Example 26 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineGetCertificateChain.
@Override
public Certificate[] engineGetCertificateChain(String alias) {
logger.debug("JSSKeyStoreSpi: engineGetCertificateChain(" + alias + ")");
try {
logger.debug("JSSKeyStoreSpi: searching for leaf cert");
CryptoManager cm = CryptoManager.getInstance();
X509Certificate leaf = cm.findCertByNickname(alias);
logger.debug("JSSKeyStoreSpi: building cert chain");
X509Certificate[] certs = cm.buildCertificateChain(leaf);
Certificate[] chain = new Certificate[certs.length];
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
logger.debug("JSSKeyStoreSpi: - " + cert.getSubjectDN());
if (cert instanceof PK11Cert) {
chain[i] = (PK11Cert) cert;
continue;
}
byte[] bytes = cert.getEncoded();
InputStream is = new ByteArrayInputStream(bytes);
chain[i] = certFactory.generateCertificate(is);
}
return chain;
} catch (ObjectNotFoundException e) {
logger.debug("leaf cert not found: " + alias);
return null;
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
} catch (CertificateException e) {
throw new RuntimeException(e);
}
}
Also used :
NotInitializedException(org.mozilla.jss.NotInitializedException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
CryptoManager(org.mozilla.jss.CryptoManager)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)
Certificate(java.security.cert.Certificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
TokenCertificate(org.mozilla.jss.crypto.TokenCertificate)
Example 27 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineGetCertificate.
@Override
public Certificate engineGetCertificate(String alias) {
logger.debug("JSSKeyStoreSpi: engineGetCertificate(" + alias + ")");
try {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate cert = cm.findCertByNickname(alias);
logger.debug("JSSKeyStoreSpi: cert found: " + alias);
if (cert instanceof PK11Cert) {
return (PK11Cert) cert;
}
byte[] bytes = cert.getEncoded();
InputStream is = new ByteArrayInputStream(bytes);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
return certFactory.generateCertificate(is);
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert not found: " + alias);
return null;
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
} catch (CertificateEncodingException e) {
throw new RuntimeException(e);
} catch (CertificateException e) {
throw new RuntimeException(e);
}
}
Also used :
NotInitializedException(org.mozilla.jss.NotInitializedException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
CryptoManager(org.mozilla.jss.CryptoManager)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
PK11Cert(org.mozilla.jss.pkcs11.PK11Cert)
Example 28 with TokenException
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class KeyFactorySpi1_2 method engineGeneratePrivate.
/**
* We don't support RSAPrivateKeySpec because it doesn't have enough
* information. You need to provide an RSAPrivateCrtKeySpec.
*/
@Override
protected java.security.PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
try {
if (keySpec instanceof RSAPrivateCrtKeySpec) {
//
// PKCS #1 RSAPrivateKey
//
RSAPrivateCrtKeySpec spec = (RSAPrivateCrtKeySpec) keySpec;
SEQUENCE privKey = new SEQUENCE();
// version
privKey.addElement(new INTEGER(0));
privKey.addElement(new INTEGER(spec.getModulus()));
privKey.addElement(new INTEGER(spec.getPublicExponent()));
privKey.addElement(new INTEGER(spec.getPrivateExponent()));
privKey.addElement(new INTEGER(spec.getPrimeP()));
privKey.addElement(new INTEGER(spec.getPrimeQ()));
privKey.addElement(new INTEGER(spec.getPrimeExponentP()));
privKey.addElement(new INTEGER(spec.getPrimeExponentQ()));
privKey.addElement(new INTEGER(spec.getCrtCoefficient()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.RSA.toOID(), null);
OCTET_STRING encodedPrivKey = new OCTET_STRING(ASN1Util.encode(privKey));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, encodedPrivKey, // OPTIONAL SET OF Attribute
(SET) null);
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken());
} else if (keySpec instanceof DSAPrivateKeySpec) {
DSAPrivateKeySpec spec = (DSAPrivateKeySpec) keySpec;
SEQUENCE pqgParams = new SEQUENCE();
pqgParams.addElement(new INTEGER(spec.getP()));
pqgParams.addElement(new INTEGER(spec.getQ()));
pqgParams.addElement(new INTEGER(spec.getG()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.DSA.toOID(), pqgParams);
OCTET_STRING privateKey = new OCTET_STRING(ASN1Util.encode(new INTEGER(spec.getX())));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, privateKey, // OPTIONAL SET OF Attribute
null);
// Derive the public key from the private key
BigInteger y = spec.getG().modPow(spec.getX(), spec.getP());
byte[] yBA = y.toByteArray();
// we need to chop off a leading zero byte
if (y.bitLength() % 8 == 0) {
byte[] newBA = new byte[yBA.length - 1];
assert (newBA.length >= 0);
System.arraycopy(yBA, 1, newBA, 0, newBA.length);
yBA = newBA;
}
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken(), yBA);
} else if (keySpec instanceof PKCS8EncodedKeySpec) {
return PK11PrivKey.fromPrivateKeyInfo((PKCS8EncodedKeySpec) keySpec, TokenSupplierManager.getTokenSupplier().getThreadToken());
}
throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
} catch (TokenException te) {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
te.printStackTrace(pw);
throw new InvalidKeySpecException("TokenException: " + sw.toString());
}
}
Also used :
RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec)
AlgorithmIdentifier(org.mozilla.jss.pkix.primitive.AlgorithmIdentifier)
DSAPrivateKeySpec(java.security.spec.DSAPrivateKeySpec)
OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING)
StringWriter(java.io.StringWriter)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
TokenException(org.mozilla.jss.crypto.TokenException)
BigInteger(java.math.BigInteger)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
PrivateKeyInfo(org.mozilla.jss.pkix.primitive.PrivateKeyInfo)
INTEGER(org.mozilla.jss.asn1.INTEGER)
PrintWriter(java.io.PrintWriter)
Aggregations
TokenException (org.mozilla.jss.crypto.TokenException)28
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)10
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)9
CryptoManager (org.mozilla.jss.CryptoManager)9
NotInitializedException (org.mozilla.jss.NotInitializedException)9
InvalidKeyException (java.security.InvalidKeyException)8
NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)8
CryptoToken (org.mozilla.jss.crypto.CryptoToken)8
ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)8
X509Certificate (org.mozilla.jss.crypto.X509Certificate)8
SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)7
SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)5
CharConversionException (java.io.CharConversionException)4
TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4
CertificateException (java.security.cert.CertificateException)3
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)3
PBEKeyGenParams (org.mozilla.jss.crypto.PBEKeyGenParams)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
