Example 6 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class PK11KeyGenerator method generate.
/**
* Generates the key. This is the public interface, the actual
* work is done by native methods.
*/
@Override
public SymmetricKey generate() throws IllegalStateException, TokenException, CharConversionException {
Class<?>[] paramClasses = algorithm.getParameterClasses();
boolean is_pbe = paramClasses.length == 1 && paramClasses[0].equals(PBEKeyGenParams.class);
boolean is_kbkdf = paramClasses.length == 1 && parameters instanceof KBKDFParameterSpec;
if (is_pbe) {
if (parameters == null || !(parameters instanceof PBEKeyGenParams)) {
throw new IllegalStateException("PBE keygen algorithms require PBEKeyGenParams");
}
PBEKeyGenParams kgp = (PBEKeyGenParams) parameters;
byte[] pwbytes = null;
try {
pwbytes = charToByte.convert(kgp.getPassword().getChars());
return generatePBE(token, algorithm, kgp.getEncryptionAlgorithm(), pwbytes, kgp.getSalt(), kgp.getIterations());
} finally {
if (pwbytes != null) {
Password.wipeBytes(pwbytes);
}
}
} else if (is_kbkdf) {
KBKDFParameterSpec kps = (KBKDFParameterSpec) parameters;
SymmetricKey result = null;
try {
try {
kps.open();
long pkcs11_alg = algorithm.getEnum().getValue();
result = generateKBKDF(token, kps.prfKey, pkcs11_alg, kps.mPointer, kps.mPointerSize, kps.derivedKeyAlgorithm, kps.keySize, (int) opFlags, temporaryKeyMode, sensitiveKeyMode);
} finally {
kps.close();
}
} catch (Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
return result;
} else {
return generateNormal(token, algorithm, strength, (int) opFlags, temporaryKeyMode, sensitiveKeyMode);
}
}
Also used :
PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams)
SymmetricKey(org.mozilla.jss.crypto.SymmetricKey)
KBKDFParameterSpec(org.mozilla.jss.crypto.KBKDFParameterSpec)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
CharConversionException(java.io.CharConversionException)
TokenException(org.mozilla.jss.crypto.TokenException)
InvalidKeyException(java.security.InvalidKeyException)
Example 7 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSSignatureSpi method engineInitSign.
@Override
public void engineInitSign(java.security.PrivateKey privateKey) throws InvalidKeyException {
try {
sig = getSigContext(privateKey);
if (paramSpec != null) {
sig.setParameter(paramSpec);
}
sig.initSign((PrivateKey) privateKey);
} catch (java.security.NoSuchAlgorithmException e) {
throw new InvalidKeyException("Algorithm not supported: " + e.getMessage(), e);
} catch (TokenException e) {
throw new InvalidKeyException("Token exception occurred: " + e.getMessage(), e);
} catch (InvalidAlgorithmParameterException e) {
throw new InvalidKeyException("AlgorithmParameterSpec not supported: " + e.getMessage(), e);
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
TokenException(org.mozilla.jss.crypto.TokenException)
InvalidKeyException(java.security.InvalidKeyException)
Example 8 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSCipherSpi method engineUnwrapSecret.
private Key engineUnwrapSecret(byte[] wrappedKey, String wrappedKeyAlg) throws InvalidKeyException, NoSuchAlgorithmException {
try {
int idx = wrappedKeyAlg.indexOf('/');
if (idx != -1) {
wrappedKeyAlg = wrappedKeyAlg.substring(0, idx);
}
SymmetricKey.Type wrappedKeyType = SymmetricKey.Type.fromName(wrappedKeyAlg);
// Specify 0 for key length. This will use the default key length.
// Won't work for algorithms without a default, like RC4, unless a
// padded algorithm is used.
SymmetricKey key = wrapper.unwrapSymmetric(wrappedKey, wrappedKeyType, 0);
return new SecretKeyFacade(key);
} catch (StringIndexOutOfBoundsException e) {
throw new NoSuchAlgorithmException("Unknown algorithm: " + wrappedKeyAlg);
} catch (TokenException te) {
throw new TokenRuntimeException(te.getMessage());
} catch (InvalidAlgorithmParameterException iape) {
throw new NoSuchAlgorithmException("Invalid algorithm parameters" + iape.getMessage());
}
}
Also used :
SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade)
TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
TokenException(org.mozilla.jss.crypto.TokenException)
SymmetricKey(org.mozilla.jss.crypto.SymmetricKey)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 9 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSSecretKeyFactorySpi method engineTranslateKey.
@Override
public SecretKey engineTranslateKey(SecretKey key) throws InvalidKeyException {
if (key instanceof SecretKeyFacade) {
// try cloning the key
try {
SymmetricKey oldkey = ((SecretKeyFacade) key).key;
CryptoToken owningToken = oldkey.getOwningToken();
org.mozilla.jss.crypto.KeyGenerator keygen = token.getKeyGenerator(oldkey.getType().getKeyGenAlg());
SymmetricKey newkey = keygen.clone(oldkey);
return new SecretKeyFacade(newkey);
} catch (SymmetricKey.NotExtractableException nee) {
// no way around this, we fail
throw new InvalidKeyException("key is not extractable");
} catch (TokenException te) {
// fall through and try doing it the long way
} catch (NoSuchAlgorithmException nsae) {
throw new InvalidKeyException("Unsupported algorithm: " + nsae.getMessage());
}
}
// try extracting the key value and then creating a new key
try {
byte[] keyBits = key.getEncoded();
if (keyBits == null) {
throw new InvalidKeyException("Key is not extractable");
}
SymmetricKey.Type keyType = SymmetricKey.Type.fromName(key.getAlgorithm());
return generateKeyFromBits(keyBits, keyType);
} catch (NoSuchAlgorithmException nsae) {
throw new InvalidKeyException("Unsupported algorithm: " + key.getAlgorithm());
} catch (TokenException te) {
throw new InvalidKeyException("Token failed to process key: " + te.getMessage());
} catch (InvalidKeySpecException ikse) {
throw new InvalidKeyException("Invalid key spec: " + ikse.getMessage());
} catch (InvalidAlgorithmParameterException iape) {
throw new InvalidKeyException("Invalid algorithm parameters: " + iape.getMessage());
}
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
SymmetricKey(org.mozilla.jss.crypto.SymmetricKey)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade)
TokenException(org.mozilla.jss.crypto.TokenException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
Example 10 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineGetKey.
@Override
public Key engineGetKey(String alias, char[] password) {
logger.debug("JSSKeyStoreSpi: engineGetKey(" + alias + ")");
try {
CryptoManager cm = CryptoManager.getInstance();
logger.debug("JSSKeyStoreSpi: searching for cert");
try {
X509Certificate cert = cm.findCertByNickname(alias);
logger.debug("JSSKeyStoreSpi: found cert: " + alias);
PrivateKey privateKey = cm.findPrivKeyByCert(cert);
logger.debug("JSSKeyStoreSpi: found private key: " + alias);
return privateKey;
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert/key not found, searching for key");
}
String[] parts = parseAlias(alias);
String tokenName = parts[0];
String nickname = parts[1];
CryptoToken token;
if (tokenName == null) {
token = cm.getInternalKeyStorageToken();
} else {
token = cm.getTokenByName(tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: searching for private key");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
logger.debug("JSSKeyStoreSpi: - " + keyID);
if (nickname.equals(keyID)) {
logger.debug("JSSKeyStoreSpi: found private key: " + nickname);
return privateKey;
}
}
logger.debug("JSSKeyStoreSpi: searching for symmetric key");
for (SymmetricKey symmetricKey : store.getSymmetricKeys()) {
logger.debug("JSSKeyStoreSpi: - " + symmetricKey.getNickName());
if (nickname.equals(symmetricKey.getNickName())) {
logger.debug("JSSKeyStoreSpi: found symmetric key: " + nickname);
return new SecretKeyFacade(symmetricKey);
}
}
logger.debug("JSSKeyStoreSpi: key not found: " + nickname);
return null;
} catch (NoSuchTokenException e) {
throw new RuntimeException(e);
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
}
}
Also used :
PrivateKey(org.mozilla.jss.crypto.PrivateKey)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
NotInitializedException(org.mozilla.jss.NotInitializedException)
SymmetricKey(org.mozilla.jss.crypto.SymmetricKey)
CryptoManager(org.mozilla.jss.CryptoManager)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
CryptoStore(org.mozilla.jss.crypto.CryptoStore)
SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
Aggregations
TokenException (org.mozilla.jss.crypto.TokenException)28
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)10
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)9
CryptoManager (org.mozilla.jss.CryptoManager)9
NotInitializedException (org.mozilla.jss.NotInitializedException)9
InvalidKeyException (java.security.InvalidKeyException)8
NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)8
CryptoToken (org.mozilla.jss.crypto.CryptoToken)8
ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)8
X509Certificate (org.mozilla.jss.crypto.X509Certificate)8
SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)7
SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)5
CharConversionException (java.io.CharConversionException)4
TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4
CertificateException (java.security.cert.CertificateException)3
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)3
PBEKeyGenParams (org.mozilla.jss.crypto.PBEKeyGenParams)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
