Examples with TokenException iaik.pkcs.pkcs11.TokenException used on opensource projects

Example 1 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method generateKeyPair.

private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
    final String label = toString(privateKey.getLabel());
    byte[] id = null;
    try {
        KeyPair keypair;
        Session session = borrowWritableSession();
        try {
            if (labelExists(session, label)) {
                throw new IllegalArgumentException("label " + label + " exists, please specify another one");
            }
            id = generateKeyId(session);
            privateKey.getId().setByteArrayValue(id);
            publicKey.getId().setByteArrayValue(id);
            try {
                keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
            } catch (TokenException ex) {
                throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
            }
            P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
            P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
            java.security.PublicKey jcePublicKey;
            try {
                jcePublicKey = generatePublicKey(keypair.getPublicKey());
            } catch (XiSecurityException ex) {
                throw new P11TokenException("could not generate public key " + objId, ex);
            }
            PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
            if (privateKey2 == null) {
                throw new P11TokenException("could not read the generated private key");
            }
            return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
        } finally {
            returnWritableSession(session);
        }
    } catch (P11TokenException | RuntimeException ex) {
        try {
            removeObjects(id, label);
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not remove objects");
        }
        throw ex;
    }
}

Example 2 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method digestKey.

byte[] digestKey(long mechanism, IaikP11Identity identity) throws P11TokenException {
    ParamUtil.requireNonNull("identity", identity);
    assertMechanismSupported(mechanism);
    Key signingKey = identity.getSigningKey();
    if (!(signingKey instanceof SecretKey)) {
        throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey");
    }
    if (LOG.isTraceEnabled()) {
        LOG.debug("digest (init, digestKey, then finish)\n{}", signingKey);
    }
    int digestLen;
    if (PKCS11Constants.CKM_SHA_1 == mechanism) {
        digestLen = 20;
    } else if (PKCS11Constants.CKM_SHA224 == mechanism || PKCS11Constants.CKM_SHA3_224 == mechanism) {
        digestLen = 28;
    } else if (PKCS11Constants.CKM_SHA256 == mechanism || PKCS11Constants.CKM_SHA3_256 == mechanism) {
        digestLen = 32;
    } else if (PKCS11Constants.CKM_SHA384 == mechanism || PKCS11Constants.CKM_SHA3_384 == mechanism) {
        digestLen = 48;
    } else if (PKCS11Constants.CKM_SHA512 == mechanism || PKCS11Constants.CKM_SHA3_512 == mechanism) {
        digestLen = 64;
    } else {
        throw new P11TokenException("unsupported mechnism " + mechanism);
    }
    ConcurrentBagEntry<Session> session0 = borrowSession();
    try {
        Session session = session0.value();
        session.digestInit(Mechanism.get(mechanism));
        session.digestKey((SecretKey) signingKey);
        byte[] digest = new byte[digestLen];
        session.digestFinal(digest, 0, digestLen);
        return digest;
    } catch (TokenException ex) {
        throw new P11TokenException(ex);
    } finally {
        sessions.requite(session0);
    }
}

Example 3 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method updateCertificate0.

@Override
protected void updateCertificate0(P11ObjectIdentifier objectId, X509Certificate newCert) throws P11TokenException {
    removeCerts(objectId);
    try {
        Thread.sleep(1000);
    } catch (InterruptedException ex) {
    // CHECKSTYLE:SKIP
    }
    X509PublicKeyCertificate newCertTemp = createPkcs11Template(new X509Cert(newCert), objectId.getId(), objectId.getLabelChars());
    Session session = borrowWritableSession();
    try {
        session.createObject(newCertTemp);
    } catch (TokenException ex) {
        throw new P11TokenException("could not createObject: " + ex.getMessage(), ex);
    } finally {
        returnWritableSession(session);
    }
}

Example 4 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method removeIdentity0.

@Override
protected void removeIdentity0(P11ObjectIdentifier objectId) throws P11TokenException {
    Session session = borrowWritableSession();
    try {
        byte[] id = objectId.getId();
        char[] label = objectId.getLabelChars();
        SecretKey secretKey = getSecretKeyObject(session, id, label);
        if (secretKey != null) {
            try {
                session.destroyObject(secretKey);
            } catch (TokenException ex) {
                String msg = "could not delete secret key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        PrivateKey privKey = getPrivateKeyObject(session, id, label);
        if (privKey != null) {
            try {
                session.destroyObject(privKey);
            } catch (TokenException ex) {
                String msg = "could not delete private key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        PublicKey pubKey = getPublicKeyObject(session, id, label);
        if (pubKey != null) {
            try {
                session.destroyObject(pubKey);
            } catch (TokenException ex) {
                String msg = "could not delete public key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        X509PublicKeyCertificate[] certs = getCertificateObjects(session, id, label);
        if (certs != null && certs.length > 0) {
            for (int i = 0; i < certs.length; i++) {
                try {
                    session.destroyObject(certs[i]);
                } catch (TokenException ex) {
                    String msg = "could not delete certificate " + objectId;
                    LogUtil.error(LOG, ex, msg);
                    throw new P11TokenException(msg);
                }
            }
        }
    } finally {
        returnWritableSession(session);
    }
}

Example 5 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method addCert0.

@Override
protected void addCert0(P11ObjectIdentifier objectId, X509Certificate cert) throws P11TokenException {
    X509PublicKeyCertificate newCaCertTemp = createPkcs11Template(new X509Cert(cert), objectId.getId(), objectId.getLabelChars());
    Session session = borrowWritableSession();
    try {
        session.createObject(newCaCertTemp);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        returnWritableSession(session);
    }
}