diff options
author | Abhishek Koneru <akoneru@redhat.com> | 2014-03-27 04:14:01 -0400 |
---|---|---|
committer | Abhishek Koneru <akoneru@redhat.com> | 2014-03-31 03:01:28 -0400 |
commit | 86f4022cc0598353d16901fa2d1ef90f474baaca (patch) | |
tree | afd5728380709c6bce5c1141bcf67186bb0badde /base/common/src/com/netscape/certsrv/util | |
parent | a75e0f80e79804e36e5d0a67039bbe89c26807e4 (diff) | |
download | pki-86f4022cc0598353d16901fa2d1ef90f474baaca.tar.gz pki-86f4022cc0598353d16901fa2d1ef90f474baaca.tar.xz pki-86f4022cc0598353d16901fa2d1ef90f474baaca.zip |
Refactoring KeyClient class and crypto classes.
Diffstat (limited to 'base/common/src/com/netscape/certsrv/util')
-rw-r--r-- | base/common/src/com/netscape/certsrv/util/CryptoProvider.java | 18 | ||||
-rw-r--r-- | base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java | 31 |
2 files changed, 43 insertions, 6 deletions
diff --git a/base/common/src/com/netscape/certsrv/util/CryptoProvider.java b/base/common/src/com/netscape/certsrv/util/CryptoProvider.java index f5e5603aa..d0c753ae0 100644 --- a/base/common/src/com/netscape/certsrv/util/CryptoProvider.java +++ b/base/common/src/com/netscape/certsrv/util/CryptoProvider.java @@ -2,6 +2,13 @@ package com.netscape.certsrv.util; import org.mozilla.jss.crypto.SymmetricKey; +/** + * An abstract class defining the functionality to be provided by + * sub classes to perform cryptographic operations. + * + * @author akoneru + * + */ public abstract class CryptoProvider { public abstract void initialize() throws Exception; @@ -13,13 +20,18 @@ public abstract class CryptoProvider { public abstract byte[] wrapSessionKeyWithTransportCert(SymmetricKey sessionKey, String transportCert) throws Exception; - public abstract byte[] wrapUsingSessionKey(String passphrase, byte[] iv, SymmetricKey key, String keyAlgorithm) + public abstract byte[] wrapWithSessionKey(String passphrase, byte[] iv, SymmetricKey key, String keyAlgorithm) throws Exception; - public abstract String unwrapUsingSessionKey(byte[] wrappedRecoveredKey, SymmetricKey recoveryKey, + public abstract byte[] wrapWithSessionKey(SymmetricKey secret, SymmetricKey sessionKey, byte[] iv) throws Exception; + + public abstract byte[] unwrapWithSessionKey(byte[] wrappedRecoveredKey, SymmetricKey recoveryKey, String keyAlgorithm, byte[] nonceData) throws Exception; - public abstract String unWrapUsingPassphrase(String wrappedRecoveredKey, String recoveryPassphrase) + public abstract byte[] unwrapWithPassphrase(byte[] wrappedRecoveredKey, String recoveryPassphrase) throws Exception; + public abstract byte[] createPKIArchiveOptions(String transportCert, SymmetricKey secret, String passphrase, + String keyAlgorithm, int symKeySize, byte[] nonceData) throws Exception; + } diff --git a/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java b/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java index ae4e0d168..7c20e5cf4 100644 --- a/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java +++ b/base/common/src/com/netscape/certsrv/util/NSSCryptoProvider.java @@ -1,17 +1,25 @@ package com.netscape.certsrv.util; +import java.io.CharConversionException; import java.io.File; +import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateEncodingException; import org.mozilla.jss.CertDatabaseException; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.KeyDatabaseException; +import org.mozilla.jss.asn1.InvalidBERException; import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.crypto.BadPaddingException; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.EncryptionAlgorithm; import org.mozilla.jss.crypto.IVParameterSpec; +import org.mozilla.jss.crypto.IllegalBlockSizeException; import org.mozilla.jss.crypto.KeyGenAlgorithm; import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.crypto.TokenException; @@ -119,7 +127,7 @@ public class NSSCryptoProvider extends CryptoProvider { } @Override - public byte[] wrapUsingSessionKey(String passphrase, byte[] iv, SymmetricKey key, String encryptionAlgorithm) + public byte[] wrapWithSessionKey(String passphrase, byte[] iv, SymmetricKey key, String encryptionAlgorithm) throws Exception { if (token == null) { throw new NotInitializedException(); @@ -129,7 +137,7 @@ public class NSSCryptoProvider extends CryptoProvider { } @Override - public String unwrapUsingSessionKey(byte[] wrappedRecoveredKey, SymmetricKey recoveryKey, + public byte[] unwrapWithSessionKey(byte[] wrappedRecoveredKey, SymmetricKey recoveryKey, String encryptionAlgorithm, byte[] nonceData) throws Exception { if (token == null) { throw new NotInitializedException(); @@ -140,7 +148,7 @@ public class NSSCryptoProvider extends CryptoProvider { } @Override - public String unWrapUsingPassphrase(String wrappedRecoveredKey, String recoveryPassphrase) throws Exception { + public byte[] unwrapWithPassphrase(byte[] wrappedRecoveredKey, String recoveryPassphrase) throws Exception { return CryptoUtil.unwrapUsingPassphrase(wrappedRecoveredKey, recoveryPassphrase); } @@ -201,4 +209,21 @@ public class NSSCryptoProvider extends CryptoProvider { return alg; } + @Override + public byte[] createPKIArchiveOptions(String transportCert, SymmetricKey secret, String passphrase, + String keyAlgorithm, int symKeySize, byte[] nonceData) throws InvalidKeyException, + CertificateEncodingException, CharConversionException, NoSuchAlgorithmException, + InvalidAlgorithmParameterException, IllegalStateException, TokenException, IOException, + IllegalBlockSizeException, BadPaddingException, InvalidBERException { + + return CryptoUtil.createPKIArchiveOptions(manager, token, transportCert, secret, passphrase, + getKeyGenAlgorithm(keyAlgorithm), symKeySize, new IVParameterSpec(nonceData)); + } + + @Override + public byte[] wrapWithSessionKey(SymmetricKey secret, SymmetricKey sessionKey, byte[] iv) + throws InvalidKeyException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, TokenException { + return CryptoUtil.wrapSymmetricKey(token, secret, sessionKey, new IVParameterSpec(iv)); + } + } |