diff options
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/EncryptionUnit.java')
-rw-r--r-- | pki/base/kra/src/com/netscape/kra/EncryptionUnit.java | 592 |
1 files changed, 417 insertions, 175 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java index cbd3b7a3..9eb2ae3b 100644 --- a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.kra; - import java.io.CharConversionException; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; @@ -48,20 +47,20 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.security.IEncryptionUnit; import com.netscape.cmscore.util.Debug; - /** - * A class represents the transport key pair. This key pair - * is used to protected EE's private key in transit. - * + * A class represents the transport key pair. This key pair is used to protected + * EE's private key in transit. + * * @author thomask * @version $Revision$, $Date$ */ public abstract class EncryptionUnit implements IEncryptionUnit { - /* Establish one constant IV for base class, to be used for - internal operations. Constant IV acceptable for symmetric keys. - */ - private byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + /* + * Establish one constant IV for base class, to be used for internal + * operations. Constant IV acceptable for symmetric keys. + */ + private byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; protected IVParameterSpec IV = null; public EncryptionUnit() { @@ -79,84 +78,145 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public abstract PrivateKey getPrivateKey(); /** - * Protects the private key so that it can be stored in - * internal database. + * Protects the private key so that it can be stored in internal database. */ - public byte[] encryptInternalPrivate(byte priKey[]) - throws EBaseException { + public byte[] encryptInternalPrivate(byte priKey[]) throws EBaseException { try { CMS.debug("EncryptionUnit.encryptInternalPrivate"); CryptoToken token = getToken(); CryptoToken internalToken = getInternalToken(); // (1) generate session key - org.mozilla.jss.crypto.KeyGenerator kg = - internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + org.mozilla.jss.crypto.KeyGenerator kg = internalToken + .getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); // (2) wrap private key with session key - Cipher cipher = internalToken.getCipherContext( - EncryptionAlgorithm.DES3_CBC_PAD); + Cipher cipher = internalToken + .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); cipher.initEncrypt(sk, IV); byte pri[] = cipher.doFinal(priKey); // (3) wrap session with transport public - KeyWrapper rsaWrap = internalToken.getKeyWrapper( - KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = internalToken + .getKeyWrapper(KeyWrapAlgorithm.RSA); rsaWrap.initWrap(getPublicKey(), null); byte session[] = rsaWrap.wrap(sk); // use MY own structure for now: // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING // } - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); tmp.putOctetString(session); tmp.putOctetString(pri); out.write(DerValue.tag_Sequence, tmp); - + return out.toByteArray(); } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (CharConversionException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (IllegalBlockSizeException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString())); - Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::encryptInternalPrivate " + + e.toString()); return null; } } @@ -171,92 +231,133 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) generate session key - org.mozilla.jss.crypto.KeyGenerator kg = - token.getKeyGenerator(KeyGenAlgorithm.DES3); - // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + org.mozilla.jss.crypto.KeyGenerator kg = token + .getKeyGenerator(KeyGenAlgorithm.DES3); + // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey.Usage usages[] = new SymmetricKey.Usage[2]; usages[0] = SymmetricKey.Usage.WRAP; usages[1] = SymmetricKey.Usage.UNWRAP; kg.setKeyUsages(usages); kg.temporaryKeys(true); SymmetricKey sk = kg.generate(); - CMS.debug("EncryptionUnit:wrap() session key generated on slot: "+token.getName()); + CMS.debug("EncryptionUnit:wrap() session key generated on slot: " + + token.getName()); // (2) wrap private key with session key // KeyWrapper wrapper = internalToken.getKeyWrapper( - KeyWrapper wrapper = token.getKeyWrapper( - KeyWrapAlgorithm.DES3_CBC_PAD); + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initWrap(sk, IV); byte pri[] = wrapper.wrap(priKey); - CMS.debug("EncryptionUnit:wrap() privKey wrapped"); + CMS.debug("EncryptionUnit:wrap() privKey wrapped"); // (3) wrap session with transport public - KeyWrapper rsaWrap = token.getKeyWrapper( - KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); rsaWrap.initWrap(getPublicKey(), null); byte session[] = rsaWrap.wrap(sk); - CMS.debug("EncryptionUnit:wrap() sessin key wrapped"); + CMS.debug("EncryptionUnit:wrap() sessin key wrapped"); // use MY own structure for now: // SEQUENCE { - // encryptedSession OCTET STRING, - // encryptedPrivate OCTET STRING + // encryptedSession OCTET STRING, + // encryptedPrivate OCTET STRING // } - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); tmp.putOctetString(session); tmp.putOctetString(pri); out.write(DerValue.tag_Sequence, tmp); - + return out.toByteArray(); } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", + e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", + e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (CharConversionException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", + e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", + e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", + e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", + e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", + e.toString())); Debug.trace("EncryptionUnit::wrap " + e.toString()); return null; } } /** - * External unwrapping. Unwraps the data using - * the transport private key. + * External unwrapping. Unwraps the data using the transport private key. */ - public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) - { + public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) { try { CryptoToken token = getToken(); // (1) unwrap the session PrivateKey priKey = getPrivateKey(); String priKeyAlgo = priKey.getAlgorithm(); - CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo); + CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + + priKeyAlgo); KeyWrapper keyWrapper = null; if (priKeyAlgo.equals("EC")) { keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); @@ -266,117 +367,152 @@ public abstract class EncryptionUnit implements IEncryptionUnit { keyWrapper.initUnwrap(priKey, null); } SymmetricKey sk = keyWrapper.unwrapSymmetric(encSymmKey, - SymmetricKey.DES3, usage, - 0); - CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: " - +token.getName()); + SymmetricKey.DES3, usage, 0); + CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: " + + token.getName()); return sk; } catch (Exception e) { - CMS.debug("EncryptionUnit::unwrap_sym() error:" + - e.toString()); + CMS.debug("EncryptionUnit::unwrap_sym() error:" + e.toString()); return null; } } - public SymmetricKey unwrap_sym(byte encSymmKey[]) - { + public SymmetricKey unwrap_sym(byte encSymmKey[]) { return unwrap_sym(encSymmKey, SymmetricKey.Usage.WRAP); } - - public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) - { + + public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) { return unwrap_sym(encSymmKey, SymmetricKey.Usage.ENCRYPT); } /** * Decrypts the user private key. */ - public byte[] decryptExternalPrivate(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[]) - throws EBaseException { + public byte[] decryptExternalPrivate(byte encSymmKey[], String symmAlgOID, + byte symmAlgParams[], byte encValue[]) throws EBaseException { try { CMS.debug("EncryptionUnit.decryptExternalPrivate"); CryptoToken token = getToken(); // (1) unwrap the session - KeyWrapper rsaWrap = token.getKeyWrapper( - KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey, - SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, - 0); + SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0); // (2) unwrap the pri - Cipher cipher = token.getCipherContext( - EncryptionAlgorithm.DES3_CBC_PAD // XXX - ); + Cipher cipher = token + .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD // XXX + ); - cipher.initDecrypt(sk, new IVParameterSpec( - symmAlgParams)); + cipher.initDecrypt(sk, new IVParameterSpec(symmAlgParams)); return cipher.doFinal(encValue); } catch (IllegalBlockSizeException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + + e.toString()); return null; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString())); - Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", + e.toString())); + Debug.trace("EncryptionUnit::decryptExternalPrivate " + + e.toString()); return null; } } /** - * External unwrapping. Unwraps the data using - * the transport private key. + * External unwrapping. Unwraps the data using the transport private key. */ - public PrivateKey unwrap(byte encSymmKey[], - String symmAlgOID, byte symmAlgParams[], - byte encValue[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap(byte encSymmKey[], String symmAlgOID, + byte symmAlgParams[], byte encValue[], PublicKey pubKey) + throws EBaseException { try { CryptoToken token = getToken(); // (1) unwrap the session - KeyWrapper rsaWrap = token.getKeyWrapper( - KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey, - SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, - 0); + SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, 0); // (2) unwrap the pri - KeyWrapper wrapper = token.getKeyWrapper( - KeyWrapAlgorithm.DES3_CBC_PAD // XXX - ); + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD // XXX + ); - wrapper.initUnwrap(sk, new IVParameterSpec( - symmAlgParams)); + wrapper.initUnwrap(sk, new IVParameterSpec(symmAlgParams)); - PrivateKey.Type keytype = null; + PrivateKey.Type keytype = null; String alg = pubKey.getAlgorithm(); if (alg.equals("DSA")) { keytype = PrivateKey.DSA; @@ -385,34 +521,58 @@ public abstract class EncryptionUnit implements IEncryptionUnit { } else { keytype = PrivateKey.RSA; } - PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue, - keytype , pubKey); + PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue, keytype, + pubKey); return pk; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (Exception e) { - CMS.debug("EncryptionUnit.unwrap : Exception:"+e.toString()); + CMS.debug("EncryptionUnit.unwrap : Exception:" + e.toString()); return null; } } - public byte[] decryptInternalPrivate(byte wrappedKeyData[]) - throws EBaseException { + public byte[] decryptInternalPrivate(byte wrappedKeyData[]) + throws EBaseException { try { CMS.debug("EncryptionUnit.decryptInternalPrivate"); DerValue val = new DerValue(wrappedKeyData); @@ -426,51 +586,107 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) unwrap the session - CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:"+ token.getName()); - KeyWrapper rsaWrap = token.getKeyWrapper( - KeyWrapAlgorithm.RSA); + CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:" + + token.getName()); + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(session, SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0); // (2) unwrap the pri - Cipher cipher = token.getCipherContext( - EncryptionAlgorithm.DES3_CBC_PAD); + Cipher cipher = token + .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); cipher.initDecrypt(sk, IV); return cipher.doFinal(pri); } catch (IllegalBlockSizeException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } catch (BadPaddingException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } catch (Exception e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString())); - Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString()); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", + e.toString())); + Debug.trace("EncryptionUnit::decryptInternalPrivate " + + e.toString()); return null; } } @@ -478,25 +694,24 @@ public abstract class EncryptionUnit implements IEncryptionUnit { /** * Internal unwrapping. */ - public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey) + throws EBaseException { return _unwrap(wrappedKeyData, pubKey, true); } /** * Internal unwrapping. */ - public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey) - throws EBaseException { + public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey) + throws EBaseException { return _unwrap(wrappedKeyData, pubKey, false); } /** * Internal unwrapping. */ - private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey - pubKey, boolean temporary) - throws EBaseException { + private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey pubKey, + boolean temporary) throws EBaseException { try { DerValue val = new DerValue(wrappedKeyData); // val.tag == DerValue.tag_Sequence @@ -508,60 +723,87 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); // (1) unwrap the session - KeyWrapper rsaWrap = token.getKeyWrapper( - KeyWrapAlgorithm.RSA); + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); rsaWrap.initUnwrap(getPrivateKey(), null); SymmetricKey sk = rsaWrap.unwrapSymmetric(session, SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, 0); // (2) unwrap the pri - KeyWrapper wrapper = token.getKeyWrapper( - KeyWrapAlgorithm.DES3_CBC_PAD); + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, IV); PrivateKey pk = null; if (temporary) { - pk = wrapper.unwrapTemporaryPrivate(pri, - PrivateKey.RSA, pubKey); + pk = wrapper + .unwrapTemporaryPrivate(pri, PrivateKey.RSA, pubKey); } else { - pk = wrapper.unwrapPrivate(pri, - PrivateKey.RSA, pubKey); + pk = wrapper.unwrapPrivate(pri, PrivateKey.RSA, pubKey); } return pk; } catch (TokenException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); CMS.debug(e); return null; } catch (NoSuchAlgorithmException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidAlgorithmParameterException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (InvalidKeyException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.printStackTrace(e); return null; } catch (IOException e) { - CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString())); + CMS.getLogger().log( + ILogger.EV_SYSTEM, + null, + ILogger.S_KRA, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", + e.toString())); Debug.trace("EncryptionUnit::unwrap " + e.toString()); return null; } catch (Exception e) { Debug.printStackTrace(e); - return null; + return null; } } /** * Verify the given key pair. */ - public void verify(PublicKey publicKey, PrivateKey privateKey) throws - EBaseException { + public void verify(PublicKey publicKey, PrivateKey privateKey) + throws EBaseException { } } - |