@Override public byte[] getSignature() { byte[] dataToSign; if (outputStream instanceof ByteArrayOutputStream) { dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray(); ((ByteArrayOutputStream) outputStream).reset(); } else { byte[] hashValue = ((DigestOutputStream) outputStream).digest(); ((DigestOutputStream) outputStream).reset(); dataToSign = new byte[digestPkcsPrefix.length + hashValue.length]; System.arraycopy(digestPkcsPrefix, 0, dataToSign, 0, digestPkcsPrefix.length); System.arraycopy(hashValue, 0, dataToSign, digestPkcsPrefix.length, hashValue.length); } try { if (mechanism == PKCS11Constants.CKM_RSA_X_509) { dataToSign = SignerUtil.EMSA_PKCS1_v1_5_encoding(dataToSign, modulusBitLen); } return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign); } catch (XiSecurityException | P11TokenException ex) { LogUtil.error(LOG, ex, "could not sign"); throw new RuntimeCryptoException("SignerException: " + ex.getMessage()); } }
public static Pair<Certificate,KeyPair> getCert(String keystore, String alias, String password) { logger.info("Loading cert from {} with alias {}",keystore,alias); KeyStore ks = null; try { ks = KeyStore.getInstance("JKS"); File fl = new File(keystore); FileInputStream stream = new FileInputStream(fl); ks.load(stream, password.toCharArray()); final Key key = ks.getKey(alias, password.toCharArray()); Certificate cert = ks.getCertificate(alias); KeyPair kp = new KeyPair(cert.getPublicKey(), (PrivateKey) key); return new Pair<>(ks.getCertificate(alias), kp); } catch (Exception e) { logger.error("Error loading certificate: ",e); throw new RuntimeCryptoException("Problem loading certificate"); } }
private static SecureRandom getSecureRandom(boolean strong) { if (!strong) { return new SecureRandom(); } try { return SecureRandom.getInstanceStrong(); } catch (NoSuchAlgorithmException ex) { throw new RuntimeCryptoException( "could not get strong SecureRandom: " + ex.getMessage()); } }
@Override public byte[] getSignature() { try { byte[] plainSignature = getPlainSignature(); return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature); } catch (XiSecurityException ex) { LogUtil.warn(LOG, ex); throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage()); } catch (Throwable th) { LogUtil.warn(LOG, th); throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage()); } }
@Override public void init(boolean forEncryption, CipherParameters cipherParam) { if (!forEncryption) { throw new RuntimeCryptoException("verification mode not supported."); } if (!(cipherParam instanceof P11RSAKeyParameter)) { throw new IllegalArgumentException( "invalid param type " + cipherParam.getClass().getName()); } this.param = (P11RSAKeyParameter) cipherParam; }
@Override public byte[] getSignature() { try { byte[] plainSignature = getPlainSignature(); return SignerUtil.dsaSigPlainToX962(plainSignature); } catch (XiSecurityException ex) { LogUtil.warn(LOG, ex); throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage()); } catch (Throwable th) { LogUtil.warn(LOG, th); throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage()); } }
@Override public byte[] getSignature() { try { byte[] dataToSign = outputStream.toByteArray(); outputStream.reset(); return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign); } catch (XiSecurityException ex) { LogUtil.warn(LOG, ex); throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage()); } catch (Throwable th) { LogUtil.warn(LOG, th); throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage()); } }
public static org.bouncycastle.crypto.tls.Certificate loadCert(String keystore,String alias,String password) { try { byte[] data = getCert(keystore,alias,password).getKey().getEncoded(); org.bouncycastle.asn1.x509.Certificate[] cert = {org.bouncycastle.asn1.x509.Certificate.getInstance(data)}; return new org.bouncycastle.crypto.tls.Certificate(cert); } catch (Exception e) { logger.error("Error loading certificate: ",e); throw new RuntimeCryptoException("Problem loading certificate"); } }
/** * Returns decrypted data. * * @param key * @param nonce nonce/ IV * @param header * @param encryptedData * @param tag * @param optional optional AADBytes (post header) * @return decrypted data * @throws IllegalArgumentException on decryption exceptions * @throws NullPointerException on null arguments */ public static byte[] decrypt( byte[] key, byte[] nonce, byte[] header, byte[] encryptedData, byte[] tag, Optional<byte[]> optional) { try { GCMBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(key), tag.length * 8, nonce, header); cipher.init(false, parameters); if (optional.isPresent()) { byte[] aadBytes = optional.get(); cipher.processAADBytes(aadBytes, 0, aadBytes.length); } byte[] out = new byte[cipher.getOutputSize(encryptedData.length + tag.length)]; int pos = cipher.processBytes(encryptedData, 0, encryptedData.length, out, 0); pos += cipher.processBytes(tag, 0, tag.length, out, pos); pos += cipher.doFinal(out, pos); return Arrays.copyOf(out, pos); } catch (IllegalStateException | InvalidCipherTextException | RuntimeCryptoException ex) { throw new IllegalStateException("GCM decrypt error", ex); } }
public Optional<byte[]> load(Path file, byte[] password) throws IOException { byte[] bs = null; if (Files.exists(file)) { try (InputStream is = fileCryptor.newCipherInputStream(Files.newInputStream(file), password)) { bs = IOUtils.toByteArray(is); } catch (RuntimeCryptoException | InvalidCipherTextIOException ex) { logger.debug("-- load() - exception: ", ex); } } else { logger.debug("-- load() - no file: {}", file); } Optional<byte[]> _bs = Optional.ofNullable(bs); logger.debug("-- load() - file: {} bs: 0x{}", file, _bs.map(Hex::toHexString)); return _bs; }
