use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class IaikP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
Mechanism[] mechanisms;
try {
mechanisms = slot.getToken().getMechanismList();
} catch (TokenException ex) {
throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
}
P11SlotRefreshResult ret = new P11SlotRefreshResult();
if (mechanisms != null) {
for (Mechanism mech : mechanisms) {
ret.addMechanism(mech.getMechanismCode());
}
}
ConcurrentBagEntry<Session> session = borrowSession();
try {
// secret keys
List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
for (SecretKey secKey : secretKeys) {
byte[] keyId = secKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
continue;
}
analyseSingleKey(secKey, ret);
}
// first get the list of all CA certificates
List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
for (X509PublicKeyCertificate p11Cert : p11Certs) {
P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
ret.addCertificate(objId, parseCert(p11Cert));
}
List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
for (PrivateKey privKey : privKeys) {
byte[] keyId = privKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
break;
}
try {
analyseSingleKey(session.value(), privKey, ret);
} catch (XiSecurityException ex) {
LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
continue;
} catch (Throwable th) {
String label = "";
if (privKey.getLabel() != null) {
label = new String(privKey.getLabel().getCharArrayValue());
}
LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
continue;
}
}
return ret;
} finally {
sessions.requite(session);
}
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class EmulatorP11Identity method sm2SignHash.
private byte[] sm2SignHash(byte[] hash) throws P11TokenException {
ConcurrentBagEntry<SM2Signer> sig0;
try {
sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
} catch (InterruptedException ex) {
throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
}
if (sig0 == null) {
throw new P11TokenException("no idle SM2 Signer available");
}
try {
SM2Signer sig = sig0.value();
byte[] x962Signature = sig.generateSignatureForHash(hash);
return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
} catch (CryptoException ex) {
throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
} finally {
sm2Signers.requite(sig0);
}
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class EmulatorP11Identity method rsaPkcsPssSign.
private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException {
if (!(parameters instanceof P11RSAPkcsPssParams)) {
throw new P11TokenException("the parameters is not of " + P11RSAPkcsPssParams.class.getName());
}
P11RSAPkcsPssParams pssParam = (P11RSAPkcsPssParams) parameters;
HashAlgo contentHash = HashAlgo.getInstanceForPkcs11HashMech(pssParam.getHashAlgorithm());
if (contentHash == null) {
throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm());
} else if (hashAlgo != null && contentHash != hashAlgo) {
throw new P11TokenException("Invalid parameters: invalid hash algorithm");
}
HashAlgo mgfHash = HashAlgo.getInstanceForPkcs11MgfMech(pssParam.getMaskGenerationFunction());
if (mgfHash == null) {
throw new P11TokenException("unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm());
}
byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign);
byte[] encodedHashValue;
try {
encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
}
return rsaX509Sign(encodedHashValue);
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class EmulatorP11Identity method dsaAndEcdsaSign.
private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws P11TokenException {
byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign);
ConcurrentBagEntry<Signature> sig0;
try {
sig0 = dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS);
} catch (InterruptedException ex) {
throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
}
if (sig0 == null) {
throw new P11TokenException("no idle DSA Signature available");
}
try {
Signature sig = sig0.value();
sig.update(hash);
byte[] x962Signature = sig.sign();
return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
} catch (SignatureException ex) {
throw new P11TokenException("SignatureException: " + ex.getMessage(), ex);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
} finally {
dsaSignatures.requite(sig0);
}
}
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class EmulatorP11Identity method sm2Sign.
private byte[] sm2Sign(P11Params params, byte[] dataToSign, HashAlgo hash) throws P11TokenException {
if (params == null) {
throw new P11TokenException("userId must not be null");
}
byte[] userId;
if (params instanceof P11ByteArrayParams) {
userId = ((P11ByteArrayParams) params).getBytes();
} else {
throw new P11TokenException("params must be instanceof P11ByteArrayParams");
}
ConcurrentBagEntry<SM2Signer> sig0;
try {
sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
} catch (InterruptedException ex) {
throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
}
if (sig0 == null) {
throw new P11TokenException("no idle SM2 Signer available");
}
try {
SM2Signer sig = sig0.value();
byte[] x962Signature = sig.generateSignatureForMessage(userId, dataToSign);
return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
} catch (CryptoException ex) {
throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
} catch (XiSecurityException ex) {
throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
} finally {
sm2Signers.requite(sig0);
}
}
Aggregations