Example 6 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P11PlainRSASigner method processBlock.
@Override
public byte[] processBlock(byte[] in, int inOff, int len) throws InvalidCipherTextException {
byte[] content = new byte[getInputBlockSize()];
System.arraycopy(in, inOff, content, content.length - len, len);
try {
P11Identity identity = param.getP11CryptService().getIdentity(param.getIdentityId());
return identity.sign(PKCS11Constants.CKM_RSA_X_509, null, content);
} catch (XiSecurityException | P11TokenException ex) {
throw new InvalidCipherTextException(ex.getMessage(), ex);
}
}
Also used :
InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
P11TokenException(org.xipki.security.exception.P11TokenException)
Example 7 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P11RSAContentSigner method getSignature.
@Override
public byte[] getSignature() {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
byte[] hashValue = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
dataToSign = new byte[digestPkcsPrefix.length + hashValue.length];
System.arraycopy(digestPkcsPrefix, 0, dataToSign, 0, digestPkcsPrefix.length);
System.arraycopy(hashValue, 0, dataToSign, digestPkcsPrefix.length, hashValue.length);
}
try {
if (mechanism == PKCS11Constants.CKM_RSA_X_509) {
dataToSign = SignerUtil.EMSA_PKCS1_v1_5_encoding(dataToSign, modulusBitLen);
}
return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign);
} catch (XiSecurityException | P11TokenException ex) {
LogUtil.error(LOG, ex, "could not sign");
throw new RuntimeCryptoException("SignerException: " + ex.getMessage());
}
}
Also used :
RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
P11TokenException(org.xipki.security.exception.P11TokenException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Example 8 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P11ProxyResponder method processRequest.
/**
* The request is constructed as follows:
* <pre>
* 0 - - - 1 - - - 2 - - - 3 - - - 4 - - - 5 - - - 6 - - - 7 - - - 8
* | Version | Transaction ID | Body ... |
* | ... Length | Action | Module ID | Content... |
* | .Content | <-- 10 + Length (offset).
*
* </pre>
*/
byte[] processRequest(LocalP11CryptServicePool pool, byte[] request) {
int reqLen = request.length;
// TransactionID
byte[] transactionId = new byte[4];
if (reqLen > 5) {
System.arraycopy(request, 2, transactionId, 0, 4);
}
// Action
short action = P11ProxyConstants.ACTION_NOPE;
if (reqLen > 11) {
action = IoUtil.parseShort(request, 10);
}
if (reqLen < 14) {
LOG.error("response too short");
return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
}
// Version
short version = IoUtil.parseShort(request, 0);
if (!versions.contains(version)) {
LOG.error("unsupported version {}", version);
return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_VERSION);
}
// Length
int reqBodyLen = IoUtil.parseInt(request, 6);
if (reqBodyLen + 10 != reqLen) {
LOG.error("message length unmatch");
return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
}
short moduleId = IoUtil.parseShort(request, 12);
int contentLen = reqLen - 14;
byte[] content;
if (contentLen == 0) {
if (actionsRequireNonNullRequest.contains(action)) {
LOG.error("content is not present but is required");
return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
}
content = null;
} else {
if (actionsRequireNullRequest.contains(action)) {
LOG.error("content is present but is not permitted");
return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
}
content = new byte[contentLen];
System.arraycopy(request, 14, content, 0, contentLen);
}
P11CryptService p11CryptService = pool.getP11CryptService(moduleId);
if (p11CryptService == null) {
LOG.error("no module {} available", moduleId);
return getResp(version, transactionId, P11ProxyConstants.RC_UNKNOWN_MODULE, action);
}
try {
switch(action) {
case P11ProxyConstants.ACTION_ADD_CERT:
{
Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
X509Certificate cert = X509Util.toX509Cert(asn1.getCertificate());
slot.addCert(asn1.getEntityId().getObjectId().getObjectId(), cert);
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
case P11ProxyConstants.ACTION_DIGEST_SECRETKEY:
{
Asn1DigestSecretKeyTemplate template = Asn1DigestSecretKeyTemplate.getInstance(content);
long mechanism = template.getMechanism().getMechanism();
P11Identity identity = p11CryptService.getIdentity(template.getIdentityId().getEntityId());
byte[] hashValue = identity.digestSecretKey(mechanism);
ASN1Object obj = new DEROctetString(hashValue);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_DSA:
{
Asn1GenDSAKeypairParams asn1 = Asn1GenDSAKeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateDSAKeypair(asn1.getP(), asn1.getQ(), asn1.getG(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_EC:
{
Asn1GenECKeypairParams asn1 = Asn1GenECKeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateECKeypair(asn1.getCurveId().getId(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_RSA:
{
Asn1GenRSAKeypairParams asn1 = Asn1GenRSAKeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateRSAKeypair(asn1.getKeysize(), asn1.getPublicExponent(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_KEYPAIR_SM2:
{
Asn1GenSM2KeypairParams asn1 = Asn1GenSM2KeypairParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateSM2Keypair(asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GEN_SECRET_KEY:
{
Asn1GenSecretKeyParams asn1 = Asn1GenSecretKeyParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.generateSecretKey(asn1.getKeyType(), asn1.getKeysize(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_CERT:
{
P11EntityIdentifier entityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
X509Certificate cert = p11CryptService.getIdentity(entityId).getCertificate();
return getSuccessResp(version, transactionId, action, cert.getEncoded());
}
case P11ProxyConstants.ACTION_GET_CERT_IDS:
case P11ProxyConstants.ACTION_GET_IDENTITY_IDS:
{
Asn1P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content);
P11Slot slot = p11CryptService.getModule().getSlot(slotId.getSlotId());
Set<P11ObjectIdentifier> objectIds;
if (P11ProxyConstants.ACTION_GET_CERT_IDS == action) {
objectIds = slot.getCertIdentifiers();
} else {
objectIds = slot.getIdentityIdentifiers();
}
ASN1EncodableVector vec = new ASN1EncodableVector();
for (P11ObjectIdentifier objectId : objectIds) {
vec.add(new Asn1P11ObjectIdentifier(objectId));
}
ASN1Object obj = new DERSequence(vec);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_MECHANISMS:
{
P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content).getSlotId();
Set<Long> mechs = p11CryptService.getSlot(slotId).getMechanisms();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (Long mech : mechs) {
vec.add(new ASN1Integer(mech));
}
ASN1Object obj = new DERSequence(vec);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_PUBLICKEY:
{
P11EntityIdentifier identityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
PublicKey pubKey = p11CryptService.getIdentity(identityId).getPublicKey();
if (pubKey == null) {
throw new P11UnknownEntityException(identityId);
}
ASN1Object obj = KeyUtil.createSubjectPublicKeyInfo(pubKey);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_SERVER_CAPS:
{
boolean readOnly = p11CryptService.getModule().isReadOnly();
ASN1Object obj = new Asn1ServerCaps(readOnly, versions);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_GET_SLOT_IDS:
{
List<P11SlotIdentifier> slotIds = p11CryptService.getModule().getSlotIds();
ASN1EncodableVector vector = new ASN1EncodableVector();
for (P11SlotIdentifier slotId : slotIds) {
vector.add(new Asn1P11SlotIdentifier(slotId));
}
ASN1Object obj = new DERSequence(vector);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_IMPORT_SECRET_KEY:
{
Asn1ImportSecretKeyParams asn1 = Asn1ImportSecretKeyParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
P11ObjectIdentifier keyId = slot.importSecretKey(asn1.getKeyType(), asn1.getKeyValue(), asn1.getLabel(), asn1.getControl());
ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_REMOVE_CERTS:
{
Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1);
slot.removeCerts(asn1.getObjectId().getObjectId());
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
case P11ProxyConstants.ACTION_REMOVE_IDENTITY:
{
Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1);
slot.removeIdentity(asn1.getObjectId().getObjectId());
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
case P11ProxyConstants.ACTION_REMOVE_OBJECTS:
{
Asn1RemoveObjectsParams asn1 = Asn1RemoveObjectsParams.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
int num = slot.removeObjects(asn1.getOjectId(), asn1.getObjectLabel());
ASN1Object obj = new ASN1Integer(num);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_SIGN:
{
Asn1SignTemplate signTemplate = Asn1SignTemplate.getInstance(content);
long mechanism = signTemplate.getMechanism().getMechanism();
Asn1P11Params asn1Params = signTemplate.getMechanism().getParams();
P11Params params = null;
if (asn1Params != null) {
switch(asn1Params.getTagNo()) {
case Asn1P11Params.TAG_RSA_PKCS_PSS:
params = Asn1RSAPkcsPssParams.getInstance(asn1Params).getPkcsPssParams();
break;
case Asn1P11Params.TAG_OPAQUE:
params = new P11ByteArrayParams(ASN1OctetString.getInstance(asn1Params).getOctets());
break;
case Asn1P11Params.TAG_IV:
params = new P11IVParams(ASN1OctetString.getInstance(asn1Params).getOctets());
break;
default:
throw new BadAsn1ObjectException("unknown SignTemplate.params: unknown tag " + asn1Params.getTagNo());
}
}
byte[] message = signTemplate.getMessage();
P11Identity identity = p11CryptService.getIdentity(signTemplate.getIdentityId().getEntityId());
byte[] signature = identity.sign(mechanism, params, message);
ASN1Object obj = new DEROctetString(signature);
return getSuccessResp(version, transactionId, action, obj);
}
case P11ProxyConstants.ACTION_UPDATE_CERT:
{
Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
slot.updateCertificate(asn1.getEntityId().getObjectId().getObjectId(), X509Util.toX509Cert(asn1.getCertificate()));
return getSuccessResp(version, transactionId, action, (byte[]) null);
}
default:
{
LOG.error("unsupported XiPKI action code '{}'", action);
return getResp(version, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_ACTION);
}
}
} catch (BadAsn1ObjectException ex) {
LogUtil.error(LOG, ex, "could not process decode requested content (tid=" + Hex.encode(transactionId) + ")");
return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
} catch (P11TokenException ex) {
LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
short rc;
if (ex instanceof P11UnknownEntityException) {
rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
} else if (ex instanceof P11DuplicateEntityException) {
rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
} else if (ex instanceof P11UnsupportedMechanismException) {
rc = P11ProxyConstants.RC_UNSUPPORTED_MECHANISM;
} else {
rc = P11ProxyConstants.RC_P11_TOKENERROR;
}
return getResp(version, transactionId, action, rc);
} catch (XiSecurityException | CertificateException | InvalidKeyException ex) {
LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
} catch (Throwable th) {
LogUtil.error(LOG, th, buildErrorMsg(action, transactionId));
return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Asn1ServerCaps(org.xipki.p11proxy.msg.Asn1ServerCaps)
P11TokenException(org.xipki.security.exception.P11TokenException)
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
CertificateException(java.security.cert.CertificateException)
Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params)
P11Params(org.xipki.security.pkcs11.P11Params)
Asn1RemoveObjectsParams(org.xipki.p11proxy.msg.Asn1RemoveObjectsParams)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
P11DuplicateEntityException(org.xipki.security.exception.P11DuplicateEntityException)
Asn1GenSecretKeyParams(org.xipki.p11proxy.msg.Asn1GenSecretKeyParams)
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
DERSequence(org.bouncycastle.asn1.DERSequence)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams)
P11UnknownEntityException(org.xipki.security.exception.P11UnknownEntityException)
Asn1DigestSecretKeyTemplate(org.xipki.p11proxy.msg.Asn1DigestSecretKeyTemplate)
Asn1GenDSAKeypairParams(org.xipki.p11proxy.msg.Asn1GenDSAKeypairParams)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
List(java.util.List)
Asn1ImportSecretKeyParams(org.xipki.p11proxy.msg.Asn1ImportSecretKeyParams)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params)
Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
PublicKey(java.security.PublicKey)
Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate)
P11Slot(org.xipki.security.pkcs11.P11Slot)
Asn1P11ObjectIdentifier(org.xipki.p11proxy.msg.Asn1P11ObjectIdentifier)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
P11Identity(org.xipki.security.pkcs11.P11Identity)
InvalidKeyException(java.security.InvalidKeyException)
P11CryptService(org.xipki.security.pkcs11.P11CryptService)
X509Certificate(java.security.cert.X509Certificate)
Asn1GenRSAKeypairParams(org.xipki.p11proxy.msg.Asn1GenRSAKeypairParams)
Asn1EntityIdAndCert(org.xipki.p11proxy.msg.Asn1EntityIdAndCert)
P11UnsupportedMechanismException(org.xipki.security.exception.P11UnsupportedMechanismException)
Asn1GenSM2KeypairParams(org.xipki.p11proxy.msg.Asn1GenSM2KeypairParams)
Asn1P11ObjectIdentifier(org.xipki.p11proxy.msg.Asn1P11ObjectIdentifier)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Asn1GenECKeypairParams(org.xipki.p11proxy.msg.Asn1GenECKeypairParams)
P11IVParams(org.xipki.security.pkcs11.P11IVParams)
Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)
BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)
Example 9 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class X509SelfSignedCertBuilder method generateSelfSigned.
public static GenerateSelfSignedResult generateSelfSigned(SecurityFactory securityFactory, String signerType, String signerConf, IdentifiedX509Certprofile certprofile, CertificationRequest csr, BigInteger serialNumber, List<String> caCertUris, List<String> ocspUris, List<String> crlUris, List<String> deltaCrlUris, ConfPairs extraControl) throws OperationException, InvalidConfException {
ParamUtil.requireNonNull("securityFactory", securityFactory);
ParamUtil.requireNonBlank("signerType", signerType);
ParamUtil.requireNonNull("certprofile", certprofile);
ParamUtil.requireNonNull("csr", csr);
ParamUtil.requireNonNull("serialNumber", serialNumber);
if (serialNumber.compareTo(BigInteger.ZERO) != 1) {
throw new IllegalArgumentException("serialNumber must not be non-positive: " + serialNumber);
}
X509CertLevel level = certprofile.getCertLevel();
if (X509CertLevel.RootCA != level) {
throw new IllegalArgumentException("certprofile is not of level " + X509CertLevel.RootCA);
}
if (!securityFactory.verifyPopo(csr, null)) {
throw new InvalidConfException("could not validate POP for the CSR");
}
if ("pkcs12".equalsIgnoreCase(signerType) || "jks".equalsIgnoreCase(signerType)) {
ConfPairs keyValues = new ConfPairs(signerConf);
String keystoreConf = keyValues.value("keystore");
if (keystoreConf == null) {
throw new InvalidConfException("required parameter 'keystore' for types PKCS12 and JKS, is not specified");
}
}
ConcurrentContentSigner signer;
try {
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(signerConf);
List<String> restrictedSigAlgos = certprofile.getSignatureAlgorithms();
String thisSignerConf = null;
if (CollectionUtil.isEmpty(restrictedSigAlgos)) {
thisSignerConf = signerConfs.get(0)[1];
} else {
for (String algo : restrictedSigAlgos) {
for (String[] m : signerConfs) {
if (m[0].equals(algo)) {
thisSignerConf = m[1];
break;
}
}
if (thisSignerConf != null) {
break;
}
}
}
if (thisSignerConf == null) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CA does not support any signature algorithm restricted by the cert profile");
}
signer = securityFactory.createSigner(signerType, new SignerConf(thisSignerConf), (X509Certificate[]) null);
} catch (XiSecurityException | ObjectCreationException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
SubjectPublicKeyInfo publicKeyInfo;
if (signer.getCertificate() != null) {
// this cert is the dummy one which can be considered only as public key container
Certificate bcCert;
try {
bcCert = Certificate.getInstance(signer.getCertificate().getEncoded());
} catch (Exception ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "could not reparse certificate: " + ex.getMessage());
}
publicKeyInfo = bcCert.getSubjectPublicKeyInfo();
} else {
PublicKey signerPublicKey = signer.getPublicKey();
try {
publicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signerPublicKey);
} catch (InvalidKeyException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "cannot generate SubjectPublicKeyInfo from publicKey: " + ex.getMessage());
}
}
X509Certificate newCert = generateCertificate(signer, certprofile, csr, serialNumber, publicKeyInfo, caCertUris, ocspUris, crlUris, deltaCrlUris, extraControl);
return new GenerateSelfSignedResult(signerConf, newCert);
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
InvalidConfException(org.xipki.common.InvalidConfException)
ConfPairs(org.xipki.common.ConfPairs)
SignerConf(org.xipki.security.SignerConf)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
InvalidKeyException(java.security.InvalidKeyException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException)
InvalidConfException(org.xipki.common.InvalidConfException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
OperationException(org.xipki.ca.api.OperationException)
X509Certificate(java.security.cert.X509Certificate)
ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
X509CertLevel(org.xipki.ca.api.profile.x509.X509CertLevel)
OperationException(org.xipki.ca.api.OperationException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 10 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class CaManagerImpl method createX509CrlSigner.
// method createCmpResponder
X509CrlSignerEntryWrapper createX509CrlSigner(X509CrlSignerEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
X509CrlSignerEntryWrapper signer = new X509CrlSignerEntryWrapper();
try {
signer.setDbEntry(dbEntry);
} catch (InvalidConfException ex) {
throw new CaMgmtException(concat("InvalidConfException: ", ex.getMessage()));
}
try {
signer.initSigner(securityFactory);
} catch (XiSecurityException | OperationException | InvalidConfException ex) {
String message = "could not create CRL signer " + dbEntry.getName();
LogUtil.error(LOG, ex, message);
if (ex instanceof OperationException) {
throw new CaMgmtException(message + ": " + ((OperationException) ex).getErrorCode() + ", " + ex.getMessage());
} else {
throw new CaMgmtException(concat(message, ": ", ex.getMessage()));
}
}
return signer;
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
InvalidConfException(org.xipki.common.InvalidConfException)
OperationException(org.xipki.ca.api.OperationException)
Aggregations
XiSecurityException (org.xipki.security.exception.XiSecurityException)36
P11TokenException (org.xipki.security.exception.P11TokenException)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
X509Certificate (java.security.cert.X509Certificate)6
ObjectCreationException (org.xipki.common.ObjectCreationException)6
SignerConf (org.xipki.security.SignerConf)6
IOException (java.io.IOException)5
CertificateException (java.security.cert.CertificateException)5
ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
PublicKey (java.security.PublicKey)4
ArrayList (java.util.ArrayList)4
OperationException (org.xipki.ca.api.OperationException)4
ConfPairs (org.xipki.common.ConfPairs)4
InvalidConfException (org.xipki.common.InvalidConfException)4
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4
SignatureException (java.security.SignatureException)3
DfltConcurrentContentSigner (org.xipki.security.DfltConcurrentContentSigner)3
XiContentSigner (org.xipki.security.XiContentSigner)3
Session (iaik.pkcs.pkcs11.Session)2
