Examples with TokenRuntimeException org.mozilla.jss.crypto.TokenRuntimeException used on opensource projects

Example 1 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.

the class JSSCipherSpi method engineUnwrapSecret.

private Key engineUnwrapSecret(byte[] wrappedKey, String wrappedKeyAlg) throws InvalidKeyException, NoSuchAlgorithmException {
    try {
        int idx = wrappedKeyAlg.indexOf('/');
        if (idx != -1) {
            wrappedKeyAlg = wrappedKeyAlg.substring(0, idx);
        }
        SymmetricKey.Type wrappedKeyType = SymmetricKey.Type.fromName(wrappedKeyAlg);
        // Specify 0 for key length. This will use the default key length.
        // Won't work for algorithms without a default, like RC4, unless a
        // padded algorithm is used.
        SymmetricKey key = wrapper.unwrapSymmetric(wrappedKey, wrappedKeyType, 0);
        return new SecretKeyFacade(key);
    } catch (StringIndexOutOfBoundsException e) {
        throw new NoSuchAlgorithmException("Unknown algorithm: " + wrappedKeyAlg);
    } catch (TokenException te) {
        throw new TokenRuntimeException(te.getMessage());
    } catch (InvalidAlgorithmParameterException iape) {
        throw new NoSuchAlgorithmException("Invalid algorithm parameters" + iape.getMessage());
    }
}

Example 2 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project candlepin by candlepin.

the class JSSPKIUtility method generateKeyPair.

/**
 * {@inheritDoc}
 */
@Override
public KeyPair generateKeyPair() throws KeyException {
    try {
        CryptoManager manager = JSSProviderLoader.getCryptoManager(true);
        CryptoToken token = manager.getInternalKeyStorageToken();
        KeyPairGenerator kpgen = token.getKeyPairGenerator(KeyPairAlgorithm.fromString(KEY_ALGORITHM));
        kpgen.temporaryPairs(true);
        kpgen.sensitivePairs(true);
        // probably extraneous; does nothing in FIPS mode
        kpgen.extractablePairs(true);
        kpgen.initialize(KEY_SIZE);
        KeyPair keypair = kpgen.genKeyPair();
        return this.buildInsecureKeyPair(keypair);
    } catch (NoSuchAlgorithmException | TokenException | TokenRuntimeException e) {
        throw new KeyException(e);
    }
}

Example 3 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.

the class JSSCipherSpi method engineInit.

@Override
public void engineInit(int opmode, Key key, AlgorithmParameterSpec givenParams, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException {
    try {
        // throw away any previous state
        cipher = null;
        wrapper = null;
        params = givenParams;
        if (algFamily == null) {
            throw new InvalidAlgorithmParameterException("incorrectly specified algorithm");
        }
        if (opmode != Cipher.ENCRYPT_MODE && opmode != Cipher.DECRYPT_MODE && opmode != Cipher.WRAP_MODE && opmode != Cipher.UNWRAP_MODE) {
            throw new InvalidKeyException("Invalid opmode");
        }
        StringBuffer buf = new StringBuffer();
        buf.append(algFamily);
        if (algMode != null) {
            buf.append('/');
            buf.append(algMode);
        }
        if (algPadding != null) {
            buf.append('/');
            buf.append(algPadding);
        }
        if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.DECRYPT_MODE) {
            if (!(key instanceof SecretKeyFacade)) {
                key = importKey(key);
            }
            SymmetricKey symkey = ((SecretKeyFacade) key).key;
            // lookup the encryption algorithm
            keyStrength = symkey.getStrength();
            encAlg = EncryptionAlgorithm.lookup(algFamily, algMode, algPadding, keyStrength);
            blockSize = encAlg.getBlockSize();
            if (!token.doesAlgorithm(encAlg)) {
                throw new NoSuchAlgorithmException(encAlg.toString() + " is not supported by this token " + token.getName());
            }
            cipher = token.getCipherContext(encAlg);
            if (opmode == Cipher.ENCRYPT_MODE) {
                if (params == noAlgParams) {
                    // we're supposed to generate some params
                    params = generateAlgParams(encAlg, blockSize);
                }
                cipher.initEncrypt(symkey, params);
            } else if (opmode == Cipher.DECRYPT_MODE) {
                if (params == noAlgParams) {
                    params = null;
                }
                cipher.initDecrypt(symkey, params);
            }
        } else {
            assert (opmode == Cipher.WRAP_MODE || opmode == Cipher.UNWRAP_MODE);
            wrapAlg = KeyWrapAlgorithm.fromString(buf.toString());
            blockSize = wrapAlg.getBlockSize();
            wrapper = token.getKeyWrapper(wrapAlg);
            // generate params if necessary
            if (params == noAlgParams) {
                if (opmode == Cipher.WRAP_MODE) {
                    params = generateAlgParams(wrapAlg, blockSize);
                } else {
                    assert (opmode == Cipher.UNWRAP_MODE);
                    params = null;
                }
            }
            if (key instanceof org.mozilla.jss.crypto.PrivateKey) {
                if (opmode != Cipher.UNWRAP_MODE) {
                    throw new InvalidKeyException("Private key can only be used for unwrapping");
                }
                wrapper.initUnwrap((org.mozilla.jss.crypto.PrivateKey) key, params);
            } else if (key instanceof PublicKey) {
                if (opmode != Cipher.WRAP_MODE) {
                    throw new InvalidKeyException("Public key can only be used for wrapping");
                }
                wrapper.initWrap((PublicKey) key, params);
            } else if (key instanceof org.mozilla.jss.crypto.SecretKeyFacade) {
                org.mozilla.jss.crypto.SecretKeyFacade sk = (org.mozilla.jss.crypto.SecretKeyFacade) key;
                if (opmode == Cipher.WRAP_MODE) {
                    wrapper.initWrap(sk.key, params);
                } else {
                    assert (opmode == Cipher.UNWRAP_MODE);
                    wrapper.initUnwrap(sk.key, params);
                }
            } else {
                throw new InvalidKeyException("Invalid key type: " + key.getClass().getName());
            }
        }
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidAlgorithmParameterException(e.getMessage());
    } catch (TokenException te) {
        throw new TokenRuntimeException(te.getMessage());
    }
}

Example 4 with TokenRuntimeException

use of org.mozilla.jss.crypto.TokenRuntimeException in project jss by dogtagpki.

the class JSSSecretKeyFactorySpi method engineGenerateSecret.

@Override
public SecretKey engineGenerateSecret(KeySpec spec) throws InvalidKeySpecException {
    try {
        if (spec instanceof PBEKeySpec || spec instanceof PBEKeyGenParams) {
            PBEKeyGenParams params;
            if (spec instanceof PBEKeySpec) {
                params = makePBEKeyGenParams((PBEKeySpec) spec);
            } else {
                params = (org.mozilla.jss.crypto.PBEKeyGenParams) spec;
            }
            org.mozilla.jss.crypto.KeyGenerator gen = token.getKeyGenerator(alg);
            gen.initialize(params);
            SymmetricKey symk = gen.generate();
            params.clear();
            return new SecretKeyFacade(symk);
        } else if (spec instanceof DESedeKeySpec) {
            if (alg != KeyGenAlgorithm.DES3) {
                throw new InvalidKeySpecException("Incorrect KeySpec type (" + spec.getClass().getName() + ") for algorithm (" + alg.toString() + ")");
            }
            return generateKeyFromBits(((DESedeKeySpec) spec).getKey(), SymmetricKey.Type.DES3);
        } else if (spec instanceof DESKeySpec) {
            if (alg != KeyGenAlgorithm.DES) {
                throw new InvalidKeySpecException("Incorrect KeySpec type (" + spec.getClass().getName() + ") for algorithm (" + alg.toString() + ")");
            }
            return generateKeyFromBits(((DESKeySpec) spec).getKey(), SymmetricKey.Type.DES);
        } else if (spec instanceof SecretKeySpec) {
            SecretKeySpec kspec = (SecretKeySpec) spec;
            SymmetricKey.Type type = SymmetricKey.Type.fromName(kspec.getAlgorithm());
            return generateKeyFromBits(kspec.getEncoded(), type);
        } else {
            throw new InvalidKeySpecException("Unsupported KeySpec: " + spec.getClass().getName());
        }
    } catch (TokenException te) {
        throw new TokenRuntimeException(te.getMessage());
    } catch (InvalidAlgorithmParameterException iape) {
        throw new InvalidKeySpecException("InvalidAlgorithmParameterException: " + iape.getMessage());
    } catch (IllegalStateException e) {
        throw (TokenRuntimeException) new TokenRuntimeException("IllegalStateException: " + e.getMessage()).initCause(e);
    } catch (CharConversionException e) {
        throw new InvalidKeySpecException("CharConversionException: " + e.getMessage(), e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidKeySpecException("NoSuchAlgorithmException: " + e.getMessage(), e);
    }
}