summaryrefslogtreecommitdiffstats
path: root/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/EncryptionUnit.java')
-rw-r--r--pki/base/kra/src/com/netscape/kra/EncryptionUnit.java592
1 files changed, 417 insertions, 175 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
index cbd3b7a3..9eb2ae3b 100644
--- a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
+++ b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.kra;
-
import java.io.CharConversionException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
@@ -48,20 +47,20 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.security.IEncryptionUnit;
import com.netscape.cmscore.util.Debug;
-
/**
- * A class represents the transport key pair. This key pair
- * is used to protected EE's private key in transit.
- *
+ * A class represents the transport key pair. This key pair is used to protected
+ * EE's private key in transit.
+ *
* @author thomask
* @version $Revision$, $Date$
*/
public abstract class EncryptionUnit implements IEncryptionUnit {
- /* Establish one constant IV for base class, to be used for
- internal operations. Constant IV acceptable for symmetric keys.
- */
- private byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+ /*
+ * Establish one constant IV for base class, to be used for internal
+ * operations. Constant IV acceptable for symmetric keys.
+ */
+ private byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
protected IVParameterSpec IV = null;
public EncryptionUnit() {
@@ -79,84 +78,145 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
public abstract PrivateKey getPrivateKey();
/**
- * Protects the private key so that it can be stored in
- * internal database.
+ * Protects the private key so that it can be stored in internal database.
*/
- public byte[] encryptInternalPrivate(byte priKey[])
- throws EBaseException {
+ public byte[] encryptInternalPrivate(byte priKey[]) throws EBaseException {
try {
CMS.debug("EncryptionUnit.encryptInternalPrivate");
CryptoToken token = getToken();
CryptoToken internalToken = getInternalToken();
// (1) generate session key
- org.mozilla.jss.crypto.KeyGenerator kg =
- internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+ org.mozilla.jss.crypto.KeyGenerator kg = internalToken
+ .getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey sk = kg.generate();
// (2) wrap private key with session key
- Cipher cipher = internalToken.getCipherContext(
- EncryptionAlgorithm.DES3_CBC_PAD);
+ Cipher cipher = internalToken
+ .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
cipher.initEncrypt(sk, IV);
byte pri[] = cipher.doFinal(priKey);
// (3) wrap session with transport public
- KeyWrapper rsaWrap = internalToken.getKeyWrapper(
- KeyWrapAlgorithm.RSA);
+ KeyWrapper rsaWrap = internalToken
+ .getKeyWrapper(KeyWrapAlgorithm.RSA);
rsaWrap.initWrap(getPublicKey(), null);
byte session[] = rsaWrap.wrap(sk);
// use MY own structure for now:
// SEQUENCE {
- // encryptedSession OCTET STRING,
- // encryptedPrivate OCTET STRING
+ // encryptedSession OCTET STRING,
+ // encryptedPrivate OCTET STRING
// }
-
+
DerOutputStream tmp = new DerOutputStream();
DerOutputStream out = new DerOutputStream();
tmp.putOctetString(session);
tmp.putOctetString(pri);
out.write(DerValue.tag_Sequence, tmp);
-
+
return out.toByteArray();
} catch (TokenException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (NoSuchAlgorithmException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (CharConversionException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (InvalidAlgorithmParameterException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (InvalidKeyException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (BadPaddingException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (IllegalBlockSizeException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (IOException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
} catch (Exception e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::encryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_INTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::encryptInternalPrivate "
+ + e.toString());
return null;
}
}
@@ -171,92 +231,133 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
CryptoToken token = getToken();
// (1) generate session key
- org.mozilla.jss.crypto.KeyGenerator kg =
- token.getKeyGenerator(KeyGenAlgorithm.DES3);
- // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+ org.mozilla.jss.crypto.KeyGenerator kg = token
+ .getKeyGenerator(KeyGenAlgorithm.DES3);
+ // internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey.Usage usages[] = new SymmetricKey.Usage[2];
usages[0] = SymmetricKey.Usage.WRAP;
usages[1] = SymmetricKey.Usage.UNWRAP;
kg.setKeyUsages(usages);
kg.temporaryKeys(true);
SymmetricKey sk = kg.generate();
- CMS.debug("EncryptionUnit:wrap() session key generated on slot: "+token.getName());
+ CMS.debug("EncryptionUnit:wrap() session key generated on slot: "
+ + token.getName());
// (2) wrap private key with session key
// KeyWrapper wrapper = internalToken.getKeyWrapper(
- KeyWrapper wrapper = token.getKeyWrapper(
- KeyWrapAlgorithm.DES3_CBC_PAD);
+ KeyWrapper wrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
wrapper.initWrap(sk, IV);
byte pri[] = wrapper.wrap(priKey);
- CMS.debug("EncryptionUnit:wrap() privKey wrapped");
+ CMS.debug("EncryptionUnit:wrap() privKey wrapped");
// (3) wrap session with transport public
- KeyWrapper rsaWrap = token.getKeyWrapper(
- KeyWrapAlgorithm.RSA);
+ KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
rsaWrap.initWrap(getPublicKey(), null);
byte session[] = rsaWrap.wrap(sk);
- CMS.debug("EncryptionUnit:wrap() sessin key wrapped");
+ CMS.debug("EncryptionUnit:wrap() sessin key wrapped");
// use MY own structure for now:
// SEQUENCE {
- // encryptedSession OCTET STRING,
- // encryptedPrivate OCTET STRING
+ // encryptedSession OCTET STRING,
+ // encryptedPrivate OCTET STRING
// }
-
+
DerOutputStream tmp = new DerOutputStream();
DerOutputStream out = new DerOutputStream();
tmp.putOctetString(session);
tmp.putOctetString(pri);
out.write(DerValue.tag_Sequence, tmp);
-
+
return out.toByteArray();
} catch (TokenException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::wrap " + e.toString());
return null;
} catch (NoSuchAlgorithmException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::wrap " + e.toString());
return null;
} catch (CharConversionException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::wrap " + e.toString());
return null;
} catch (InvalidAlgorithmParameterException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::wrap " + e.toString());
return null;
} catch (InvalidKeyException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::wrap " + e.toString());
return null;
} catch (IOException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::wrap " + e.toString());
return null;
} catch (Exception e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_WRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::wrap " + e.toString());
return null;
}
}
/**
- * External unwrapping. Unwraps the data using
- * the transport private key.
+ * External unwrapping. Unwraps the data using the transport private key.
*/
- public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage)
- {
+ public SymmetricKey unwrap_sym(byte encSymmKey[], SymmetricKey.Usage usage) {
try {
CryptoToken token = getToken();
// (1) unwrap the session
PrivateKey priKey = getPrivateKey();
String priKeyAlgo = priKey.getAlgorithm();
- CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo);
+ CMS.debug("EncryptionUnit::unwrap_sym() private key algo: "
+ + priKeyAlgo);
KeyWrapper keyWrapper = null;
if (priKeyAlgo.equals("EC")) {
keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
@@ -266,117 +367,152 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
keyWrapper.initUnwrap(priKey, null);
}
SymmetricKey sk = keyWrapper.unwrapSymmetric(encSymmKey,
- SymmetricKey.DES3, usage,
- 0);
- CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: "
- +token.getName());
+ SymmetricKey.DES3, usage, 0);
+ CMS.debug("EncryptionUnit::unwrap_sym() unwrapped on slot: "
+ + token.getName());
return sk;
} catch (Exception e) {
- CMS.debug("EncryptionUnit::unwrap_sym() error:" +
- e.toString());
+ CMS.debug("EncryptionUnit::unwrap_sym() error:" + e.toString());
return null;
}
}
- public SymmetricKey unwrap_sym(byte encSymmKey[])
- {
+ public SymmetricKey unwrap_sym(byte encSymmKey[]) {
return unwrap_sym(encSymmKey, SymmetricKey.Usage.WRAP);
}
-
- public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[])
- {
+
+ public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]) {
return unwrap_sym(encSymmKey, SymmetricKey.Usage.ENCRYPT);
}
/**
* Decrypts the user private key.
*/
- public byte[] decryptExternalPrivate(byte encSymmKey[],
- String symmAlgOID, byte symmAlgParams[],
- byte encValue[])
- throws EBaseException {
+ public byte[] decryptExternalPrivate(byte encSymmKey[], String symmAlgOID,
+ byte symmAlgParams[], byte encValue[]) throws EBaseException {
try {
CMS.debug("EncryptionUnit.decryptExternalPrivate");
CryptoToken token = getToken();
// (1) unwrap the session
- KeyWrapper rsaWrap = token.getKeyWrapper(
- KeyWrapAlgorithm.RSA);
+ KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
rsaWrap.initUnwrap(getPrivateKey(), null);
SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey,
- SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT,
- 0);
+ SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0);
// (2) unwrap the pri
- Cipher cipher = token.getCipherContext(
- EncryptionAlgorithm.DES3_CBC_PAD // XXX
- );
+ Cipher cipher = token
+ .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD // XXX
+ );
- cipher.initDecrypt(sk, new IVParameterSpec(
- symmAlgParams));
+ cipher.initDecrypt(sk, new IVParameterSpec(symmAlgParams));
return cipher.doFinal(encValue);
} catch (IllegalBlockSizeException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptExternalPrivate "
+ + e.toString());
return null;
} catch (BadPaddingException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptExternalPrivate "
+ + e.toString());
return null;
} catch (TokenException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptExternalPrivate "
+ + e.toString());
return null;
} catch (NoSuchAlgorithmException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptExternalPrivate "
+ + e.toString());
return null;
} catch (InvalidAlgorithmParameterException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptExternalPrivate "
+ + e.toString());
return null;
} catch (InvalidKeyException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptExternalPrivate "
+ + e.toString());
return null;
} catch (Exception e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL", e.toString()));
- Debug.trace("EncryptionUnit::decryptExternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_EXTERNAL",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptExternalPrivate "
+ + e.toString());
return null;
}
}
/**
- * External unwrapping. Unwraps the data using
- * the transport private key.
+ * External unwrapping. Unwraps the data using the transport private key.
*/
- public PrivateKey unwrap(byte encSymmKey[],
- String symmAlgOID, byte symmAlgParams[],
- byte encValue[], PublicKey pubKey)
- throws EBaseException {
+ public PrivateKey unwrap(byte encSymmKey[], String symmAlgOID,
+ byte symmAlgParams[], byte encValue[], PublicKey pubKey)
+ throws EBaseException {
try {
CryptoToken token = getToken();
// (1) unwrap the session
- KeyWrapper rsaWrap = token.getKeyWrapper(
- KeyWrapAlgorithm.RSA);
+ KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
rsaWrap.initUnwrap(getPrivateKey(), null);
SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey,
- SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP,
- 0);
+ SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, 0);
// (2) unwrap the pri
- KeyWrapper wrapper = token.getKeyWrapper(
- KeyWrapAlgorithm.DES3_CBC_PAD // XXX
- );
+ KeyWrapper wrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD // XXX
+ );
- wrapper.initUnwrap(sk, new IVParameterSpec(
- symmAlgParams));
+ wrapper.initUnwrap(sk, new IVParameterSpec(symmAlgParams));
- PrivateKey.Type keytype = null;
+ PrivateKey.Type keytype = null;
String alg = pubKey.getAlgorithm();
if (alg.equals("DSA")) {
keytype = PrivateKey.DSA;
@@ -385,34 +521,58 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
} else {
keytype = PrivateKey.RSA;
}
- PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue,
- keytype , pubKey);
+ PrivateKey pk = wrapper.unwrapTemporaryPrivate(encValue, keytype,
+ pubKey);
return pk;
} catch (TokenException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (NoSuchAlgorithmException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (InvalidAlgorithmParameterException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (InvalidKeyException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (Exception e) {
- CMS.debug("EncryptionUnit.unwrap : Exception:"+e.toString());
+ CMS.debug("EncryptionUnit.unwrap : Exception:" + e.toString());
return null;
}
}
- public byte[] decryptInternalPrivate(byte wrappedKeyData[])
- throws EBaseException {
+ public byte[] decryptInternalPrivate(byte wrappedKeyData[])
+ throws EBaseException {
try {
CMS.debug("EncryptionUnit.decryptInternalPrivate");
DerValue val = new DerValue(wrappedKeyData);
@@ -426,51 +586,107 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
CryptoToken token = getToken();
// (1) unwrap the session
- CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:"+ token.getName());
- KeyWrapper rsaWrap = token.getKeyWrapper(
- KeyWrapAlgorithm.RSA);
+ CMS.debug("decryptInternalPrivate(): getting key wrapper on slot:"
+ + token.getName());
+ KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
rsaWrap.initUnwrap(getPrivateKey(), null);
SymmetricKey sk = rsaWrap.unwrapSymmetric(session,
SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, 0);
// (2) unwrap the pri
- Cipher cipher = token.getCipherContext(
- EncryptionAlgorithm.DES3_CBC_PAD);
+ Cipher cipher = token
+ .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
cipher.initDecrypt(sk, IV);
return cipher.doFinal(pri);
} catch (IllegalBlockSizeException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
} catch (BadPaddingException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
} catch (TokenException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
} catch (NoSuchAlgorithmException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
} catch (InvalidAlgorithmParameterException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
} catch (InvalidKeyException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
} catch (IOException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
} catch (Exception e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT", e.toString()));
- Debug.trace("EncryptionUnit::decryptInternalPrivate " + e.toString());
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_DECRYPT",
+ e.toString()));
+ Debug.trace("EncryptionUnit::decryptInternalPrivate "
+ + e.toString());
return null;
}
}
@@ -478,25 +694,24 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
/**
* Internal unwrapping.
*/
- public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey)
- throws EBaseException {
+ public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey pubKey)
+ throws EBaseException {
return _unwrap(wrappedKeyData, pubKey, true);
}
/**
* Internal unwrapping.
*/
- public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey)
- throws EBaseException {
+ public PrivateKey unwrap(byte wrappedKeyData[], PublicKey pubKey)
+ throws EBaseException {
return _unwrap(wrappedKeyData, pubKey, false);
}
/**
* Internal unwrapping.
*/
- private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey
- pubKey, boolean temporary)
- throws EBaseException {
+ private PrivateKey _unwrap(byte wrappedKeyData[], PublicKey pubKey,
+ boolean temporary) throws EBaseException {
try {
DerValue val = new DerValue(wrappedKeyData);
// val.tag == DerValue.tag_Sequence
@@ -508,60 +723,87 @@ public abstract class EncryptionUnit implements IEncryptionUnit {
CryptoToken token = getToken();
// (1) unwrap the session
- KeyWrapper rsaWrap = token.getKeyWrapper(
- KeyWrapAlgorithm.RSA);
+ KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
rsaWrap.initUnwrap(getPrivateKey(), null);
SymmetricKey sk = rsaWrap.unwrapSymmetric(session,
SymmetricKey.DES3, SymmetricKey.Usage.UNWRAP, 0);
// (2) unwrap the pri
- KeyWrapper wrapper = token.getKeyWrapper(
- KeyWrapAlgorithm.DES3_CBC_PAD);
+ KeyWrapper wrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
wrapper.initUnwrap(sk, IV);
PrivateKey pk = null;
if (temporary) {
- pk = wrapper.unwrapTemporaryPrivate(pri,
- PrivateKey.RSA, pubKey);
+ pk = wrapper
+ .unwrapTemporaryPrivate(pri, PrivateKey.RSA, pubKey);
} else {
- pk = wrapper.unwrapPrivate(pri,
- PrivateKey.RSA, pubKey);
+ pk = wrapper.unwrapPrivate(pri, PrivateKey.RSA, pubKey);
}
return pk;
} catch (TokenException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
CMS.debug(e);
return null;
} catch (NoSuchAlgorithmException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (InvalidAlgorithmParameterException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (InvalidKeyException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.printStackTrace(e);
return null;
} catch (IOException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, null, ILogger.S_KRA, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP", e.toString()));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ null,
+ ILogger.S_KRA,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_KRA_ENCRYPTION_UNWRAP",
+ e.toString()));
Debug.trace("EncryptionUnit::unwrap " + e.toString());
return null;
} catch (Exception e) {
Debug.printStackTrace(e);
- return null;
+ return null;
}
}
/**
* Verify the given key pair.
*/
- public void verify(PublicKey publicKey, PrivateKey privateKey) throws
- EBaseException {
+ public void verify(PublicKey publicKey, PrivateKey privateKey)
+ throws EBaseException {
}
}
-
generated by cgit (git 2.34.1) at 2024-05-05 15:56:37 +0000