use of com.trilead.ssh2.Session in project xipki by xipki.
the class IaikP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
Mechanism[] mechanisms;
try {
mechanisms = slot.getToken().getMechanismList();
} catch (TokenException ex) {
throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
}
P11SlotRefreshResult ret = new P11SlotRefreshResult();
if (mechanisms != null) {
for (Mechanism mech : mechanisms) {
ret.addMechanism(mech.getMechanismCode());
}
}
ConcurrentBagEntry<Session> session = borrowSession();
try {
// secret keys
List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
for (SecretKey secKey : secretKeys) {
byte[] keyId = secKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
continue;
}
analyseSingleKey(secKey, ret);
}
// first get the list of all CA certificates
List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
for (X509PublicKeyCertificate p11Cert : p11Certs) {
P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
ret.addCertificate(objId, parseCert(p11Cert));
}
List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
for (PrivateKey privKey : privKeys) {
byte[] keyId = privKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
break;
}
try {
analyseSingleKey(session.value(), privKey, ret);
} catch (XiSecurityException ex) {
LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
continue;
} catch (Throwable th) {
String label = "";
if (privKey.getLabel() != null) {
label = new String(privKey.getLabel().getCharArrayValue());
}
LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
continue;
}
}
return ret;
} finally {
sessions.requite(session);
}
}
use of com.trilead.ssh2.Session in project xipki by xipki.
the class IaikP11Slot method generateSecretKey0.
@Override
protected P11Identity generateSecretKey0(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException {
if (keysize % 8 != 0) {
throw new IllegalArgumentException("keysize is not multiple of 8: " + keysize);
}
long mech;
if (PKCS11Constants.CKK_AES == keyType) {
mech = PKCS11Constants.CKM_AES_KEY_GEN;
} else if (PKCS11Constants.CKK_DES3 == keyType) {
mech = PKCS11Constants.CKM_DES3_KEY_GEN;
} else if (PKCS11Constants.CKK_GENERIC_SECRET == keyType) {
mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
} else if (PKCS11Constants.CKK_SHA_1_HMAC == keyType || PKCS11Constants.CKK_SHA224_HMAC == keyType || PKCS11Constants.CKK_SHA256_HMAC == keyType || PKCS11Constants.CKK_SHA384_HMAC == keyType || PKCS11Constants.CKK_SHA512_HMAC == keyType || PKCS11Constants.CKK_SHA3_224_HMAC == keyType || PKCS11Constants.CKK_SHA3_256_HMAC == keyType || PKCS11Constants.CKK_SHA3_384_HMAC == keyType || PKCS11Constants.CKK_SHA3_512_HMAC == keyType) {
mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
} else {
throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) keyType));
}
assertMechanismSupported(mech);
ValuedSecretKey template = new ValuedSecretKey(keyType);
template.getToken().setBooleanValue(true);
template.getLabel().setCharArrayValue(label.toCharArray());
template.getSign().setBooleanValue(true);
template.getSensitive().setBooleanValue(true);
template.getExtractable().setBooleanValue(control.isExtractable());
template.getValueLen().setLongValue((long) (keysize / 8));
Mechanism mechanism = Mechanism.get(mech);
SecretKey key;
Session session = borrowWritableSession();
try {
if (labelExists(session, label)) {
throw new IllegalArgumentException("label " + label + " exists, please specify another one");
}
byte[] id = generateKeyId(session);
template.getId().setByteArrayValue(id);
try {
key = (SecretKey) session.generateKey(mechanism, template);
} catch (TokenException ex) {
throw new P11TokenException("could not generate generic secret key using " + mechanism.getName(), ex);
}
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
return new IaikP11Identity(this, entityId, key);
} finally {
returnWritableSession(session);
}
}
use of com.trilead.ssh2.Session in project xipki by xipki.
the class IaikP11Slot method sign.
byte[] sign(long mechanism, P11Params parameters, byte[] content, IaikP11Identity identity) throws P11TokenException {
ParamUtil.requireNonNull("content", content);
assertMechanismSupported(mechanism);
int len = content.length;
int expectedSignatureLen;
if (mechanism == PKCS11Constants.CKM_SHA_1_HMAC) {
expectedSignatureLen = 20;
} else if (mechanism == PKCS11Constants.CKM_SHA224_HMAC || mechanism == PKCS11Constants.CKM_SHA3_224) {
expectedSignatureLen = 28;
} else if (mechanism == PKCS11Constants.CKM_SHA256_HMAC || mechanism == PKCS11Constants.CKM_SHA3_256) {
expectedSignatureLen = 32;
} else if (mechanism == PKCS11Constants.CKM_SHA384_HMAC || mechanism == PKCS11Constants.CKM_SHA3_384) {
expectedSignatureLen = 48;
} else if (mechanism == PKCS11Constants.CKM_SHA512_HMAC || mechanism == PKCS11Constants.CKM_SHA3_512) {
expectedSignatureLen = 64;
} else if (mechanism == PKCS11Constants.CKM_VENDOR_SM2 || mechanism == PKCS11Constants.CKM_VENDOR_SM2_SM3) {
expectedSignatureLen = 32;
} else {
expectedSignatureLen = identity.getExpectedSignatureLen();
}
ConcurrentBagEntry<Session> session0 = borrowSession();
try {
Session session = session0.value();
if (len <= maxMessageSize) {
return singleSign(session, mechanism, parameters, content, identity);
}
Key signingKey = identity.getSigningKey();
Mechanism mechanismObj = getMechanism(mechanism, parameters);
if (LOG.isTraceEnabled()) {
LOG.debug("sign (init, update, then finish) with private key:\n{}", signingKey);
}
session.signInit(mechanismObj, signingKey);
for (int i = 0; i < len; i += maxMessageSize) {
int blockLen = Math.min(maxMessageSize, len - i);
// byte[] block = new byte[blockLen];
// System.arraycopy(content, i, block, 0, blockLen);
session.signUpdate(content, i, blockLen);
}
return session.signFinal(expectedSignatureLen);
} catch (TokenException ex) {
throw new P11TokenException(ex);
} finally {
sessions.requite(session0);
}
}
use of com.trilead.ssh2.Session in project xipki by xipki.
the class IaikP11Slot method openSession.
private Session openSession(boolean rwSession) throws P11TokenException {
Session session;
try {
session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rwSession, null, null);
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
countSessions.incrementAndGet();
return session;
}
use of com.trilead.ssh2.Session in project rdf2neo by Rothamsted.
the class CypherHandlersIT method testRelations.
/**
* Tests {@link CyRelationLoadingHandler} to see if relations are mapped from RDF and loaded into Neo4J.
*/
@Test
public void testRelations() throws Exception {
try (Driver neoDriver = GraphDatabase.driver("bolt://127.0.0.1:7687", AuthTokens.basic("neo4j", "test"));
CyRelationLoadingHandler handler = new CyRelationLoadingHandler();
RdfDataManager rdfMgr = new RdfDataManager(RdfDataManagerTest.TDB_PATH);
Neo4jDataManager neoMgr = new Neo4jDataManager(neoDriver)) {
handler.setRdfDataManager(rdfMgr);
handler.setNeo4jDataManager(neoMgr);
handler.setRelationTypesSparql(RdfDataManagerTest.SPARQL_REL_TYPES);
handler.setRelationPropsSparql(RdfDataManagerTest.SPARQL_REL_PROPS);
Set<QuerySolution> relSparqlRows = new HashSet<>();
Dataset dataSet = rdfMgr.getDataSet();
Txn.executeRead(dataSet, () -> SparqlUtils.select(RdfDataManagerTest.SPARQL_REL_TYPES, rdfMgr.getDataSet().getDefaultModel()).forEachRemaining(row -> relSparqlRows.add(row)));
handler.accept(relSparqlRows);
Session session = neoDriver.session(AccessMode.READ);
StatementResult cursor = session.run("MATCH ()-[r]->() RETURN COUNT ( r ) AS ct");
Assert.assertEquals("Wrong count for relations", 3, cursor.next().get("ct").asLong());
cursor = session.run("MATCH p = (:TestNode{ iri:$iri1 })-[:relatedTo]->(:TestNode{ iri:$iri2 }) RETURN COUNT ( p ) AS ct", parameters("iri1", iri("ex:1"), "iri2", iri("ex:2")));
Assert.assertEquals("Wrong count for {1 relatedTo 2}!", 1, cursor.next().get("ct").asLong());
cursor = session.run("MATCH p = (:SuperTestNode{ iri:$iri1 })-[:derivedFrom]->(:TestNode{ iri:$iri2 }) RETURN COUNT ( p ) AS ct", parameters("iri1", iri("ex:3"), "iri2", iri("ex:1")));
Assert.assertEquals("Wrong count for {3 derivedFrom 1}!", 1, cursor.next().get("ct").asLong());
cursor = session.run("MATCH (:TestNode{ iri:$iri1 })-[r:relatedTo]->(:AdditionalLabel{ iri:$iri2 }) RETURN r.note AS note", parameters("iri1", iri("ex:2"), "iri2", iri("ex:3")));
assertTrue("{2 relatedTo 3} not found!", cursor.hasNext());
Set<String> values = cursor.next().get("note").asList().stream().map(v -> (String) v).collect(Collectors.toSet());
Set<String> refValues = new HashSet<>(Arrays.asList(new String[] { "Reified Relation", "Another Note" }));
assertTrue("reified relation, wrong property value for 'note'!", Sets.difference(values, refValues).isEmpty());
}
}
Aggregations