Examples with XiSecurityException org.xipki.security.exception.XiSecurityException used on opensource projects

Example 1 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class XiKeyStoreSpi method engineLoad.

@Override
public void engineLoad(InputStream stream, char[] password) {
    this.creationDate = new Date();
    Set<String> moduleNames = p11CryptServiceFactory.getModuleNames();
    for (String moduleName : moduleNames) {
        try {
            engineLoad(moduleName);
        } catch (XiSecurityException | P11TokenException ex) {
            LogUtil.error(LOG, ex, "could not load PKCS#11 module " + moduleName);
        }
    }
    if (LOG.isErrorEnabled()) {
        LOG.info("loaded key entries {}", keyCerts.keySet());
    }
}

Example 2 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class SignerUtil method dsaSigPlainToX962.

// CHECKSTYLE:SKIP
public static byte[] dsaSigPlainToX962(byte[] signature) throws XiSecurityException {
    ParamUtil.requireNonNull("signature", signature);
    if (signature.length % 2 != 0) {
        throw new XiSecurityException("signature.lenth must be even, but is odd");
    }
    byte[] ba = new byte[signature.length / 2];
    ASN1EncodableVector sigder = new ASN1EncodableVector();
    System.arraycopy(signature, 0, ba, 0, ba.length);
    sigder.add(new ASN1Integer(new BigInteger(1, ba)));
    System.arraycopy(signature, ba.length, ba, 0, ba.length);
    sigder.add(new ASN1Integer(new BigInteger(1, ba)));
    DERSequence seq = new DERSequence(sigder);
    try {
        return seq.getEncoded();
    } catch (IOException ex) {
        throw new XiSecurityException("IOException, message: " + ex.getMessage(), ex);
    }
}

Example 3 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class SignerUtil method createPSSRSASigner.

// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
    ParamUtil.requireNonNull("sigAlgId", sigAlgId);
    if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
        throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
    }
    AlgorithmIdentifier digAlgId;
    try {
        digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
    AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
    Digest dig = getDigest(digAlgId);
    Digest mfgDig = getDigest(mfgDigAlgId);
    int saltSize = param.getSaltLength().intValue();
    int trailerField = param.getTrailerField().intValue();
    AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
    return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}

Example 4 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class P11SM3WithSM2SignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
        try {
            outputStream.write(sm2Z, 0, sm2Z.length);
        } catch (IOException ex) {
            throw new SignatureException(ex.getMessage(), ex);
        }
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, p11Params, dataToSign);
        return SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (XiSecurityException | P11TokenException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}

Example 5 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class P11ContentSignerBuilder method createSigner.

// constructor
public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism) throws XiSecurityException, P11TokenException {
    ParamUtil.requireMin("parallelism", parallelism, 1);
    List<XiContentSigner> signers = new ArrayList<>(parallelism);
    Boolean isSm2p256v1 = null;
    for (int i = 0; i < parallelism; i++) {
        XiContentSigner signer;
        if (publicKey instanceof RSAPublicKey) {
            if (i == 0 && !AlgorithmUtil.isRSASigAlgId(signatureAlgId)) {
                throw new XiSecurityException("the given algorithm is not a valid RSA signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
            }
            signer = createRSAContentSigner(signatureAlgId);
        } else if (publicKey instanceof ECPublicKey) {
            ECPublicKey ecKey = (ECPublicKey) publicKey;
            if (i == 0) {
                isSm2p256v1 = GMUtil.isSm2primev2Curve(ecKey.getParams().getCurve());
                if (isSm2p256v1) {
                    if (!AlgorithmUtil.isSM2SigAlg(signatureAlgId)) {
                        throw new XiSecurityException("the given algorithm is not a valid SM2 signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
                    }
                } else {
                    if (!AlgorithmUtil.isECSigAlg(signatureAlgId)) {
                        throw new XiSecurityException("the given algorithm is not a valid EC signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
                    }
                }
            }
            if (isSm2p256v1) {
                java.security.spec.ECPoint w = ecKey.getW();
                signer = createSM2ContentSigner(signatureAlgId, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
            } else {
                signer = createECContentSigner(signatureAlgId);
            }
        } else if (publicKey instanceof DSAPublicKey) {
            if (i == 0 && !AlgorithmUtil.isDSASigAlg(signatureAlgId)) {
                throw new XiSecurityException("the given algorithm is not a valid DSA signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
            }
            signer = createDSAContentSigner(signatureAlgId);
        } else {
            throw new XiSecurityException("unsupported key " + publicKey.getClass().getName());
        }
        signers.add(signer);
    }
    // end for
    final boolean mac = false;
    PrivateKey privateKey = new P11PrivateKey(cryptService, identityId);
    DfltConcurrentContentSigner concurrentSigner;
    try {
        concurrentSigner = new DfltConcurrentContentSigner(mac, signers, privateKey);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    if (certificateChain != null) {
        concurrentSigner.setCertificateChain(certificateChain);
    } else {
        concurrentSigner.setPublicKey(publicKey);
    }
    return concurrentSigner;
}