Example 41 with Session
use of iaik.pkcs.pkcs11.Session in project xipki by xipki.
the class IaikP11Slot method digestKey.
byte[] digestKey(long mechanism, IaikP11Identity identity) throws P11TokenException {
ParamUtil.requireNonNull("identity", identity);
assertMechanismSupported(mechanism);
Key signingKey = identity.getSigningKey();
if (!(signingKey instanceof SecretKey)) {
throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey");
}
if (LOG.isTraceEnabled()) {
LOG.debug("digest (init, digestKey, then finish)\n{}", signingKey);
}
int digestLen;
if (PKCS11Constants.CKM_SHA_1 == mechanism) {
digestLen = 20;
} else if (PKCS11Constants.CKM_SHA224 == mechanism || PKCS11Constants.CKM_SHA3_224 == mechanism) {
digestLen = 28;
} else if (PKCS11Constants.CKM_SHA256 == mechanism || PKCS11Constants.CKM_SHA3_256 == mechanism) {
digestLen = 32;
} else if (PKCS11Constants.CKM_SHA384 == mechanism || PKCS11Constants.CKM_SHA3_384 == mechanism) {
digestLen = 48;
} else if (PKCS11Constants.CKM_SHA512 == mechanism || PKCS11Constants.CKM_SHA3_512 == mechanism) {
digestLen = 64;
} else {
throw new P11TokenException("unsupported mechnism " + mechanism);
}
ConcurrentBagEntry<Session> session0 = borrowSession();
try {
Session session = session0.value();
session.digestInit(Mechanism.get(mechanism));
session.digestKey((SecretKey) signingKey);
byte[] digest = new byte[digestLen];
session.digestFinal(digest, 0, digestLen);
return digest;
} catch (TokenException ex) {
throw new P11TokenException(ex);
} finally {
sessions.requite(session0);
}
}
Also used :
ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey)
SecretKey(iaik.pkcs.pkcs11.objects.SecretKey)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11TokenException(org.xipki.security.exception.P11TokenException)
TokenException(iaik.pkcs.pkcs11.TokenException)
RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey)
ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey)
SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey)
ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey)
Key(iaik.pkcs.pkcs11.objects.Key)
DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey)
RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey)
SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey)
ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey)
PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey)
DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey)
PublicKey(iaik.pkcs.pkcs11.objects.PublicKey)
SecretKey(iaik.pkcs.pkcs11.objects.SecretKey)
Session(iaik.pkcs.pkcs11.Session)
Example 42 with Session
use of iaik.pkcs.pkcs11.Session in project xipki by xipki.
the class IaikP11Slot method updateCertificate0.
@Override
protected void updateCertificate0(P11ObjectIdentifier objectId, X509Certificate newCert) throws P11TokenException {
removeCerts(objectId);
try {
Thread.sleep(1000);
} catch (InterruptedException ex) {
// CHECKSTYLE:SKIP
}
X509PublicKeyCertificate newCertTemp = createPkcs11Template(new X509Cert(newCert), objectId.getId(), objectId.getLabelChars());
Session session = borrowWritableSession();
try {
session.createObject(newCertTemp);
} catch (TokenException ex) {
throw new P11TokenException("could not createObject: " + ex.getMessage(), ex);
} finally {
returnWritableSession(session);
}
}
Also used :
X509Cert(org.xipki.security.X509Cert)
P11TokenException(org.xipki.security.exception.P11TokenException)
TokenException(iaik.pkcs.pkcs11.TokenException)
P11TokenException(org.xipki.security.exception.P11TokenException)
X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)
Session(iaik.pkcs.pkcs11.Session)
Example 43 with Session
use of iaik.pkcs.pkcs11.Session in project xipki by xipki.
the class IaikP11Slot method analyseSingleKey.
private void analyseSingleKey(Session session, PrivateKey privKey, P11SlotRefreshResult refreshResult) throws P11TokenException, XiSecurityException {
byte[] id = privKey.getId().getByteArrayValue();
java.security.PublicKey pubKey = null;
X509Cert cert = refreshResult.getCertForId(id);
if (cert != null) {
pubKey = cert.getCert().getPublicKey();
} else {
PublicKey p11PublicKey = getPublicKeyObject(session, id, null);
if (p11PublicKey == null) {
LOG.info("neither certificate nor public key for the key (" + hex(id) + " is available");
return;
}
pubKey = generatePublicKey(p11PublicKey);
}
P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(privKey.getLabel()));
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), privKey, pubKey, certs);
refreshResult.addIdentity(identity);
}
Also used :
DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey)
RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey)
SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey)
ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey)
PublicKey(iaik.pkcs.pkcs11.objects.PublicKey)
X509Cert(org.xipki.security.X509Cert)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Example 44 with Session
use of iaik.pkcs.pkcs11.Session in project xipki by xipki.
the class IaikP11Slot method getAllPrivateObjects.
private List<PrivateKey> getAllPrivateObjects(Session session) throws P11TokenException {
PrivateKey template = new PrivateKey();
List<Storage> tmpObjects = getObjects(session, template);
if (CollectionUtil.isEmpty(tmpObjects)) {
return Collections.emptyList();
}
final int n = tmpObjects.size();
LOG.info("found {} private keys", n);
List<PrivateKey> privateKeys = new ArrayList<>(n);
for (Storage tmpObject : tmpObjects) {
PrivateKey privateKey = (PrivateKey) tmpObject;
privateKeys.add(privateKey);
}
return privateKeys;
}
Also used :
RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey)
ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey)
SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey)
PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey)
DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey)
Storage(iaik.pkcs.pkcs11.objects.Storage)
ArrayList(java.util.ArrayList)
Example 45 with Session
use of iaik.pkcs.pkcs11.Session in project xipki by xipki.
the class IaikP11Slot method getCertificateObjects.
private X509PublicKeyCertificate[] getCertificateObjects(Session session, byte[] keyId, char[] keyLabel) throws P11TokenException {
X509PublicKeyCertificate template = new X509PublicKeyCertificate();
if (keyId != null) {
template.getId().setByteArrayValue(keyId);
}
if (keyLabel != null) {
template.getLabel().setCharArrayValue(keyLabel);
}
List<Storage> tmpObjects = getObjects(session, template);
if (CollectionUtil.isEmpty(tmpObjects)) {
LOG.info("found no certificate identified by {}", getDescription(keyId, keyLabel));
return null;
}
int size = tmpObjects.size();
X509PublicKeyCertificate[] certs = new X509PublicKeyCertificate[size];
for (int i = 0; i < size; i++) {
certs[i] = (X509PublicKeyCertificate) tmpObjects.get(i);
}
return certs;
}
Also used :
Storage(iaik.pkcs.pkcs11.objects.Storage)
X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)
Aggregations
Session (com.trilead.ssh2.Session)42
Session (org.neo4j.driver.v1.Session)38
Connection (com.trilead.ssh2.Connection)32
IOException (java.io.IOException)29
Test (org.junit.Test)29
InputStream (java.io.InputStream)27
Driver (org.neo4j.driver.v1.Driver)27
StatementResult (org.neo4j.driver.v1.StatementResult)20
TokenException (iaik.pkcs.pkcs11.TokenException)15
P11TokenException (org.xipki.security.exception.P11TokenException)15
Record (org.neo4j.driver.v1.Record)12
Session (iaik.pkcs.pkcs11.Session)10
SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)10
ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)10
DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)9
ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)9
PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)9
RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)9
SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)9
CoreClusterMember (org.neo4j.causalclustering.discovery.CoreClusterMember)9
