use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method firstLogin.
private void firstLogin(Session session, List<char[]> password) throws P11TokenException {
try {
boolean isProtectedAuthenticationPath = session.getToken().getTokenInfo().isProtectedAuthenticationPath();
if (isProtectedAuthenticationPath || CollectionUtil.isEmpty(password)) {
LOG.info("verify on PKCS11Module with PROTECTED_AUTHENTICATION_PATH");
singleLogin(session, null);
} else {
LOG.info("verify on PKCS11Module with PIN");
for (char[] singlePwd : password) {
singleLogin(session, singlePwd);
}
this.password = password;
}
} catch (PKCS11Exception ex) {
// 0x100: user already logged in
if (ex.getErrorCode() != 0x100) {
throw new P11TokenException(ex.getMessage(), ex);
}
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class EmulatorP11Identity method sm2SignHash.
private byte[] sm2SignHash(byte[] hash) throws P11TokenException {
ConcurrentBagEntry<SM2Signer> sig0;
try {
sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
} catch (InterruptedException ex) {
throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
}
if (sig0 == null) {
throw new P11TokenException("no idle SM2 Signer available");
}
try {
SM2Signer sig = sig0.value();
byte[] x962Signature = sig.generateSignatureForHash(hash);
return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
} catch (CryptoException ex) {
throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
} finally {
sm2Signers.requite(sig0);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class EmulatorP11Identity method aesGmac.
// TODO: check the correctness
private byte[] aesGmac(P11Params params, byte[] contentToSign) throws P11TokenException {
if (params == null) {
throw new P11TokenException("iv must not be null");
}
byte[] iv;
if (params instanceof P11IVParams) {
iv = ((P11IVParams) params).getIV();
} else {
throw new P11TokenException("params must be instanceof P11IVParams");
}
GMac gmac = new GMac(new GCMBlockCipher(new AESEngine()));
ParametersWithIV paramsWithIv = new ParametersWithIV(new KeyParameter(signingKey.getEncoded()), iv);
gmac.init(paramsWithIv);
gmac.update(contentToSign, 0, contentToSign.length);
byte[] signature = new byte[gmac.getMacSize()];
gmac.doFinal(signature, 0);
return signature;
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class EmulatorP11Identity method rsaPkcsPssSign.
private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException {
if (!(parameters instanceof P11RSAPkcsPssParams)) {
throw new P11TokenException("the parameters is not of " + P11RSAPkcsPssParams.class.getName());
}
P11RSAPkcsPssParams pssParam = (P11RSAPkcsPssParams) parameters;
HashAlgo contentHash = HashAlgo.getInstanceForPkcs11HashMech(pssParam.getHashAlgorithm());
if (contentHash == null) {
throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm());
} else if (hashAlgo != null && contentHash != hashAlgo) {
throw new P11TokenException("Invalid parameters: invalid hash algorithm");
}
HashAlgo mgfHash = HashAlgo.getInstanceForPkcs11MgfMech(pssParam.getMaskGenerationFunction());
if (mgfHash == null) {
throw new P11TokenException("unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm());
}
byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign);
byte[] encodedHashValue;
try {
encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
}
return rsaX509Sign(encodedHashValue);
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class EmulatorP11Identity method dsaAndEcdsaSign.
private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws P11TokenException {
byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign);
ConcurrentBagEntry<Signature> sig0;
try {
sig0 = dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS);
} catch (InterruptedException ex) {
throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
}
if (sig0 == null) {
throw new P11TokenException("no idle DSA Signature available");
}
try {
Signature sig = sig0.value();
sig.update(hash);
byte[] x962Signature = sig.sign();
return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
} catch (SignatureException ex) {
throw new P11TokenException("SignatureException: " + ex.getMessage(), ex);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
} finally {
dsaSignatures.requite(sig0);
}
}
Aggregations