Search in sources :

Example 31 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class AbstractP11ECDSASignatureSpi method engineSign.

@Override
protected byte[] engineSign() throws SignatureException {
    byte[] dataToSign;
    if (outputStream instanceof ByteArrayOutputStream) {
        dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray();
        ((ByteArrayOutputStream) outputStream).reset();
    } else {
        dataToSign = ((DigestOutputStream) outputStream).digest();
        ((DigestOutputStream) outputStream).reset();
    }
    try {
        byte[] plainSignature = signingKey.sign(mechanism, null, dataToSign);
        return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature);
    } catch (XiSecurityException | P11TokenException ex) {
        throw new SignatureException(ex.getMessage(), ex);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) P11TokenException(org.xipki.security.exception.P11TokenException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SignatureException(java.security.SignatureException)

Example 32 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class IaikP11SlotUtil method checkSessionLoggedIn.

// method getCertificateObject
static boolean checkSessionLoggedIn(Session session, long userType) throws P11TokenException {
    SessionInfo info;
    try {
        info = session.getSessionInfo();
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    if (LOG.isTraceEnabled()) {
        LOG.debug("SessionInfo: {}", info);
    }
    State state = info.getState();
    long deviceError = info.getDeviceError();
    LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError);
    if (deviceError != 0) {
        LOG.error("deviceError {}", deviceError);
        return false;
    }
    boolean sessionLoggedIn;
    if (userType == PKCS11Constants.CKU_SO) {
        sessionLoggedIn = state.equals(State.RW_SO_FUNCTIONS);
    } else {
        sessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS) || state.equals(State.RO_USER_FUNCTIONS);
    }
    LOG.debug("sessionLoggedIn: {}", sessionLoggedIn);
    return sessionLoggedIn;
}
Also used : P11TokenException(org.xipki.security.pkcs11.P11TokenException) P11TokenException(org.xipki.security.pkcs11.P11TokenException)

Example 33 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class KeyCryptor method decryptPrivateKey.

// constructor
PrivateKey decryptPrivateKey(byte[] encryptedPrivateKeyInfo) throws P11TokenException {
    notNull(encryptedPrivateKeyInfo, "encryptedPrivateKeyInfo");
    byte[] plain = decrypt(encryptedPrivateKeyInfo);
    PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(plain);
    AlgorithmIdentifier keyAlg = privateKeyInfo.getPrivateKeyAlgorithm();
    ASN1ObjectIdentifier keyAlgOid = keyAlg.getAlgorithm();
    String algoName;
    if (PKCSObjectIdentifiers.rsaEncryption.equals(keyAlgOid)) {
        algoName = "RSA";
    } else if (X9ObjectIdentifiers.id_dsa.equals(keyAlgOid)) {
        algoName = "DSA";
    } else if (X9ObjectIdentifiers.id_ecPublicKey.equals(keyAlgOid)) {
        algoName = "EC";
    } else {
        algoName = EdECConstants.getName(keyAlg.getAlgorithm());
    }
    if (algoName == null) {
        throw new P11TokenException("unknown private key algorithm " + keyAlgOid.getId());
    }
    try {
        KeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
        KeyFactory keyFactory = KeyFactory.getInstance(algoName, "BC");
        return keyFactory.generatePrivate(keySpec);
    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException ex) {
        throw new P11TokenException(ex.getClass().getName() + ": " + ex.getMessage(), ex);
    }
}
Also used : P11TokenException(org.xipki.security.pkcs11.P11TokenException) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeySpec(java.security.spec.KeySpec) IOException(java.io.IOException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 34 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class KeyCryptor method encrypt.

byte[] encrypt(byte[] data) throws P11TokenException {
    byte[] nonce = new byte[AES_GCM_NONCE_BYTE_SIZE];
    rnd.nextBytes(nonce);
    GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_BIT_SIZE, nonce);
    try {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
        cipher.init(Cipher.ENCRYPT_MODE, key, spec);
        int cipherLen = cipher.getOutputSize(data.length);
        byte[] cipherBlob = new byte[1 + nonce.length + cipherLen];
        cipherBlob[0] = ALG_SCRYPT1_AESGCMNopadding_128;
        System.arraycopy(nonce, 0, cipherBlob, 1, nonce.length);
        int offset = 1 + nonce.length;
        int realCipherLen = cipher.doFinal(data, 0, data.length, cipherBlob, offset);
        if (cipherLen == realCipherLen) {
            return cipherBlob;
        } else {
            return Arrays.copyOf(cipherBlob, offset + realCipherLen);
        }
    } catch (GeneralSecurityException ex) {
        throw new P11TokenException(ex);
    }
}
Also used : P11TokenException(org.xipki.security.pkcs11.P11TokenException) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec) Cipher(javax.crypto.Cipher)

Example 35 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class KeyCryptor method decrypt.

// method decryptPrivateKey
byte[] decrypt(byte[] cipherBlob) throws P11TokenException {
    notNull(cipherBlob, "cipherBlob");
    if (cipherBlob[0] != ALG_SCRYPT1_AESGCMNopadding_128) {
        throw new P11TokenException("unknown encryption algorithm");
    }
    GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_BIT_SIZE, cipherBlob, 1, AES_GCM_NONCE_BYTE_SIZE);
    try {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
        cipher.init(Cipher.DECRYPT_MODE, key, spec);
        int cipherValueOffset = 1 + AES_GCM_NONCE_BYTE_SIZE;
        final int cipherLen = cipherBlob.length - cipherValueOffset;
        int plainLen = cipher.getOutputSize(cipherLen);
        byte[] plain = new byte[plainLen];
        int realPlainLen = cipher.doFinal(cipherBlob, cipherValueOffset, cipherLen, plain, 0);
        if (plainLen > realPlainLen) {
            plain = Arrays.copyOf(plain, realPlainLen);
        }
        return plain;
    } catch (GeneralSecurityException ex) {
        throw new P11TokenException(ex);
    }
}
Also used : P11TokenException(org.xipki.security.pkcs11.P11TokenException) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec) Cipher(javax.crypto.Cipher)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)15 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)11 P11TokenException (org.xipki.security.pkcs11.P11TokenException)11 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)9 XiSecurityException (org.xipki.security.exception.XiSecurityException)8 P11CryptService (org.xipki.security.pkcs11.P11CryptService)7 P11Module (org.xipki.security.pkcs11.P11Module)6 P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)6 TokenException (iaik.pkcs.pkcs11.TokenException)4 PublicKey (java.security.PublicKey)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)4 P11Params (org.xipki.security.pkcs11.P11Params)4 P11Slot (org.xipki.security.pkcs11.P11Slot)4 Mechanism (iaik.pkcs.pkcs11.Mechanism)3 Session (iaik.pkcs.pkcs11.Session)3 PKCS11Exception (iaik.pkcs.pkcs11.wrapper.PKCS11Exception)3 IOException (java.io.IOException)3 HashSet (java.util.HashSet)3 BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)3