use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.
the class JSSCipherSpi method engineUnwrapSecret.
private Key engineUnwrapSecret(byte[] wrappedKey, String wrappedKeyAlg) throws InvalidKeyException, NoSuchAlgorithmException {
try {
int idx = wrappedKeyAlg.indexOf('/');
if (idx != -1) {
wrappedKeyAlg = wrappedKeyAlg.substring(0, idx);
}
SymmetricKey.Type wrappedKeyType = SymmetricKey.Type.fromName(wrappedKeyAlg);
// Specify 0 for key length. This will use the default key length.
// Won't work for algorithms without a default, like RC4, unless a
// padded algorithm is used.
SymmetricKey key = wrapper.unwrapSymmetric(wrappedKey, wrappedKeyType, 0);
return new SecretKeyFacade(key);
} catch (StringIndexOutOfBoundsException e) {
throw new NoSuchAlgorithmException("Unknown algorithm: " + wrappedKeyAlg);
} catch (TokenException te) {
throw new TokenRuntimeException(te.getMessage());
} catch (InvalidAlgorithmParameterException iape) {
throw new NoSuchAlgorithmException("Invalid algorithm parameters" + iape.getMessage());
}
}
use of org.mozilla.jss.crypto.TokenRuntimeException in project candlepin by candlepin.
the class JSSPKIUtility method generateKeyPair.
/**
* {@inheritDoc}
*/
@Override
public KeyPair generateKeyPair() throws KeyException {
try {
CryptoManager manager = JSSProviderLoader.getCryptoManager(true);
CryptoToken token = manager.getInternalKeyStorageToken();
KeyPairGenerator kpgen = token.getKeyPairGenerator(KeyPairAlgorithm.fromString(KEY_ALGORITHM));
kpgen.temporaryPairs(true);
kpgen.sensitivePairs(true);
// probably extraneous; does nothing in FIPS mode
kpgen.extractablePairs(true);
kpgen.initialize(KEY_SIZE);
KeyPair keypair = kpgen.genKeyPair();
return this.buildInsecureKeyPair(keypair);
} catch (NoSuchAlgorithmException | TokenException | TokenRuntimeException e) {
throw new KeyException(e);
}
}
use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.
the class JSSCipherSpi method engineInit.
@Override
public void engineInit(int opmode, Key key, AlgorithmParameterSpec givenParams, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
try {
// throw away any previous state
cipher = null;
wrapper = null;
params = givenParams;
if (algFamily == null) {
throw new InvalidAlgorithmParameterException("incorrectly specified algorithm");
}
if (opmode != Cipher.ENCRYPT_MODE && opmode != Cipher.DECRYPT_MODE && opmode != Cipher.WRAP_MODE && opmode != Cipher.UNWRAP_MODE) {
throw new InvalidKeyException("Invalid opmode");
}
StringBuffer buf = new StringBuffer();
buf.append(algFamily);
if (algMode != null) {
buf.append('/');
buf.append(algMode);
}
if (algPadding != null) {
buf.append('/');
buf.append(algPadding);
}
if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.DECRYPT_MODE) {
if (!(key instanceof SecretKeyFacade)) {
key = importKey(key);
}
SymmetricKey symkey = ((SecretKeyFacade) key).key;
// lookup the encryption algorithm
keyStrength = symkey.getStrength();
encAlg = EncryptionAlgorithm.lookup(algFamily, algMode, algPadding, keyStrength);
blockSize = encAlg.getBlockSize();
if (!token.doesAlgorithm(encAlg)) {
throw new NoSuchAlgorithmException(encAlg.toString() + " is not supported by this token " + token.getName());
}
cipher = token.getCipherContext(encAlg);
if (opmode == Cipher.ENCRYPT_MODE) {
if (params == noAlgParams) {
// we're supposed to generate some params
params = generateAlgParams(encAlg, blockSize);
}
cipher.initEncrypt(symkey, params);
} else if (opmode == Cipher.DECRYPT_MODE) {
if (params == noAlgParams) {
params = null;
}
cipher.initDecrypt(symkey, params);
}
} else {
assert (opmode == Cipher.WRAP_MODE || opmode == Cipher.UNWRAP_MODE);
wrapAlg = KeyWrapAlgorithm.fromString(buf.toString());
blockSize = wrapAlg.getBlockSize();
wrapper = token.getKeyWrapper(wrapAlg);
// generate params if necessary
if (params == noAlgParams) {
if (opmode == Cipher.WRAP_MODE) {
params = generateAlgParams(wrapAlg, blockSize);
} else {
assert (opmode == Cipher.UNWRAP_MODE);
params = null;
}
}
if (key instanceof org.mozilla.jss.crypto.PrivateKey) {
if (opmode != Cipher.UNWRAP_MODE) {
throw new InvalidKeyException("Private key can only be used for unwrapping");
}
wrapper.initUnwrap((org.mozilla.jss.crypto.PrivateKey) key, params);
} else if (key instanceof PublicKey) {
if (opmode != Cipher.WRAP_MODE) {
throw new InvalidKeyException("Public key can only be used for wrapping");
}
wrapper.initWrap((PublicKey) key, params);
} else if (key instanceof org.mozilla.jss.crypto.SecretKeyFacade) {
org.mozilla.jss.crypto.SecretKeyFacade sk = (org.mozilla.jss.crypto.SecretKeyFacade) key;
if (opmode == Cipher.WRAP_MODE) {
wrapper.initWrap(sk.key, params);
} else {
assert (opmode == Cipher.UNWRAP_MODE);
wrapper.initUnwrap(sk.key, params);
}
} else {
throw new InvalidKeyException("Invalid key type: " + key.getClass().getName());
}
}
} catch (NoSuchAlgorithmException e) {
throw new InvalidAlgorithmParameterException(e.getMessage());
} catch (TokenException te) {
throw new TokenRuntimeException(te.getMessage());
}
}
use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.
the class JSSSecretKeyFactorySpi method engineGenerateSecret.
@Override
public SecretKey engineGenerateSecret(KeySpec spec) throws InvalidKeySpecException {
try {
if (spec instanceof PBEKeySpec || spec instanceof PBEKeyGenParams) {
PBEKeyGenParams params;
if (spec instanceof PBEKeySpec) {
params = makePBEKeyGenParams((PBEKeySpec) spec);
} else {
params = (org.mozilla.jss.crypto.PBEKeyGenParams) spec;
}
org.mozilla.jss.crypto.KeyGenerator gen = token.getKeyGenerator(alg);
gen.initialize(params);
SymmetricKey symk = gen.generate();
params.clear();
return new SecretKeyFacade(symk);
} else if (spec instanceof DESedeKeySpec) {
if (alg != KeyGenAlgorithm.DES3) {
throw new InvalidKeySpecException("Incorrect KeySpec type (" + spec.getClass().getName() + ") for algorithm (" + alg.toString() + ")");
}
return generateKeyFromBits(((DESedeKeySpec) spec).getKey(), SymmetricKey.Type.DES3);
} else if (spec instanceof DESKeySpec) {
if (alg != KeyGenAlgorithm.DES) {
throw new InvalidKeySpecException("Incorrect KeySpec type (" + spec.getClass().getName() + ") for algorithm (" + alg.toString() + ")");
}
return generateKeyFromBits(((DESKeySpec) spec).getKey(), SymmetricKey.Type.DES);
} else if (spec instanceof SecretKeySpec) {
SecretKeySpec kspec = (SecretKeySpec) spec;
SymmetricKey.Type type = SymmetricKey.Type.fromName(kspec.getAlgorithm());
return generateKeyFromBits(kspec.getEncoded(), type);
} else {
throw new InvalidKeySpecException("Unsupported KeySpec: " + spec.getClass().getName());
}
} catch (TokenException te) {
throw new TokenRuntimeException(te.getMessage());
} catch (InvalidAlgorithmParameterException iape) {
throw new InvalidKeySpecException("InvalidAlgorithmParameterException: " + iape.getMessage());
} catch (IllegalStateException e) {
throw (TokenRuntimeException) new TokenRuntimeException("IllegalStateException: " + e.getMessage()).initCause(e);
} catch (CharConversionException e) {
throw new InvalidKeySpecException("CharConversionException: " + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
throw new InvalidKeySpecException("NoSuchAlgorithmException: " + e.getMessage(), e);
}
}
Aggregations