Search in sources :

Example 1 with CredentialPermissionDenied

use of org.openecard.crypto.common.sal.did.CredentialPermissionDenied in project open-ecard by ecsec.

the class KeyStoreSigner method sign.

// /**
// * Gets the certificate for this KeyStore entry converted to a BouncyCastle TLS certificate.
// *
// * @return The certificate chain in BouncyCastle format.
// * @throws CertificateException Thrown in case the certificate could not be found or converted.
// * @throws IllegalStateException Thrown in case the keystore is not initialized.
// */
// @Nonnull
// public synchronized Certificate getCertificateChain() throws CertificateException {
// if (bcCert == null) {
// try {
// java.security.cert.Certificate[] jcaCerts = getJCACertificateChain();
// bcCert = KeyTools.convertCertificates(jcaCerts);
// } catch (KeyStoreException ex) {
// throw new IllegalStateException("Uninitialized keystore supplied.");
// }
// }
// return bcCert;
// }
/**
 * Signs the given hash with the entry represented by this instance.
 *
 * @param sigHashAlg Signature and hash algorithm. If {@code null}, then use PKCS1 v1.5.
 * @param hash The hash that should be signed.
 * @return Signature of the given hash.
 * @throws SignatureException In case the signature could not be created.
 * @throws CredentialPermissionDenied In case the signature could not be performed by the token due to missing
 *   permissions.
 */
public byte[] sign(@Nullable SignatureAndHashAlgorithm sigHashAlg, @Nonnull byte[] hash) throws SignatureException, CredentialPermissionDenied {
    try {
        Key key = keyStore.getKey(alias, password);
        if (!(key instanceof RSAPrivateKey)) {
            throw new SignatureException("No private key available for the sign operation.");
        } else {
            PrivateKey pKey = (PrivateKey) key;
            AsymmetricKeyParameter bcKey = PrivateKeyFactory.createKey(pKey.getEncoded());
            Signer signer;
            if (sigHashAlg == null) {
                signer = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), new NullDigest());
            } else {
                ASN1ObjectIdentifier hashOid = TlsUtils.getOIDForHashAlgorithm(sigHashAlg.getHash());
                signer = new RSADigestSigner(new NullDigest(), hashOid);
            }
            signer.init(true, new ParametersWithRandom(bcKey, ReusableSecureRandom.getInstance()));
            signer.update(hash, 0, hash.length);
            byte[] signature = signer.generateSignature();
            return signature;
        }
    } catch (KeyStoreException ex) {
        throw new IllegalStateException("Keystore is not initialized.");
    } catch (UnrecoverableKeyException ex) {
        throw new CredentialPermissionDenied("No usable key could be retrieved from the keystore.", ex);
    } catch (NoSuchAlgorithmException ex) {
        throw new SignatureException("Requested algorithm is not available.", ex);
    } catch (IOException ex) {
        throw new SignatureException("Failed to convert private key to BC class.");
    } catch (CryptoException ex) {
        throw new SignatureException("Failed to compute signature.", ex);
    }
}
Also used : GenericSigner(org.openecard.bouncycastle.crypto.signers.GenericSigner) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) PKCS1Encoding(org.openecard.bouncycastle.crypto.encodings.PKCS1Encoding) NullDigest(org.openecard.bouncycastle.crypto.digests.NullDigest) ParametersWithRandom(org.openecard.bouncycastle.crypto.params.ParametersWithRandom) SignatureException(java.security.SignatureException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) Signer(org.openecard.bouncycastle.crypto.Signer) RSADigestSigner(org.openecard.bouncycastle.crypto.signers.RSADigestSigner) GenericSigner(org.openecard.bouncycastle.crypto.signers.GenericSigner) AsymmetricKeyParameter(org.openecard.bouncycastle.crypto.params.AsymmetricKeyParameter) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RSABlindedEngine(org.openecard.bouncycastle.crypto.engines.RSABlindedEngine) RSADigestSigner(org.openecard.bouncycastle.crypto.signers.RSADigestSigner) CryptoException(org.openecard.bouncycastle.crypto.CryptoException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) CredentialPermissionDenied(org.openecard.crypto.common.sal.did.CredentialPermissionDenied) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) ASN1ObjectIdentifier(org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

IOException (java.io.IOException)1 Key (java.security.Key)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PrivateKey (java.security.PrivateKey)1 SignatureException (java.security.SignatureException)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 ASN1ObjectIdentifier (org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier)1 CryptoException (org.openecard.bouncycastle.crypto.CryptoException)1 Signer (org.openecard.bouncycastle.crypto.Signer)1 NullDigest (org.openecard.bouncycastle.crypto.digests.NullDigest)1 PKCS1Encoding (org.openecard.bouncycastle.crypto.encodings.PKCS1Encoding)1 RSABlindedEngine (org.openecard.bouncycastle.crypto.engines.RSABlindedEngine)1 AsymmetricKeyParameter (org.openecard.bouncycastle.crypto.params.AsymmetricKeyParameter)1 ParametersWithRandom (org.openecard.bouncycastle.crypto.params.ParametersWithRandom)1 GenericSigner (org.openecard.bouncycastle.crypto.signers.GenericSigner)1 RSADigestSigner (org.openecard.bouncycastle.crypto.signers.RSADigestSigner)1 CredentialPermissionDenied (org.openecard.crypto.common.sal.did.CredentialPermissionDenied)1