summaryrefslogtreecommitdiffstats
path: root/base/kra/src/com/netscape/kra/EncryptionUnit.java
diff options
context:
space:
mode:
Diffstat (limited to 'base/kra/src/com/netscape/kra/EncryptionUnit.java')
-rw-r--r--base/kra/src/com/netscape/kra/EncryptionUnit.java39
1 files changed, 33 insertions, 6 deletions
diff --git a/base/kra/src/com/netscape/kra/EncryptionUnit.java b/base/kra/src/com/netscape/kra/EncryptionUnit.java
index 78f6e2719..c082a784f 100644
--- a/base/kra/src/com/netscape/kra/EncryptionUnit.java
+++ b/base/kra/src/com/netscape/kra/EncryptionUnit.java
@@ -70,12 +70,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
public abstract CryptoToken getToken();
+ public abstract CryptoToken getToken(org.mozilla.jss.crypto.X509Certificate cert);
+
public abstract CryptoToken getInternalToken();
public abstract PublicKey getPublicKey();
public abstract PrivateKey getPrivateKey();
+ public abstract PrivateKey getPrivateKey(org.mozilla.jss.crypto.X509Certificate cert);
+
/**
* Protects the private key so that it can be stored in
* internal database.
@@ -218,19 +222,29 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
* Decrypts the user private key.
*/
public byte[] decryptExternalPrivate(byte encSymmKey[],
- String symmAlgOID, byte symmAlgParams[],
- byte encValue[])
+ String symmAlgOID, byte symmAlgParams[], byte encValue[])
+ throws EBaseException {
+ return decryptExternalPrivate(encSymmKey, symmAlgOID, symmAlgParams,
+ encValue, null);
+ }
+
+ /**
+ * Decrypts the user private key.
+ */
+ public byte[] decryptExternalPrivate(byte encSymmKey[],
+ String symmAlgOID, byte symmAlgParams[], byte encValue[],
+ org.mozilla.jss.crypto.X509Certificate transCert)
throws EBaseException {
try {
CMS.debug("EncryptionUnit.decryptExternalPrivate");
- CryptoToken token = getToken();
+ CryptoToken token = getToken(transCert);
// (1) unwrap the session
KeyWrapper rsaWrap = token.getKeyWrapper(
KeyWrapAlgorithm.RSA);
- rsaWrap.initUnwrap(getPrivateKey(), null);
+ rsaWrap.initUnwrap(getPrivateKey(transCert), null);
SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey,
SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT,
0);
@@ -346,14 +360,27 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
String symmAlgOID, byte symmAlgParams[],
byte encValue[], PublicKey pubKey)
throws EBaseException {
+ return unwrap (encSymmKey, symmAlgOID, symmAlgParams,
+ encValue, pubKey, null);
+ }
+
+ /**
+ * External unwrapping. Unwraps the data using
+ * the transport private key.
+ */
+ public PrivateKey unwrap(byte encSymmKey[],
+ String symmAlgOID, byte symmAlgParams[],
+ byte encValue[], PublicKey pubKey,
+ org.mozilla.jss.crypto.X509Certificate transCert)
+ throws EBaseException {
try {
- CryptoToken token = getToken();
+ CryptoToken token = getToken(transCert);
// (1) unwrap the session
KeyWrapper rsaWrap = token.getKeyWrapper(
KeyWrapAlgorithm.RSA);
- rsaWrap.initUnwrap(getPrivateKey(), null);
+ rsaWrap.initUnwrap(getPrivateKey(transCert), null);
SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey,
SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP,
0);
generated by cgit (git 2.34.1) at 2024-06-28 09:39:53 +0000