Search in sources :

Example 76 with Session

use of com.trilead.ssh2.Session in project xipki by xipki.

the class IaikP11Slot method refresh0.

@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
    Mechanism[] mechanisms;
    try {
        mechanisms = slot.getToken().getMechanismList();
    } catch (TokenException ex) {
        throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
    }
    P11SlotRefreshResult ret = new P11SlotRefreshResult();
    if (mechanisms != null) {
        for (Mechanism mech : mechanisms) {
            ret.addMechanism(mech.getMechanismCode());
        }
    }
    ConcurrentBagEntry<Session> session = borrowSession();
    try {
        // secret keys
        List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
        for (SecretKey secKey : secretKeys) {
            byte[] keyId = secKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                continue;
            }
            analyseSingleKey(secKey, ret);
        }
        // first get the list of all CA certificates
        List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
        for (X509PublicKeyCertificate p11Cert : p11Certs) {
            P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
            ret.addCertificate(objId, parseCert(p11Cert));
        }
        List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
        for (PrivateKey privKey : privKeys) {
            byte[] keyId = privKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                break;
            }
            try {
                analyseSingleKey(session.value(), privKey, ret);
            } catch (XiSecurityException ex) {
                LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
                continue;
            } catch (Throwable th) {
                String label = "";
                if (privKey.getLabel() != null) {
                    label = new String(privKey.getLabel().getCharArrayValue());
                }
                LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
                continue;
            }
        }
        return ret;
    } finally {
        sessions.requite(session);
    }
}
Also used : RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) P11TokenException(org.xipki.security.exception.P11TokenException) DEROctetString(org.bouncycastle.asn1.DEROctetString) Mechanism(iaik.pkcs.pkcs11.Mechanism) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 77 with Session

use of com.trilead.ssh2.Session in project xipki by xipki.

the class IaikP11Slot method generateSecretKey0.

@Override
protected P11Identity generateSecretKey0(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException {
    if (keysize % 8 != 0) {
        throw new IllegalArgumentException("keysize is not multiple of 8: " + keysize);
    }
    long mech;
    if (PKCS11Constants.CKK_AES == keyType) {
        mech = PKCS11Constants.CKM_AES_KEY_GEN;
    } else if (PKCS11Constants.CKK_DES3 == keyType) {
        mech = PKCS11Constants.CKM_DES3_KEY_GEN;
    } else if (PKCS11Constants.CKK_GENERIC_SECRET == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else if (PKCS11Constants.CKK_SHA_1_HMAC == keyType || PKCS11Constants.CKK_SHA224_HMAC == keyType || PKCS11Constants.CKK_SHA256_HMAC == keyType || PKCS11Constants.CKK_SHA384_HMAC == keyType || PKCS11Constants.CKK_SHA512_HMAC == keyType || PKCS11Constants.CKK_SHA3_224_HMAC == keyType || PKCS11Constants.CKK_SHA3_256_HMAC == keyType || PKCS11Constants.CKK_SHA3_384_HMAC == keyType || PKCS11Constants.CKK_SHA3_512_HMAC == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else {
        throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) keyType));
    }
    assertMechanismSupported(mech);
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValueLen().setLongValue((long) (keysize / 8));
    Mechanism mechanism = Mechanism.get(mech);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.generateKey(mechanism, template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not generate generic secret key using " + mechanism.getName(), ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Example 78 with Session

use of com.trilead.ssh2.Session in project xipki by xipki.

the class IaikP11Slot method sign.

byte[] sign(long mechanism, P11Params parameters, byte[] content, IaikP11Identity identity) throws P11TokenException {
    ParamUtil.requireNonNull("content", content);
    assertMechanismSupported(mechanism);
    int len = content.length;
    int expectedSignatureLen;
    if (mechanism == PKCS11Constants.CKM_SHA_1_HMAC) {
        expectedSignatureLen = 20;
    } else if (mechanism == PKCS11Constants.CKM_SHA224_HMAC || mechanism == PKCS11Constants.CKM_SHA3_224) {
        expectedSignatureLen = 28;
    } else if (mechanism == PKCS11Constants.CKM_SHA256_HMAC || mechanism == PKCS11Constants.CKM_SHA3_256) {
        expectedSignatureLen = 32;
    } else if (mechanism == PKCS11Constants.CKM_SHA384_HMAC || mechanism == PKCS11Constants.CKM_SHA3_384) {
        expectedSignatureLen = 48;
    } else if (mechanism == PKCS11Constants.CKM_SHA512_HMAC || mechanism == PKCS11Constants.CKM_SHA3_512) {
        expectedSignatureLen = 64;
    } else if (mechanism == PKCS11Constants.CKM_VENDOR_SM2 || mechanism == PKCS11Constants.CKM_VENDOR_SM2_SM3) {
        expectedSignatureLen = 32;
    } else {
        expectedSignatureLen = identity.getExpectedSignatureLen();
    }
    ConcurrentBagEntry<Session> session0 = borrowSession();
    try {
        Session session = session0.value();
        if (len <= maxMessageSize) {
            return singleSign(session, mechanism, parameters, content, identity);
        }
        Key signingKey = identity.getSigningKey();
        Mechanism mechanismObj = getMechanism(mechanism, parameters);
        if (LOG.isTraceEnabled()) {
            LOG.debug("sign (init, update, then finish) with private key:\n{}", signingKey);
        }
        session.signInit(mechanismObj, signingKey);
        for (int i = 0; i < len; i += maxMessageSize) {
            int blockLen = Math.min(maxMessageSize, len - i);
            // byte[] block = new byte[blockLen];
            // System.arraycopy(content, i, block, 0, blockLen);
            session.signUpdate(content, i, blockLen);
        }
        return session.signFinal(expectedSignatureLen);
    } catch (TokenException ex) {
        throw new P11TokenException(ex);
    } finally {
        sessions.requite(session0);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Example 79 with Session

use of com.trilead.ssh2.Session in project xipki by xipki.

the class IaikP11Slot method openSession.

private Session openSession(boolean rwSession) throws P11TokenException {
    Session session;
    try {
        session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rwSession, null, null);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    countSessions.incrementAndGet();
    return session;
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) Session(iaik.pkcs.pkcs11.Session)

Example 80 with Session

use of com.trilead.ssh2.Session in project rdf2neo by Rothamsted.

the class CypherHandlersIT method testRelations.

/**
 * Tests {@link CyRelationLoadingHandler} to see if relations are mapped from RDF and loaded into Neo4J.
 */
@Test
public void testRelations() throws Exception {
    try (Driver neoDriver = GraphDatabase.driver("bolt://127.0.0.1:7687", AuthTokens.basic("neo4j", "test"));
        CyRelationLoadingHandler handler = new CyRelationLoadingHandler();
        RdfDataManager rdfMgr = new RdfDataManager(RdfDataManagerTest.TDB_PATH);
        Neo4jDataManager neoMgr = new Neo4jDataManager(neoDriver)) {
        handler.setRdfDataManager(rdfMgr);
        handler.setNeo4jDataManager(neoMgr);
        handler.setRelationTypesSparql(RdfDataManagerTest.SPARQL_REL_TYPES);
        handler.setRelationPropsSparql(RdfDataManagerTest.SPARQL_REL_PROPS);
        Set<QuerySolution> relSparqlRows = new HashSet<>();
        Dataset dataSet = rdfMgr.getDataSet();
        Txn.executeRead(dataSet, () -> SparqlUtils.select(RdfDataManagerTest.SPARQL_REL_TYPES, rdfMgr.getDataSet().getDefaultModel()).forEachRemaining(row -> relSparqlRows.add(row)));
        handler.accept(relSparqlRows);
        Session session = neoDriver.session(AccessMode.READ);
        StatementResult cursor = session.run("MATCH ()-[r]->() RETURN COUNT ( r ) AS ct");
        Assert.assertEquals("Wrong count for relations", 3, cursor.next().get("ct").asLong());
        cursor = session.run("MATCH p = (:TestNode{ iri:$iri1 })-[:relatedTo]->(:TestNode{ iri:$iri2 }) RETURN COUNT ( p ) AS ct", parameters("iri1", iri("ex:1"), "iri2", iri("ex:2")));
        Assert.assertEquals("Wrong count for {1 relatedTo 2}!", 1, cursor.next().get("ct").asLong());
        cursor = session.run("MATCH p = (:SuperTestNode{ iri:$iri1 })-[:derivedFrom]->(:TestNode{ iri:$iri2 }) RETURN COUNT ( p ) AS ct", parameters("iri1", iri("ex:3"), "iri2", iri("ex:1")));
        Assert.assertEquals("Wrong count for {3 derivedFrom 1}!", 1, cursor.next().get("ct").asLong());
        cursor = session.run("MATCH (:TestNode{ iri:$iri1 })-[r:relatedTo]->(:AdditionalLabel{ iri:$iri2 }) RETURN r.note AS note", parameters("iri1", iri("ex:2"), "iri2", iri("ex:3")));
        assertTrue("{2 relatedTo 3} not found!", cursor.hasNext());
        Set<String> values = cursor.next().get("note").asList().stream().map(v -> (String) v).collect(Collectors.toSet());
        Set<String> refValues = new HashSet<>(Arrays.asList(new String[] { "Reified Relation", "Another Note" }));
        assertTrue("reified relation, wrong property value for 'note'!", Sets.difference(values, refValues).isEmpty());
    }
}
Also used : SparqlUtils(info.marcobrandizi.rdfutils.jena.SparqlUtils) Arrays(java.util.Arrays) Driver(org.neo4j.driver.v1.Driver) BeforeClass(org.junit.BeforeClass) AccessMode(org.neo4j.driver.v1.AccessMode) LoggerFactory(org.slf4j.LoggerFactory) HashSet(java.util.HashSet) QuerySolution(org.apache.jena.query.QuerySolution) Session(org.neo4j.driver.v1.Session) Txn(org.apache.jena.system.Txn) Values.parameters(org.neo4j.driver.v1.Values.parameters) Resource(org.apache.jena.rdf.model.Resource) Map(java.util.Map) GraphDatabase(org.neo4j.driver.v1.GraphDatabase) NamespaceUtils.iri(info.marcobrandizi.rdfutils.namespaces.NamespaceUtils.iri) Dataset(org.apache.jena.query.Dataset) Before(org.junit.Before) AfterClass(org.junit.AfterClass) Logger(org.slf4j.Logger) AuthTokens(org.neo4j.driver.v1.AuthTokens) Assert.assertTrue(org.junit.Assert.assertTrue) Set(java.util.Set) IOException(java.io.IOException) Test(org.junit.Test) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) Stream(java.util.stream.Stream) StatementResult(org.neo4j.driver.v1.StatementResult) Assert(org.junit.Assert) Assert.assertEquals(org.junit.Assert.assertEquals) StatementResult(org.neo4j.driver.v1.StatementResult) Dataset(org.apache.jena.query.Dataset) Driver(org.neo4j.driver.v1.Driver) QuerySolution(org.apache.jena.query.QuerySolution) HashSet(java.util.HashSet) Session(org.neo4j.driver.v1.Session) Test(org.junit.Test)

Aggregations

Session (com.trilead.ssh2.Session)43 Session (org.neo4j.driver.v1.Session)38 Connection (com.trilead.ssh2.Connection)32 IOException (java.io.IOException)31 Test (org.junit.Test)29 InputStream (java.io.InputStream)28 Driver (org.neo4j.driver.v1.Driver)27 StatementResult (org.neo4j.driver.v1.StatementResult)20 Record (org.neo4j.driver.v1.Record)12 Session (iaik.pkcs.pkcs11.Session)10 TokenException (iaik.pkcs.pkcs11.TokenException)10 P11TokenException (org.xipki.security.exception.P11TokenException)10 CoreClusterMember (org.neo4j.causalclustering.discovery.CoreClusterMember)9 RoutingNetworkSession (org.neo4j.driver.internal.RoutingNetworkSession)9 Session (ch.ethz.ssh2.Session)8 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 HttpException (org.apache.commons.httpclient.HttpException)8 Transaction (org.neo4j.driver.v1.Transaction)7 SCPClient (com.trilead.ssh2.SCPClient)6