Example usage for java.security InvalidKeyException InvalidKeyException

List of usage examples for java.security InvalidKeyException InvalidKeyException

  1. HOME
  2. Java
  3. java
  4. java.security.*
  5. InvalidKeyException
  6. InvalidKeyException

Introduction

In this page you can find the example usage for java.security InvalidKeyException InvalidKeyException.

Prototype

public InvalidKeyException(Throwable cause)

Source Link

Document

Creates an InvalidKeyException with the specified cause and a detail message of (cause==null ?

Usage

From source file:org.cesecore.keys.util.KeyTools.java

/**
 * Testing a key pair to verify that it is possible to first sign and then verify with it.
 * //from www . j  a v a  2 s  .  c o m
 * @param priv
 *            private key to sign a string with
 * @param pub
 *            public key to verify the signature with
 * @param provider
 *            A provider used for signing with the private key, or null if "BC" should be used.
 * 
 * @throws InvalidKeyException
 *             if the public key can not be used to verify a string signed by the private key, because the key is wrong or the signature operation
 *             fails for other reasons such as a NoSuchAlgorithmException or SignatureException.
 * @throws NoSuchProviderException
 *             if the provider is not installed.
 */
public static void testKey(final PrivateKey priv, final PublicKey pub, final String provider)
        throws InvalidKeyException { // NOPMD:this is not a junit test
    final byte input[] = "Lillan gick pa vagen ut, motte dar en katt...".getBytes();
    final byte signBV[];
    final String testSigAlg;
    {
        final Iterator<String> i = AlgorithmTools.getSignatureAlgorithms(pub).iterator();
        final String tmp = i.hasNext() ? i.next() : null;
        testSigAlg = tmp != null ? tmp : "SHA1WithRSA";
    }
    if (log.isDebugEnabled()) {
        log.debug("Testing keys with algorithm: " + pub.getAlgorithm());
        log.debug("testSigAlg: " + testSigAlg);
        log.debug("provider: " + provider);
        log.trace("privateKey: " + priv);
        log.trace("privateKey class: " + priv.getClass().getName());
        log.trace("publicKey: " + pub);
        log.trace("publicKey class: " + pub.getClass().getName());
    }
    try {
        {
            final Provider prov = Security.getProvider(provider != null ? provider : "BC");
            final Signature signature = Signature.getInstance(testSigAlg, prov);
            signature.initSign(priv);
            signature.update(input);
            signBV = signature.sign();
            if (signBV == null) {
                throw new InvalidKeyException("Result from signing is null.");
            }
            if (log.isDebugEnabled()) {
                log.trace("Created signature of size: " + signBV.length);
                log.trace("Created signature: " + new String(Hex.encode(signBV)));
            }
        }
        {
            Signature signature;
            try {
                signature = Signature.getInstance(testSigAlg, "BC");
            } catch (NoSuchProviderException e) {
                throw new IllegalStateException("BouncyCastle was not found as a provider.", e);
            }
            signature.initVerify(pub);
            signature.update(input);
            if (!signature.verify(signBV)) {
                throw new InvalidKeyException("Not possible to sign and then verify with key pair.");
            }
        }
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidKeyException("Exception testing key: " + e.getMessage(), e);
    } catch (SignatureException e) {
        throw new InvalidKeyException("Exception testing key: " + e.getMessage(), e);
    }
}

From source file:org.ejbca.util.keystore.KeyTools.java

/** Testing a key pair to verify that it is possible to first sign and then verify with it.
 * //from w  w w. j a  v  a2s.co m
 * @param priv private key to sign a string with
 * @param pub public key to verify the signature with
 * @param provider A provider used for signing with the private key, or null if "BC" should be used.
 * 
 * @throws InvalidKeyException if the public key can not be used to verify a string signed by the private key, because the key is wrong or the signature operation fails for other reasons such as a NoSuchAlgorithmException or SignatureException.
 * @throws NoSuchProviderException if the provider is not installed.
 */
public static void testKey(final PrivateKey priv, final PublicKey pub, final String provider)
        throws InvalidKeyException, NoSuchProviderException {
    final byte input[] = "Lillan gick pa vagen ut, motte dar en katt...".getBytes();
    final byte signBV[];
    final String testSigAlg;
    {
        final Iterator<String> i = AlgorithmTools.getSignatureAlgorithms(pub).iterator();
        final String tmp = i.hasNext() ? i.next() : null;
        testSigAlg = tmp != null ? tmp : "SHA1WithRSA";
    }
    if (log.isDebugEnabled()) {
        log.debug("Testing keys with algorithm: " + pub.getAlgorithm());
        log.debug("testSigAlg: " + testSigAlg);
        log.debug("provider: " + provider);
        log.trace("privateKey: " + priv);
        log.trace("privateKey class: " + priv.getClass().getName());
        log.trace("publicKey: " + pub);
        log.trace("publicKey class: " + pub.getClass().getName());
    }
    try {
        {
            final Provider prov = Security.getProvider(provider != null ? provider : "BC");
            final Signature signature = Signature.getInstance(testSigAlg, prov);
            signature.initSign(priv);
            signature.update(input);
            signBV = signature.sign();
            if (signBV == null) {
                throw new InvalidKeyException("Result from signing is null.");
            }
            if (log.isDebugEnabled()) {
                log.trace("Created signature of size: " + signBV.length);
                log.trace("Created signature: " + new String(Hex.encode(signBV)));
            }
        }
        {
            final Signature signature = Signature.getInstance(testSigAlg, "BC");
            signature.initVerify(pub);
            signature.update(input);
            if (!signature.verify(signBV)) {
                throw new InvalidKeyException("Not possible to sign and then verify with key pair.");
            }
        }
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidKeyException("Exception testing key: " + e.getMessage(), e);
    } catch (SignatureException e) {
        throw new InvalidKeyException("Exception testing key: " + e.getMessage(), e);
    }
}

From source file:org.cesecore.keys.util.KeyTools.java

public static void checkValidKeyLength(final String keyAlg, final int len) throws InvalidKeyException {
    final boolean isEcdsa = AlgorithmConstants.KEYALGORITHM_ECDSA.equals(keyAlg);
    final boolean isGost3410 = AlgorithmTools.isGost3410Enabled()
            && AlgorithmConstants.KEYALGORITHM_ECGOST3410.equals(keyAlg);
    final boolean isDstu4145 = AlgorithmTools.isDstu4145Enabled()
            && keyAlg.startsWith(CesecoreConfiguration.getOidDstu4145() + ".");
    if (isEcdsa || isGost3410 || isDstu4145) {
        // We allow key lengths of 0, because that means that implicitlyCA is used. 
        // for ImplicitlyCA we have no idea what the key length is, on the other hand only real professionals
        // will ever use that to we will allow it.
        if ((len > 0) && (len < 224)) {
            final String msg = intres.getLocalizedMessage("catoken.invalidkeylength", "ECDSA", "224", len);
            throw new InvalidKeyException(msg);
        }//w  w  w .  j  a v a  2s. c o  m
    } else if (AlgorithmConstants.KEYALGORITHM_RSA.equals(keyAlg)
            || AlgorithmConstants.KEYALGORITHM_DSA.equals(keyAlg)) {
        if (len < 1024) {
            final String msg = intres.getLocalizedMessage("catoken.invalidkeylength", "RSA/DSA", "1024", len);
            throw new InvalidKeyException(msg);
        }
    }
}