Beispiel #1
0
 static byte[] concat(byte[] b1, byte[] b2) {
   int n1 = b1.length;
   int n2 = b2.length;
   byte[] b = new byte[n1 + n2];
   System.arraycopy(b1, 0, b, 0, n1);
   System.arraycopy(b2, 0, b, n1, n2);
   return b;
 }
Beispiel #2
0
 private byte[] doFinal() throws BadPaddingException, IllegalBlockSizeException {
   byte[] t = new byte[2048];
   int n = implDoFinal(t, 0, t.length);
   byte[] out = new byte[n];
   System.arraycopy(t, 0, out, 0, n);
   return out;
 }
Beispiel #3
0
 // see JCE spec
 protected byte[] engineDoFinal(byte[] in, int inOfs, int inLen)
     throws IllegalBlockSizeException, BadPaddingException {
   implUpdate(in, inOfs, inLen);
   int n = implDoFinal(buffer, 0, buffer.length);
   byte[] out = new byte[n];
   System.arraycopy(buffer, 0, out, 0, n);
   return out;
 }
Beispiel #4
0
 private int implDoFinal(byte[] out, int outOfs, int outLen)
     throws BadPaddingException, IllegalBlockSizeException {
   if (bufOfs > maxInputSize) {
     throw new IllegalBlockSizeException(
         "Data must not be longer " + "than " + maxInputSize + " bytes");
   }
   try {
     ensureInitialized();
     PKCS11 p11 = token.p11;
     int n;
     switch (mode) {
       case MODE_ENCRYPT:
         n = p11.C_Encrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       case MODE_DECRYPT:
         n = p11.C_Decrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       case MODE_SIGN:
         byte[] tmpBuffer = new byte[bufOfs];
         System.arraycopy(buffer, 0, tmpBuffer, 0, bufOfs);
         tmpBuffer = p11.C_Sign(session.id(), tmpBuffer);
         if (tmpBuffer.length > outLen) {
           throw new BadPaddingException("Output buffer too small");
         }
         System.arraycopy(tmpBuffer, 0, out, outOfs, tmpBuffer.length);
         n = tmpBuffer.length;
         break;
       case MODE_VERIFY:
         n = p11.C_VerifyRecover(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
         break;
       default:
         throw new ProviderException("internal error");
     }
     return n;
   } catch (PKCS11Exception e) {
     throw (BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e);
   } finally {
     initialized = false;
     session = token.releaseSession(session);
   }
 }
Beispiel #5
0
 private void implUpdate(byte[] in, int inOfs, int inLen) {
   try {
     ensureInitialized();
   } catch (PKCS11Exception e) {
     throw new ProviderException("update() failed", e);
   }
   if ((inLen == 0) || (in == null)) {
     return;
   }
   if (bufOfs + inLen > maxInputSize) {
     bufOfs = maxInputSize + 1;
     return;
   }
   System.arraycopy(in, inOfs, buffer, bufOfs, inLen);
   bufOfs += inLen;
 }
Beispiel #6
0
  /*
   * Parse a keystore domain configuration file and associated collection
   * of keystore passwords to create a collection of KeyStore.Builder.
   */
  private List<KeyStoreBuilderComponents> getBuilders(
      URI configuration, Map<String, KeyStore.ProtectionParameter> passwords) throws IOException {

    PolicyParser parser = new PolicyParser(true); // expand properties
    Collection<PolicyParser.DomainEntry> domains = null;
    List<KeyStoreBuilderComponents> builders = new ArrayList<>();
    String uriDomain = configuration.getFragment();

    try (InputStreamReader configurationReader =
        new InputStreamReader(PolicyUtil.getInputStream(configuration.toURL()), "UTF-8")) {
      parser.read(configurationReader);
      domains = parser.getDomainEntries();

    } catch (MalformedURLException mue) {
      throw new IOException(mue);

    } catch (PolicyParser.ParsingException pe) {
      throw new IOException(pe);
    }

    for (PolicyParser.DomainEntry domain : domains) {
      Map<String, String> domainProperties = domain.getProperties();

      if (uriDomain != null && (!uriDomain.equalsIgnoreCase(domain.getName()))) {
        continue; // skip this domain
      }

      if (domainProperties.containsKey(ENTRY_NAME_SEPARATOR)) {
        this.entryNameSeparator = domainProperties.get(ENTRY_NAME_SEPARATOR);
        // escape any regex meta characters
        char ch = 0;
        StringBuilder s = new StringBuilder();
        for (int i = 0; i < this.entryNameSeparator.length(); i++) {
          ch = this.entryNameSeparator.charAt(i);
          if (REGEX_META.indexOf(ch) != -1) {
            s.append('\\');
          }
          s.append(ch);
        }
        this.entryNameSeparatorRegEx = s.toString();
      }

      Collection<PolicyParser.KeyStoreEntry> keystores = domain.getEntries();
      for (PolicyParser.KeyStoreEntry keystore : keystores) {
        String keystoreName = keystore.getName();
        Map<String, String> properties = new HashMap<>(domainProperties);
        properties.putAll(keystore.getProperties());

        String keystoreType = DEFAULT_KEYSTORE_TYPE;
        if (properties.containsKey(KEYSTORE_TYPE)) {
          keystoreType = properties.get(KEYSTORE_TYPE);
        }

        Provider keystoreProvider = null;
        if (properties.containsKey(KEYSTORE_PROVIDER_NAME)) {
          String keystoreProviderName = properties.get(KEYSTORE_PROVIDER_NAME);
          keystoreProvider = Security.getProvider(keystoreProviderName);
          if (keystoreProvider == null) {
            throw new IOException("Error locating JCE provider: " + keystoreProviderName);
          }
        }

        File keystoreFile = null;
        if (properties.containsKey(KEYSTORE_URI)) {
          String uri = properties.get(KEYSTORE_URI);

          try {
            if (uri.startsWith("file://")) {
              keystoreFile = new File(new URI(uri));
            } else {
              keystoreFile = new File(uri);
            }

          } catch (URISyntaxException | IllegalArgumentException e) {
            throw new IOException(
                "Error processing keystore property: " + "keystoreURI=\"" + uri + "\"", e);
          }
        }

        KeyStore.ProtectionParameter keystoreProtection = null;
        if (passwords.containsKey(keystoreName)) {
          keystoreProtection = passwords.get(keystoreName);

        } else if (properties.containsKey(KEYSTORE_PASSWORD_ENV)) {
          String env = properties.get(KEYSTORE_PASSWORD_ENV);
          String pwd = System.getenv(env);
          if (pwd != null) {
            keystoreProtection = new KeyStore.PasswordProtection(pwd.toCharArray());
          } else {
            throw new IOException(
                "Error processing keystore property: " + "keystorePasswordEnv=\"" + env + "\"");
          }
        } else {
          keystoreProtection = new KeyStore.PasswordProtection(null);
        }

        builders.add(
            new KeyStoreBuilderComponents(
                keystoreName, keystoreType, keystoreProvider, keystoreFile, keystoreProtection));
      }
      break; // skip other domains
    }
    if (builders.isEmpty()) {
      throw new IOException("Error locating domain configuration data " + "for: " + configuration);
    }

    return builders;
  }