diff options
8 files changed, 254 insertions, 40 deletions
diff --git a/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java index 7da212469..6a02c612d 100644 --- a/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java +++ b/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java @@ -20,6 +20,7 @@ package com.netscape.certsrv.dbs.keydb; import java.math.BigInteger; import java.util.Date; +import com.netscape.certsrv.base.MetaInfo; import com.netscape.certsrv.base.EBaseException; /** @@ -90,6 +91,13 @@ public interface IKeyRecord { public Integer getKeySize() throws EBaseException; /** + * Retrieves meta info. + * + * @return MetaInfo + */ + public MetaInfo getMetaInfo(); + + /** * Retrieves client ID. * * @return client id diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 678145a92..bd557fa7a 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -510,14 +510,14 @@ public class SizePanel extends WizardPanelBase { CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - ECDH_usages_mask); + ECDH_usages_mask, false, -1, -1); } else { if (ct.equals("sslserver")) { CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); } pair = CryptoUtil.generateECCKeyPair(token, curveName, null, - usages_mask); + usages_mask, false, -1, -1); } // XXX - store curve , w diff --git a/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java index aeee624c0..ed770ea91 100644 --- a/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -23,6 +23,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IPrettyPrintFormat; +import com.netscape.certsrv.base.MetaInfo; import com.netscape.certsrv.dbs.keydb.IKeyRecord; /** @@ -38,6 +39,7 @@ public class KeyRecordParser { public final static String OUT_KEY_ALGORITHM = "keyAlgorithm"; public final static String OUT_PUBLIC_KEY = "publicKey"; public final static String OUT_KEY_LEN = "keyLength"; + public final static String OUT_KEY_EC_CURVE = "EllipticCurve"; public final static String OUT_ARCHIVED_BY = "archivedBy"; public final static String OUT_ARCHIVED_ON = "archivedOn"; public final static String OUT_RECOVERED_BY = "recoveredBy"; @@ -71,6 +73,16 @@ public class KeyRecordParser { } else { rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); } + + // handles EC + MetaInfo metaInfo = rec.getMetaInfo(); + if (metaInfo != null) { + String curve = (String)metaInfo.get(OUT_KEY_EC_CURVE); + if (curve != null) { + rarg.addStringValue(OUT_KEY_EC_CURVE, curve); + } + } + rarg.addStringValue(OUT_ARCHIVED_BY, rec.getArchivedBy()); rarg.addLongValue(OUT_ARCHIVED_ON, diff --git a/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java b/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java index f7773e3fa..e8122b6b8 100644 --- a/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java +++ b/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java @@ -281,6 +281,16 @@ public class KeyRecord implements IDBObj, IKeyRecord { } /** + * Retrieves the metaInfo. + * <P> + * + * @return metaInfo + */ + public MetaInfo getMetaInfo() { + return mMetaInfo; + } + + /** * Sets key size. * <P> */ @@ -343,10 +353,6 @@ public class KeyRecord implements IDBObj, IKeyRecord { return mAlgorithm; } - public MetaInfo getMetaInfo() { - return mMetaInfo; - } - /** * Retrieves the creation time of this record. */ diff --git a/base/kra/src/com/netscape/kra/EncryptionUnit.java b/base/kra/src/com/netscape/kra/EncryptionUnit.java index 946f57613..1d06fd2d5 100644 --- a/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -370,6 +370,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { PrivateKey.Type keytype = null; String alg = pubKey.getAlgorithm(); + CMS.debug("EncryptionUnit.unwrap alg ="+ alg); if (alg.equals("DSA")) { keytype = PrivateKey.DSA; } else if (alg.equals("EC")) { @@ -384,18 +385,22 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } catch (TokenException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); + CMS.debug("EncryptionUnit.unwrap "+ e.toString()); return null; } catch (NoSuchAlgorithmException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); + CMS.debug("EncryptionUnit.unwrap "+ e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); + CMS.debug("EncryptionUnit.unwrap "+ e.toString()); return null; } catch (InvalidKeyException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); + CMS.debug("EncryptionUnit.unwrap "+ e.toString()); return null; } catch (Exception e) { CMS.debug("EncryptionUnit.unwrap : Exception:"+e.toString()); diff --git a/base/kra/src/com/netscape/kra/EnrollmentService.java b/base/kra/src/com/netscape/kra/EnrollmentService.java index 37d1aea53..c65a6ea62 100644 --- a/base/kra/src/com/netscape/kra/EnrollmentService.java +++ b/base/kra/src/com/netscape/kra/EnrollmentService.java @@ -22,6 +22,8 @@ import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.cert.CertificateException; +import java.security.PublicKey; +import java.util.Arrays; import java.util.StringTokenizer; import java.util.Vector; @@ -35,11 +37,15 @@ import netscape.security.x509.CertificateX509Key; import netscape.security.x509.X509CertInfo; import netscape.security.x509.X509Key; +import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ASN1Util; import org.mozilla.jss.asn1.ASN1Value; import org.mozilla.jss.asn1.InvalidBERException; import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; import org.mozilla.jss.asn1.SEQUENCE; +import org.mozilla.jss.crypto.PrivateKey; +import org.mozilla.jss.pkcs11.PK11ECPublicKey; +import org.mozilla.jss.pkcs11.PK11ParameterSpec; import org.mozilla.jss.pkix.crmf.CertReqMsg; import org.mozilla.jss.pkix.crmf.CertRequest; import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; @@ -48,8 +54,11 @@ import org.mozilla.jss.pkix.primitive.AVA; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.MetaInfo; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.dbs.keydb.IKeyRepository; +import com.netscape.certsrv.dbs.keydb.IKeyRecord; import com.netscape.certsrv.kra.EKRAException; import com.netscape.certsrv.kra.IKeyRecoveryAuthority; import com.netscape.certsrv.kra.ProofOfArchival; @@ -61,6 +70,7 @@ import com.netscape.certsrv.request.IService; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; import com.netscape.certsrv.util.IStatsSubsystem; +import com.netscape.cms.servlet.key.KeyRecordParser; import com.netscape.cmscore.crmf.CRMFParser; import com.netscape.cmscore.crmf.PKIArchiveOptionsContainer; import com.netscape.kra.ArchiveOptions; @@ -141,6 +151,17 @@ public class EnrollmentService implements IService { */ public boolean serviceRequest(IRequest request) throws EBaseException { + CryptoManager cm = null; + IConfigStore config = null; + Boolean allowEncDecrypt_archival = false; + + try { + cm = CryptoManager.getInstance(); + config = CMS.getConfigStore(); + allowEncDecrypt_archival = config.getBoolean("kra.allowEncDecrypt.archival", false); + } catch (Exception e) { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { @@ -167,6 +188,7 @@ public class EnrollmentService implements IService { mKRA.log(ILogger.LL_INFO, "KRA services enrollment request"); // unwrap user key with transport byte unwrapped[] = null; + byte tmp_unwrapped[] = null; PKIArchiveOptionsContainer aOpts[] = null; String profileId = request.getExtDataInString("profileId"); @@ -204,13 +226,14 @@ public class EnrollmentService implements IService { for (int i = 0; i < aOpts.length; i++) { ArchiveOptions opts = new ArchiveOptions(aOpts[i].mAO); + if (allowEncDecrypt_archival == true) { if (statsSub != null) { statsSub.startTiming("decrypt_user_key"); } mKRA.log(ILogger.LL_INFO, "KRA decrypts external private"); if (CMS.debugOn()) CMS.debug("EnrollmentService::about to decryptExternalPrivate"); - unwrapped = mTransportUnit.decryptExternalPrivate( + tmp_unwrapped = mTransportUnit.decryptExternalPrivate( opts.getEncSymmKey(), opts.getSymmAlgOID(), opts.getSymmAlgParams(), @@ -220,7 +243,7 @@ public class EnrollmentService implements IService { } if (CMS.debugOn()) CMS.debug("EnrollmentService::finished decryptExternalPrivate"); - if (unwrapped == null) { + if (tmp_unwrapped == null) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_UNWRAP_USER_KEY")); auditMessage = CMS.getLogMessage( @@ -235,6 +258,17 @@ public class EnrollmentService implements IService { CMS.getUserMessage("CMS_KRA_INVALID_PRIVATE_KEY")); } + /* making sure leading 0's are removed */ + int first=0; + for (int j=0; (j< tmp_unwrapped.length) && (tmp_unwrapped[j]==0); j++) { + first++; + } + unwrapped = Arrays.copyOfRange(tmp_unwrapped, first, tmp_unwrapped.length); + } /*else { allowEncDecrypt_archival != true + this is done below with unwrap() + } + */ + // retrieve pubic key X509Key publicKey = getPublicKey(request, aOpts[i].mReqPos); byte publicKeyData[] = publicKey.getEncoded(); @@ -255,28 +289,51 @@ public class EnrollmentService implements IService { CMS.getUserMessage("CMS_KRA_INVALID_PUBLIC_KEY")); } - /* Bugscape #54948 - verify public and private key before archiving key */ + String keyAlg = publicKey.getAlgorithm(); + CMS.debug("EnrollmentService: algorithm of key to archive is: "+ keyAlg); - if (statsSub != null) { - statsSub.startTiming("verify_key"); - } - if (verifyKeyPair(publicKeyData, unwrapped) == false) { - mKRA.log(ILogger.LL_FAILURE, + PublicKey pubkey = null; + org.mozilla.jss.crypto.PrivateKey entityPrivKey = null; + if ( allowEncDecrypt_archival == false) { + try { + pubkey = X509Key.parsePublicKey (new DerValue(publicKeyData)); + } catch (Exception e) { + CMS.debug("EnrollmentService: parsePublicKey:"+e.toString()); + throw new EKRAException( + CMS.getUserMessage("CMS_KRA_INVALID_PUBLIC_KEY")); + } + entityPrivKey = + mTransportUnit.unwrap( + opts.getEncSymmKey(), + opts.getSymmAlgOID(), + opts.getSymmAlgParams(), + opts.getEncValue(), + (PublicKey) pubkey); + } // !allowEncDecrypt_archival + + /* Bugscape #54948 - verify public and private key before archiving key */ + if (keyAlg.equals("RSA") && (allowEncDecrypt_archival == true)) { + if (statsSub != null) { + statsSub.startTiming("verify_key"); + } + if (verifyKeyPair(publicKeyData, unwrapped) == false) { + mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PUBLIC_NOT_FOUND")); - auditMessage = CMS.getLogMessage( + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, auditSubjectID, ILogger.FAILURE, auditRequesterID, auditArchiveID); - audit(auditMessage); - throw new EKRAException( + audit(auditMessage); + throw new EKRAException( CMS.getUserMessage("CMS_KRA_INVALID_PUBLIC_KEY")); - } - if (statsSub != null) { - statsSub.endTiming("verify_key"); + } + if (statsSub != null) { + statsSub.endTiming("verify_key"); + } } /** @@ -309,8 +366,15 @@ public class EnrollmentService implements IService { if (statsSub != null) { statsSub.startTiming("encrypt_user_key"); } - byte privateKeyData[] = mStorageUnit.encryptInternalPrivate( + byte privateKeyData[] = null; + + if (allowEncDecrypt_archival == true) { + privateKeyData = mStorageUnit.encryptInternalPrivate( unwrapped); + } else { + privateKeyData = mStorageUnit.wrap(entityPrivKey); + } + if (statsSub != null) { statsSub.endTiming("encrypt_user_key"); } @@ -335,12 +399,7 @@ public class EnrollmentService implements IService { privateKeyData, owner, publicKey.getAlgorithmId().getOID().toString(), agentId); - // we deal with RSA key only - try { - RSAPublicKey rsaPublicKey = new RSAPublicKey(publicKeyData); - - rec.setKeySize(Integer.valueOf(rsaPublicKey.getKeySize())); - } catch (InvalidKeyException e) { + if (rec == null) { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, @@ -353,6 +412,57 @@ public class EnrollmentService implements IService { throw new EKRAException(CMS.getUserMessage("CMS_KRA_INVALID_KEYRECORD")); } + if (keyAlg.equals("RSA")) { + try { + RSAPublicKey rsaPublicKey = new RSAPublicKey(publicKeyData); + + rec.setKeySize(Integer.valueOf(rsaPublicKey.getKeySize())); + } catch (InvalidKeyException e) { + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); + + audit(auditMessage); + throw new EKRAException(CMS.getUserMessage("CMS_KRA_INVALID_KEYRECORD")); + } + } else if (keyAlg.equals("EC")) { + + String oidDescription = "UNDETERMINED"; + // for KeyRecordParser + MetaInfo metaInfo = new MetaInfo(); + + try { + byte curve[] = + ASN1Util.getECCurveBytesByX509PublicKeyBytes(publicKeyData, + false /* without tag and size */); + if (curve.length != 0) { + oidDescription = ASN1Util.getOIDdescription(curve); + } else { + /* this is to be used by derdump */ + byte curveTS[] = + ASN1Util.getECCurveBytesByX509PublicKeyBytes(publicKeyData, + true /* with tag and size */); + if (curveTS.length != 0) { + oidDescription = CMS.BtoA(curveTS); + } + } + } catch (Exception e) { + CMS.debug("EnrollmentService: ASN1Util.getECCurveBytesByX509PublicKeyByte() throws exception: "+ e.toString()); + CMS.debug("EnrollmentService: exception alowed. continue"); + } + + metaInfo.set(KeyRecordParser.OUT_KEY_EC_CURVE, + oidDescription); + + rec.set(IKeyRecord.ATTR_META_INFO, metaInfo); + // key size does not apply to EC; + rec.setKeySize(-1); + } + // if record alreay has a serial number, yell out. if (rec.getSerialNumber() != null) { mKRA.log(ILogger.LL_FAILURE, diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index c8ecdcf5a..0cbe2009f 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -377,10 +377,9 @@ public class RecoveryService implements IService { public synchronized PrivateKey recoverKey(Hashtable<String, Object> request, KeyRecord keyRecord, boolean isRSA) throws EBaseException { - if (!isRSA) { - CMS.debug("RecoverService: recoverKey: currently, non-RSA keys are not supported when allowEncDecrypt_ is false"); - throw new EKRAException(CMS.getUserMessage("CMS_KRA_RECOVERY_FAILED_1", "key type not supported")); - } + CMS.debug("RecoverService: recoverKey: key to recover is RSA? "+ + isRSA); + try { if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { Credential creds[] = (Credential[]) diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 06f177887..82a98c082 100644 --- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -218,15 +218,46 @@ public class CryptoUtil { NoSuchTokenException, NoSuchAlgorithmException, TokenException { + return generateECCKeyPair(token, keysize, usage_ops, usage_mask, + false, -1, -1); + } + + /* + * temporary, sensitive, and extractable usages are per defined in + * JSS pkcs11/PK11KeyPairGenerator.java + */ + public static KeyPair generateECCKeyPair(String token, int keysize, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask, + boolean temporary, int sensitive, int extractable) + throws CryptoManager.NotInitializedException, + NoSuchTokenException, + NoSuchAlgorithmException, + TokenException { + CryptoToken t = getTokenByName(token); KeyPairAlgorithm alg = KeyPairAlgorithm.EC; - KeyPairGenerator g = t.getKeyPairGenerator(alg); + KeyPairGenerator keygen = t.getKeyPairGenerator(alg); - g.setKeyPairUsages(usage_ops, usage_mask); - g.initialize(keysize); + keygen.setKeyPairUsages(usage_ops, usage_mask); + keygen.initialize(keysize); + keygen.setKeyPairUsages(usage_ops, usage_mask); + keygen.temporaryPairs(temporary); - KeyPair pair = g.genKeyPair(); + if (sensitive == 1 ) + keygen.sensitivePairs(true); + else if (sensitive == 0) + keygen.sensitivePairs(false); + + if (extractable == 1 ) + keygen.extractablePairs(true); + else if (extractable == 0) + keygen.extractablePairs(false); + + keygen.initialize(keysize); + + KeyPair pair = keygen.genKeyPair(); return pair; } @@ -261,6 +292,20 @@ public class CryptoUtil { return generateECCKeyPair(t, curveName, usage_ops, usage_mask); } + public static KeyPair generateECCKeyPair(String token, String curveName, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask, + boolean temporary, int sensitive, int extractable) + throws CryptoManager.NotInitializedException, + NoSuchTokenException, + NoSuchAlgorithmException, + TokenException { + CryptoToken t = getTokenByName(token); + return generateECCKeyPair(t, curveName, usage_ops, usage_mask, + temporary, sensitive, extractable); + } + + public static KeyPair generateECCKeyPair(CryptoToken token, String curveName, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) @@ -268,23 +313,52 @@ public class CryptoUtil { NoSuchTokenException, NoSuchAlgorithmException, TokenException { + return generateECCKeyPair(token, curveName, usage_ops, usage_mask, + false, -1, -1); + } + + /* + * temporary, sensitive, and extractable usages are per defined in + * JSS pkcs11/PK11KeyPairGenerator.java + */ + public static KeyPair generateECCKeyPair(CryptoToken token, String curveName, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask, + boolean temporary, int sensitive, int extractable) + throws CryptoManager.NotInitializedException, + NoSuchTokenException, + NoSuchAlgorithmException, + TokenException { + KeyPairAlgorithm alg = KeyPairAlgorithm.EC; - KeyPairGenerator g = token.getKeyPairGenerator(alg); + KeyPairGenerator keygen = token.getKeyPairGenerator(alg); + + keygen.setKeyPairUsages(usage_ops, usage_mask); + keygen.setKeyPairUsages(usage_ops, usage_mask); + keygen.temporaryPairs(temporary); - g.setKeyPairUsages(usage_ops, usage_mask); + if (sensitive == 1 ) + keygen.sensitivePairs(true); + else if (sensitive == 0) + keygen.sensitivePairs(false); + + if (extractable == 1 ) + keygen.extractablePairs(true); + else if (extractable == 0) + keygen.extractablePairs(false); System.out.println("CryptoUtil: generateECCKeyPair: curve = " + curveName); int curveCode = 0; try { - curveCode = g.getCurveCodeByName(curveName); + curveCode = keygen.getCurveCodeByName(curveName); } catch (Exception e) { System.out.println("CryptoUtil: generateECCKeyPair: " + e.toString()); throw new NoSuchAlgorithmException(); } - g.initialize(curveCode); + keygen.initialize(curveCode); System.out.println("CryptoUtil: generateECCKeyPair: after KeyPairGenerator initialize with:" + curveName); - KeyPair pair = g.genKeyPair(); + KeyPair pair = keygen.genKeyPair(); return pair; } |