diff options
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/EncryptionUnit.java')
-rw-r--r-- | pki/base/kra/src/com/netscape/kra/EncryptionUnit.java | 592 |
1 files changed, 175 insertions, 417 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java index 9eb2ae3b8..cbd3b7a3d 100644 --- a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.kra; + import java.io.CharConversionException; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; @@ -47,20 +48,20 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.security.IEncryptionUnit; import com.netscape.cmscore.util.Debug; + /** - * A class represents the transport key pair. This key pair is used to protected - * EE's private key in transit. - * + * A class represents the transport key pair. This key pair + * is used to protected EE's private key in transit. + * * @author thomask * @version $Revision$, $Date$ */ public abstract class EncryptionUnit implements IEncryptionUnit { - /* - * Establish one constant IV for base class, to be used for internal - * operations. Constant IV acceptable for symmetric keys. - */ - private byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + /* Establish one constant IV for base class, to be used for + internal operations. Constant IV acceptable for symmetric keys. + */ + private byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; protected IVParameterSpec IV = null; public EncryptionUnit() { @@ -78,145 +79,84 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public abstract PrivateKey getPrivateKey(); /** - * Protects the private key so that it can be stored in internal database. + * Protects the private key so that it can be stored in + * internal database. */ - public byte[] encryptInternalPrivate(byte priKey[]) throws EBaseException { + public byte[] encryptInternalPrivate(byte priKey[]) + throws EBaseException { try { CMS.debug("EncryptionUnit.encryptInternalPrivate"); CryptoToken token = getToken(); CryptoToken internalToken = getInternalToken(); // (1) generate session key - org.mozilla.jss.crypto.KeyGenerator kg = internalToken - .getKeyGenerator(KeyGenAlgorithm.DES3); + org.mozilla.jss.crypto.KeyGenerator kg = + internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); // (2) wrap private key with session key - Cipher cipher = internalToken - .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); + Cipher cipher = internalToken.getCipherContext( + EncryptionAlgorithm.DES3_CBC_PAD); cipher.initEncrypt(sk, IV); byte pri[] = cipher.doFinal(priKey); // (3) wrap session with transport public - KeyWrapper rsaWrap = internalToken - .getKeyWrapper(KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = internalToken.getKeyWrapper( + KeyWrapAlgorithm.RSA); rsaWrap.initWrap(getPublicKey(), null); byte session[] = rsaWrap.wrap(sk); // use MY own structure for now: // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING // } - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); tmp.putOctetString(session); tmp.putOctetString(pri); out.write(DerValue.tag_Sequence, tmp); - + return out.toByteArray(); } catch (TokenException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (CharConversionException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (IllegalBlockSizeException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); return null; } } @@ -231,133 +171,92 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) generate session key - org.mozilla.jss.crypto.KeyGenerator kg = token - .getKeyGenerator(KeyGenAlgorithm.DES3); - // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + org.mozilla.jss.crypto.KeyGenerator kg = + token.getKeyGenerator(KeyGenAlgorithm.DES3); + // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey.Usage usages[] = new SymmetricKey.Usage[2]; usages[0] = SymmetricKey.Usage.WRAP; usages[1] = SymmetricKey.Usage.UNWRAP; kg.setKeyUsages(usages); kg.temporaryKeys(true); SymmetricKey sk = kg.generate(); - CMS.debug("EncryptionUnit:wrap() session key generated on slot: " - + token.getName()); + CMS.debug("EncryptionUnit:wrap() session key generated on slot: "+token.getName()); // (2) wrap private key with session key // KeyWrapper wrapper = internalToken.getKeyWrapper( - KeyWrapper wrapper = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + KeyWrapper wrapper = token.getKeyWrapper( + KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initWrap(sk, IV); byte pri[] = wrapper.wrap(priKey); - CMS.debug("EncryptionUnit:wrap() privKey wrapped"); + CMS.debug("EncryptionUnit:wrap() privKey wrapped"); // (3) wrap session with transport public - KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); rsaWrap.initWrap(getPublicKey(), null); byte session[] = rsaWrap.wrap(sk); - CMS.debug("EncryptionUnit:wrap() sessin key wrapped"); + CMS.debug("EncryptionUnit:wrap() sessin key wrapped"); // use MY own structure for now: // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING // } - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); tmp.putOctetString(session); tmp.putOctetString(pri); out.write(DerValue.tag_Sequence, tmp); - + return out.toByteArray(); } catch (TokenException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (CharConversionException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } } /** - * External unwrapping. Unwraps the data using the transport private key. + * External unwrapping. Unwraps the data using + * the transport private key. */ - public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) { + public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) + { try { CryptoToken token = getToken(); // (1) unwrap the session PrivateKey priKey = getPrivateKey(); String priKeyAlgo = priKey.getAlgorithm(); - CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " - + priKeyAlgo); + CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo); KeyWrapper keyWrapper = null; if (priKeyAlgo.equals("EC")) { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); @@ -367,152 +266,117 @@ public abstract class EncryptionUnit implements IEncryptionUnit { keyWrapper.initUnwrap(priKey, null); } SymmetricKey sk = keyWrapper.unwrapSymmetric(encSymmKey, - SymmetricKey.DES3, usage, 0); - CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: " - + token.getName()); + SymmetricKey.DES3, usage, + 0); + CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: " + +token.getName()); return sk; } catch (Exception e) { - CMS.debug("EncryptionUnit::unwrap_sym() error:" + e.toString()); + CMS.debug("EncryptionUnit::unwrap_sym() error:" + + e.toString()); return null; } } - public SymmetricKey unwrap_sym(byte encSymmKey[]) { + public SymmetricKey unwrap_sym(byte encSymmKey[]) + { return unwrap_sym(encSymmKey, SymmetricKey.Usage.WRAP); } - - public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) { + + public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) + { return unwrap_sym(encSymmKey, SymmetricKey.Usage.ENCRYPT); } /** * Decrypts the user private key. */ - public byte[] decryptExternalPrivate(byte encSymmKey[], String symmAlgOID, - byte symmAlgParams[], byte encValue[]) throws EBaseException { + public byte[] decryptExternalPrivate(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], + byte encValue[]) + throws EBaseException { try { CMS.debug("EncryptionUnit.decryptExternalPrivate"); CryptoToken token = getToken(); // (1) unwrap the session - KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey, - SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0); + SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, + 0); // (2) unwrap the pri - Cipher cipher = token - .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD // XXX - ); + Cipher cipher = token.getCipherContext( + EncryptionAlgorithm.DES3_CBC_PAD // XXX + ); - cipher.initDecrypt(sk, new IVParameterSpec(symmAlgParams)); + cipher.initDecrypt(sk, new IVParameterSpec( + symmAlgParams)); return cipher.doFinal(encValue); } catch (IllegalBlockSizeException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (TokenException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", - e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); return null; } } /** - * External unwrapping. Unwraps the data using the transport private key. + * External unwrapping. Unwraps the data using + * the transport private key. */ - public PrivateKey unwrap(byte encSymmKey[], String symmAlgOID, - byte symmAlgParams[], byte encValue[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], + byte encValue[], PublicKey pubKey) + throws EBaseException { try { CryptoToken token = getToken(); // (1) unwrap the session - KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey, - SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, 0); + SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, + 0); // (2) unwrap the pri - KeyWrapper wrapper = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD // XXX - ); + KeyWrapper wrapper = token.getKeyWrapper( + KeyWrapAlgorithm.DES3_CBC_PAD // XXX + ); - wrapper.initUnwrap(sk, new IVParameterSpec(symmAlgParams)); + wrapper.initUnwrap(sk, new IVParameterSpec( + symmAlgParams)); - PrivateKey.Type keytype = null; + PrivateKey.Type keytype = null; String alg = pubKey.getAlgorithm(); if (alg.equals("DSA")) { keytype = PrivateKey.DSA; @@ -521,58 +385,34 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } else { keytype = PrivateKey.RSA; } - PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue, keytype, - pubKey); + PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue, + keytype , pubKey); return pk; } catch (TokenException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (Exception e) { - CMS.debug("EncryptionUnit.unwrap : Exception:" + e.toString()); + CMS.debug("EncryptionUnit.unwrap : Exception:"+e.toString()); return null; } } - public byte[] decryptInternalPrivate(byte wrappedKeyData[]) - throws EBaseException { + public byte[] decryptInternalPrivate(byte wrappedKeyData[]) + throws EBaseException { try { CMS.debug("EncryptionUnit.decryptInternalPrivate"); DerValue val = new DerValue(wrappedKeyData); @@ -586,107 +426,51 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) unwrap the session - CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:" - + token.getName()); - KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:"+ token.getName()); + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(session, SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0); // (2) unwrap the pri - Cipher cipher = token - .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); + Cipher cipher = token.getCipherContext( + EncryptionAlgorithm.DES3_CBC_PAD); cipher.initDecrypt(sk, IV); return cipher.doFinal(pri); } catch (IllegalBlockSizeException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (TokenException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", - e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " - + e.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); return null; } } @@ -694,24 +478,25 @@ public abstract class EncryptionUnit implements IEncryptionUnit { /** * Internal unwrapping. */ - public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) + throws EBaseException { return _unwrap(wrappedKeyData, pubKey, true); } /** * Internal unwrapping. */ - public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey) + throws EBaseException { return _unwrap(wrappedKeyData, pubKey, false); } /** * Internal unwrapping. */ - private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey pubKey, - boolean temporary) throws EBaseException { + private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey + pubKey, boolean temporary) + throws EBaseException { try { DerValue val = new DerValue(wrappedKeyData); // val.tag == DerValue.tag_Sequence @@ -723,87 +508,60 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) unwrap the session - KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(session, SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, 0); // (2) unwrap the pri - KeyWrapper wrapper = token - .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + KeyWrapper wrapper = token.getKeyWrapper( + KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, IV); PrivateKey pk = null; if (temporary) { - pk = wrapper - .unwrapTemporaryPrivate(pri, PrivateKey.RSA, pubKey); + pk = wrapper.unwrapTemporaryPrivate(pri, + PrivateKey.RSA, pubKey); } else { - pk = wrapper.unwrapPrivate(pri, PrivateKey.RSA, pubKey); + pk = wrapper.unwrapPrivate(pri, + PrivateKey.RSA, pubKey); } return pk; } catch (TokenException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); CMS.debug(e); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.printStackTrace(e); return null; } catch (IOException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, - null, - ILogger.S_KRA, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", - e.toString())); + CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (Exception e) { Debug.printStackTrace(e); - return null; + return null; } } /** * Verify the given key pair. */ - public void verify(PublicKey publicKey, PrivateKey privateKey) - throws EBaseException { + public void verify(PublicKey publicKey, PrivateKey privateKey) throws + EBaseException { } } + |