@Override public void refreshTokenForSignerType(String signerType) throws CaMgmtException { try { securityFactory.refreshTokenForSignerType(signerType); } catch (XiSecurityException ex) { throw new CaMgmtException("could not refresh token for signer type " + signerType + ": " + ex.getMessage(), ex); } }
@Override public byte[] getSignature() { try { byte[] plainSignature = getPlainSignature(); return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature); } catch (XiSecurityException ex) { LogUtil.warn(LOG, ex); throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage()); } catch (Throwable th) { LogUtil.warn(LOG, th); throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage()); } }
@Override public byte[] getSignature() { try { byte[] plainSignature = getPlainSignature(); return plain ? plainSignature : SignerUtil.dsaSigPlainToX962(plainSignature); } catch (XiSecurityException ex) { LogUtil.warn(LOG, ex); throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage()); } catch (Throwable th) { LogUtil.warn(LOG, th); throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage()); } }
@Override public byte[] getSignature() { try { byte[] plainSignature = getPlainSignature(); return SignerUtil.dsaSigPlainToX962(plainSignature); } catch (XiSecurityException ex) { LogUtil.warn(LOG, ex); throw new RuntimeCryptoException("XiSecurityException: " + ex.getMessage()); } catch (Throwable th) { LogUtil.warn(LOG, th); throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage()); } }
@Override protected Signer createSigner(AlgorithmIdentifier sigAlgId) throws OperatorCreationException { if (PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { try { return SignerUtil.createPSSRSASigner(sigAlgId); } catch (XiSecurityException ex) { throw new OperatorCreationException(ex.getMessage(), ex); } } else { AlgorithmIdentifier digAlg = digestAlgorithmFinder.find(sigAlgId); return new RSADigestSigner(digestProvider.get(digAlg)); } }
private byte[] rsaPkcsSign(byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException { int modulusBitLen = getSignatureKeyBitLength(); byte[] paddedHash; try { if (hashAlgo == null) { paddedHash = SignerUtil.EMSA_PKCS1_v1_5_encoding(contentToSign, modulusBitLen); } else { byte[] hash = hashAlgo.hash(contentToSign); paddedHash = SignerUtil.EMSA_PKCS1_v1_5_encoding(hash, modulusBitLen, hashAlgo); } } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } return rsaX509Sign(paddedHash); }
private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws P11TokenException { byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign); ConcurrentBagEntry<Signature> sig0; try { sig0 = dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS); } catch (InterruptedException ex) { throw new P11TokenException("InterruptedException occurs while retrieving idle signature"); } if (sig0 == null) { throw new P11TokenException("no idle DSA Signature available"); } try { Signature sig = sig0.value(); sig.update(hash); byte[] x962Signature = sig.sign(); return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength()); } catch (SignatureException ex) { throw new P11TokenException("SignatureException: " + ex.getMessage(), ex); } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { dsaSignatures.requite(sig0); } }
protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId) throws OperatorCreationException { if (!AlgorithmUtil.isRSASigAlgId(sigAlgId)) { throw new OperatorCreationException("the given algorithm is not a valid RSA signature " + "algirthm '" + sigAlgId.getAlgorithm().getId() + "'"); } if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) { Digest dig = digestProvider.get(digAlgId); return new RSADigestSigner(dig); } try { return SignerUtil.createPSSRSASigner(sigAlgId); } catch (XiSecurityException ex) { throw new OperatorCreationException(ex.getMessage(), ex); } }
private byte[] sm2SignHash(byte[] hash) throws P11TokenException { ConcurrentBagEntry<SM2Signer> sig0; try { sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS); } catch (InterruptedException ex) { throw new P11TokenException("InterruptedException occurs while retrieving idle signature"); } if (sig0 == null) { throw new P11TokenException("no idle SM2 Signer available"); } try { SM2Signer sig = sig0.value(); byte[] x962Signature = sig.generateSignatureForHash(hash); return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength()); } catch (CryptoException ex) { throw new P11TokenException("CryptoException: " + ex.getMessage(), ex); } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { sm2Signers.requite(sig0); } }
private byte[] rsaPkcsPssSign(P11Params parameters, byte[] contentToSign, HashAlgo hashAlgo) throws P11TokenException { if (!(parameters instanceof P11Params.P11RSAPkcsPssParams)) { throw new P11TokenException("the parameters is not of " + P11Params.P11RSAPkcsPssParams.class.getName()); } P11Params.P11RSAPkcsPssParams pssParam = (P11Params.P11RSAPkcsPssParams) parameters; HashAlgo contentHash = getHashAlgoForPkcs11HashMech(pssParam.getHashAlgorithm()); if (contentHash == null) { throw new P11TokenException("unsupported HashAlgorithm " + pssParam.getHashAlgorithm()); } else if (hashAlgo != null && contentHash != hashAlgo) { throw new P11TokenException("Invalid parameters: invalid hash algorithm"); } HashAlgo mgfHash = getHashAlgoForPkcs11MgfMech( pssParam.getMaskGenerationFunction()); if (mgfHash == null) { throw new P11TokenException( "unsupported MaskGenerationFunction " + pssParam.getHashAlgorithm()); } byte[] hashValue = (hashAlgo == null) ? contentToSign : hashAlgo.hash(contentToSign); byte[] encodedHashValue; try { encodedHashValue = SignerUtil.EMSA_PSS_ENCODE(contentHash, hashValue, mgfHash, (int) pssParam.getSaltLength(), getSignatureKeyBitLength(), random); } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } return rsaX509Sign(encodedHashValue); }
throw new P11TokenException("CryptoException: " + ex.getMessage(), ex); } catch (XiSecurityException ex) { throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { sm2Signers.requite(sig0);