Example 11 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class X509CaInfo method initSigner.
public boolean initSigner(SecurityFactory securityFactory) throws XiSecurityException {
if (signers != null) {
return true;
}
dfltSigner = null;
List<String[]> signerConfs = CaEntry.splitCaSignerConfs(caEntry.getSignerConf());
Map<String, ConcurrentContentSigner> tmpSigners = new HashMap<>();
for (String[] m : signerConfs) {
String algo = m[0];
SignerConf signerConf = new SignerConf(m[1]);
ConcurrentContentSigner signer;
try {
signer = securityFactory.createSigner(caEntry.getSignerType(), signerConf, caEntry.getCert());
if (dfltSigner == null) {
dfltSigner = signer;
}
tmpSigners.put(algo, signer);
} catch (Throwable th) {
for (ConcurrentContentSigner ccs : tmpSigners.values()) {
ccs.shutdown();
}
tmpSigners.clear();
throw new XiSecurityException("could not initialize the CA signer");
}
}
this.signers = Collections.unmodifiableMap(tmpSigners);
return true;
}
Also used :
ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
HashMap(java.util.HashMap)
SignerConf(org.xipki.security.SignerConf)
Example 12 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P12CertUpdateCmd method execute0.
@Override
protected Object execute0() throws Exception {
KeyStore ks = getKeyStore();
char[] pwd = getPassword();
X509Certificate newCert = X509Util.parseCert(certFile);
assertMatch(newCert, new String(pwd));
String keyname = null;
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (ks.isKeyEntry(alias)) {
keyname = alias;
break;
}
}
if (keyname == null) {
throw new XiSecurityException("could not find private key");
}
Key key = ks.getKey(keyname, pwd);
Set<X509Certificate> caCerts = new HashSet<>();
if (isNotEmpty(caCertFiles)) {
for (String caCertFile : caCertFiles) {
caCerts.add(X509Util.parseCert(caCertFile));
}
}
X509Certificate[] certChain = X509Util.buildCertPath(newCert, caCerts);
ks.setKeyEntry(keyname, key, pwd, certChain);
try (FileOutputStream out = new FileOutputStream(p12File)) {
ks.store(out, pwd);
println("updated certificate");
return null;
}
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
FileOutputStream(java.io.FileOutputStream)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Key(java.security.Key)
HashSet(java.util.HashSet)
Example 13 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class IaikP11Slot method generateKeyPair.
private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
final String label = toString(privateKey.getLabel());
byte[] id = null;
try {
KeyPair keypair;
Session session = borrowWritableSession();
try {
if (labelExists(session, label)) {
throw new IllegalArgumentException("label " + label + " exists, please specify another one");
}
id = generateKeyId(session);
privateKey.getId().setByteArrayValue(id);
publicKey.getId().setByteArrayValue(id);
try {
keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
} catch (TokenException ex) {
throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
}
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
java.security.PublicKey jcePublicKey;
try {
jcePublicKey = generatePublicKey(keypair.getPublicKey());
} catch (XiSecurityException ex) {
throw new P11TokenException("could not generate public key " + objId, ex);
}
PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
if (privateKey2 == null) {
throw new P11TokenException("could not read the generated private key");
}
return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
} finally {
returnWritableSession(session);
}
} catch (P11TokenException | RuntimeException ex) {
try {
removeObjects(id, label);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not remove objects");
}
throw ex;
}
}
Also used :
KeyPair(iaik.pkcs.pkcs11.objects.KeyPair)
RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey)
ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey)
SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey)
PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey)
DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
P11TokenException(org.xipki.security.exception.P11TokenException)
TokenException(iaik.pkcs.pkcs11.TokenException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Session(iaik.pkcs.pkcs11.Session)
Example 14 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class IaikP11Slot method generatePublicKey.
// method getObjects
private static java.security.PublicKey generatePublicKey(PublicKey p11Key) throws XiSecurityException {
if (p11Key instanceof RSAPublicKey) {
RSAPublicKey rsaP11Key = (RSAPublicKey) p11Key;
byte[] expBytes = rsaP11Key.getPublicExponent().getByteArrayValue();
BigInteger exp = new BigInteger(1, expBytes);
byte[] modBytes = rsaP11Key.getModulus().getByteArrayValue();
BigInteger mod = new BigInteger(1, modBytes);
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(mod, exp);
try {
return KeyUtil.generateRSAPublicKey(keySpec);
} catch (InvalidKeySpecException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
} else if (p11Key instanceof DSAPublicKey) {
DSAPublicKey dsaP11Key = (DSAPublicKey) p11Key;
// p
BigInteger prime = new BigInteger(1, dsaP11Key.getPrime().getByteArrayValue());
BigInteger subPrime = new BigInteger(1, // q
dsaP11Key.getSubprime().getByteArrayValue());
// g
BigInteger base = new BigInteger(1, dsaP11Key.getBase().getByteArrayValue());
// y
BigInteger value = new BigInteger(1, dsaP11Key.getValue().getByteArrayValue());
DSAPublicKeySpec keySpec = new DSAPublicKeySpec(value, prime, subPrime, base);
try {
return KeyUtil.generateDSAPublicKey(keySpec);
} catch (InvalidKeySpecException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
} else if (p11Key instanceof ECPublicKey) {
ECPublicKey ecP11Key = (ECPublicKey) p11Key;
byte[] encodedAlgorithmIdParameters = ecP11Key.getEcdsaParams().getByteArrayValue();
byte[] encodedPoint = DEROctetString.getInstance(ecP11Key.getEcPoint().getByteArrayValue()).getOctets();
try {
return KeyUtil.createECPublicKey(encodedAlgorithmIdParameters, encodedPoint);
} catch (InvalidKeySpecException ex) {
throw new XiSecurityException(ex.getMessage(), ex);
}
} else {
throw new XiSecurityException("unknown publicKey class " + p11Key.getClass().getName());
}
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey)
ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey)
BigInteger(java.math.BigInteger)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Example 15 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class LocalP11CryptServicePool method deriveModuleId.
/* ID = SHA1(moduleName.getBytes("UTF-8")[1..15] */
private static short deriveModuleId(String moduleName) throws XiSecurityException {
byte[] hash;
try {
hash = HashAlgo.SHA1.hash(moduleName.getBytes("UTF-8"));
} catch (UnsupportedEncodingException ex) {
throw new XiSecurityException("Unsupported charset UTF-8");
}
int intCode = 0x7FFF & ((0xFF & hash[0]) << 8) | (0xFF & hash[1]);
return (short) intCode;
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Aggregations
XiSecurityException (org.xipki.security.exception.XiSecurityException)36
P11TokenException (org.xipki.security.exception.P11TokenException)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
X509Certificate (java.security.cert.X509Certificate)6
ObjectCreationException (org.xipki.common.ObjectCreationException)6
SignerConf (org.xipki.security.SignerConf)6
IOException (java.io.IOException)5
CertificateException (java.security.cert.CertificateException)5
ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
PublicKey (java.security.PublicKey)4
ArrayList (java.util.ArrayList)4
OperationException (org.xipki.ca.api.OperationException)4
ConfPairs (org.xipki.common.ConfPairs)4
InvalidConfException (org.xipki.common.InvalidConfException)4
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4
SignatureException (java.security.SignatureException)3
DfltConcurrentContentSigner (org.xipki.security.DfltConcurrentContentSigner)3
XiContentSigner (org.xipki.security.XiContentSigner)3
Session (iaik.pkcs.pkcs11.Session)2
