Search in sources :

Example 1 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method generateKeyPair.

private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
    final String label = toString(privateKey.getLabel());
    byte[] id = null;
    try {
        KeyPair keypair;
        Session session = borrowWritableSession();
        try {
            if (labelExists(session, label)) {
                throw new IllegalArgumentException("label " + label + " exists, please specify another one");
            }
            id = generateKeyId(session);
            privateKey.getId().setByteArrayValue(id);
            publicKey.getId().setByteArrayValue(id);
            try {
                keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
            } catch (TokenException ex) {
                throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
            }
            P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
            P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
            java.security.PublicKey jcePublicKey;
            try {
                jcePublicKey = generatePublicKey(keypair.getPublicKey());
            } catch (XiSecurityException ex) {
                throw new P11TokenException("could not generate public key " + objId, ex);
            }
            PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
            if (privateKey2 == null) {
                throw new P11TokenException("could not read the generated private key");
            }
            return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
        } finally {
            returnWritableSession(session);
        }
    } catch (P11TokenException | RuntimeException ex) {
        try {
            removeObjects(id, label);
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not remove objects");
        }
        throw ex;
    }
}
Also used : KeyPair(iaik.pkcs.pkcs11.objects.KeyPair) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 2 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method digestKey.

byte[] digestKey(long mechanism, IaikP11Identity identity) throws P11TokenException {
    ParamUtil.requireNonNull("identity", identity);
    assertMechanismSupported(mechanism);
    Key signingKey = identity.getSigningKey();
    if (!(signingKey instanceof SecretKey)) {
        throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey");
    }
    if (LOG.isTraceEnabled()) {
        LOG.debug("digest (init, digestKey, then finish)\n{}", signingKey);
    }
    int digestLen;
    if (PKCS11Constants.CKM_SHA_1 == mechanism) {
        digestLen = 20;
    } else if (PKCS11Constants.CKM_SHA224 == mechanism || PKCS11Constants.CKM_SHA3_224 == mechanism) {
        digestLen = 28;
    } else if (PKCS11Constants.CKM_SHA256 == mechanism || PKCS11Constants.CKM_SHA3_256 == mechanism) {
        digestLen = 32;
    } else if (PKCS11Constants.CKM_SHA384 == mechanism || PKCS11Constants.CKM_SHA3_384 == mechanism) {
        digestLen = 48;
    } else if (PKCS11Constants.CKM_SHA512 == mechanism || PKCS11Constants.CKM_SHA3_512 == mechanism) {
        digestLen = 64;
    } else {
        throw new P11TokenException("unsupported mechnism " + mechanism);
    }
    ConcurrentBagEntry<Session> session0 = borrowSession();
    try {
        Session session = session0.value();
        session.digestInit(Mechanism.get(mechanism));
        session.digestKey((SecretKey) signingKey);
        byte[] digest = new byte[digestLen];
        session.digestFinal(digest, 0, digestLen);
        return digest;
    } catch (TokenException ex) {
        throw new P11TokenException(ex);
    } finally {
        sessions.requite(session0);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) Session(iaik.pkcs.pkcs11.Session)

Example 3 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method updateCertificate0.

@Override
protected void updateCertificate0(P11ObjectIdentifier objectId, X509Certificate newCert) throws P11TokenException {
    removeCerts(objectId);
    try {
        Thread.sleep(1000);
    } catch (InterruptedException ex) {
    // CHECKSTYLE:SKIP
    }
    X509PublicKeyCertificate newCertTemp = createPkcs11Template(new X509Cert(newCert), objectId.getId(), objectId.getLabelChars());
    Session session = borrowWritableSession();
    try {
        session.createObject(newCertTemp);
    } catch (TokenException ex) {
        throw new P11TokenException("could not createObject: " + ex.getMessage(), ex);
    } finally {
        returnWritableSession(session);
    }
}
Also used : X509Cert(org.xipki.security.X509Cert) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) Session(iaik.pkcs.pkcs11.Session)

Example 4 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method removeIdentity0.

@Override
protected void removeIdentity0(P11ObjectIdentifier objectId) throws P11TokenException {
    Session session = borrowWritableSession();
    try {
        byte[] id = objectId.getId();
        char[] label = objectId.getLabelChars();
        SecretKey secretKey = getSecretKeyObject(session, id, label);
        if (secretKey != null) {
            try {
                session.destroyObject(secretKey);
            } catch (TokenException ex) {
                String msg = "could not delete secret key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        PrivateKey privKey = getPrivateKeyObject(session, id, label);
        if (privKey != null) {
            try {
                session.destroyObject(privKey);
            } catch (TokenException ex) {
                String msg = "could not delete private key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        PublicKey pubKey = getPublicKeyObject(session, id, label);
        if (pubKey != null) {
            try {
                session.destroyObject(pubKey);
            } catch (TokenException ex) {
                String msg = "could not delete public key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        X509PublicKeyCertificate[] certs = getCertificateObjects(session, id, label);
        if (certs != null && certs.length > 0) {
            for (int i = 0; i < certs.length; i++) {
                try {
                    session.destroyObject(certs[i]);
                } catch (TokenException ex) {
                    String msg = "could not delete certificate " + objectId;
                    LogUtil.error(LOG, ex, msg);
                    throw new P11TokenException(msg);
                }
            }
        }
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) DEROctetString(org.bouncycastle.asn1.DEROctetString) Session(iaik.pkcs.pkcs11.Session)

Example 5 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method addCert0.

@Override
protected void addCert0(P11ObjectIdentifier objectId, X509Certificate cert) throws P11TokenException {
    X509PublicKeyCertificate newCaCertTemp = createPkcs11Template(new X509Cert(cert), objectId.getId(), objectId.getLabelChars());
    Session session = borrowWritableSession();
    try {
        session.createObject(newCaCertTemp);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        returnWritableSession(session);
    }
}
Also used : X509Cert(org.xipki.security.X509Cert) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) Session(iaik.pkcs.pkcs11.Session)

Aggregations

TokenException (iaik.pkcs.pkcs11.TokenException)16 P11TokenException (org.xipki.security.exception.P11TokenException)16 Session (iaik.pkcs.pkcs11.Session)10 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)9 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)9 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)8 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)8 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)8 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)8 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)8 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)6 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)6 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)6 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)6 SM2PublicKey (iaik.pkcs.pkcs11.objects.SM2PublicKey)6 X509PublicKeyCertificate (iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)6 Key (iaik.pkcs.pkcs11.objects.Key)5 Mechanism (iaik.pkcs.pkcs11.Mechanism)4 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)3