Example 11 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineLoad.
@Override
public void engineLoad(KeyStore.LoadStoreParameter param) throws IOException {
logger.debug("JSSKeyStoreSpi: engineLoad(param)");
if (!(param instanceof JSSLoadStoreParameter)) {
throw new IOException("Invalid keystore parameter type: " + param.getClass().getName());
}
JSSLoadStoreParameter jssParam = (JSSLoadStoreParameter) param;
token = jssParam.getToken();
try {
logger.debug("JSSKeyStoreSpi: token: " + token.getName());
} catch (TokenException e) {
throw new IOException(e);
}
}
Also used :
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
IOException(java.io.IOException)
Example 12 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method getAliases.
public Collection<String> getAliases() {
logger.debug("JSSKeyStoreSpi: getAliases()");
Set<String> aliases = new LinkedHashSet<>();
try {
List<CryptoToken> tokens = new ArrayList<>();
CryptoManager cm = CryptoManager.getInstance();
if (token == null) {
logger.debug("JSSKeyStoreSpi: getting aliases from all tokens");
Enumeration<CryptoToken> e = cm.getAllTokens();
while (e.hasMoreElements()) {
CryptoToken t = e.nextElement();
if (t == cm.getInternalCryptoToken()) {
// exclude crypto token
continue;
}
tokens.add(t);
}
} else {
logger.debug("JSSKeyStoreSpi: getting aliases from keystore token");
tokens.add(token);
}
for (CryptoToken token : tokens) {
String tokenName;
if (token == cm.getInternalKeyStorageToken()) {
tokenName = null;
logger.debug("JSSKeyStoreSpi: token: internal");
} else {
tokenName = token.getName();
logger.debug("JSSKeyStoreSpi: token: " + tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: - certificates:");
for (X509Certificate cert : store.getCertificates()) {
String nickname = cert.getNickname();
logger.debug("JSSKeyStoreSpi: - " + nickname);
aliases.add(nickname);
}
logger.debug("JSSKeyStoreSpi: - private keys:");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
String nickname;
if (tokenName == null) {
nickname = keyID;
} else {
nickname = tokenName + ":" + keyID;
}
logger.debug("JSSKeyStoreSpi: - " + nickname);
aliases.add(nickname);
}
}
return aliases;
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
PrivateKey(org.mozilla.jss.crypto.PrivateKey)
NotInitializedException(org.mozilla.jss.NotInitializedException)
ArrayList(java.util.ArrayList)
CryptoManager(org.mozilla.jss.CryptoManager)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
CryptoStore(org.mozilla.jss.crypto.CryptoStore)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
Example 13 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSSignatureSpi method engineInitVerify.
@Override
public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
try {
CryptoToken token = TokenSupplierManager.getTokenSupplier().getThreadToken();
sig = token.getSignatureContext(alg);
// convert the public key into a JSS public key if necessary
if (!(publicKey instanceof org.mozilla.jss.pkcs11.PK11PubKey)) {
if (!publicKey.getFormat().equalsIgnoreCase("X.509")) {
throw new InvalidKeyException("Unsupported public key format: " + publicKey.getFormat());
}
X509EncodedKeySpec encodedKey = new X509EncodedKeySpec(publicKey.getEncoded());
KeyFactory fact = KeyFactory.getInstance(publicKey.getAlgorithm(), "Mozilla-JSS");
publicKey = fact.generatePublic(encodedKey);
}
sig.initVerify(publicKey);
} catch (NoSuchProviderException e) {
throw new InvalidKeyException("Unable to convert non-JSS key " + "to JSS key");
} catch (java.security.spec.InvalidKeySpecException e) {
throw new InvalidKeyException("Unable to convert non-JSS key " + "to JSS key");
} catch (java.security.NoSuchAlgorithmException e) {
throw new InvalidKeyException("Algorithm not supported");
} catch (TokenException e) {
throw new InvalidKeyException("Token exception occurred");
}
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
InvalidKeyException(java.security.InvalidKeyException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
TokenException(org.mozilla.jss.crypto.TokenException)
NoSuchProviderException(java.security.NoSuchProviderException)
KeyFactory(java.security.KeyFactory)
Example 14 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class Certificate method verify.
/**
* Verifies the signature on this certificate, using the given public
* key and CryptoToken. Does not indicate the certificate is valid at
* any specific time.
*/
public void verify(PublicKey key, CryptoToken token) throws NoSuchAlgorithmException, CertificateException, SignatureException, InvalidKeyException {
try {
Signature sig = token.getSignatureContext(SignatureAlgorithm.fromOID(info.getSignatureAlgId().getOID()));
sig.initVerify(key);
sig.update(infoEncoding);
if (!sig.verify(signature)) {
throw new CertificateException("Signature is invalid");
}
} catch (TokenException e) {
throw new SignatureException("PKCS #11 token error: " + e.getMessage());
}
}
Also used :
Signature(org.mozilla.jss.crypto.Signature)
TokenException(org.mozilla.jss.crypto.TokenException)
CertificateException(java.security.cert.CertificateException)
SignatureException(java.security.SignatureException)
Example 15 with TokenException
use of org.mozilla.jss.crypto.TokenException in project candlepin by candlepin.
the class JSSPKIUtility method generateKeyPair.
/**
* {@inheritDoc}
*/
@Override
public KeyPair generateKeyPair() throws KeyException {
try {
CryptoManager manager = JSSProviderLoader.getCryptoManager(true);
CryptoToken token = manager.getInternalKeyStorageToken();
KeyPairGenerator kpgen = token.getKeyPairGenerator(KeyPairAlgorithm.fromString(KEY_ALGORITHM));
kpgen.temporaryPairs(true);
kpgen.sensitivePairs(true);
// probably extraneous; does nothing in FIPS mode
kpgen.extractablePairs(true);
kpgen.initialize(KEY_SIZE);
KeyPair keypair = kpgen.genKeyPair();
return this.buildInsecureKeyPair(keypair);
} catch (NoSuchAlgorithmException | TokenException | TokenRuntimeException e) {
throw new KeyException(e);
}
}
Also used :
KeyPair(java.security.KeyPair)
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException)
TokenException(org.mozilla.jss.crypto.TokenException)
CryptoManager(org.mozilla.jss.CryptoManager)
KeyPairGenerator(org.mozilla.jss.crypto.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyException(java.security.KeyException)
Aggregations
TokenException (org.mozilla.jss.crypto.TokenException)28
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)10
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)9
CryptoManager (org.mozilla.jss.CryptoManager)9
NotInitializedException (org.mozilla.jss.NotInitializedException)9
InvalidKeyException (java.security.InvalidKeyException)8
NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)8
CryptoToken (org.mozilla.jss.crypto.CryptoToken)8
ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)8
X509Certificate (org.mozilla.jss.crypto.X509Certificate)8
SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)7
SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)5
CharConversionException (java.io.CharConversionException)4
TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4
CertificateException (java.security.cert.CertificateException)3
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)3
PBEKeyGenParams (org.mozilla.jss.crypto.PBEKeyGenParams)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
