use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class AbstractP11ECDSASignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
}
try {
byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (XiSecurityException | P11TokenException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class IaikP11SlotUtil method checkSessionLoggedIn.
// method getCertificateObject
static boolean checkSessionLoggedIn(Session session, long userType) throws P11TokenException {
SessionInfo info;
try {
info = session.getSessionInfo();
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
if (LOG.isTraceEnabled()) {
LOG.debug("SessionInfo: {}", info);
}
State state = info.getState();
long deviceError = info.getDeviceError();
LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError);
if (deviceError != 0) {
LOG.error("deviceError {}", deviceError);
return false;
}
boolean sessionLoggedIn;
if (userType == PKCS11Constants.CKU_SO) {
sessionLoggedIn = state.equals(State.RW_SO_FUNCTIONS);
} else {
sessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS) || state.equals(State.RO_USER_FUNCTIONS);
}
LOG.debug("sessionLoggedIn: {}", sessionLoggedIn);
return sessionLoggedIn;
}
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class KeyCryptor method decryptPrivateKey.
// constructor
PrivateKey decryptPrivateKey(byte[] encryptedPrivateKeyInfo) throws P11TokenException {
notNull(encryptedPrivateKeyInfo, "encryptedPrivateKeyInfo");
byte[] plain = decrypt(encryptedPrivateKeyInfo);
PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(plain);
AlgorithmIdentifier keyAlg = privateKeyInfo.getPrivateKeyAlgorithm();
ASN1ObjectIdentifier keyAlgOid = keyAlg.getAlgorithm();
String algoName;
if (PKCSObjectIdentifiers.rsaEncryption.equals(keyAlgOid)) {
algoName = "RSA";
} else if (X9ObjectIdentifiers.id_dsa.equals(keyAlgOid)) {
algoName = "DSA";
} else if (X9ObjectIdentifiers.id_ecPublicKey.equals(keyAlgOid)) {
algoName = "EC";
} else {
algoName = EdECConstants.getName(keyAlg.getAlgorithm());
}
if (algoName == null) {
throw new P11TokenException("unknown private key algorithm " + keyAlgOid.getId());
}
try {
KeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance(algoName, "BC");
return keyFactory.generatePrivate(keySpec);
} catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException ex) {
throw new P11TokenException(ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class KeyCryptor method encrypt.
byte[] encrypt(byte[] data) throws P11TokenException {
byte[] nonce = new byte[AES_GCM_NONCE_BYTE_SIZE];
rnd.nextBytes(nonce);
GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_BIT_SIZE, nonce);
try {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
int cipherLen = cipher.getOutputSize(data.length);
byte[] cipherBlob = new byte[1 + nonce.length + cipherLen];
cipherBlob[0] = ALG_SCRYPT1_AESGCMNopadding_128;
System.arraycopy(nonce, 0, cipherBlob, 1, nonce.length);
int offset = 1 + nonce.length;
int realCipherLen = cipher.doFinal(data, 0, data.length, cipherBlob, offset);
if (cipherLen == realCipherLen) {
return cipherBlob;
} else {
return Arrays.copyOf(cipherBlob, offset + realCipherLen);
}
} catch (GeneralSecurityException ex) {
throw new P11TokenException(ex);
}
}
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class KeyCryptor method decrypt.
// method decryptPrivateKey
byte[] decrypt(byte[] cipherBlob) throws P11TokenException {
notNull(cipherBlob, "cipherBlob");
if (cipherBlob[0] != ALG_SCRYPT1_AESGCMNopadding_128) {
throw new P11TokenException("unknown encryption algorithm");
}
GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_BIT_SIZE, cipherBlob, 1, AES_GCM_NONCE_BYTE_SIZE);
try {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.DECRYPT_MODE, key, spec);
int cipherValueOffset = 1 + AES_GCM_NONCE_BYTE_SIZE;
final int cipherLen = cipherBlob.length - cipherValueOffset;
int plainLen = cipher.getOutputSize(cipherLen);
byte[] plain = new byte[plainLen];
int realPlainLen = cipher.doFinal(cipherBlob, cipherValueOffset, cipherLen, plain, 0);
if (plainLen > realPlainLen) {
plain = Arrays.copyOf(plain, realPlainLen);
}
return plain;
} catch (GeneralSecurityException ex) {
throw new P11TokenException(ex);
}
}
Aggregations