Merge branch 'fb-DSS-2643-compile-pkcs11cryptotoken-against-cesecore' into 'main'

mlundblad · mlundblad · commit 00d1e2e8d3ff · 2023-06-05T09:13:57.000Z
DSS-2643: Compile PKCS11CryptoToken against CESeCore instead of KFC for now.

See merge request signserver/signserver!237
diff --git a/signserver/modules/SignServer-Server/pom.xml b/signserver/modules/SignServer-Server/pom.xml
@@ -23,6 +23,11 @@
           <groupId>log4j</groupId>
           <artifactId>log4j</artifactId>
         </exclusion>
+        <!-- DSS-2643: Workaround for PKCS11CryptoToken available in x509-common-util conflicing with the one from cesecore-common -->
+        <exclusion>
+          <groupId>org.ejbca.cesecore</groupId>
+          <artifactId>x509-common-util</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
diff --git a/signserver/modules/SignServer-Server/src/main/java/org/signserver/server/cryptotokens/PKCS11CryptoToken.java b/signserver/modules/SignServer-Server/src/main/java/org/signserver/server/cryptotokens/PKCS11CryptoToken.java
@@ -50,9 +50,9 @@
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.cesecore.certificates.util.AlgorithmTools;
-import com.keyfactor.util.keys.token.CryptoTokenAuthenticationFailedException;
-import com.keyfactor.util.keys.token.pkcs11.Pkcs11SlotLabelType;
-import com.keyfactor.util.keys.token.pkcs11.NoSuchSlotException;
+import org.cesecore.keys.token.CryptoTokenAuthenticationFailedException;
+import org.cesecore.keys.token.p11.Pkcs11SlotLabelType;
+import org.cesecore.keys.token.p11.exception.NoSuchSlotException;
 import org.cesecore.util.query.QueryCriteria;
 import org.signserver.common.CryptoTokenAuthenticationFailureException;
 import org.signserver.common.CryptoTokenInitializationFailureException;
@@ -291,7 +291,7 @@ public void init(int workerId, Properties props, org.signserver.server.IServices
                 // don't initialize keystore delegator when not auto-activated
             }
                 
-        } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException | NumberFormatException ex) {
+        } catch (org.cesecore.keys.token.CryptoTokenOfflineException | NumberFormatException ex) {
             LOG.error("Init failed", ex);
             throw new CryptoTokenInitializationFailureException(ex.getMessage());
         } catch (NoSuchSlotException ex) {
@@ -326,7 +326,7 @@ public int getCryptoTokenStatus(IServices services) {
                         }
                     }
                 }
-            } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeyException | SignatureException | ProviderException | OperatorCreationException | IOException ex) {
+            } catch (org.cesecore.keys.token.CryptoTokenOfflineException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeyException | SignatureException | ProviderException | OperatorCreationException | IOException ex) {
                 LOG.error("Error testing activation", ex);
             }
         }
@@ -339,7 +339,7 @@ public void activate(String authenticationcode, IServices services) throws Crypt
         try {
             delegate.activate(authenticationcode.toCharArray());
             keystoreDelegator = new JavaKeyStoreDelegator(delegate.getActivatedKeyStore());
-        } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {
+        } catch (org.cesecore.keys.token.CryptoTokenOfflineException ex) {
             LOG.error("Activate failed", ex);
             throw new CryptoTokenOfflineException(ex);
         } catch (CryptoTokenAuthenticationFailedException ex) {
@@ -368,7 +368,7 @@ public boolean deactivate(IServices services) throws CryptoTokenOfflineException
     private PrivateKey getPrivateKey(String alias) throws CryptoTokenOfflineException {
         try {
             return delegate.getPrivateKey(alias);
-        } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {
+        } catch (org.cesecore.keys.token.CryptoTokenOfflineException ex) {
             throw new CryptoTokenOfflineException(ex);
         }
     }
@@ -402,7 +402,7 @@ public ICertReqData genCertificateRequest(ISignerCertReqInfo info,
         }
         try {
             return CryptoTokenHelper.genCertificateRequest(info, delegate.getPrivateKey(alias), getProvider(ICryptoTokenV4.PROVIDERUSAGE_SIGN), delegate.getPublicKey(alias), explicitEccParameters);
-        } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException e) {
+        } catch (org.cesecore.keys.token.CryptoTokenOfflineException e) {
             LOG.error("Certificate request error: " + e.getMessage(), e);
             throw new CryptoTokenOfflineException(e);
         } catch (IllegalArgumentException ex) {
@@ -482,7 +482,7 @@ private void generateKeyPair(String keyAlgorithm, String keySpec, String alias,
                 final KeyStore ks = delegate.getActivatedKeyStore();
                 CryptoTokenHelper.regenerateCertIfWanted(alias, authCode, params, keystoreDelegator, ks.getProvider().getName());
             }
-        } catch (InvalidAlgorithmParameterException | com.keyfactor.util.keys.token.CryptoTokenOfflineException | CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | OperatorCreationException ex) {
+        } catch (InvalidAlgorithmParameterException | org.cesecore.keys.token.CryptoTokenOfflineException | CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | OperatorCreationException ex) {
             LOG.error(ex, ex);
             throw new CryptoTokenOfflineException(ex);
         }
@@ -533,7 +533,7 @@ private void generateSecretKey(String keyAlgorithm, String keySpec, String alias
         }
         try {
             delegate.generateKey(keyAlgorithm, Integer.valueOf(keySpec), alias);
-        } catch (IllegalArgumentException | NoSuchAlgorithmException | NoSuchProviderException | KeyStoreException | com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {
+        } catch (IllegalArgumentException | NoSuchAlgorithmException | NoSuchProviderException | KeyStoreException | org.cesecore.keys.token.CryptoTokenOfflineException ex) {
             LOG.error(ex, ex);
             throw new CryptoTokenOfflineException(ex);
         }
@@ -639,7 +639,7 @@ public KeyStorePKCS11CryptoToken() throws InstantiationException {
         public KeyStore getActivatedKeyStore() throws CryptoTokenOfflineException {
             try {
                 return getKeyStore().getKeyStore(); // TODO: Consider if we should instead use the CachingKeystoreWrapper
-            } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {
+            } catch (org.cesecore.keys.token.CryptoTokenOfflineException ex) {
                 throw new CryptoTokenOfflineException(ex);
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -50,9 +50,9 @@`
`50`	`50`	`import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;`
`51`	`51`	`import org.bouncycastle.operator.OperatorCreationException;`
`52`	`52`	`import org.cesecore.certificates.util.AlgorithmTools;`
`53`		`-import com.keyfactor.util.keys.token.CryptoTokenAuthenticationFailedException;`
`54`		`-import com.keyfactor.util.keys.token.pkcs11.Pkcs11SlotLabelType;`
`55`		`-import com.keyfactor.util.keys.token.pkcs11.NoSuchSlotException;`
	`53`	`+import org.cesecore.keys.token.CryptoTokenAuthenticationFailedException;`
	`54`	`+import org.cesecore.keys.token.p11.Pkcs11SlotLabelType;`
	`55`	`+import org.cesecore.keys.token.p11.exception.NoSuchSlotException;`
`56`	`56`	`import org.cesecore.util.query.QueryCriteria;`
`57`	`57`	`import org.signserver.common.CryptoTokenAuthenticationFailureException;`
`58`	`58`	`import org.signserver.common.CryptoTokenInitializationFailureException;`
`@@ -291,7 +291,7 @@ public void init(int workerId, Properties props, org.signserver.server.IServices`
`291`	`291`	`// don't initialize keystore delegator when not auto-activated`
`292`	`292`	`}`
`293`	`293`
`294`		`- } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException \| NumberFormatException ex) {`
	`294`	`+ } catch (org.cesecore.keys.token.CryptoTokenOfflineException \| NumberFormatException ex) {`
`295`	`295`	`LOG.error("Init failed", ex);`
`296`	`296`	`throw new CryptoTokenInitializationFailureException(ex.getMessage());`
`297`	`297`	`} catch (NoSuchSlotException ex) {`
`@@ -326,7 +326,7 @@ public int getCryptoTokenStatus(IServices services) {`
`326`	`326`	`}`
`327`	`327`	`}`
`328`	`328`	`}`
`329`		`- } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException \| NoSuchAlgorithmException \| NoSuchProviderException \| InvalidKeyException \| SignatureException \| ProviderException \| OperatorCreationException \| IOException ex) {`
	`329`	`+ } catch (org.cesecore.keys.token.CryptoTokenOfflineException \| NoSuchAlgorithmException \| NoSuchProviderException \| InvalidKeyException \| SignatureException \| ProviderException \| OperatorCreationException \| IOException ex) {`
`330`	`330`	`LOG.error("Error testing activation", ex);`
`331`	`331`	`}`
`332`	`332`	`}`
`@@ -339,7 +339,7 @@ public void activate(String authenticationcode, IServices services) throws Crypt`
`339`	`339`	`try {`
`340`	`340`	`delegate.activate(authenticationcode.toCharArray());`
`341`	`341`	`keystoreDelegator = new JavaKeyStoreDelegator(delegate.getActivatedKeyStore());`
`342`		`- } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {`
	`342`	`+ } catch (org.cesecore.keys.token.CryptoTokenOfflineException ex) {`
`343`	`343`	`LOG.error("Activate failed", ex);`
`344`	`344`	`throw new CryptoTokenOfflineException(ex);`
`345`	`345`	`} catch (CryptoTokenAuthenticationFailedException ex) {`
`@@ -368,7 +368,7 @@ public boolean deactivate(IServices services) throws CryptoTokenOfflineException`
`368`	`368`	`private PrivateKey getPrivateKey(String alias) throws CryptoTokenOfflineException {`
`369`	`369`	`try {`
`370`	`370`	`return delegate.getPrivateKey(alias);`
`371`		`- } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {`
	`371`	`+ } catch (org.cesecore.keys.token.CryptoTokenOfflineException ex) {`
`372`	`372`	`throw new CryptoTokenOfflineException(ex);`
`373`	`373`	`}`
`374`	`374`	`}`
`@@ -402,7 +402,7 @@ public ICertReqData genCertificateRequest(ISignerCertReqInfo info,`
`402`	`402`	`}`
`403`	`403`	`try {`
`404`	`404`	`return CryptoTokenHelper.genCertificateRequest(info, delegate.getPrivateKey(alias), getProvider(ICryptoTokenV4.PROVIDERUSAGE_SIGN), delegate.getPublicKey(alias), explicitEccParameters);`
`405`		`- } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException e) {`
	`405`	`+ } catch (org.cesecore.keys.token.CryptoTokenOfflineException e) {`
`406`	`406`	`LOG.error("Certificate request error: " + e.getMessage(), e);`
`407`	`407`	`throw new CryptoTokenOfflineException(e);`
`408`	`408`	`} catch (IllegalArgumentException ex) {`
`@@ -482,7 +482,7 @@ private void generateKeyPair(String keyAlgorithm, String keySpec, String alias,`
`482`	`482`	`final KeyStore ks = delegate.getActivatedKeyStore();`
`483`	`483`	`CryptoTokenHelper.regenerateCertIfWanted(alias, authCode, params, keystoreDelegator, ks.getProvider().getName());`
`484`	`484`	`}`
`485`		`- } catch (InvalidAlgorithmParameterException \| com.keyfactor.util.keys.token.CryptoTokenOfflineException \| CertificateException \| IOException \| KeyStoreException \| NoSuchAlgorithmException \| UnrecoverableKeyException \| OperatorCreationException ex) {`
	`485`	`+ } catch (InvalidAlgorithmParameterException \| org.cesecore.keys.token.CryptoTokenOfflineException \| CertificateException \| IOException \| KeyStoreException \| NoSuchAlgorithmException \| UnrecoverableKeyException \| OperatorCreationException ex) {`
`486`	`486`	`LOG.error(ex, ex);`
`487`	`487`	`throw new CryptoTokenOfflineException(ex);`
`488`	`488`	`}`
`@@ -533,7 +533,7 @@ private void generateSecretKey(String keyAlgorithm, String keySpec, String alias`
`533`	`533`	`}`
`534`	`534`	`try {`
`535`	`535`	`delegate.generateKey(keyAlgorithm, Integer.valueOf(keySpec), alias);`
`536`		`- } catch (IllegalArgumentException \| NoSuchAlgorithmException \| NoSuchProviderException \| KeyStoreException \| com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {`
	`536`	`+ } catch (IllegalArgumentException \| NoSuchAlgorithmException \| NoSuchProviderException \| KeyStoreException \| org.cesecore.keys.token.CryptoTokenOfflineException ex) {`
`537`	`537`	`LOG.error(ex, ex);`
`538`	`538`	`throw new CryptoTokenOfflineException(ex);`
`539`	`539`	`}`
`@@ -639,7 +639,7 @@ public KeyStorePKCS11CryptoToken() throws InstantiationException {`
`639`	`639`	`public KeyStore getActivatedKeyStore() throws CryptoTokenOfflineException {`
`640`	`640`	`try {`
`641`	`641`	`return getKeyStore().getKeyStore(); // TODO: Consider if we should instead use the CachingKeystoreWrapper`
`642`		`- } catch (com.keyfactor.util.keys.token.CryptoTokenOfflineException ex) {`
	`642`	`+ } catch (org.cesecore.keys.token.CryptoTokenOfflineException ex) {`
`643`	`643`	`throw new CryptoTokenOfflineException(ex);`
`644`	`644`	`}`
`645`	`645`	`}`