use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineGetCertificateChain.
@Override
public Certificate[] engineGetCertificateChain(String alias) {
logger.debug("JSSKeyStoreSpi: engineGetCertificateChain(" + alias + ")");
try {
logger.debug("JSSKeyStoreSpi: searching for leaf cert");
CryptoManager cm = CryptoManager.getInstance();
X509Certificate leaf = cm.findCertByNickname(alias);
logger.debug("JSSKeyStoreSpi: building cert chain");
X509Certificate[] certs = cm.buildCertificateChain(leaf);
Certificate[] chain = new Certificate[certs.length];
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
logger.debug("JSSKeyStoreSpi: - " + cert.getSubjectDN());
if (cert instanceof PK11Cert) {
chain[i] = (PK11Cert) cert;
continue;
}
byte[] bytes = cert.getEncoded();
InputStream is = new ByteArrayInputStream(bytes);
chain[i] = certFactory.generateCertificate(is);
}
return chain;
} catch (ObjectNotFoundException e) {
logger.debug("leaf cert not found: " + alias);
return null;
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
} catch (CertificateException e) {
throw new RuntimeException(e);
}
}
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineGetCertificate.
@Override
public Certificate engineGetCertificate(String alias) {
logger.debug("JSSKeyStoreSpi: engineGetCertificate(" + alias + ")");
try {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate cert = cm.findCertByNickname(alias);
logger.debug("JSSKeyStoreSpi: cert found: " + alias);
if (cert instanceof PK11Cert) {
return (PK11Cert) cert;
}
byte[] bytes = cert.getEncoded();
InputStream is = new ByteArrayInputStream(bytes);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
return certFactory.generateCertificate(is);
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert not found: " + alias);
return null;
} catch (NotInitializedException e) {
throw new RuntimeException(e);
} catch (TokenException e) {
throw new RuntimeException(e);
} catch (CertificateEncodingException e) {
throw new RuntimeException(e);
} catch (CertificateException e) {
throw new RuntimeException(e);
}
}
use of org.mozilla.jss.crypto.TokenException in project jss by dogtagpki.
the class KeyFactorySpi1_2 method engineGeneratePrivate.
/**
* We don't support RSAPrivateKeySpec because it doesn't have enough
* information. You need to provide an RSAPrivateCrtKeySpec.
*/
@Override
protected java.security.PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
try {
if (keySpec instanceof RSAPrivateCrtKeySpec) {
//
// PKCS #1 RSAPrivateKey
//
RSAPrivateCrtKeySpec spec = (RSAPrivateCrtKeySpec) keySpec;
SEQUENCE privKey = new SEQUENCE();
// version
privKey.addElement(new INTEGER(0));
privKey.addElement(new INTEGER(spec.getModulus()));
privKey.addElement(new INTEGER(spec.getPublicExponent()));
privKey.addElement(new INTEGER(spec.getPrivateExponent()));
privKey.addElement(new INTEGER(spec.getPrimeP()));
privKey.addElement(new INTEGER(spec.getPrimeQ()));
privKey.addElement(new INTEGER(spec.getPrimeExponentP()));
privKey.addElement(new INTEGER(spec.getPrimeExponentQ()));
privKey.addElement(new INTEGER(spec.getCrtCoefficient()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.RSA.toOID(), null);
OCTET_STRING encodedPrivKey = new OCTET_STRING(ASN1Util.encode(privKey));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, encodedPrivKey, // OPTIONAL SET OF Attribute
(SET) null);
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken());
} else if (keySpec instanceof DSAPrivateKeySpec) {
DSAPrivateKeySpec spec = (DSAPrivateKeySpec) keySpec;
SEQUENCE pqgParams = new SEQUENCE();
pqgParams.addElement(new INTEGER(spec.getP()));
pqgParams.addElement(new INTEGER(spec.getQ()));
pqgParams.addElement(new INTEGER(spec.getG()));
AlgorithmIdentifier algID = new AlgorithmIdentifier(PrivateKey.DSA.toOID(), pqgParams);
OCTET_STRING privateKey = new OCTET_STRING(ASN1Util.encode(new INTEGER(spec.getX())));
PrivateKeyInfo pki = new PrivateKeyInfo(// version
new INTEGER(0), algID, privateKey, // OPTIONAL SET OF Attribute
null);
// Derive the public key from the private key
BigInteger y = spec.getG().modPow(spec.getX(), spec.getP());
byte[] yBA = y.toByteArray();
// we need to chop off a leading zero byte
if (y.bitLength() % 8 == 0) {
byte[] newBA = new byte[yBA.length - 1];
assert (newBA.length >= 0);
System.arraycopy(yBA, 1, newBA, 0, newBA.length);
yBA = newBA;
}
return PK11PrivKey.fromPrivateKeyInfo(ASN1Util.encode(pki), TokenSupplierManager.getTokenSupplier().getThreadToken(), yBA);
} else if (keySpec instanceof PKCS8EncodedKeySpec) {
return PK11PrivKey.fromPrivateKeyInfo((PKCS8EncodedKeySpec) keySpec, TokenSupplierManager.getTokenSupplier().getThreadToken());
}
throw new InvalidKeySpecException("Unsupported KeySpec type: " + keySpec.getClass().getName());
} catch (TokenException te) {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
te.printStackTrace(pw);
throw new InvalidKeySpecException("TokenException: " + sw.toString());
}
}
Aggregations