diff options
Diffstat (limited to 'base/kra/src/com/netscape/kra/EncryptionUnit.java')
-rw-r--r-- | base/kra/src/com/netscape/kra/EncryptionUnit.java | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/base/kra/src/com/netscape/kra/EncryptionUnit.java b/base/kra/src/com/netscape/kra/EncryptionUnit.java index 78f6e2719..c082a784f 100644 --- a/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -70,12 +70,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public abstract CryptoToken getToken(); + public abstract CryptoToken getToken(org.mozilla.jss.crypto.X509Certificate cert); + public abstract CryptoToken getInternalToken(); public abstract PublicKey getPublicKey(); public abstract PrivateKey getPrivateKey(); + public abstract PrivateKey getPrivateKey(org.mozilla.jss.crypto.X509Certificate cert); + /** * Protects the private key so that it can be stored in * internal database. @@ -218,19 +222,29 @@ public abstract class EncryptionUnit implements IEncryptionUnit { * Decrypts the user private key. */ public byte[] decryptExternalPrivate(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[]) + String symmAlgOID, byte symmAlgParams[], byte encValue[]) + throws EBaseException { + return decryptExternalPrivate(encSymmKey, symmAlgOID, symmAlgParams, + encValue, null); + } + + /** + * Decrypts the user private key. + */ + public byte[] decryptExternalPrivate(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], byte encValue[], + org.mozilla.jss.crypto.X509Certificate transCert) throws EBaseException { try { CMS.debug("EncryptionUnit.decryptExternalPrivate"); - CryptoToken token = getToken(); + CryptoToken token = getToken(transCert); // (1) unwrap the session KeyWrapper rsaWrap = token.getKeyWrapper( KeyWrapAlgorithm.RSA); - rsaWrap.initUnwrap(getPrivateKey(), null); + rsaWrap.initUnwrap(getPrivateKey(transCert), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey, SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0); @@ -346,14 +360,27 @@ public abstract class EncryptionUnit implements IEncryptionUnit { String symmAlgOID, byte symmAlgParams[], byte encValue[], PublicKey pubKey) throws EBaseException { + return unwrap (encSymmKey, symmAlgOID, symmAlgParams, + encValue, pubKey, null); + } + + /** + * External unwrapping. Unwraps the data using + * the transport private key. + */ + public PrivateKey unwrap(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], + byte encValue[], PublicKey pubKey, + org.mozilla.jss.crypto.X509Certificate transCert) + throws EBaseException { try { - CryptoToken token = getToken(); + CryptoToken token = getToken(transCert); // (1) unwrap the session KeyWrapper rsaWrap = token.getKeyWrapper( KeyWrapAlgorithm.RSA); - rsaWrap.initUnwrap(getPrivateKey(), null); + rsaWrap.initUnwrap(getPrivateKey(transCert), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey, SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, 0); |