Example 16 with ObjectCreationException
use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class SecurityFactoryImpl method validateSigner.
private static void validateSigner(ConcurrentContentSigner signer, String signerType, SignerConf signerConf) throws ObjectCreationException {
if (signer.getPublicKey() == null) {
return;
}
String signatureAlgoName = signer.getAlgorithmName();
try {
byte[] dummyContent = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
Signature verifier = Signature.getInstance(signatureAlgoName, "BC");
byte[] signatureValue = signer.sign(dummyContent);
verifier.initVerify(signer.getPublicKey());
verifier.update(dummyContent);
boolean valid = verifier.verify(signatureValue);
if (!valid) {
StringBuilder sb = new StringBuilder();
sb.append("private key and public key does not match, ");
sb.append("key type='").append(signerType).append("'; ");
String pwd = signerConf.getConfValue("password");
if (pwd != null) {
signerConf.putConfEntry("password", "****");
}
signerConf.putConfEntry("algo", signatureAlgoName);
sb.append("conf='").append(signerConf.getConf());
X509Certificate cert = signer.getCertificate();
if (cert != null) {
String subject = X509Util.getRfc4519Name(cert.getSubjectX500Principal());
sb.append("', certificate subject='").append(subject).append("'");
}
throw new ObjectCreationException(sb.toString());
}
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | NoSuchProviderException | NoIdleSignerException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
X509Certificate(java.security.cert.X509Certificate)
ObjectCreationException(org.xipki.common.ObjectCreationException)
Signature(java.security.Signature)
NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 17 with ObjectCreationException
use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class SignerFactoryRegisterImpl method newKeystoreSigner.
private ConcurrentContentSigner newKeystoreSigner(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
String str = conf.getConfValue("parallelism");
int parallelism = securityFactory.getDefaultSignerParallelism();
if (str != null) {
try {
parallelism = Integer.parseInt(str);
} catch (NumberFormatException ex) {
throw new ObjectCreationException("invalid parallelism " + str);
}
if (parallelism < 1) {
throw new ObjectCreationException("invalid parallelism " + str);
}
}
String passwordHint = conf.getConfValue("password");
char[] password;
if (passwordHint == null) {
password = null;
} else {
PasswordResolver passwordResolver = securityFactory.getPasswordResolver();
if (passwordResolver == null) {
password = passwordHint.toCharArray();
} else {
try {
password = passwordResolver.resolvePassword(passwordHint);
} catch (PasswordResolverException ex) {
throw new ObjectCreationException("could not resolve password. Message: " + ex.getMessage());
}
}
}
str = conf.getConfValue("keystore");
String keyLabel = conf.getConfValue("key-label");
InputStream keystoreStream;
if (StringUtil.startsWithIgnoreCase(str, "base64:")) {
keystoreStream = new ByteArrayInputStream(Base64.decode(str.substring("base64:".length())));
} else if (StringUtil.startsWithIgnoreCase(str, "file:")) {
String fn = str.substring("file:".length());
try {
keystoreStream = new FileInputStream(IoUtil.expandFilepath(fn));
} catch (FileNotFoundException ex) {
throw new ObjectCreationException("file not found: " + fn);
}
} else {
throw new ObjectCreationException("unknown keystore content format");
}
try {
AlgorithmIdentifier macAlgId = null;
String algoName = conf.getConfValue("algo");
if (algoName != null) {
try {
macAlgId = AlgorithmUtil.getMacAlgId(algoName);
} catch (NoSuchAlgorithmException ex) {
// do nothing
}
}
if (macAlgId != null) {
SoftTokenMacContentSignerBuilder signerBuilder = new SoftTokenMacContentSignerBuilder(type, keystoreStream, password, keyLabel, password);
return signerBuilder.createSigner(macAlgId, parallelism, securityFactory.getRandom4Sign());
} else {
SoftTokenContentSignerBuilder signerBuilder = new SoftTokenContentSignerBuilder(type, keystoreStream, password, keyLabel, password, certificateChain);
AlgorithmIdentifier signatureAlgId;
if (conf.getHashAlgo() == null) {
signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
} else {
PublicKey pubKey = signerBuilder.getCertificate().getPublicKey();
signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
}
return signerBuilder.createSigner(signatureAlgId, parallelism, securityFactory.getRandom4Sign());
}
} catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException ex) {
throw new ObjectCreationException(String.format("%s: %s", ex.getClass().getName(), ex.getMessage()));
}
}
Also used :
PasswordResolver(org.xipki.password.PasswordResolver)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
PublicKey(java.security.PublicKey)
FileNotFoundException(java.io.FileNotFoundException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
FileInputStream(java.io.FileInputStream)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ObjectCreationException(org.xipki.common.ObjectCreationException)
SoftTokenContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenContentSignerBuilder)
PasswordResolverException(org.xipki.password.PasswordResolverException)
SoftTokenMacContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenMacContentSignerBuilder)
Example 18 with ObjectCreationException
use of org.xipki.common.ObjectCreationException in project xipki by xipki.
the class SignerFactoryRegisterImpl method newPkcs11Signer.
private ConcurrentContentSigner newPkcs11Signer(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
if (p11CryptServiceFactory == null) {
throw new ObjectCreationException("p11CryptServiceFactory is not set");
}
String str = conf.getConfValue("parallelism");
int parallelism = securityFactory.getDefaultSignerParallelism();
if (str != null) {
try {
parallelism = Integer.parseInt(str);
} catch (NumberFormatException ex) {
throw new ObjectCreationException("invalid parallelism " + str);
}
if (parallelism < 1) {
throw new ObjectCreationException("invalid parallelism " + str);
}
}
String moduleName = conf.getConfValue("module");
str = conf.getConfValue("slot");
Integer slotIndex = (str == null) ? null : Integer.parseInt(str);
str = conf.getConfValue("slot-id");
Long slotId = (str == null) ? null : Long.parseLong(str);
if ((slotIndex == null && slotId == null) || (slotIndex != null && slotId != null)) {
throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
}
String keyLabel = conf.getConfValue("key-label");
str = conf.getConfValue("key-id");
byte[] keyId = null;
if (str != null) {
keyId = Hex.decode(str);
}
if ((keyId == null && keyLabel == null) || (keyId != null && keyLabel != null)) {
throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
}
P11CryptService p11Service;
P11Slot slot;
try {
p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
P11Module module = p11Service.getModule();
P11SlotIdentifier p11SlotId;
if (slotId != null) {
p11SlotId = module.getSlotIdForId(slotId);
} else if (slotIndex != null) {
p11SlotId = module.getSlotIdForIndex(slotIndex);
} else {
throw new RuntimeException("should not reach here");
}
slot = module.getSlot(p11SlotId);
} catch (P11TokenException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
P11ObjectIdentifier p11ObjId = (keyId != null) ? slot.getObjectIdForId(keyId) : slot.getObjectIdForLabel(keyLabel);
if (p11ObjId == null) {
String str2 = (keyId != null) ? "id " + Hex.encode(keyId) : "label " + keyLabel;
throw new ObjectCreationException("cound not find identity with " + str2);
}
P11EntityIdentifier entityId = new P11EntityIdentifier(slot.getSlotId(), p11ObjId);
try {
AlgorithmIdentifier macAlgId = null;
String algoName = conf.getConfValue("algo");
if (algoName != null) {
try {
macAlgId = AlgorithmUtil.getMacAlgId(algoName);
} catch (NoSuchAlgorithmException ex) {
// do nothing
}
}
if (macAlgId != null) {
P11MacContentSignerBuilder signerBuilder = new P11MacContentSignerBuilder(p11Service, entityId);
return signerBuilder.createSigner(macAlgId, parallelism);
} else {
AlgorithmIdentifier signatureAlgId;
if (conf.getHashAlgo() == null) {
signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
} else {
PublicKey pubKey = slot.getIdentity(p11ObjId).getPublicKey();
signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
}
P11ContentSignerBuilder signerBuilder = new P11ContentSignerBuilder(p11Service, securityFactory, entityId, certificateChain);
return signerBuilder.createSigner(signatureAlgId, parallelism);
}
} catch (P11TokenException | NoSuchAlgorithmException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
}
Also used :
P11MacContentSignerBuilder(org.xipki.security.pkcs11.P11MacContentSignerBuilder)
P11Module(org.xipki.security.pkcs11.P11Module)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
PublicKey(java.security.PublicKey)
P11Slot(org.xipki.security.pkcs11.P11Slot)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
P11ContentSignerBuilder(org.xipki.security.pkcs11.P11ContentSignerBuilder)
P11CryptService(org.xipki.security.pkcs11.P11CryptService)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Aggregations
ObjectCreationException (org.xipki.common.ObjectCreationException)18
X509Certificate (java.security.cert.X509Certificate)11
SignerConf (org.xipki.security.SignerConf)11
IOException (java.io.IOException)7
XiSecurityException (org.xipki.security.exception.XiSecurityException)7
CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)6
ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)6
CertificateException (java.security.cert.CertificateException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
InvalidConfException (org.xipki.common.InvalidConfException)4
BigInteger (java.math.BigInteger)3
InvalidKeyException (java.security.InvalidKeyException)3
PublicKey (java.security.PublicKey)3
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
X509CaEntry (org.xipki.ca.server.mgmt.api.x509.X509CaEntry)3
ConfPairs (org.xipki.common.ConfPairs)3
FileInputStream (java.io.FileInputStream)2
FileNotFoundException (java.io.FileNotFoundException)2
NoSuchProviderException (java.security.NoSuchProviderException)2
SignatureException (java.security.SignatureException)2
