Red Hat Application Migration Toolkit
package ee.sk.digidoc.factory;
import ee.sk.digidoc.DigiDocException;
import ee.sk.digidoc.TokenKeyInfo;
import ee.sk.digidoc.factory.SignatureFactory;
import ee.sk.utils.ConfigManager;
import ee.sk.utils.ConvertUtils;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import javax.crypto.Cipher;
import org.apache.log4j.Logger;
public class Pkcs12SignatureFactory implements SignatureFactory {
private KeyStore m_keyStore;
private static Logger m_logger = Logger.getLogger(Pkcs12SignatureFactory.class);
private Provider m_secProvider;
public void init() throws DigiDocException {
this.initProvider();
if(this.m_keyStore == null) {
ConfigManager cfg = ConfigManager.instance();
String storeFile = cfg.getProperty("DIGIDOC_KEYSTORE_FILE");
String storeType = cfg.getProperty("DIGIDOC_KEYSTORE_TYPE");
String storePasswd = cfg.getProperty("DIGIDOC_KEYSTORE_PASSWD");
if(storeFile != null && storeType != null && storePasswd != null) {
this.load(storeFile, storeType, storePasswd);
}
}
}
public boolean load(String storeName, String storeType, String passwd) throws DigiDocException {
try {
if(m_logger.isDebugEnabled()) {
m_logger.debug("Load store: " + storeName + " type: " + storeType);
}
this.m_keyStore = KeyStore.getInstance(storeType);
if(this.m_keyStore != null) {
this.m_keyStore.load(new FileInputStream(storeName), passwd.toCharArray());
return true;
}
} catch (Exception var5) {
m_logger.error("Error loading store: " + storeName + " - " + var5);
}
return false;
}
private void initProvider() throws DigiDocException {
try {
this.m_secProvider = (Provider)Class.forName(ConfigManager.instance().getProperty("DIGIDOC_SECURITY_PROVIDER")).newInstance();
Security.addProvider(this.m_secProvider);
} catch (Exception var2) {
this.m_secProvider = null;
DigiDocException.handleException(var2, 58);
}
}
public TokenKeyInfo[] getTokenKeys() throws DigiDocException {
return null;
}
public TokenKeyInfo[] getTokensOfType(boolean bSign) {
return null;
}
public String[] getAvailableTokenNames() throws DigiDocException {
Vector vec = new Vector();
try {
if(this.m_keyStore != null) {
Enumeration arr = this.m_keyStore.aliases();
while(arr.hasMoreElements()) {
String i = (String)arr.nextElement();
vec.add(i);
}
}
} catch (Exception var4) {
m_logger.error("Error reading store aliases: " + var4);
}
String[] var5 = new String[vec.size()];
for(int var6 = 0; vec != null && var6 < vec.size(); ++var6) {
var5[var6] = (String)vec.elementAt(var6);
}
return var5;
}
private String getTokenName(int nIdx) {
try {
if(this.m_keyStore != null) {
Enumeration ex = this.m_keyStore.aliases();
for(int i = 0; ex.hasMoreElements(); ++i) {
String alias = (String)ex.nextElement();
if(i == nIdx) {
return alias;
}
}
}
} catch (Exception var5) {
m_logger.error("Error reading store aliases: " + var5);
}
return null;
}
public static Signature sigMeth2SigSignatureInstance(ee.sk.digidoc.Signature sig, Key key) throws DigiDocException {
Signature instance = null;
String sigMeth = null;
String sigType = null;
try {
if(sig != null && sig.getSignedInfo() != null && sig.getSignedInfo().getSignatureMethod() != null) {
sigMeth = sig.getSignedInfo().getSignatureMethod();
}
ConfigManager.instance();
sigType = ConfigManager.sigMeth2SigType(sigMeth);
if(m_logger.isDebugEnabled()) {
m_logger.debug("Key: " + (key != null?"OK, algorithm: " + key.getAlgorithm():"NULL") + " method: " + sigMeth + " type: " + sigType);
}
if(sigType == null) {
throw new DigiDocException(24, "SignatureMethod not specified!", (Throwable)null);
}
instance = Signature.getInstance(sigType, ConfigManager.addProvider());
} catch (Exception var6) {
m_logger.error("Error constructing signature instance: " + var6);
}
return instance;
}
public byte[] sign(byte[] xml, int token, String passwd, ee.sk.digidoc.Signature sig) throws DigiDocException {
try {
if(this.m_keyStore == null) {
throw new DigiDocException(16, "Keystore not initialized", (Throwable)null);
} else {
String ex = this.getTokenName(token);
if(ex == null) {
throw new DigiDocException(60, "Invalid token nr: " + token, (Throwable)null);
} else {
if(m_logger.isDebugEnabled()) {
m_logger.debug("loading key: " + ex + " passwd-len: " + (passwd != null?passwd.length():0));
}
Key key = this.m_keyStore.getKey(ex, passwd.toCharArray());
if(m_logger.isDebugEnabled()) {
m_logger.debug("Key: " + (key != null?"OK, algorithm: " + key.getAlgorithm():"NULL"));
}
if(key == null) {
throw new DigiDocException(60, "Invalid password for token nr: " + token, (Throwable)null);
} else {
String sigMeth = null;
if(sig != null && sig.getSignedInfo() != null && sig.getSignedInfo().getSignatureMethod() != null) {
sigMeth = sig.getSignedInfo().getSignatureMethod();
}
if(m_logger.isDebugEnabled()) {
m_logger.debug("Signing\n---\n" + new String(xml) + "\n---\n method: " + sigMeth);
}
Signature instance = sigMeth2SigSignatureInstance(sig, key);
if(m_logger.isDebugEnabled()) {
m_logger.debug("Signature instance: " + (instance != null?"OK":"NULL"));
}
instance.initSign((PrivateKey)key);
instance.update(xml);
byte[] signature = instance.sign();
if(m_logger.isDebugEnabled()) {
m_logger.debug("Signature len: " + (signature != null?signature.length:0) + "\n---\n sig: " + ConvertUtils.bin2hex(signature));
}
return signature;
}
}
}
} catch (DigiDocException var10) {
m_logger.error("DigiDoc Error signing: " + var10);
throw var10;
} catch (Exception var11) {
m_logger.error("Error signing: " + var11);
return null;
}
}
public X509Certificate getCertificate(int token, String pin) throws DigiDocException {
if(this.m_keyStore == null) {
throw new DigiDocException(16, "Keystore not initialized", (Throwable)null);
} else {
String alias = this.getTokenName(token);
if(alias == null) {
throw new DigiDocException(60, "Invalid token nr: " + token, (Throwable)null);
} else {
try {
return (X509Certificate)this.m_keyStore.getCertificate(alias);
} catch (Exception var5) {
m_logger.error("Error reading cert for alias: " + alias + " - " + var5);
return null;
}
}
}
}
public X509Certificate getAuthCertificate(int token, String pin) throws DigiDocException {
return this.getCertificate(token, pin);
}
public void reset() throws DigiDocException {
this.m_keyStore = null;
}
public void closeSession() throws DigiDocException {
this.reset();
}
public byte[] decrypt(byte[] data, int token, String pin) throws DigiDocException {
try {
if(this.m_keyStore == null) {
throw new DigiDocException(16, "Keystore not initialized", (Throwable)null);
} else {
String ex = this.getTokenName(token);
if(ex == null) {
throw new DigiDocException(60, "Invalid token nr: " + token, (Throwable)null);
} else {
if(m_logger.isDebugEnabled()) {
m_logger.debug("loading key: " + ex + " passwd-len: " + (pin != null?pin.length():0));
}
Key key = this.m_keyStore.getKey(ex, pin.toCharArray());
if(m_logger.isDebugEnabled()) {
m_logger.debug("Key: " + (key != null?"OK, algorithm: " + key.getAlgorithm():"NULL"));
}
if(key == null) {
throw new DigiDocException(60, "Invalid password for token: " + ex, (Throwable)null);
} else {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(2, key);
byte[] decdata = cipher.doFinal(data);
if(m_logger.isDebugEnabled()) {
m_logger.debug("Decrypted len: " + (decdata != null?decdata.length:0));
}
return decdata;
}
}
}
} catch (Exception var8) {
m_logger.error("Error decrypting: " + var8);
return null;
}
}
public String getType() {
return "PKCS12";
}
}