Search in sources :

Example 26 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class IaikP11Slot method refresh0.

@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
    Mechanism[] mechanisms;
    try {
        mechanisms = slot.getToken().getMechanismList();
    } catch (TokenException ex) {
        throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
    }
    P11SlotRefreshResult ret = new P11SlotRefreshResult();
    if (mechanisms != null) {
        for (Mechanism mech : mechanisms) {
            ret.addMechanism(mech.getMechanismCode());
        }
    }
    ConcurrentBagEntry<Session> session = borrowSession();
    try {
        // secret keys
        List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
        for (SecretKey secKey : secretKeys) {
            byte[] keyId = secKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                continue;
            }
            analyseSingleKey(secKey, ret);
        }
        // first get the list of all CA certificates
        List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
        for (X509PublicKeyCertificate p11Cert : p11Certs) {
            P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
            ret.addCertificate(objId, parseCert(p11Cert));
        }
        List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
        for (PrivateKey privKey : privKeys) {
            byte[] keyId = privKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                break;
            }
            try {
                analyseSingleKey(session.value(), privKey, ret);
            } catch (XiSecurityException ex) {
                LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
                continue;
            } catch (Throwable th) {
                String label = "";
                if (privKey.getLabel() != null) {
                    label = new String(privKey.getLabel().getCharArrayValue());
                }
                LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
                continue;
            }
        }
        return ret;
    } finally {
        sessions.requite(session);
    }
}
Also used : RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) P11TokenException(org.xipki.security.exception.P11TokenException) DEROctetString(org.bouncycastle.asn1.DEROctetString) Mechanism(iaik.pkcs.pkcs11.Mechanism) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 27 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class EmulatorP11Identity method sm2SignHash.

private byte[] sm2SignHash(byte[] hash) throws P11TokenException {
    ConcurrentBagEntry<SM2Signer> sig0;
    try {
        sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
    } catch (InterruptedException ex) {
        throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
    }
    if (sig0 == null) {
        throw new P11TokenException("no idle SM2 Signer available");
    }
    try {
        SM2Signer sig = sig0.value();
        byte[] x962Signature = sig.generateSignatureForHash(hash);
        return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
    } catch (CryptoException ex) {
        throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    } finally {
        sm2Signers.requite(sig0);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) P11TokenException(org.xipki.security.exception.P11TokenException) CryptoException(org.bouncycastle.crypto.CryptoException)

Example 28 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class EmulatorP11Identity method rsaPkcsPssSign.

private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException {
    if (!(parameters instanceof P11RSAPkcsPssParams)) {
        throw new P11TokenException("the parameters is not of " + P11RSAPkcsPssParams.class.getName());
    }
    P11RSAPkcsPssParams pssParam = (P11RSAPkcsPssParams) parameters;
    HashAlgo contentHash = HashAlgo.getInstanceForPkcs11HashMech(pssParam.getHashAlgorithm());
    if (contentHash == null) {
        throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm());
    } else if (hashAlgo != null && contentHash != hashAlgo) {
        throw new P11TokenException("Invalid parameters: invalid hash algorithm");
    }
    HashAlgo mgfHash = HashAlgo.getInstanceForPkcs11MgfMech(pssParam.getMaskGenerationFunction());
    if (mgfHash == null) {
        throw new P11TokenException("unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm());
    }
    byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign);
    byte[] encodedHashValue;
    try {
        encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    }
    return rsaX509Sign(encodedHashValue);
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) HashAlgo(org.xipki.security.HashAlgo) P11TokenException(org.xipki.security.exception.P11TokenException) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams)

Example 29 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class EmulatorP11Identity method dsaAndEcdsaSign.

private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws P11TokenException {
    byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign);
    ConcurrentBagEntry<Signature> sig0;
    try {
        sig0 = dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS);
    } catch (InterruptedException ex) {
        throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
    }
    if (sig0 == null) {
        throw new P11TokenException("no idle DSA Signature available");
    }
    try {
        Signature sig = sig0.value();
        sig.update(hash);
        byte[] x962Signature = sig.sign();
        return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
    } catch (SignatureException ex) {
        throw new P11TokenException("SignatureException: " + ex.getMessage(), ex);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    } finally {
        dsaSignatures.requite(sig0);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) Signature(java.security.Signature) P11TokenException(org.xipki.security.exception.P11TokenException) SignatureException(java.security.SignatureException)

Example 30 with XiSecurityException

use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.

the class EmulatorP11Identity method sm2Sign.

private byte[] sm2Sign(P11Params params, byte[] dataToSign, HashAlgo hash) throws P11TokenException {
    if (params == null) {
        throw new P11TokenException("userId must not be null");
    }
    byte[] userId;
    if (params instanceof P11ByteArrayParams) {
        userId = ((P11ByteArrayParams) params).getBytes();
    } else {
        throw new P11TokenException("params must be instanceof P11ByteArrayParams");
    }
    ConcurrentBagEntry<SM2Signer> sig0;
    try {
        sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
    } catch (InterruptedException ex) {
        throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
    }
    if (sig0 == null) {
        throw new P11TokenException("no idle SM2 Signer available");
    }
    try {
        SM2Signer sig = sig0.value();
        byte[] x962Signature = sig.generateSignatureForMessage(userId, dataToSign);
        return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
    } catch (CryptoException ex) {
        throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    } finally {
        sm2Signers.requite(sig0);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11TokenException(org.xipki.security.exception.P11TokenException) CryptoException(org.bouncycastle.crypto.CryptoException)

Aggregations

XiSecurityException (org.xipki.security.exception.XiSecurityException)36 P11TokenException (org.xipki.security.exception.P11TokenException)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 X509Certificate (java.security.cert.X509Certificate)6 ObjectCreationException (org.xipki.common.ObjectCreationException)6 SignerConf (org.xipki.security.SignerConf)6 IOException (java.io.IOException)5 CertificateException (java.security.cert.CertificateException)5 ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 PublicKey (java.security.PublicKey)4 ArrayList (java.util.ArrayList)4 OperationException (org.xipki.ca.api.OperationException)4 ConfPairs (org.xipki.common.ConfPairs)4 InvalidConfException (org.xipki.common.InvalidConfException)4 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4 SignatureException (java.security.SignatureException)3 DfltConcurrentContentSigner (org.xipki.security.DfltConcurrentContentSigner)3 XiContentSigner (org.xipki.security.XiContentSigner)3 Session (iaik.pkcs.pkcs11.Session)2