Example 21 with CryptokiException
use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.
the class MwEventManager method initialize.
public void initialize() throws InitializationException {
// start watcher thread
try {
DatatypeFactory dataFactory = DatatypeFactory.newInstance();
MwEventRunner runner = new MwEventRunner(env, builder, dataFactory, mwSAL.getMwModule(), mwCallback);
runner.initRunner();
watcher = new FutureTask<>(runner, null);
Thread t = new Thread(watcher, "MwEventManager");
t.start();
} catch (CryptokiException ex) {
LOG.error("Failed to initialize middleware event runner.", ex);
throw new InitializationException("Failed to request initial status from middleware.", ex.getErrorCode());
} catch (DatatypeConfigurationException ex) {
throw new UnsupportedOperationException("Datatype factory not supported.", ex);
}
}
Also used :
DatatypeConfigurationException(javax.xml.datatype.DatatypeConfigurationException)
DatatypeFactory(javax.xml.datatype.DatatypeFactory)
CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException)
InitializationException(org.openecard.mdlw.sal.exceptions.InitializationException)
Example 22 with CryptokiException
use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.
the class CIFCreator method getSigAlgs.
private List<SignatureAlgorithms> getSigAlgs(MwPublicKey pubKey) throws CryptokiException {
ArrayList<SignatureAlgorithms> sigAlgs = new ArrayList<>();
long[] mechanisms = pubKey.getAllowedMechanisms();
if (mechanisms.length == 0) {
try {
MwPrivateKey privKey = null;
List<MwPrivateKey> privKeys = session.getPrivateKeys();
for (MwPrivateKey next : privKeys) {
if (next.getKeyLabel().equals(pubKey.getKeyLabel())) {
privKey = next;
break;
}
}
if (privKey != null) {
mechanisms = privKey.getAllowedMechanisms();
}
} catch (CryptokiException ex) {
LOG.info("Could not access private key objetcs.");
}
}
if (mechanisms.length == 0) {
// no mechanisms available, ask what the card has to offer and assume this is also what the key offers
try {
List<MwMechanism> allMechanisms = session.getSlot().getMechanismList();
for (MwMechanism mechanism : allMechanisms) {
if (!mechanism.isSignatureAlgorithm()) {
// skipping non signature mechanism
continue;
}
if (!mechanism.hasFlags(CryptokiLibrary.CKF_SIGN)) {
// sign function does not work with that
continue;
}
addMechanism(pubKey, mechanism, sigAlgs);
}
// this is usually supported despite the middleware doesn't claim it
if (sigAlgs.isEmpty()) {
LOG.info("Trying to add raw RSA algorithm.");
for (MwMechanism mechanism : allMechanisms) {
if (mechanism.getType() == CryptokiLibrary.CKM_RSA_PKCS) {
addMechanism(pubKey, mechanism, sigAlgs);
// no need to search longer if we have found it
break;
}
}
}
} catch (CryptokiException ex) {
LOG.error("Failed to read mechanisms from card.", ex);
}
// too bad we have nothing
if (sigAlgs.isEmpty()) {
LOG.error("Could not find any suitable algorithms for DID.");
}
} else {
// convert each of the mechanisms
for (long m : mechanisms) {
try {
SignatureAlgorithms sigAlg = SignatureAlgorithms.fromMechanismId(m);
LOG.debug("Key signature algorithm: {}", sigAlg);
sigAlgs.add(sigAlg);
} catch (UnsupportedAlgorithmException ex) {
String mStr = String.format("%#010x", m);
LOG.error("Skipping unknown signature algorithm ({}).", mStr);
}
}
}
return sigAlgs;
}
Also used :
CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException)
SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms)
UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException)
ArrayList(java.util.ArrayList)
Example 23 with CryptokiException
use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.
the class CIFCreator method getSignatureCryptoDIDs.
private List<DIDInfoType> getSignatureCryptoDIDs() throws WSMarshallerException, CryptokiException {
LOG.debug("Reading infos for CryptoDID generation.");
ArrayList<DIDInfoType> didInfos = new ArrayList<>();
List<MwPublicKey> pubKeys = session.getPublicKeys();
for (MwPublicKey pubKey : pubKeys) {
LOG.debug("Found key object {}.", pubKey);
if (!Boolean.TRUE.equals(pubKey.getVerify())) {
LOG.info("Skipping non-signing key {}.", pubKey.getKeyLabel());
continue;
}
// look up certificates
try {
List<MwCertificate> mwCerts = createChain(session.getCertificates(), pubKey.getKeyID());
if (mwCerts.isEmpty()) {
LOG.info("No certificates available for the key object.");
continue;
}
MwCertificate eeCert = mwCerts.get(0);
// check certType
switch(eeCert.getCertificateCategory()) {
case CK_CERTIFICATE_CATEGORY_TOKEN_USER:
case CK_CERTIFICATE_CATEGORY_UNSPECIFIED:
break;
default:
LOG.info("Skipping key '{}' as certificate has wrong category.", pubKey.getKeyLabel());
}
// check certificate usage flags
if (!canSign(eeCert)) {
LOG.info("Certificate '{}' can not be used to perform a signature.", eeCert.getLabel());
continue;
}
// determine available algorithms
List<SignatureAlgorithms> sigalgs = getSigAlgs(pubKey);
for (SignatureAlgorithms sigalg : sigalgs) {
DIDInfoType did = createCryptoDID(mwCerts, sigalg);
didInfos.add(did);
}
} catch (NoCertificateChainException ex) {
LOG.warn("Could not create a certificate chain for requested key.", ex);
} catch (CryptokiException ex) {
LOG.warn("Failed to read DID data from middleware, skipping this key entry.", ex);
}
}
return didInfos;
}
Also used :
DIDInfoType(iso.std.iso_iec._24727.tech.schema.DIDInfoType)
CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException)
SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms)
ArrayList(java.util.ArrayList)
NoCertificateChainException(org.openecard.mdlw.sal.exceptions.NoCertificateChainException)
Example 24 with CryptokiException
use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.
the class CIFCreator method createCryptoDID.
private DIDInfoType createCryptoDID(List<MwCertificate> mwCerts, SignatureAlgorithms sigalg) throws WSMarshallerException, CryptokiException {
LOG.debug("Creating Crypto DID object.");
DIDInfoType di = new DIDInfoType();
String keyLabel = mwCerts.get(0).getLabel();
// create differential identity
DifferentialIdentityType did = new DifferentialIdentityType();
di.setDifferentialIdentity(did);
String didName = keyLabel + "_" + mwCerts.get(0).getLabel() + "_" + sigalg.getJcaAlg();
LOG.debug("DIDName: {}", didName);
did.setDIDName(didName);
did.setDIDProtocol("urn:oid:1.3.162.15480.3.0.25");
did.setDIDScope(DIDScopeType.LOCAL);
// create crypto marker
CryptoMarkerBuilder markerBuilder = new CryptoMarkerBuilder();
// add AlgorithmInfo
AlgorithmInfoType algInfo = new AlgorithmInfoType();
algInfo.setAlgorithm(sigalg.getJcaAlg());
AlgorithmIdentifierType algIdentifier = new AlgorithmIdentifierType();
algIdentifier.setAlgorithm(sigalg.getAlgId());
algInfo.setAlgorithmIdentifier(algIdentifier);
algInfo.getSupportedOperations().add("Compute-signature");
markerBuilder.setAlgInfo(algInfo);
markerBuilder.setLegacyKeyname(keyLabel);
// add certificates
for (MwCertificate nextCert : mwCerts) {
try {
CertificateRefType certRef = new CertificateRefType();
certRef.setDataSetName(nextCert.getLabel());
markerBuilder.getCertRefs().add(certRef);
} catch (CryptokiException ex) {
LOG.warn("Certificate chain is not complete.");
break;
}
}
// wrap crypto marker and add to parent
CryptoMarkerType marker = markerBuilder.build();
DIDMarkerType markerWrapper = new DIDMarkerType();
markerWrapper.setCryptoMarker(marker);
did.setDIDMarker(markerWrapper);
// create acl
AccessControlListType acl = new AccessControlListType();
di.setDIDACL(acl);
List<AccessRuleType> rules = acl.getAccessRule();
rules.add(createRuleTrue(AuthorizationServiceActionName.ACL_LIST));
rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_GET));
// create sign rule with PIN reference
AccessRuleType signRule = createRuleTrue(CryptographicServiceActionName.SIGN);
signRule.setSecurityCondition(createDidCond(PIN_NAME));
rules.add(signRule);
return di;
}
Also used :
CryptoMarkerBuilder(org.openecard.mdlw.sal.didfactory.CryptoMarkerBuilder)
AccessControlListType(iso.std.iso_iec._24727.tech.schema.AccessControlListType)
CryptoMarkerType(iso.std.iso_iec._24727.tech.schema.CryptoMarkerType)
CertificateRefType(iso.std.iso_iec._24727.tech.schema.CertificateRefType)
DIDMarkerType(iso.std.iso_iec._24727.tech.schema.DIDMarkerType)
DifferentialIdentityType(iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType)
DIDInfoType(iso.std.iso_iec._24727.tech.schema.DIDInfoType)
AlgorithmInfoType(iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType)
CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException)
AlgorithmIdentifierType(iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType)
AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)
Aggregations
CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)24
ArrayList (java.util.ArrayList)7
NativeLong (com.sun.jna.NativeLong)5
ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)5
PinBlockedException (org.openecard.mdlw.sal.exceptions.PinBlockedException)5
PinIncorrectException (org.openecard.mdlw.sal.exceptions.PinIncorrectException)5
TokenException (org.openecard.mdlw.sal.exceptions.TokenException)5
NativeLongByReference (com.sun.jna.ptr.NativeLongByReference)4
DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)4
CardStateEntry (org.openecard.common.sal.state.CardStateEntry)4
UnsupportedAlgorithmException (org.openecard.crypto.common.UnsupportedAlgorithmException)4
CK_ATTRIBUTE (org.openecard.mdlw.sal.cryptoki.CK_ATTRIBUTE)4
InitializationException (org.openecard.mdlw.sal.exceptions.InitializationException)4
ECardException (org.openecard.common.ECardException)3
ThreadTerminateException (org.openecard.common.ThreadTerminateException)3
IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)3
WSMarshallerException (org.openecard.ws.marshal.WSMarshallerException)3
AccessControlListType (iso.std.iso_iec._24727.tech.schema.AccessControlListType)2
AccessRuleType (iso.std.iso_iec._24727.tech.schema.AccessRuleType)2
CardInfoType (iso.std.iso_iec._24727.tech.schema.CardInfoType)2
