Example 31 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class AbstractP11ECDSASignatureSpi method engineSign.
@Override
protected byte[] engineSign() throws SignatureException {
byte[] dataToSign;
if (outputStream instanceof ByteArrayOutputStream) {
dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
((ByteArrayOutputStream) outputStream).reset();
} else {
dataToSign = ((DigestOutputStream) outputStream).digest();
((DigestOutputStream) outputStream).reset();
}
try {
byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature);
} catch (XiSecurityException | P11TokenException ex) {
throw new SignatureException(ex.getMessage(), ex);
}
}
Also used :
XiSecurityException(org.xipki.security.exception.XiSecurityException)
DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream)
P11TokenException(org.xipki.security.exception.P11TokenException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SignatureException(java.security.SignatureException)
Example 32 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class IaikP11SlotUtil method checkSessionLoggedIn.
// method getCertificateObject
static boolean checkSessionLoggedIn(Session session, long userType) throws P11TokenException {
SessionInfo info;
try {
info = session.getSessionInfo();
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
if (LOG.isTraceEnabled()) {
LOG.debug("SessionInfo: {}", info);
}
State state = info.getState();
long deviceError = info.getDeviceError();
LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError);
if (deviceError != 0) {
LOG.error("deviceError {}", deviceError);
return false;
}
boolean sessionLoggedIn;
if (userType == PKCS11Constants.CKU_SO) {
sessionLoggedIn = state.equals(State.RW_SO_FUNCTIONS);
} else {
sessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS) || state.equals(State.RO_USER_FUNCTIONS);
}
LOG.debug("sessionLoggedIn: {}", sessionLoggedIn);
return sessionLoggedIn;
}
Also used :
P11TokenException(org.xipki.security.pkcs11.P11TokenException)
P11TokenException(org.xipki.security.pkcs11.P11TokenException)
Example 33 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class KeyCryptor method decryptPrivateKey.
// constructor
PrivateKey decryptPrivateKey(byte[] encryptedPrivateKeyInfo) throws P11TokenException {
notNull(encryptedPrivateKeyInfo, "encryptedPrivateKeyInfo");
byte[] plain = decrypt(encryptedPrivateKeyInfo);
PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(plain);
AlgorithmIdentifier keyAlg = privateKeyInfo.getPrivateKeyAlgorithm();
ASN1ObjectIdentifier keyAlgOid = keyAlg.getAlgorithm();
String algoName;
if (PKCSObjectIdentifiers.rsaEncryption.equals(keyAlgOid)) {
algoName = "RSA";
} else if (X9ObjectIdentifiers.id_dsa.equals(keyAlgOid)) {
algoName = "DSA";
} else if (X9ObjectIdentifiers.id_ecPublicKey.equals(keyAlgOid)) {
algoName = "EC";
} else {
algoName = EdECConstants.getName(keyAlg.getAlgorithm());
}
if (algoName == null) {
throw new P11TokenException("unknown private key algorithm " + keyAlgOid.getId());
}
try {
KeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance(algoName, "BC");
return keyFactory.generatePrivate(keySpec);
} catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException ex) {
throw new P11TokenException(ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
Also used :
P11TokenException(org.xipki.security.pkcs11.P11TokenException)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeySpec(java.security.spec.KeySpec)
IOException(java.io.IOException)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 34 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class KeyCryptor method encrypt.
byte[] encrypt(byte[] data) throws P11TokenException {
byte[] nonce = new byte[AES_GCM_NONCE_BYTE_SIZE];
rnd.nextBytes(nonce);
GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_BIT_SIZE, nonce);
try {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
int cipherLen = cipher.getOutputSize(data.length);
byte[] cipherBlob = new byte[1 + nonce.length + cipherLen];
cipherBlob[0] = ALG_SCRYPT1_AESGCMNopadding_128;
System.arraycopy(nonce, 0, cipherBlob, 1, nonce.length);
int offset = 1 + nonce.length;
int realCipherLen = cipher.doFinal(data, 0, data.length, cipherBlob, offset);
if (cipherLen == realCipherLen) {
return cipherBlob;
} else {
return Arrays.copyOf(cipherBlob, offset + realCipherLen);
}
} catch (GeneralSecurityException ex) {
throw new P11TokenException(ex);
}
}
Also used :
P11TokenException(org.xipki.security.pkcs11.P11TokenException)
GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)
Cipher(javax.crypto.Cipher)
Example 35 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class KeyCryptor method decrypt.
// method decryptPrivateKey
byte[] decrypt(byte[] cipherBlob) throws P11TokenException {
notNull(cipherBlob, "cipherBlob");
if (cipherBlob[0] != ALG_SCRYPT1_AESGCMNopadding_128) {
throw new P11TokenException("unknown encryption algorithm");
}
GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_BIT_SIZE, cipherBlob, 1, AES_GCM_NONCE_BYTE_SIZE);
try {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.DECRYPT_MODE, key, spec);
int cipherValueOffset = 1 + AES_GCM_NONCE_BYTE_SIZE;
final int cipherLen = cipherBlob.length - cipherValueOffset;
int plainLen = cipher.getOutputSize(cipherLen);
byte[] plain = new byte[plainLen];
int realPlainLen = cipher.doFinal(cipherBlob, cipherValueOffset, cipherLen, plain, 0);
if (plainLen > realPlainLen) {
plain = Arrays.copyOf(plain, realPlainLen);
}
return plain;
} catch (GeneralSecurityException ex) {
throw new P11TokenException(ex);
}
}
Also used :
P11TokenException(org.xipki.security.pkcs11.P11TokenException)
GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)
Cipher(javax.crypto.Cipher)
Aggregations
P11TokenException (org.xipki.security.exception.P11TokenException)15
P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)11
P11TokenException (org.xipki.security.pkcs11.P11TokenException)11
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)9
XiSecurityException (org.xipki.security.exception.XiSecurityException)8
P11CryptService (org.xipki.security.pkcs11.P11CryptService)7
P11Module (org.xipki.security.pkcs11.P11Module)6
P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)6
TokenException (iaik.pkcs.pkcs11.TokenException)4
PublicKey (java.security.PublicKey)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)4
P11Params (org.xipki.security.pkcs11.P11Params)4
P11Slot (org.xipki.security.pkcs11.P11Slot)4
Mechanism (iaik.pkcs.pkcs11.Mechanism)3
Session (iaik.pkcs.pkcs11.Session)3
PKCS11Exception (iaik.pkcs.pkcs11.wrapper.PKCS11Exception)3
IOException (java.io.IOException)3
HashSet (java.util.HashSet)3
BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)3
