use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class XiKeyStoreSpi method engineLoad.
@Override
public void engineLoad(InputStream stream, char[] password) {
this.creationDate = new Date();
Set<String> moduleNames = p11CryptServiceFactory.getModuleNames();
for (String moduleName : moduleNames) {
try {
engineLoad(moduleName);
} catch (XiSecurityException | P11TokenException ex) {
LogUtil.error(LOG, ex, "could not load PKCS#11 module " + moduleName);
}
}
if (LOG.isErrorEnabled()) {
LOG.info("loaded key entries {}", keyCerts.keySet());
}
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class SignerUtil method dsaSigPlainToX962.
// CHECKSTYLE:SKIP
public static byte[] dsaSigPlainToX962(byte[] signature) throws XiSecurityException {
ParamUtil.requireNonNull("signature", signature);
if (signature.length % 2 != 0) {
throw new XiSecurityException("signature.lenth must be even, but is odd");
}
byte[] ba = new byte[signature.length / 2];
ASN1EncodableVector sigder = new ASN1EncodableVector();
System.arraycopy(signature, 0, ba, 0, ba.length);
sigder.add(new ASN1Integer(new BigInteger(1, ba)));
System.arraycopy(signature, ba.length, ba, 0, ba.length);
sigder.add(new ASN1Integer(new BigInteger(1, ba)));
DERSequence seq = new DERSequence(sigder);
try {
return seq.getEncoded();
} catch (IOException ex) {
throw new XiSecurityException("IOException, message: " + ex.getMessage(), ex);
}
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class SignerUtil method createPSSRSASigner.
// CHECKSTYLE:SKIP
public static PSSSigner createPSSRSASigner(AlgorithmIdentifier sigAlgId, AsymmetricBlockCipher cipher) throws XiSecurityException {
ParamUtil.requireNonNull("sigAlgId", sigAlgId);
if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
throw new XiSecurityException("signature algorithm " + sigAlgId.getAlgorithm() + " is not allowed");
}
AlgorithmIdentifier digAlgId;
try {
digAlgId = AlgorithmUtil.extractDigesetAlgFromSigAlg(sigAlgId);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
RSASSAPSSparams param = RSASSAPSSparams.getInstance(sigAlgId.getParameters());
AlgorithmIdentifier mfgDigAlgId = AlgorithmIdentifier.getInstance(param.getMaskGenAlgorithm().getParameters());
Digest dig = getDigest(digAlgId);
Digest mfgDig = getDigest(mfgDigAlgId);
int saltSize = param.getSaltLength().intValue();
int trailerField = param.getTrailerField().intValue();
AsymmetricBlockCipher tmpCipher = (cipher == null) ? new RSABlindedEngine() : cipher;
return new PSSSigner(tmpCipher, dig, mfgDig, saltSize, getTrailer(trailerField));
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P11SM3WithSM2SignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
try {
outputStream.write(sm2Z, 0, sm2Z.length);
} catch (IOException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
try {
byte[] plainSignature = signingKey.sign(mechanism, p11Params, dataToSign);
return SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (XiSecurityException | P11TokenException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P11ContentSignerBuilder method createSigner.
// constructor
public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism) throws XiSecurityException, P11TokenException {
ParamUtil.requireMin("parallelism", parallelism, 1);
List<XiContentSigner> signers = new ArrayList<>(parallelism);
Boolean isSm2p256v1 = null;
for (int i = 0; i < parallelism; i++) {
XiContentSigner signer;
if (publicKey instanceof RSAPublicKey) {
if (i == 0 && !AlgorithmUtil.isRSASigAlgId(signatureAlgId)) {
throw new XiSecurityException("the given algorithm is not a valid RSA signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
}
signer = createRSAContentSigner(signatureAlgId);
} else if (publicKey instanceof ECPublicKey) {
ECPublicKey ecKey = (ECPublicKey) publicKey;
if (i == 0) {
isSm2p256v1 = GMUtil.isSm2primev2Curve(ecKey.getParams().getCurve());
if (isSm2p256v1) {
if (!AlgorithmUtil.isSM2SigAlg(signatureAlgId)) {
throw new XiSecurityException("the given algorithm is not a valid SM2 signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
}
} else {
if (!AlgorithmUtil.isECSigAlg(signatureAlgId)) {
throw new XiSecurityException("the given algorithm is not a valid EC signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
}
}
}
if (isSm2p256v1) {
java.security.spec.ECPoint w = ecKey.getW();
signer = createSM2ContentSigner(signatureAlgId, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
} else {
signer = createECContentSigner(signatureAlgId);
}
} else if (publicKey instanceof DSAPublicKey) {
if (i == 0 && !AlgorithmUtil.isDSASigAlg(signatureAlgId)) {
throw new XiSecurityException("the given algorithm is not a valid DSA signature algorithm '" + signatureAlgId.getAlgorithm().getId() + "'");
}
signer = createDSAContentSigner(signatureAlgId);
} else {
throw new XiSecurityException("unsupported key " + publicKey.getClass().getName());
}
signers.add(signer);
}
// end for
final boolean mac = false;
PrivateKey privateKey = new P11PrivateKey(cryptService, identityId);
DfltConcurrentContentSigner concurrentSigner;
try {
concurrentSigner = new DfltConcurrentContentSigner(mac, signers, privateKey);
} catch (NoSuchAlgorithmException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
if (certificateChain != null) {
concurrentSigner.setCertificateChain(certificateChain);
} else {
concurrentSigner.setPublicKey(publicKey);
}
return concurrentSigner;
}
Aggregations