Search in sources :

Example 1 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class XiKeyStoreSpi method engineLoad.

@Override
public void engineLoad(InputStream stream, char[] password) {
    this.creationDate = new Date();
    Set<String> moduleNames = p11CryptServiceFactory.getModuleNames();
    for (String moduleName : moduleNames) {
        try {
            engineLoad(moduleName);
        } catch (XiSecurityException | P11TokenException ex) {
            LogUtil.error(LOG, ex, "could not load PKCS#11 module " + moduleName);
        }
    }
    if (LOG.isErrorEnabled()) {
        LOG.info("loaded key entries {}", keyCerts.keySet());
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) P11TokenException(org.xipki.security.exception.P11TokenException) Date(java.util.Date)

Example 2 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class SignerUtil method dsaSigPlainToX962.

// CHECKSTYLE:SKIP
public static byte[] dsaSigPlainToX962(byte[] signature) throws XiSecurityException {
    ParamUtil.requireNonNull("signature", signature);
    if (signature.length % 2 != 0) {
        throw new XiSecurityException("signature.lenth must be even, but is odd");
    }
    byte[] ba = new byte[signature.length / 2];
    ASN1EncodableVector sigder = new ASN1EncodableVector();
    System.arraycopy(signature, 0, ba, 0, ba.length);
    sigder.add(new ASN1Integer(new BigInteger(1, ba)));
    System.arraycopy(signature, ba.length, ba, 0, ba.length);
    sigder.add(new ASN1Integer(new BigInteger(1, ba)));
    DERSequence seq = new DERSequence(sigder);
    try {
        return seq.getEncoded();
    } catch (IOException ex) {
        throw new XiSecurityException("IOException, message: " + ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) BigInteger(java.math.BigInteger) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException)

Example 3 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class SignerUtil method createPSSRSASigner.

// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
    ParamUtil.requireNonNull("sigAlgId", sigAlgId);
    if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
        throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
    }
    AlgorithmIdentifier digAlgId;
    try {
        digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
    AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
    Digest dig = getDigest(digAlgId);
    Digest mfgDig = getDigest(mfgDigAlgId);
    int saltSize = param.getSaltLength().intValue();
    int trailerField = param.getTrailerField().intValue();
    AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
    return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) Digest(org.bouncycastle.crypto.Digest) RSABlindedEngine(org.bouncycastle.crypto.engines.RSABlindedEngine) RSASSAPSSparams(org.bouncycastle.asn1.pkcs.RSASSAPSSparams) PSSSigner(org.bouncycastle.crypto.signers.PSSSigner) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) AsymmetricBlockCipher(org.bouncycastle.crypto.AsymmetricBlockCipher)

Example 4 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class P11SM3WithSM2SignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
        try {
            outputStream.write(sm2Z, 0, sm2Z.length);
        } catch (IOException ex) {
            throw new SignatureException(ex.getMessage(), ex);
        }
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, p11Params, dataToSign);
        return SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (XiSecurityException | P11TokenException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SignatureException(java.security.SignatureException)

Example 5 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class P11ContentSignerBuilder method createSigner.

// constructor
public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism) throws XiSecurityException, P11TokenException {
    ParamUtil.requireMin("parallelism", parallelism, 1);
    List<XiContentSigner> signers = new ArrayList<>(parallelism);
    Boolean isSm2p256v1 = null;
    for (int i = 0; i < parallelism; i++) {
        XiContentSigner signer;
        if (publicKey instanceof RSAPublicKey) {
            if (i == 0 && !AlgorithmUtil.isRSASigAlgId(signatureAlgId)) {
                throw new XiSecurityException("the given algorithm is not a valid RSA signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
            }
            signer = createRSAContentSigner(signatureAlgId);
        } else if (publicKey instanceof ECPublicKey) {
            ECPublicKey ecKey = (ECPublicKey) publicKey;
            if (i == 0) {
                isSm2p256v1 = GMUtil.isSm2primev2Curve(ecKey.getParams().getCurve());
                if (isSm2p256v1) {
                    if (!AlgorithmUtil.isSM2SigAlg(signatureAlgId)) {
                        throw new XiSecurityException("the given algorithm is not a valid SM2 signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
                    }
                } else {
                    if (!AlgorithmUtil.isECSigAlg(signatureAlgId)) {
                        throw new XiSecurityException("the given algorithm is not a valid EC signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
                    }
                }
            }
            if (isSm2p256v1) {
                java.security.spec.ECPoint w = ecKey.getW();
                signer = createSM2ContentSigner(signatureAlgId, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
            } else {
                signer = createECContentSigner(signatureAlgId);
            }
        } else if (publicKey instanceof DSAPublicKey) {
            if (i == 0 && !AlgorithmUtil.isDSASigAlg(signatureAlgId)) {
                throw new XiSecurityException("the given algorithm is not a valid DSA signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
            }
            signer = createDSAContentSigner(signatureAlgId);
        } else {
            throw new XiSecurityException("unsupported key " + publicKey.getClass().getName());
        }
        signers.add(signer);
    }
    // end for
    final boolean mac = false;
    PrivateKey privateKey = new P11PrivateKey(cryptService, identityId);
    DfltConcurrentContentSigner concurrentSigner;
    try {
        concurrentSigner = new DfltConcurrentContentSigner(mac, signers, privateKey);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    if (certificateChain != null) {
        concurrentSigner.setCertificateChain(certificateChain);
    } else {
        concurrentSigner.setPublicKey(publicKey);
    }
    return concurrentSigner;
}
Also used : P11PrivateKey(org.xipki.security.pkcs11.provider.P11PrivateKey) PrivateKey(java.security.PrivateKey) ArrayList(java.util.ArrayList) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) DSAPublicKey(java.security.interfaces.DSAPublicKey) XiSecurityException(org.xipki.security.exception.XiSecurityException) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) P11PrivateKey(org.xipki.security.pkcs11.provider.P11PrivateKey) DfltConcurrentContentSigner(org.xipki.security.DfltConcurrentContentSigner) XiContentSigner(org.xipki.security.XiContentSigner)

Aggregations

XiSecurityException (org.xipki.security.exception.XiSecurityException)36 P11TokenException (org.xipki.security.exception.P11TokenException)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 X509Certificate (java.security.cert.X509Certificate)6 ObjectCreationException (org.xipki.common.ObjectCreationException)6 SignerConf (org.xipki.security.SignerConf)6 IOException (java.io.IOException)5 CertificateException (java.security.cert.CertificateException)5 ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 PublicKey (java.security.PublicKey)4 ArrayList (java.util.ArrayList)4 OperationException (org.xipki.ca.api.OperationException)4 ConfPairs (org.xipki.common.ConfPairs)4 InvalidConfException (org.xipki.common.InvalidConfException)4 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4 SignatureException (java.security.SignatureException)3 DfltConcurrentContentSigner (org.xipki.security.DfltConcurrentContentSigner)3 XiContentSigner (org.xipki.security.XiContentSigner)3 Session (iaik.pkcs.pkcs11.Session)2