use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class PrivateKeyCryptor method decrypt.
PrivateKey decrypt(PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) throws P11TokenException {
ParamUtil.requireNonNull("encryptedPrivateKeyInfo", encryptedPrivateKeyInfo);
PrivateKeyInfo privateKeyInfo;
synchronized (decryptorProvider) {
try {
privateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(decryptorProvider);
} catch (PKCSException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
}
AlgorithmIdentifier keyAlg = privateKeyInfo.getPrivateKeyAlgorithm();
ASN1ObjectIdentifier keyAlgOid = keyAlg.getAlgorithm();
String algoName;
if (PKCSObjectIdentifiers.rsaEncryption.equals(keyAlgOid)) {
algoName = "RSA";
} else if (X9ObjectIdentifiers.id_dsa.equals(keyAlgOid)) {
algoName = "DSA";
} else if (X9ObjectIdentifiers.id_ecPublicKey.equals(keyAlgOid)) {
algoName = "EC";
} else {
throw new P11TokenException("unknown private key algorithm " + keyAlgOid.getId());
}
try {
KeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance(algoName, "BC");
return keyFactory.generatePrivate(keySpec);
} catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException ex) {
throw new P11TokenException(ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method generateKeyPair.
private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
final String label = toString(privateKey.getLabel());
byte[] id = null;
try {
KeyPair keypair;
Session session = borrowWritableSession();
try {
if (labelExists(session, label)) {
throw new IllegalArgumentException("label " + label + " exists, please specify another one");
}
id = generateKeyId(session);
privateKey.getId().setByteArrayValue(id);
publicKey.getId().setByteArrayValue(id);
try {
keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
} catch (TokenException ex) {
throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
}
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
java.security.PublicKey jcePublicKey;
try {
jcePublicKey = generatePublicKey(keypair.getPublicKey());
} catch (XiSecurityException ex) {
throw new P11TokenException("could not generate public key " + objId, ex);
}
PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
if (privateKey2 == null) {
throw new P11TokenException("could not read the generated private key");
}
return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
} finally {
returnWritableSession(session);
}
} catch (P11TokenException | RuntimeException ex) {
try {
removeObjects(id, label);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not remove objects");
}
throw ex;
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method digestKey.
byte[] digestKey(long mechanism, IaikP11Identity identity) throws P11TokenException {
ParamUtil.requireNonNull("identity", identity);
assertMechanismSupported(mechanism);
Key signingKey = identity.getSigningKey();
if (!(signingKey instanceof SecretKey)) {
throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey");
}
if (LOG.isTraceEnabled()) {
LOG.debug("digest (init, digestKey, then finish)\n{}", signingKey);
}
int digestLen;
if (PKCS11Constants.CKM_SHA_1 == mechanism) {
digestLen = 20;
} else if (PKCS11Constants.CKM_SHA224 == mechanism || PKCS11Constants.CKM_SHA3_224 == mechanism) {
digestLen = 28;
} else if (PKCS11Constants.CKM_SHA256 == mechanism || PKCS11Constants.CKM_SHA3_256 == mechanism) {
digestLen = 32;
} else if (PKCS11Constants.CKM_SHA384 == mechanism || PKCS11Constants.CKM_SHA3_384 == mechanism) {
digestLen = 48;
} else if (PKCS11Constants.CKM_SHA512 == mechanism || PKCS11Constants.CKM_SHA3_512 == mechanism) {
digestLen = 64;
} else {
throw new P11TokenException("unsupported mechnism " + mechanism);
}
ConcurrentBagEntry<Session> session0 = borrowSession();
try {
Session session = session0.value();
session.digestInit(Mechanism.get(mechanism));
session.digestKey((SecretKey) signingKey);
byte[] digest = new byte[digestLen];
session.digestFinal(digest, 0, digestLen);
return digest;
} catch (TokenException ex) {
throw new P11TokenException(ex);
} finally {
sessions.requite(session0);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method updateCertificate0.
@Override
protected void updateCertificate0(P11ObjectIdentifier objectId, X509Certificate newCert) throws P11TokenException {
removeCerts(objectId);
try {
Thread.sleep(1000);
} catch (InterruptedException ex) {
// CHECKSTYLE:SKIP
}
X509PublicKeyCertificate newCertTemp = createPkcs11Template(new X509Cert(newCert), objectId.getId(), objectId.getLabelChars());
Session session = borrowWritableSession();
try {
session.createObject(newCertTemp);
} catch (TokenException ex) {
throw new P11TokenException("could not createObject: " + ex.getMessage(), ex);
} finally {
returnWritableSession(session);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method removeIdentity0.
@Override
protected void removeIdentity0(P11ObjectIdentifier objectId) throws P11TokenException {
Session session = borrowWritableSession();
try {
byte[] id = objectId.getId();
char[] label = objectId.getLabelChars();
SecretKey secretKey = getSecretKeyObject(session, id, label);
if (secretKey != null) {
try {
session.destroyObject(secretKey);
} catch (TokenException ex) {
String msg = "could not delete secret key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
PrivateKey privKey = getPrivateKeyObject(session, id, label);
if (privKey != null) {
try {
session.destroyObject(privKey);
} catch (TokenException ex) {
String msg = "could not delete private key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
PublicKey pubKey = getPublicKeyObject(session, id, label);
if (pubKey != null) {
try {
session.destroyObject(pubKey);
} catch (TokenException ex) {
String msg = "could not delete public key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
X509PublicKeyCertificate[] certs = getCertificateObjects(session, id, label);
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
try {
session.destroyObject(certs[i]);
} catch (TokenException ex) {
String msg = "could not delete certificate " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
}
} finally {
returnWritableSession(session);
}
}
Aggregations