diff options
author | Ade Lee <alee@redhat.com> | 2012-01-09 23:32:31 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-01-09 23:32:31 -0500 |
commit | 466533710c179f62865e08b3031748072a0247a3 (patch) | |
tree | 4c04c20d50239be26ba8319076de90226526a542 /pki/base/kra/src/com/netscape/kra/EncryptionUnit.java | |
parent | c9e3c48de53fce6908f625f40ac2b2f75d66b5a1 (diff) | |
download | pki-466533710c179f62865e08b3031748072a0247a3.tar.gz pki-466533710c179f62865e08b3031748072a0247a3.tar.xz pki-466533710c179f62865e08b3031748072a0247a3.zip |
Formatting (no wrap)
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/EncryptionUnit.java')
-rw-r--r-- | pki/base/kra/src/com/netscape/kra/EncryptionUnit.java | 134 |
1 files changed, 63 insertions, 71 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java index cbd3b7a3..32d1dd29 100644 --- a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.kra; - import java.io.CharConversionException; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; @@ -48,20 +47,20 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.security.IEncryptionUnit; import com.netscape.cmscore.util.Debug; - /** - * A class represents the transport key pair. This key pair - * is used to protected EE's private key in transit. - * + * A class represents the transport key pair. This key pair is used to protected + * EE's private key in transit. + * * @author thomask * @version $Revision$, $Date$ */ public abstract class EncryptionUnit implements IEncryptionUnit { - /* Establish one constant IV for base class, to be used for - internal operations. Constant IV acceptable for symmetric keys. - */ - private byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + /* + * Establish one constant IV for base class, to be used for internal + * operations. Constant IV acceptable for symmetric keys. + */ + private byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; protected IVParameterSpec IV = null; public EncryptionUnit() { @@ -79,19 +78,18 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public abstract PrivateKey getPrivateKey(); /** - * Protects the private key so that it can be stored in - * internal database. + * Protects the private key so that it can be stored in internal database. */ - public byte[] encryptInternalPrivate(byte priKey[]) - throws EBaseException { + public byte[] encryptInternalPrivate(byte priKey[]) + throws EBaseException { try { CMS.debug("EncryptionUnit.encryptInternalPrivate"); CryptoToken token = getToken(); CryptoToken internalToken = getInternalToken(); // (1) generate session key - org.mozilla.jss.crypto.KeyGenerator kg = - internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + org.mozilla.jss.crypto.KeyGenerator kg = + internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); // (2) wrap private key with session key @@ -110,17 +108,17 @@ public abstract class EncryptionUnit implements IEncryptionUnit { // use MY own structure for now: // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING // } - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); tmp.putOctetString(session); tmp.putOctetString(pri); out.write(DerValue.tag_Sequence, tmp); - + return out.toByteArray(); } catch (TokenException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); @@ -171,16 +169,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) generate session key - org.mozilla.jss.crypto.KeyGenerator kg = - token.getKeyGenerator(KeyGenAlgorithm.DES3); - // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + org.mozilla.jss.crypto.KeyGenerator kg = + token.getKeyGenerator(KeyGenAlgorithm.DES3); + // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey.Usage usages[] = new SymmetricKey.Usage[2]; usages[0] = SymmetricKey.Usage.WRAP; usages[1] = SymmetricKey.Usage.UNWRAP; kg.setKeyUsages(usages); kg.temporaryKeys(true); SymmetricKey sk = kg.generate(); - CMS.debug("EncryptionUnit:wrap() session key generated on slot: "+token.getName()); + CMS.debug("EncryptionUnit:wrap() session key generated on slot: " + token.getName()); // (2) wrap private key with session key // KeyWrapper wrapper = internalToken.getKeyWrapper( @@ -189,7 +187,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { wrapper.initWrap(sk, IV); byte pri[] = wrapper.wrap(priKey); - CMS.debug("EncryptionUnit:wrap() privKey wrapped"); + CMS.debug("EncryptionUnit:wrap() privKey wrapped"); // (3) wrap session with transport public KeyWrapper rsaWrap = token.getKeyWrapper( @@ -197,21 +195,21 @@ public abstract class EncryptionUnit implements IEncryptionUnit { rsaWrap.initWrap(getPublicKey(), null); byte session[] = rsaWrap.wrap(sk); - CMS.debug("EncryptionUnit:wrap() sessin key wrapped"); + CMS.debug("EncryptionUnit:wrap() sessin key wrapped"); // use MY own structure for now: // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING // } - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); tmp.putOctetString(session); tmp.putOctetString(pri); out.write(DerValue.tag_Sequence, tmp); - + return out.toByteArray(); } catch (TokenException e) { CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); @@ -245,18 +243,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } /** - * External unwrapping. Unwraps the data using - * the transport private key. + * External unwrapping. Unwraps the data using the transport private key. */ - public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) - { + public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) { try { CryptoToken token = getToken(); // (1) unwrap the session PrivateKey priKey = getPrivateKey(); String priKeyAlgo = priKey.getAlgorithm(); - CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo); + CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo); KeyWrapper keyWrapper = null; if (priKeyAlgo.equals("EC")) { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); @@ -268,8 +264,8 @@ public abstract class EncryptionUnit implements IEncryptionUnit { SymmetricKey sk = keyWrapper.unwrapSymmetric(encSymmKey, SymmetricKey.DES3, usage, 0); - CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: " - +token.getName()); + CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: " + + token.getName()); return sk; } catch (Exception e) { CMS.debug("EncryptionUnit::unwrap_sym() error:" + @@ -278,23 +274,21 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } } - public SymmetricKey unwrap_sym(byte encSymmKey[]) - { + public SymmetricKey unwrap_sym(byte encSymmKey[]) { return unwrap_sym(encSymmKey, SymmetricKey.Usage.WRAP); } - - public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) - { + + public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) { return unwrap_sym(encSymmKey, SymmetricKey.Usage.ENCRYPT); } /** * Decrypts the user private key. */ - public byte[] decryptExternalPrivate(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[]) - throws EBaseException { + public byte[] decryptExternalPrivate(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], + byte encValue[]) + throws EBaseException { try { CMS.debug("EncryptionUnit.decryptExternalPrivate"); @@ -312,7 +306,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { // (2) unwrap the pri Cipher cipher = token.getCipherContext( EncryptionAlgorithm.DES3_CBC_PAD // XXX - ); + ); cipher.initDecrypt(sk, new IVParameterSpec( symmAlgParams)); @@ -349,13 +343,12 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } /** - * External unwrapping. Unwraps the data using - * the transport private key. + * External unwrapping. Unwraps the data using the transport private key. */ - public PrivateKey unwrap(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap(byte encSymmKey[], + String symmAlgOID, byte symmAlgParams[], + byte encValue[], PublicKey pubKey) + throws EBaseException { try { CryptoToken token = getToken(); @@ -371,12 +364,12 @@ public abstract class EncryptionUnit implements IEncryptionUnit { // (2) unwrap the pri KeyWrapper wrapper = token.getKeyWrapper( KeyWrapAlgorithm.DES3_CBC_PAD // XXX - ); + ); wrapper.initUnwrap(sk, new IVParameterSpec( symmAlgParams)); - PrivateKey.Type keytype = null; + PrivateKey.Type keytype = null; String alg = pubKey.getAlgorithm(); if (alg.equals("DSA")) { keytype = PrivateKey.DSA; @@ -386,7 +379,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { keytype = PrivateKey.RSA; } PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue, - keytype , pubKey); + keytype, pubKey); return pk; } catch (TokenException e) { @@ -406,13 +399,13 @@ public abstract class EncryptionUnit implements IEncryptionUnit { Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (Exception e) { - CMS.debug("EncryptionUnit.unwrap : Exception:"+e.toString()); + CMS.debug("EncryptionUnit.unwrap : Exception:" + e.toString()); return null; } } - public byte[] decryptInternalPrivate(byte wrappedKeyData[]) - throws EBaseException { + public byte[] decryptInternalPrivate(byte wrappedKeyData[]) + throws EBaseException { try { CMS.debug("EncryptionUnit.decryptInternalPrivate"); DerValue val = new DerValue(wrappedKeyData); @@ -426,7 +419,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) unwrap the session - CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:"+ token.getName()); + CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:" + token.getName()); KeyWrapper rsaWrap = token.getKeyWrapper( KeyWrapAlgorithm.RSA); @@ -478,16 +471,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit { /** * Internal unwrapping. */ - public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) + throws EBaseException { return _unwrap(wrappedKeyData, pubKey, true); } /** * Internal unwrapping. */ - public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey) + throws EBaseException { return _unwrap(wrappedKeyData, pubKey, false); } @@ -495,8 +488,8 @@ public abstract class EncryptionUnit implements IEncryptionUnit { * Internal unwrapping. */ private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey - pubKey, boolean temporary) - throws EBaseException { + pubKey, boolean temporary) + throws EBaseException { try { DerValue val = new DerValue(wrappedKeyData); // val.tag == DerValue.tag_Sequence @@ -523,11 +516,11 @@ public abstract class EncryptionUnit implements IEncryptionUnit { PrivateKey pk = null; if (temporary) { - pk = wrapper.unwrapTemporaryPrivate(pri, - PrivateKey.RSA, pubKey); + pk = wrapper.unwrapTemporaryPrivate(pri, + PrivateKey.RSA, pubKey); } else { - pk = wrapper.unwrapPrivate(pri, - PrivateKey.RSA, pubKey); + pk = wrapper.unwrapPrivate(pri, + PrivateKey.RSA, pubKey); } return pk; } catch (TokenException e) { @@ -553,7 +546,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { return null; } catch (Exception e) { Debug.printStackTrace(e); - return null; + return null; } } @@ -564,4 +557,3 @@ public abstract class EncryptionUnit implements IEncryptionUnit { EBaseException { } } - |