Search in sources :

Example 31 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Slot method generateDSAKeypair0.

@Override
protected // CHECKSTYLE:SKIP
P11Identity generateDSAKeypair0(BigInteger p, BigInteger q, BigInteger g, String label, P11NewKeyControl control) throws P11TokenException {
    assertMechanismSupported(PKCS11Constants.CKM_DSA_KEY_PAIR_GEN);
    DSAParameters dsaParams = new DSAParameters(p, q, g);
    KeyPair keypair;
    try {
        keypair = KeyUtil.generateDSAKeypair(dsaParams, random);
    } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    return saveP11Entity(keypair, label);
}
Also used : KeyPair(java.security.KeyPair) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) P11TokenException(org.xipki.security.exception.P11TokenException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) DSAParameters(org.bouncycastle.crypto.params.DSAParameters)

Example 32 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Slot method savePkcs11PublicKey.

private void savePkcs11PublicKey(byte[] id, String label, PublicKey publicKey) throws P11TokenException {
    String hexId = hex(id);
    StringBuilder sb = new StringBuilder(100);
    sb.append(PROP_ID).append('=').append(hexId).append('\n');
    sb.append(PROP_LABEL).append('=').append(label).append('\n');
    if (publicKey instanceof RSAPublicKey) {
        sb.append(PROP_ALGORITHM).append('=').append(PKCSObjectIdentifiers.rsaEncryption.getId()).append('\n');
        RSAPublicKey rsaKey = (RSAPublicKey) publicKey;
        sb.append(PROP_RSA_MODUS).append('=').append(hex(rsaKey.getModulus().toByteArray())).append('\n');
        sb.append(PROP_RSA_PUBLIC_EXPONENT).append('=').append(hex(rsaKey.getPublicExponent().toByteArray())).append('\n');
    } else if (publicKey instanceof DSAPublicKey) {
        sb.append(PROP_ALGORITHM).append('=').append(X9ObjectIdentifiers.id_dsa.getId()).append('\n');
        DSAPublicKey dsaKey = (DSAPublicKey) publicKey;
        sb.append(PROP_DSA_PRIME).append('=').append(hex(dsaKey.getParams().getP().toByteArray())).append('\n');
        sb.append(PROP_DSA_SUBPRIME).append('=').append(hex(dsaKey.getParams().getQ().toByteArray())).append('\n');
        sb.append(PROP_DSA_BASE).append('=').append(hex(dsaKey.getParams().getG().toByteArray())).append('\n');
        sb.append(PROP_DSA_VALUE).append('=').append(hex(dsaKey.getY().toByteArray())).append('\n');
    } else if (publicKey instanceof ECPublicKey) {
        sb.append(PROP_ALGORITHM).append('=').append(X9ObjectIdentifiers.id_ecPublicKey.getId()).append('\n');
        ECPublicKey ecKey = (ECPublicKey) publicKey;
        ECParameterSpec paramSpec = ecKey.getParams();
        // ecdsaParams
        org.bouncycastle.jce.spec.ECParameterSpec bcParamSpec = EC5Util.convertSpec(paramSpec, false);
        ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(bcParamSpec);
        if (curveOid == null) {
            throw new P11TokenException("EC public key is not of namedCurve");
        }
        byte[] encodedParams;
        try {
            if (namedCurveSupported) {
                encodedParams = curveOid.getEncoded();
            } else {
                encodedParams = ECNamedCurveTable.getByOID(curveOid).getEncoded();
            }
        } catch (IOException | NullPointerException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
        sb.append(PROP_EC_ECDSA_PARAMS).append('=').append(hex(encodedParams)).append('\n');
        // EC point
        java.security.spec.ECPoint pointW = ecKey.getW();
        int keysize = (paramSpec.getOrder().bitLength() + 7) / 8;
        byte[] ecPoint = new byte[1 + keysize * 2];
        // uncompressed
        ecPoint[0] = 4;
        bigIntToBytes("Wx", pointW.getAffineX(), ecPoint, 1, keysize);
        bigIntToBytes("Wy", pointW.getAffineY(), ecPoint, 1 + keysize, keysize);
        byte[] encodedEcPoint;
        try {
            encodedEcPoint = new DEROctetString(ecPoint).getEncoded();
        } catch (IOException ex) {
            throw new P11TokenException("could not ASN.1 encode the ECPoint");
        }
        sb.append(PROP_EC_EC_POINT).append('=').append(hex(encodedEcPoint)).append('\n');
    } else {
        throw new IllegalArgumentException("unsupported public key " + publicKey.getClass().getName());
    }
    try {
        IoUtil.save(new File(pubKeyDir, hexId + INFO_FILE_SUFFIX), sb.toString().getBytes());
    } catch (IOException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) DEROctetString(org.bouncycastle.asn1.DEROctetString) IOException(java.io.IOException) DEROctetString(org.bouncycastle.asn1.DEROctetString) DSAPublicKey(java.security.interfaces.DSAPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) ECParameterSpec(java.security.spec.ECParameterSpec) File(java.io.File) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 33 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Slot method saveP11Entity.

private P11Identity saveP11Entity(KeyPair keypair, String label) throws P11TokenException {
    byte[] id = generateId();
    savePkcs11PrivateKey(id, label, keypair.getPrivate());
    savePkcs11PublicKey(id, label, keypair.getPublic());
    P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label));
    try {
        return new EmulatorP11Identity(this, identityId, keypair.getPrivate(), keypair.getPublic(), null, maxSessions, random);
    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException ex) {
        throw new P11TokenException("could not construct KeyStoreP11Identity: " + ex.getMessage(), ex);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 34 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Slot method generateRSAKeypair0.

@Override
protected P11Identity generateRSAKeypair0(int keysize, BigInteger publicExponent, String label, P11NewKeyControl control) throws P11TokenException {
    assertMechanismSupported(PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN);
    KeyPair keypair;
    try {
        keypair = KeyUtil.generateRSAKeypair(keysize, publicExponent, random);
    } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    return saveP11Entity(keypair, label);
}
Also used : KeyPair(java.security.KeyPair) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) P11TokenException(org.xipki.security.exception.P11TokenException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 35 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class EmulatorP11Slot method readPublicKey.

private PublicKey readPublicKey(byte[] keyId) throws P11TokenException {
    String hexKeyId = hex(keyId);
    File pubKeyFile = new File(pubKeyDir, hexKeyId + INFO_FILE_SUFFIX);
    Properties props = loadProperties(pubKeyFile);
    String algorithm = props.getProperty(PROP_ALGORITHM);
    if (PKCSObjectIdentifiers.rsaEncryption.getId().equals(algorithm)) {
        BigInteger exp = new BigInteger(1, decodeHex(props.getProperty(PROP_RSA_PUBLIC_EXPONENT)));
        BigInteger mod = new BigInteger(1, decodeHex(props.getProperty(PROP_RSA_MODUS)));
        RSAPublicKeySpec keySpec = new RSAPublicKeySpec(mod, exp);
        try {
            return KeyUtil.generateRSAPublicKey(keySpec);
        } catch (InvalidKeySpecException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    } else if (X9ObjectIdentifiers.id_dsa.getId().equals(algorithm)) {
        // p
        BigInteger prime = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_PRIME)));
        // q
        BigInteger subPrime = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_SUBPRIME)));
        // g
        BigInteger base = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_BASE)));
        // y
        BigInteger value = new BigInteger(1, decodeHex(props.getProperty(PROP_DSA_VALUE)));
        DSAPublicKeySpec keySpec = new DSAPublicKeySpec(value, prime, subPrime, base);
        try {
            return KeyUtil.generateDSAPublicKey(keySpec);
        } catch (InvalidKeySpecException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    } else if (X9ObjectIdentifiers.id_ecPublicKey.getId().equals(algorithm)) {
        byte[] ecdsaParams = decodeHex(props.getProperty(PROP_EC_ECDSA_PARAMS));
        byte[] asn1EncodedPoint = decodeHex(props.getProperty(PROP_EC_EC_POINT));
        byte[] ecPoint = DEROctetString.getInstance(asn1EncodedPoint).getOctets();
        try {
            return KeyUtil.createECPublicKey(ecdsaParams, ecPoint);
        } catch (InvalidKeySpecException ex) {
            throw new P11TokenException(ex.getMessage(), ex);
        }
    } else {
        throw new P11TokenException("unknown key algorithm " + algorithm);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) BigInteger(java.math.BigInteger) DEROctetString(org.bouncycastle.asn1.DEROctetString) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) Properties(java.util.Properties) File(java.io.File) DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)57 TokenException (iaik.pkcs.pkcs11.TokenException)16 XiSecurityException (org.xipki.security.exception.XiSecurityException)16 IOException (java.io.IOException)11 Session (iaik.pkcs.pkcs11.Session)10 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)10 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)9 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)9 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)8 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)8 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)8 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)8 DEROctetString (org.bouncycastle.asn1.DEROctetString)8 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)8 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)7 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)6 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)6 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)6