Example 31 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class SignerFactoryRegisterImpl method newKeystoreSigner.
private ConcurrentContentSigner newKeystoreSigner(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
String str = conf.getConfValue("parallelism");
int parallelism = securityFactory.getDefaultSignerParallelism();
if (str != null) {
try {
parallelism = Integer.parseInt(str);
} catch (NumberFormatException ex) {
throw new ObjectCreationException("invalid parallelism " + str);
}
if (parallelism < 1) {
throw new ObjectCreationException("invalid parallelism " + str);
}
}
String passwordHint = conf.getConfValue("password");
char[] password;
if (passwordHint == null) {
password = null;
} else {
PasswordResolver passwordResolver = securityFactory.getPasswordResolver();
if (passwordResolver == null) {
password = passwordHint.toCharArray();
} else {
try {
password = passwordResolver.resolvePassword(passwordHint);
} catch (PasswordResolverException ex) {
throw new ObjectCreationException("could not resolve password. Message: " + ex.getMessage());
}
}
}
str = conf.getConfValue("keystore");
String keyLabel = conf.getConfValue("key-label");
InputStream keystoreStream;
if (StringUtil.startsWithIgnoreCase(str, "base64:")) {
keystoreStream = new ByteArrayInputStream(Base64.decode(str.substring("base64:".length())));
} else if (StringUtil.startsWithIgnoreCase(str, "file:")) {
String fn = str.substring("file:".length());
try {
keystoreStream = new FileInputStream(IoUtil.expandFilepath(fn));
} catch (FileNotFoundException ex) {
throw new ObjectCreationException("file not found: " + fn);
}
} else {
throw new ObjectCreationException("unknown keystore content format");
}
try {
AlgorithmIdentifier macAlgId = null;
String algoName = conf.getConfValue("algo");
if (algoName != null) {
try {
macAlgId = AlgorithmUtil.getMacAlgId(algoName);
} catch (NoSuchAlgorithmException ex) {
// do nothing
}
}
if (macAlgId != null) {
SoftTokenMacContentSignerBuilder signerBuilder = new SoftTokenMacContentSignerBuilder(type, keystoreStream, password, keyLabel, password);
return signerBuilder.createSigner(macAlgId, parallelism, securityFactory.getRandom4Sign());
} else {
SoftTokenContentSignerBuilder signerBuilder = new SoftTokenContentSignerBuilder(type, keystoreStream, password, keyLabel, password, certificateChain);
AlgorithmIdentifier signatureAlgId;
if (conf.getHashAlgo() == null) {
signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
} else {
PublicKey pubKey = signerBuilder.getCertificate().getPublicKey();
signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
}
return signerBuilder.createSigner(signatureAlgId, parallelism, securityFactory.getRandom4Sign());
}
} catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException ex) {
throw new ObjectCreationException(String.format("%s: %s", ex.getClass().getName(), ex.getMessage()));
}
}
Also used :
PasswordResolver(org.xipki.password.PasswordResolver)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
PublicKey(java.security.PublicKey)
FileNotFoundException(java.io.FileNotFoundException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
FileInputStream(java.io.FileInputStream)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ObjectCreationException(org.xipki.common.ObjectCreationException)
SoftTokenContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenContentSignerBuilder)
PasswordResolverException(org.xipki.password.PasswordResolverException)
SoftTokenMacContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenMacContentSignerBuilder)
Example 32 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class SignerFactoryRegisterImpl method newPkcs11Signer.
private ConcurrentContentSigner newPkcs11Signer(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
if (p11CryptServiceFactory == null) {
throw new ObjectCreationException("p11CryptServiceFactory is not set");
}
String str = conf.getConfValue("parallelism");
int parallelism = securityFactory.getDefaultSignerParallelism();
if (str != null) {
try {
parallelism = Integer.parseInt(str);
} catch (NumberFormatException ex) {
throw new ObjectCreationException("invalid parallelism " + str);
}
if (parallelism < 1) {
throw new ObjectCreationException("invalid parallelism " + str);
}
}
String moduleName = conf.getConfValue("module");
str = conf.getConfValue("slot");
Integer slotIndex = (str == null) ? null : Integer.parseInt(str);
str = conf.getConfValue("slot-id");
Long slotId = (str == null) ? null : Long.parseLong(str);
if ((slotIndex == null && slotId == null) || (slotIndex != null && slotId != null)) {
throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
}
String keyLabel = conf.getConfValue("key-label");
str = conf.getConfValue("key-id");
byte[] keyId = null;
if (str != null) {
keyId = Hex.decode(str);
}
if ((keyId == null && keyLabel == null) || (keyId != null && keyLabel != null)) {
throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
}
P11CryptService p11Service;
P11Slot slot;
try {
p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
P11Module module = p11Service.getModule();
P11SlotIdentifier p11SlotId;
if (slotId != null) {
p11SlotId = module.getSlotIdForId(slotId);
} else if (slotIndex != null) {
p11SlotId = module.getSlotIdForIndex(slotIndex);
} else {
throw new RuntimeException("should not reach here");
}
slot = module.getSlot(p11SlotId);
} catch (P11TokenException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
P11ObjectIdentifier p11ObjId = (keyId != null) ? slot.getObjectIdForId(keyId) : slot.getObjectIdForLabel(keyLabel);
if (p11ObjId == null) {
String str2 = (keyId != null) ? "id " + Hex.encode(keyId) : "label " + keyLabel;
throw new ObjectCreationException("cound not find identity with " + str2);
}
P11EntityIdentifier entityId = new P11EntityIdentifier(slot.getSlotId(), p11ObjId);
try {
AlgorithmIdentifier macAlgId = null;
String algoName = conf.getConfValue("algo");
if (algoName != null) {
try {
macAlgId = AlgorithmUtil.getMacAlgId(algoName);
} catch (NoSuchAlgorithmException ex) {
// do nothing
}
}
if (macAlgId != null) {
P11MacContentSignerBuilder signerBuilder = new P11MacContentSignerBuilder(p11Service, entityId);
return signerBuilder.createSigner(macAlgId, parallelism);
} else {
AlgorithmIdentifier signatureAlgId;
if (conf.getHashAlgo() == null) {
signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
} else {
PublicKey pubKey = slot.getIdentity(p11ObjId).getPublicKey();
signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
}
P11ContentSignerBuilder signerBuilder = new P11ContentSignerBuilder(p11Service, securityFactory, entityId, certificateChain);
return signerBuilder.createSigner(signatureAlgId, parallelism);
}
} catch (P11TokenException | NoSuchAlgorithmException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
}
Also used :
P11MacContentSignerBuilder(org.xipki.security.pkcs11.P11MacContentSignerBuilder)
P11Module(org.xipki.security.pkcs11.P11Module)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
PublicKey(java.security.PublicKey)
P11Slot(org.xipki.security.pkcs11.P11Slot)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
P11ContentSignerBuilder(org.xipki.security.pkcs11.P11ContentSignerBuilder)
P11CryptService(org.xipki.security.pkcs11.P11CryptService)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 33 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P11DSASignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
}
try {
byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
return SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (P11TokenException | XiSecurityException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream)
P11TokenException(org.xipki.security.exception.P11TokenException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SignatureException(java.security.SignatureException)
Example 34 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class AbstractP11ECDSASignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
}
try {
byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (XiSecurityException | P11TokenException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream)
P11TokenException(org.xipki.security.exception.P11TokenException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SignatureException(java.security.SignatureException)
Example 35 with XiSecurityException
use of org.xipki.security.exception.XiSecurityException in project xipki by xipki.
the class P11MacContentSigner method getSignature.
@Override
public byte[] getSignature() {
try {
byte[] dataToSign = outputStream.toByteArray();
outputStream.reset();
return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign);
} catch (XiSecurityException ex) {
LogUtil.warn(LOG, ex);
throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage());
} catch (Throwable th) {
LogUtil.warn(LOG, th);
throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage());
}
}
Also used :
RuntimeCryptoException(org.bouncycastle.crypto.RuntimeCryptoException)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
Aggregations
XiSecurityException (org.xipki.security.exception.XiSecurityException)36
P11TokenException (org.xipki.security.exception.P11TokenException)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
X509Certificate (java.security.cert.X509Certificate)6
ObjectCreationException (org.xipki.common.ObjectCreationException)6
SignerConf (org.xipki.security.SignerConf)6
IOException (java.io.IOException)5
CertificateException (java.security.cert.CertificateException)5
ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
PublicKey (java.security.PublicKey)4
ArrayList (java.util.ArrayList)4
OperationException (org.xipki.ca.api.OperationException)4
ConfPairs (org.xipki.common.ConfPairs)4
InvalidConfException (org.xipki.common.InvalidConfException)4
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4
SignatureException (java.security.SignatureException)3
DfltConcurrentContentSigner (org.xipki.security.DfltConcurrentContentSigner)3
XiContentSigner (org.xipki.security.XiContentSigner)3
Session (iaik.pkcs.pkcs11.Session)2
