Search in sources :

Example 46 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class IaikP11Slot method firstLogin.

private void firstLogin(Session session, List<char[]> password) throws P11TokenException {
    try {
        boolean isProtectedAuthenticationPath = session.getToken().getTokenInfo().isProtectedAuthenticationPath();
        if (isProtectedAuthenticationPath || CollectionUtil.isEmpty(password)) {
            LOG.info("verify on PKCS11Module with PROTECTED_AUTHENTICATION_PATH");
            singleLogin(session, null);
        } else {
            LOG.info("verify on PKCS11Module with PIN");
            for (char[] singlePwd : password) {
                singleLogin(session, singlePwd);
            }
            this.password = password;
        }
    } catch (PKCS11Exception ex) {
        // 0x100: user already logged in
        if (ex.getErrorCode() != 0x100) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
}
Also used : PKCS11Exception(iaik.pkcs.pkcs11.wrapper.PKCS11Exception) P11TokenException(org.xipki.security.exception.P11TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException)

Example 47 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Identity method sm2SignHash.

private byte[] sm2SignHash(byte[] hash) throws P11TokenException {
    ConcurrentBagEntry<SM2Signer> sig0;
    try {
        sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
    } catch (InterruptedException ex) {
        throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
    }
    if (sig0 == null) {
        throw new P11TokenException("no idle SM2 Signer available");
    }
    try {
        SM2Signer sig = sig0.value();
        byte[] x962Signature = sig.generateSignatureForHash(hash);
        return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
    } catch (CryptoException ex) {
        throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    } finally {
        sm2Signers.requite(sig0);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) P11TokenException(org.xipki.security.exception.P11TokenException) CryptoException(org.bouncycastle.crypto.CryptoException)

Example 48 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Identity method aesGmac.

// TODO: check the correctness
private byte[] aesGmac(P11Params params, byte[] contentToSign) throws P11TokenException {
    if (params == null) {
        throw new P11TokenException("iv must not be null");
    }
    byte[] iv;
    if (params instanceof P11IVParams) {
        iv = ((P11IVParams) params).getIV();
    } else {
        throw new P11TokenException("params must be instanceof P11IVParams");
    }
    GMac gmac = new GMac(new GCMBlockCipher(new AESEngine()));
    ParametersWithIV paramsWithIv = new ParametersWithIV(new KeyParameter(signingKey.getEncoded()), iv);
    gmac.init(paramsWithIv);
    gmac.update(contentToSign, 0, contentToSign.length);
    byte[] signature = new byte[gmac.getMacSize()];
    gmac.doFinal(signature, 0);
    return signature;
}
Also used : ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV) AESEngine(org.bouncycastle.crypto.engines.AESEngine) P11TokenException(org.xipki.security.exception.P11TokenException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) GMac(org.bouncycastle.crypto.macs.GMac) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) P11IVParams(org.xipki.security.pkcs11.P11IVParams)

Example 49 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Identity method rsaPkcsPssSign.

private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException {
    if (!(parameters instanceof P11RSAPkcsPssParams)) {
        throw new P11TokenException("the parameters is not of " + P11RSAPkcsPssParams.class.getName());
    }
    P11RSAPkcsPssParams pssParam = (P11RSAPkcsPssParams) parameters;
    HashAlgo contentHash = HashAlgo.getInstanceForPkcs11HashMech(pssParam.getHashAlgorithm());
    if (contentHash == null) {
        throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm());
    } else if (hashAlgo != null && contentHash != hashAlgo) {
        throw new P11TokenException("Invalid parameters: invalid hash algorithm");
    }
    HashAlgo mgfHash = HashAlgo.getInstanceForPkcs11MgfMech(pssParam.getMaskGenerationFunction());
    if (mgfHash == null) {
        throw new P11TokenException("unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm());
    }
    byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign);
    byte[] encodedHashValue;
    try {
        encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    }
    return rsaX509Sign(encodedHashValue);
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) HashAlgo(org.xipki.security.HashAlgo) P11TokenException(org.xipki.security.exception.P11TokenException) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams)

Example 50 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Identity method dsaAndEcdsaSign.

private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws P11TokenException {
    byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign);
    ConcurrentBagEntry<Signature> sig0;
    try {
        sig0 = dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS);
    } catch (InterruptedException ex) {
        throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
    }
    if (sig0 == null) {
        throw new P11TokenException("no idle DSA Signature available");
    }
    try {
        Signature sig = sig0.value();
        sig.update(hash);
        byte[] x962Signature = sig.sign();
        return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
    } catch (SignatureException ex) {
        throw new P11TokenException("SignatureException: " + ex.getMessage(), ex);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    } finally {
        dsaSignatures.requite(sig0);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) Signature(java.security.Signature) P11TokenException(org.xipki.security.exception.P11TokenException) SignatureException(java.security.SignatureException)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)57 TokenException (iaik.pkcs.pkcs11.TokenException)16 XiSecurityException (org.xipki.security.exception.XiSecurityException)16 IOException (java.io.IOException)11 Session (iaik.pkcs.pkcs11.Session)10 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)10 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)9 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)9 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)8 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)8 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)8 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)8 DEROctetString (org.bouncycastle.asn1.DEROctetString)8 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)8 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)7 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)6 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)6 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)6