStoreSpi: found private key: " + nickname);
                return privateKey;
            }
        }
        logger.debug("JSSKeyStoreSpi: searching for symmetric key");
        for (SymmetricKey symmetricKey : store.getSymmetricKeys()) {
            logger.debug("JSSKeyStoreSpi: - " + symmetricKey.getNickName());
            if (nickname.equals(symmetricKey.getNickName())) {
                logger.debug("JSSKeyStoreSpi: found symmetric key: " + nickname);
                return new SecretKeyFacade(symmetricKey);
            }
        }
        logger.debug("JSSKeyStoreSpi: key not found: " + nickname);
        return null;
    } catch (NoSuchTokenException e) {
        throw new RuntimeException(e);
    } catch (NotInitializedException e) {
        throw new RuntimeException(e);
    } catch (TokenException e) {
        throw new RuntimeException(e);
    }
}
Also used : PrivateKey(org.mozilla.jss.crypto.PrivateKey) CryptoToken(org.mozilla.jss.crypto.CryptoToken) NotInitializedException(org.mozilla.jss.NotInitializedException) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) CryptoManager(org.mozilla.jss.CryptoManager) X509Certificate(org.mozilla.jss.crypto.X509Certificate) CryptoStore(org.mozilla.jss.crypto.CryptoStore) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException)

Example 9 with SecretKeyFacade

use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.

the class KeyStoreTest method addKey.

public static void addKey(KeyStore ks, String alias) throws Throwable {
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
    kpg.initialize(1024);
    KeyPair pair = kpg.genKeyPair();
    Certificate[] certs = new Certificate[1];
    ks.setKeyEntry(alias, pair.getPrivate(), null, certs);
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken tok = cm.getInternalKeyStorageToken();
    KeyGenerator kg = tok.getKeyGenerator(KeyGenAlgorithm.DES3);
    SecretKey key = new SecretKeyFacade(kg.generate());
    ks.setKeyEntry(alias + "sym", key, null, null);
}
Also used : KeyPair(java.security.KeyPair) SecretKey(javax.crypto.SecretKey) CryptoToken(org.mozilla.jss.crypto.CryptoToken) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) CryptoManager(org.mozilla.jss.CryptoManager) KeyPairGenerator(java.security.KeyPairGenerator) KeyGenerator(org.mozilla.jss.crypto.KeyGenerator) Certificate(java.security.cert.Certificate)

Example 10 with SecretKeyFacade

use of org.mozilla.jss.crypto.SecretKeyFacade in project jss by dogtagpki.

the class JCAKeyWrap method wrapSymetricKey.

/**
 * @param symKey
 * @param wrapperAlg
 * @param wrapperKey
 * @param providerA
 * @param providerB
 * @throws Exception
 */
public void wrapSymetricKey(Key symKey, String wrapperAlg, Key wrapperKey, String providerA, String providerB) throws Exception {
    try {
        System.out.print("Wrap " + symKey.getAlgorithm() + " " + ((SecretKeyFacade) symKey).key.getStrength() + " with " + wrapperKey.getAlgorithm() + " " + ((SecretKeyFacade) wrapperKey).key.getStrength() + " symmetric key. ");
        // wrap key
        Cipher cipher = Cipher.getInstance(wrapperAlg, providerA);
        cipher.init(Cipher.WRAP_MODE, wrapperKey);
        byte[] wrappedData = cipher.wrap(symKey);
        // generate the algorithm Parameters; they need to be
        // the same for encrypt/decrypt if they are needed.
        byte[] encodedKeyWrapAP = null;
        AlgorithmParameters ap = null;
        ap = cipher.getParameters();
        if (ap != null) {
            // get parameters to store away as example.
            encodedKeyWrapAP = ap.getEncoded();
        }
        // unwrap key
        cipher = Cipher.getInstance(wrapperAlg, providerA);
        if (encodedKeyWrapAP == null) {
            cipher.init(Cipher.UNWRAP_MODE, wrapperKey);
        } else {
            // retrieve the algorithmParameters from the encoded array
            AlgorithmParameters aps = AlgorithmParameters.getInstance(wrapperKey.getAlgorithm());
            aps.init(encodedKeyWrapAP);
            cipher.init(Cipher.UNWRAP_MODE, wrapperKey, aps);
        }
        SecretKey unwrappedKey = (SecretKey) cipher.unwrap(wrappedData, symKey.getAlgorithm(), Cipher.SECRET_KEY);
        testKeys(symKey, unwrappedKey, providerA, providerB);
    } catch (BadPaddingException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (IllegalBlockSizeException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (UnsupportedEncodingException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (InvalidKeyException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchAlgorithmException ex) {
        ex.printStackTrace();
        System.exit(1);
    } catch (NoSuchPaddingException ex) {
        ex.printStackTrace();
        System.exit(1);
    }
}
Also used : SecretKey(javax.crypto.SecretKey) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) Cipher(javax.crypto.Cipher) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) AlgorithmParameters(java.security.AlgorithmParameters)

Aggregations

SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)17 InvalidKeyException (java.security.InvalidKeyException)11 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)10 TokenException (org.mozilla.jss.crypto.TokenException)8 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)6 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)5 UnsupportedEncodingException (java.io.UnsupportedEncodingException)4 BadPaddingException (javax.crypto.BadPaddingException)4 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)4 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)4 SecretKey (javax.crypto.SecretKey)4 CryptoToken (org.mozilla.jss.crypto.CryptoToken)4 TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4 Cipher (javax.crypto.Cipher)3 DESedeKeySpec (javax.crypto.spec.DESedeKeySpec)3 SecretKeySpec (javax.crypto.spec.SecretKeySpec)3 CryptoManager (org.mozilla.jss.CryptoManager)3 NotInitializedException (org.mozilla.jss.NotInitializedException)3 CharConversionException (java.io.CharConversionException)2