summaryrefslogtreecommitdiffstats
path: root/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/EncryptionUnit.java')
-rw-r--r--pki/base/kra/src/com/netscape/kra/EncryptionUnit.java110
1 files changed, 52 insertions, 58 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
index cbd3b7a3..e9a3301e 100644
--- a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
+++ b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.kra;
-
import java.io.CharConversionException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
@@ -48,11 +47,10 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.security.IEncryptionUnit;
import com.netscape.cmscore.util.Debug;
-
/**
* A class represents the transport key pair. This key pair
* is used to protected EE's private key in transit.
- *
+ *
* @author thomask
* @version $Revision$, $Date$
*/
@@ -61,7 +59,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
/* Establish one constant IV for base class, to be used for
internal operations. Constant IV acceptable for symmetric keys.
*/
- private byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+ private byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
protected IVParameterSpec IV = null;
public EncryptionUnit() {
@@ -82,16 +80,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
* Protects the private key so that it can be stored in
* internal database.
*/
- public byte[] encryptInternalPrivate(byte priKey[])
- throws EBaseException {
+ public byte[] encryptInternalPrivate(byte priKey[])
+ throws EBaseException {
try {
CMS.debug("EncryptionUnit.encryptInternalPrivate");
CryptoToken token = getToken();
CryptoToken internalToken = getInternalToken();
// (1) generate session key
- org.mozilla.jss.crypto.KeyGenerator kg =
- internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+ org.mozilla.jss.crypto.KeyGenerator kg =
+ internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey sk = kg.generate();
// (2) wrap private key with session key
@@ -113,14 +111,14 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
// encryptedSession OCTET STRING,
// encryptedPrivate OCTET STRING
// }
-
+
DerOutputStream tmp = new DerOutputStream();
DerOutputStream out = new DerOutputStream();
tmp.putOctetString(session);
tmp.putOctetString(pri);
out.write(DerValue.tag_Sequence, tmp);
-
+
return out.toByteArray();
} catch (TokenException e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
@@ -171,16 +169,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
CryptoToken token = getToken();
// (1) generate session key
- org.mozilla.jss.crypto.KeyGenerator kg =
- token.getKeyGenerator(KeyGenAlgorithm.DES3);
- // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+ org.mozilla.jss.crypto.KeyGenerator kg =
+ token.getKeyGenerator(KeyGenAlgorithm.DES3);
+ // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey.Usage usages[] = new SymmetricKey.Usage[2];
usages[0] = SymmetricKey.Usage.WRAP;
usages[1] = SymmetricKey.Usage.UNWRAP;
kg.setKeyUsages(usages);
kg.temporaryKeys(true);
SymmetricKey sk = kg.generate();
- CMS.debug("EncryptionUnit:wrap() session key generated on slot: "+token.getName());
+ CMS.debug("EncryptionUnit:wrap() session key generated on slot: " + token.getName());
// (2) wrap private key with session key
// KeyWrapper wrapper = internalToken.getKeyWrapper(
@@ -189,7 +187,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
wrapper.initWrap(sk, IV);
byte pri[] = wrapper.wrap(priKey);
- CMS.debug("EncryptionUnit:wrap() privKey wrapped");
+ CMS.debug("EncryptionUnit:wrap() privKey wrapped");
// (3) wrap session with transport public
KeyWrapper rsaWrap = token.getKeyWrapper(
@@ -197,21 +195,21 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
rsaWrap.initWrap(getPublicKey(), null);
byte session[] = rsaWrap.wrap(sk);
- CMS.debug("EncryptionUnit:wrap() sessin key wrapped");
+ CMS.debug("EncryptionUnit:wrap() sessin key wrapped");
// use MY own structure for now:
// SEQUENCE {
// encryptedSession OCTET STRING,
// encryptedPrivate OCTET STRING
// }
-
+
DerOutputStream tmp = new DerOutputStream();
DerOutputStream out = new DerOutputStream();
tmp.putOctetString(session);
tmp.putOctetString(pri);
out.write(DerValue.tag_Sequence, tmp);
-
+
return out.toByteArray();
} catch (TokenException e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
@@ -245,18 +243,17 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
}
/**
- * External unwrapping. Unwraps the data using
+ * External unwrapping. Unwraps the data using
* the transport private key.
*/
- public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage)
- {
+ public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) {
try {
CryptoToken token = getToken();
// (1) unwrap the session
PrivateKey priKey = getPrivateKey();
String priKeyAlgo = priKey.getAlgorithm();
- CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo);
+ CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo);
KeyWrapper keyWrapper = null;
if (priKeyAlgo.equals("EC")) {
keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
@@ -268,8 +265,8 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
SymmetricKey sk = keyWrapper.unwrapSymmetric(encSymmKey,
SymmetricKey.DES3, usage,
0);
- CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: "
- +token.getName());
+ CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: "
+ + token.getName());
return sk;
} catch (Exception e) {
CMS.debug("EncryptionUnit::unwrap_sym() error:" +
@@ -278,23 +275,21 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
}
}
- public SymmetricKey unwrap_sym(byte encSymmKey[])
- {
+ public SymmetricKey unwrap_sym(byte encSymmKey[]) {
return unwrap_sym(encSymmKey, SymmetricKey.Usage.WRAP);
}
-
- public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[])
- {
+
+ public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) {
return unwrap_sym(encSymmKey, SymmetricKey.Usage.ENCRYPT);
}
/**
* Decrypts the user private key.
*/
- public byte[] decryptExternalPrivate(byte encSymmKey[],
- String symmAlgOID, byte symmAlgParams[],
- byte encValue[])
- throws EBaseException {
+ public byte[] decryptExternalPrivate(byte encSymmKey[],
+ String symmAlgOID, byte symmAlgParams[],
+ byte encValue[])
+ throws EBaseException {
try {
CMS.debug("EncryptionUnit.decryptExternalPrivate");
@@ -312,7 +307,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
// (2) unwrap the pri
Cipher cipher = token.getCipherContext(
EncryptionAlgorithm.DES3_CBC_PAD // XXX
- );
+ );
cipher.initDecrypt(sk, new IVParameterSpec(
symmAlgParams));
@@ -349,13 +344,13 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
}
/**
- * External unwrapping. Unwraps the data using
+ * External unwrapping. Unwraps the data using
* the transport private key.
*/
- public PrivateKey unwrap(byte encSymmKey[],
- String symmAlgOID, byte symmAlgParams[],
- byte encValue[], PublicKey pubKey)
- throws EBaseException {
+ public PrivateKey unwrap(byte encSymmKey[],
+ String symmAlgOID, byte symmAlgParams[],
+ byte encValue[], PublicKey pubKey)
+ throws EBaseException {
try {
CryptoToken token = getToken();
@@ -371,12 +366,12 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
// (2) unwrap the pri
KeyWrapper wrapper = token.getKeyWrapper(
KeyWrapAlgorithm.DES3_CBC_PAD // XXX
- );
+ );
wrapper.initUnwrap(sk, new IVParameterSpec(
symmAlgParams));
- PrivateKey.Type keytype = null;
+ PrivateKey.Type keytype = null;
String alg = pubKey.getAlgorithm();
if (alg.equals("DSA")) {
keytype = PrivateKey.DSA;
@@ -386,7 +381,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
keytype = PrivateKey.RSA;
}
PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue,
- keytype , pubKey);
+ keytype, pubKey);
return pk;
} catch (TokenException e) {
@@ -406,13 +401,13 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (Exception e) {
- CMS.debug("EncryptionUnit.unwrap : Exception:"+e.toString());
+ CMS.debug("EncryptionUnit.unwrap : Exception:" + e.toString());
return null;
}
}
- public byte[] decryptInternalPrivate(byte wrappedKeyData[])
- throws EBaseException {
+ public byte[] decryptInternalPrivate(byte wrappedKeyData[])
+ throws EBaseException {
try {
CMS.debug("EncryptionUnit.decryptInternalPrivate");
DerValue val = new DerValue(wrappedKeyData);
@@ -426,7 +421,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
CryptoToken token = getToken();
// (1) unwrap the session
- CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:"+ token.getName());
+ CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:" + token.getName());
KeyWrapper rsaWrap = token.getKeyWrapper(
KeyWrapAlgorithm.RSA);
@@ -478,16 +473,16 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
/**
* Internal unwrapping.
*/
- public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey)
- throws EBaseException {
+ public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey)
+ throws EBaseException {
return _unwrap(wrappedKeyData, pubKey, true);
}
/**
* Internal unwrapping.
*/
- public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey)
- throws EBaseException {
+ public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey)
+ throws EBaseException {
return _unwrap(wrappedKeyData, pubKey, false);
}
@@ -495,8 +490,8 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
* Internal unwrapping.
*/
private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey
- pubKey, boolean temporary)
- throws EBaseException {
+ pubKey, boolean temporary)
+ throws EBaseException {
try {
DerValue val = new DerValue(wrappedKeyData);
// val.tag == DerValue.tag_Sequence
@@ -523,11 +518,11 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
PrivateKey pk = null;
if (temporary) {
- pk = wrapper.unwrapTemporaryPrivate(pri,
- PrivateKey.RSA, pubKey);
+ pk = wrapper.unwrapTemporaryPrivate(pri,
+ PrivateKey.RSA, pubKey);
} else {
- pk = wrapper.unwrapPrivate(pri,
- PrivateKey.RSA, pubKey);
+ pk = wrapper.unwrapPrivate(pri,
+ PrivateKey.RSA, pubKey);
}
return pk;
} catch (TokenException e) {
@@ -553,7 +548,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
return null;
} catch (Exception e) {
Debug.printStackTrace(e);
- return null;
+ return null;
}
}
@@ -564,4 +559,3 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
EBaseException {
}
}
-
generated by cgit (git 2.34.1) at 2024-05-19 09:25:18 +0000