Search in sources :

Example 1 with PasswordResolver

use of org.xipki.password.PasswordResolver in project xipki by xipki.

the class SignerFactoryRegisterImpl method newKeystoreSigner.

private ConcurrentContentSigner newKeystoreSigner(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
    String str = conf.getConfValue("parallelism");
    int parallelism = securityFactory.getDefaultSignerParallelism();
    if (str != null) {
        try {
            parallelism = Integer.parseInt(str);
        } catch (NumberFormatException ex) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
        if (parallelism < 1) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
    }
    String passwordHint = conf.getConfValue("password");
    char[] password;
    if (passwordHint == null) {
        password = null;
    } else {
        PasswordResolver passwordResolver = securityFactory.getPasswordResolver();
        if (passwordResolver == null) {
            password = passwordHint.toCharArray();
        } else {
            try {
                password = passwordResolver.resolvePassword(passwordHint);
            } catch (PasswordResolverException ex) {
                throw new ObjectCreationException("could not resolve password. Message: " + ex.getMessage());
            }
        }
    }
    str = conf.getConfValue("keystore");
    String keyLabel = conf.getConfValue("key-label");
    InputStream keystoreStream;
    if (StringUtil.startsWithIgnoreCase(str, "base64:")) {
        keystoreStream = new ByteArrayInputStream(Base64.decode(str.substring("base64:".length())));
    } else if (StringUtil.startsWithIgnoreCase(str, "file:")) {
        String fn = str.substring("file:".length());
        try {
            keystoreStream = new FileInputStream(IoUtil.expandFilepath(fn));
        } catch (FileNotFoundException ex) {
            throw new ObjectCreationException("file not found: " + fn);
        }
    } else {
        throw new ObjectCreationException("unknown keystore content format");
    }
    try {
        AlgorithmIdentifier macAlgId = null;
        String algoName = conf.getConfValue("algo");
        if (algoName != null) {
            try {
                macAlgId = AlgorithmUtil.getMacAlgId(algoName);
            } catch (NoSuchAlgorithmException ex) {
            // do nothing
            }
        }
        if (macAlgId != null) {
            SoftTokenMacContentSignerBuilder signerBuilder = new SoftTokenMacContentSignerBuilder(type, keystoreStream, password, keyLabel, password);
            return signerBuilder.createSigner(macAlgId, parallelism, securityFactory.getRandom4Sign());
        } else {
            SoftTokenContentSignerBuilder signerBuilder = new SoftTokenContentSignerBuilder(type, keystoreStream, password, keyLabel, password, certificateChain);
            AlgorithmIdentifier signatureAlgId;
            if (conf.getHashAlgo() == null) {
                signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
            } else {
                PublicKey pubKey = signerBuilder.getCertificate().getPublicKey();
                signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
            }
            return signerBuilder.createSigner(signatureAlgId, parallelism, securityFactory.getRandom4Sign());
        }
    } catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException ex) {
        throw new ObjectCreationException(String.format("%s: %s", ex.getClass().getName(), ex.getMessage()));
    }
}
Also used : PasswordResolver(org.xipki.password.PasswordResolver) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) PublicKey(java.security.PublicKey) FileNotFoundException(java.io.FileNotFoundException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) FileInputStream(java.io.FileInputStream) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) XiSecurityException(org.xipki.security.exception.XiSecurityException) ByteArrayInputStream(java.io.ByteArrayInputStream) ObjectCreationException(org.xipki.common.ObjectCreationException) SoftTokenContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenContentSignerBuilder) PasswordResolverException(org.xipki.password.PasswordResolverException) SoftTokenMacContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenMacContentSignerBuilder)

Aggregations

ByteArrayInputStream (java.io.ByteArrayInputStream)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 InputStream (java.io.InputStream)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PublicKey (java.security.PublicKey)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1 ObjectCreationException (org.xipki.common.ObjectCreationException)1 PasswordResolver (org.xipki.password.PasswordResolver)1 PasswordResolverException (org.xipki.password.PasswordResolverException)1 XiSecurityException (org.xipki.security.exception.XiSecurityException)1 SoftTokenContentSignerBuilder (org.xipki.security.pkcs12.SoftTokenContentSignerBuilder)1 SoftTokenMacContentSignerBuilder (org.xipki.security.pkcs12.SoftTokenMacContentSignerBuilder)1