Search in sources :

Example 1 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.

the class JSSCipherSpi method engineUnwrapSecret.

private Key engineUnwrapSecret(byte[] wrappedKey, String wrappedKeyAlg) throws InvalidKeyException, NoSuchAlgorithmException {
    try {
        int idx = wrappedKeyAlg.indexOf('/');
        if (idx != -1) {
            wrappedKeyAlg = wrappedKeyAlg.substring(0, idx);
        }
        SymmetricKey.Type wrappedKeyType = SymmetricKey.Type.fromName(wrappedKeyAlg);
        // Specify 0 for key length. This will use the default key length.
        // Won't work for algorithms without a default, like RC4, unless a
        // padded algorithm is used.
        SymmetricKey key = wrapper.unwrapSymmetric(wrappedKey, wrappedKeyType, 0);
        return new SecretKeyFacade(key);
    } catch (StringIndexOutOfBoundsException e) {
        throw new NoSuchAlgorithmException("Unknown algorithm: " + wrappedKeyAlg);
    } catch (TokenException te) {
        throw new TokenRuntimeException(te.getMessage());
    } catch (InvalidAlgorithmParameterException iape) {
        throw new NoSuchAlgorithmException("Invalid algorithm parameters" + iape.getMessage());
    }
}
Also used : SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) TokenException(org.mozilla.jss.crypto.TokenException) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 2 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project candlepin by candlepin.

the class JSSPKIUtility method generateKeyPair.

/**
 * {@inheritDoc}
 */
@Override
public KeyPair generateKeyPair() throws KeyException {
    try {
        CryptoManager manager = JSSProviderLoader.getCryptoManager(true);
        CryptoToken token = manager.getInternalKeyStorageToken();
        KeyPairGenerator kpgen = token.getKeyPairGenerator(KeyPairAlgorithm.fromString(KEY_ALGORITHM));
        kpgen.temporaryPairs(true);
        kpgen.sensitivePairs(true);
        // probably extraneous; does nothing in FIPS mode
        kpgen.extractablePairs(true);
        kpgen.initialize(KEY_SIZE);
        KeyPair keypair = kpgen.genKeyPair();
        return this.buildInsecureKeyPair(keypair);
    } catch (NoSuchAlgorithmException | TokenException | TokenRuntimeException e) {
        throw new KeyException(e);
    }
}
Also used : KeyPair(java.security.KeyPair) CryptoToken(org.mozilla.jss.crypto.CryptoToken) TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException) TokenException(org.mozilla.jss.crypto.TokenException) CryptoManager(org.mozilla.jss.CryptoManager) KeyPairGenerator(org.mozilla.jss.crypto.KeyPairGenerator) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyException(java.security.KeyException)

Example 3 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.

the class JSSCipherSpi method engineInit.

@Override
public void engineInit(int opmode, Key key, AlgorithmParameterSpec givenParams, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
    try {
        // throw away any previous state
        cipher = null;
        wrapper = null;
        params = givenParams;
        if (algFamily == null) {
            throw new InvalidAlgorithmParameterException("incorrectly specified algorithm");
        }
        if (opmode != Cipher.ENCRYPT_MODE && opmode != Cipher.DECRYPT_MODE && opmode != Cipher.WRAP_MODE && opmode != Cipher.UNWRAP_MODE) {
            throw new InvalidKeyException("Invalid opmode");
        }
        StringBuffer buf = new StringBuffer();
        buf.append(algFamily);
        if (algMode != null) {
            buf.append('/');
            buf.append(algMode);
        }
        if (algPadding != null) {
            buf.append('/');
            buf.append(algPadding);
        }
        if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.DECRYPT_MODE) {
            if (!(key instanceof SecretKeyFacade)) {
                key = importKey(key);
            }
            SymmetricKey symkey = ((SecretKeyFacade) key).key;
            // lookup the encryption algorithm
            keyStrength = symkey.getStrength();
            encAlg = EncryptionAlgorithm.lookup(algFamily, algMode, algPadding, keyStrength);
            blockSize = encAlg.getBlockSize();
            if (!token.doesAlgorithm(encAlg)) {
                throw new NoSuchAlgorithmException(encAlg.toString() + " is not supported by this token " + token.getName());
            }
            cipher = token.getCipherContext(encAlg);
            if (opmode == Cipher.ENCRYPT_MODE) {
                if (params == noAlgParams) {
                    // we're supposed to generate some params
                    params = generateAlgParams(encAlg, blockSize);
                }
                cipher.initEncrypt(symkey, params);
            } else if (opmode == Cipher.DECRYPT_MODE) {
                if (params == noAlgParams) {
                    params = null;
                }
                cipher.initDecrypt(symkey, params);
            }
        } else {
            assert (opmode == Cipher.WRAP_MODE || opmode == Cipher.UNWRAP_MODE);
            wrapAlg = KeyWrapAlgorithm.fromString(buf.toString());
            blockSize = wrapAlg.getBlockSize();
            wrapper = token.getKeyWrapper(wrapAlg);
            // generate params if necessary
            if (params == noAlgParams) {
                if (opmode == Cipher.WRAP_MODE) {
                    params = generateAlgParams(wrapAlg, blockSize);
                } else {
                    assert (opmode == Cipher.UNWRAP_MODE);
                    params = null;
                }
            }
            if (key instanceof org.mozilla.jss.crypto.PrivateKey) {
                if (opmode != Cipher.UNWRAP_MODE) {
                    throw new InvalidKeyException("Private key can only be used for unwrapping");
                }
                wrapper.initUnwrap((org.mozilla.jss.crypto.PrivateKey) key, params);
            } else if (key instanceof PublicKey) {
                if (opmode != Cipher.WRAP_MODE) {
                    throw new InvalidKeyException("Public key can only be used for wrapping");
                }
                wrapper.initWrap((PublicKey) key, params);
            } else if (key instanceof org.mozilla.jss.crypto.SecretKeyFacade) {
                org.mozilla.jss.crypto.SecretKeyFacade sk = (org.mozilla.jss.crypto.SecretKeyFacade) key;
                if (opmode == Cipher.WRAP_MODE) {
                    wrapper.initWrap(sk.key, params);
                } else {
                    assert (opmode == Cipher.UNWRAP_MODE);
                    wrapper.initUnwrap(sk.key, params);
                }
            } else {
                throw new InvalidKeyException("Invalid key type: " + key.getClass().getName());
            }
        }
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidAlgorithmParameterException(e.getMessage());
    } catch (TokenException te) {
        throw new TokenRuntimeException(te.getMessage());
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PublicKey(java.security.PublicKey) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException) TokenException(org.mozilla.jss.crypto.TokenException)

Example 4 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.

the class JSSSecretKeyFactorySpi method engineGenerateSecret.

@Override
public SecretKey engineGenerateSecret(KeySpec spec) throws InvalidKeySpecException {
    try {
        if (spec instanceof PBEKeySpec || spec instanceof PBEKeyGenParams) {
            PBEKeyGenParams params;
            if (spec instanceof PBEKeySpec) {
                params = makePBEKeyGenParams((PBEKeySpec) spec);
            } else {
                params = (org.mozilla.jss.crypto.PBEKeyGenParams) spec;
            }
            org.mozilla.jss.crypto.KeyGenerator gen = token.getKeyGenerator(alg);
            gen.initialize(params);
            SymmetricKey symk = gen.generate();
            params.clear();
            return new SecretKeyFacade(symk);
        } else if (spec instanceof DESedeKeySpec) {
            if (alg != KeyGenAlgorithm.DES3) {
                throw new InvalidKeySpecException("Incorrect KeySpec type (" + spec.getClass().getName() + ") for algorithm (" + alg.toString() + ")");
            }
            return generateKeyFromBits(((DESedeKeySpec) spec).getKey(), SymmetricKey.Type.DES3);
        } else if (spec instanceof DESKeySpec) {
            if (alg != KeyGenAlgorithm.DES) {
                throw new InvalidKeySpecException("Incorrect KeySpec type (" + spec.getClass().getName() + ") for algorithm (" + alg.toString() + ")");
            }
            return generateKeyFromBits(((DESKeySpec) spec).getKey(), SymmetricKey.Type.DES);
        } else if (spec instanceof SecretKeySpec) {
            SecretKeySpec kspec = (SecretKeySpec) spec;
            SymmetricKey.Type type = SymmetricKey.Type.fromName(kspec.getAlgorithm());
            return generateKeyFromBits(kspec.getEncoded(), type);
        } else {
            throw new InvalidKeySpecException("Unsupported KeySpec: " + spec.getClass().getName());
        }
    } catch (TokenException te) {
        throw new TokenRuntimeException(te.getMessage());
    } catch (InvalidAlgorithmParameterException iape) {
        throw new InvalidKeySpecException("InvalidAlgorithmParameterException: " + iape.getMessage());
    } catch (IllegalStateException e) {
        throw (TokenRuntimeException) new TokenRuntimeException("IllegalStateException: " + e.getMessage()).initCause(e);
    } catch (CharConversionException e) {
        throw new InvalidKeySpecException("CharConversionException: " + e.getMessage(), e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidKeySpecException("NoSuchAlgorithmException: " + e.getMessage(), e);
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) SymmetricKey(org.mozilla.jss.crypto.SymmetricKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CharConversionException(java.io.CharConversionException) PBEKeyGenParams(org.mozilla.jss.crypto.PBEKeyGenParams) SecretKeyFacade(org.mozilla.jss.crypto.SecretKeyFacade) TokenRuntimeException(org.mozilla.jss.crypto.TokenRuntimeException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) TokenException(org.mozilla.jss.crypto.TokenException) DESedeKeySpec(javax.crypto.spec.DESedeKeySpec) DESKeySpec(javax.crypto.spec.DESKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException)

Aggregations

NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 TokenException (org.mozilla.jss.crypto.TokenException)4 TokenRuntimeException (org.mozilla.jss.crypto.TokenRuntimeException)4 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 SecretKeyFacade (org.mozilla.jss.crypto.SecretKeyFacade)3 SymmetricKey (org.mozilla.jss.crypto.SymmetricKey)3 CharConversionException (java.io.CharConversionException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyException (java.security.KeyException)1 KeyPair (java.security.KeyPair)1 PublicKey (java.security.PublicKey)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 DESKeySpec (javax.crypto.spec.DESKeySpec)1 DESedeKeySpec (javax.crypto.spec.DESedeKeySpec)1 PBEKeySpec (javax.crypto.spec.PBEKeySpec)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 CryptoManager (org.mozilla.jss.CryptoManager)1 CryptoToken (org.mozilla.jss.crypto.CryptoToken)1 KeyPairGenerator (org.mozilla.jss.crypto.KeyPairGenerator)1 PBEKeyGenParams (org.mozilla.jss.crypto.PBEKeyGenParams)1