Search in sources :

Example 26 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class JSSKeyStoreSpi method engineGetCertificateChain.

@Override
public Certificate[] engineGetCertificateChain(String alias) {
    logger.debug("JSSKeyStoreSpi: engineGetCertificateChain(" + alias + ")");
    try {
        logger.debug("JSSKeyStoreSpi: searching for leaf cert");
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate leaf = cm.findCertByNickname(alias);
        logger.debug("JSSKeyStoreSpi: building cert chain");
        X509Certificate[] certs = cm.buildCertificateChain(leaf);
        Certificate[] chain = new Certificate[certs.length];
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        for (int i = 0; i < certs.length; i++) {
            X509Certificate cert = certs[i];
            logger.debug("JSSKeyStoreSpi: - " + cert.getSubjectDN());
            if (cert instanceof PK11Cert) {
                chain[i] = (PK11Cert) cert;
                continue;
            }
            byte[] bytes = cert.getEncoded();
            InputStream is = new ByteArrayInputStream(bytes);
            chain[i] = certFactory.generateCertificate(is);
        }
        return chain;
    } catch (ObjectNotFoundException e) {
        logger.debug("leaf cert not found: " + alias);
        return null;
    } catch (NotInitializedException e) {
        throw new RuntimeException(e);
    } catch (TokenException e) {
        throw new RuntimeException(e);
    } catch (CertificateException e) {
        throw new RuntimeException(e);
    }
}
Also used : NotInitializedException(org.mozilla.jss.NotInitializedException) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) CryptoManager(org.mozilla.jss.CryptoManager) CertificateException(java.security.cert.CertificateException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(org.mozilla.jss.crypto.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) PK11Cert(org.mozilla.jss.pkcs11.PK11Cert) Certificate(java.security.cert.Certificate) X509Certificate(org.mozilla.jss.crypto.X509Certificate) TokenCertificate(org.mozilla.jss.crypto.TokenCertificate)

Example 27 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class JSSKeyStoreSpi method engineGetCertificate.

@Override
public Certificate engineGetCertificate(String alias) {
    logger.debug("JSSKeyStoreSpi: engineGetCertificate(" + alias + ")");
    try {
        CryptoManager cm = CryptoManager.getInstance();
        X509Certificate cert = cm.findCertByNickname(alias);
        logger.debug("JSSKeyStoreSpi: cert found: " + alias);
        if (cert instanceof PK11Cert) {
            return (PK11Cert) cert;
        }
        byte[] bytes = cert.getEncoded();
        InputStream is = new ByteArrayInputStream(bytes);
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        return certFactory.generateCertificate(is);
    } catch (ObjectNotFoundException e) {
        logger.debug("JSSKeyStoreSpi: cert not found: " + alias);
        return null;
    } catch (NotInitializedException e) {
        throw new RuntimeException(e);
    } catch (TokenException e) {
        throw new RuntimeException(e);
    } catch (CertificateEncodingException e) {
        throw new RuntimeException(e);
    } catch (CertificateException e) {
        throw new RuntimeException(e);
    }
}
Also used : NotInitializedException(org.mozilla.jss.NotInitializedException) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) CryptoManager(org.mozilla.jss.CryptoManager) CertificateEncodingException(java.security.cert.CertificateEncodingException) CertificateException(java.security.cert.CertificateException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(org.mozilla.jss.crypto.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException) NoSuchTokenException(org.mozilla.jss.NoSuchTokenException) NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException) TokenException(org.mozilla.jss.crypto.TokenException) PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)

Example 28 with TokenException

use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.

the class KeyFactorySpi1_2 method engineGeneratePrivate.

/**
 * We don't support RSAPrivateKeySpec because it doesn't have enough
 * information. You need to provide an RSAPrivateCrtKeySpec.
 */
@Override
protected java.security.PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
    try {
        if (keySpec instanceof RSAPrivateCrtKeySpec) {
            // 
            // PKCS #1 RSAPrivateKey
            // 
            RSAPrivateCrtKeySpec spec = (RSAPrivateCrtKeySpec) keySpec;
            SEQUENCE privKey = new SEQUENCE();
            // version
            privKey.addElement(new INTEGER(0));
            privKey.addElement(new INTEGER(spec.getModulus()));
            privKey.addElement(new INTEGER(spec.getPublicExponent()));
            privKey.addElement(new INTEGER(spec.getPrivateExponent()));
            privKey.addElement(new INTEGER(spec.getPrimeP()));
            privKey.addElement(new INTEGER(spec.getPrimeQ()));
            privKey.addElement(new INTEGER(spec.getPrimeExponentP()));
            privKey.addElement(new INTEGER(spec.getPrimeExponentQ()));
            privKey.addElement(new INTEGER(spec.getCrtCoefficient()));
            AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.RSA.toOID(), null);
            OCTET_STRING encodedPrivKey = new OCTET_STRING(ASN1Util.encode(privKey));
            PrivateKeyInfo pki = new PrivateKeyInfo(// version
            new INTEGER(0), algID, encodedPrivKey, // OPTIONAL SET OF Attribute
            (SET) null);
            return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken());
        } else if (keySpec instanceof DSAPrivateKeySpec) {
            DSAPrivateKeySpec spec = (DSAPrivateKeySpec) keySpec;
            SEQUENCE pqgParams = new SEQUENCE();
            pqgParams.addElement(new INTEGER(spec.getP()));
            pqgParams.addElement(new INTEGER(spec.getQ()));
            pqgParams.addElement(new INTEGER(spec.getG()));
            AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.DSA.toOID(), pqgParams);
            OCTET_STRING privateKey = new OCTET_STRING(ASN1Util.encode(new INTEGER(spec.getX())));
            PrivateKeyInfo pki = new PrivateKeyInfo(// version
            new INTEGER(0), algID, privateKey, // OPTIONAL SET OF Attribute
            null);
            // Derive the public key from the private key
            BigInteger y = spec.getG().modPow(spec.getX(), spec.getP());
            byte[] yBA = y.toByteArray();
            // we need to chop off a leading zero byte
            if (y.bitLength() % 8 == 0) {
                byte[] newBA = new byte[yBA.length - 1];
                assert (newBA.length >= 0);
                System.arraycopy(yBA, 1, newBA, 0, newBA.length);
                yBA = newBA;
            }
            return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken(), yBA);
        } else if (keySpec instanceof PKCS8EncodedKeySpec) {
            return PK11PrivKey.fromPrivateKeyInfo((PKCS8EncodedKeySpec) keySpec, TokenSupplierManager.getTokenSupplier().getThreadToken());
        }
        throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
    } catch (TokenException te) {
        StringWriter sw = new StringWriter();
        PrintWriter pw = new PrintWriter(sw);
        te.printStackTrace(pw);
        throw new InvalidKeySpecException("TokenException: " + sw.toString());
    }
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier) DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) StringWriter(java.io.StringWriter) SEQUENCE(org.mozilla.jss.asn1.SEQUENCE) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) TokenException(org.mozilla.jss.crypto.TokenException) BigInteger(java.math.BigInteger) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PrivateKeyInfo(org.mozilla.jss.pkix.primitive.PrivateKeyInfo) INTEGER(org.mozilla.jss.asn1.INTEGER) PrintWriter(java.io.PrintWriter)

Aggregations

TokenException (org.mozilla.jss.crypto.TokenException)28 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)9 CryptoManager (org.mozilla.jss.CryptoManager)9 NotInitializedException (org.mozilla.jss.NotInitializedException)9 InvalidKeyException (java.security.InvalidKeyException)8 NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)8 CryptoToken (org.mozilla.jss.crypto.CryptoToken)8 ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)8 X509Certificate (org.mozilla.jss.crypto.X509Certificate)8 SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)7 SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)5 CharConversionException (java.io.CharConversionException)4 TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4 CertificateException (java.security.cert.CertificateException)3 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)3 PBEKeyGenParams (org.mozilla.jss.crypto.PBEKeyGenParams)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2