Search in sources :

Example 6 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method importSecretKey0.

@Override
protected P11Identity importSecretKey0(long keyType, byte[] keyValue, String label, P11NewKeyControl control) throws P11TokenException {
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValue().setByteArrayValue(keyValue);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.createObject(template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not create secret key", ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 7 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method checkSessionLoggedIn.

private static boolean checkSessionLoggedIn(Session session) throws P11TokenException {
    SessionInfo info;
    try {
        info = session.getSessionInfo();
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    if (LOG.isTraceEnabled()) {
        LOG.debug("SessionInfo: {}", info);
    }
    State state = info.getState();
    long deviceError = info.getDeviceError();
    LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError);
    boolean isRwSessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS);
    boolean isRoSessionLoggedIn = state.equals(State.RO_USER_FUNCTIONS);
    boolean sessionLoggedIn = ((isRoSessionLoggedIn || isRwSessionLoggedIn) && deviceError == 0);
    LOG.debug("sessionLoggedIn: {}", sessionLoggedIn);
    return sessionLoggedIn;
}
Also used : State(iaik.pkcs.pkcs11.State) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) SessionInfo(iaik.pkcs.pkcs11.SessionInfo)

Example 8 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Module method getInstance.

public static P11Module getInstance(P11ModuleConf moduleConf) throws P11TokenException {
    ParamUtil.requireNonNull("moduleConf", moduleConf);
    Module module;
    try {
        module = Module.getInstance(moduleConf.getNativeLibrary());
    } catch (IOException ex) {
        final String msg = "could not load the PKCS#11 module " + moduleConf.getName();
        LogUtil.error(LOG, ex, msg);
        throw new P11TokenException(msg, ex);
    }
    try {
        module.initialize(new DefaultInitializeArgs());
    } catch (PKCS11Exception ex) {
        if (ex.getErrorCode() != PKCS11Constants.CKR_CRYPTOKI_ALREADY_INITIALIZED) {
            LogUtil.error(LOG, ex);
            close(moduleConf.getName(), module);
            throw new P11TokenException(ex.getMessage(), ex);
        } else {
            LOG.info("PKCS#11 module already initialized");
            if (LOG.isInfoEnabled()) {
                try {
                    LOG.info("pkcs11.getInfo():\n{}", module.getInfo());
                } catch (TokenException e2) {
                    LOG.debug("module.getInfo()", e2);
                }
            }
        }
    } catch (Throwable th) {
        LOG.error("unexpected Exception", th);
        close(moduleConf.getName(), module);
        throw new P11TokenException(th.getMessage());
    }
    return new IaikP11Module(module, moduleConf);
}
Also used : DefaultInitializeArgs(iaik.pkcs.pkcs11.DefaultInitializeArgs) PKCS11Exception(iaik.pkcs.pkcs11.wrapper.PKCS11Exception) P11TokenException(org.xipki.security.exception.P11TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) IOException(java.io.IOException) P11Module(org.xipki.security.pkcs11.P11Module) AbstractP11Module(org.xipki.security.pkcs11.AbstractP11Module) Module(iaik.pkcs.pkcs11.Module)

Example 9 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method refresh0.

@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
    Mechanism[] mechanisms;
    try {
        mechanisms = slot.getToken().getMechanismList();
    } catch (TokenException ex) {
        throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
    }
    P11SlotRefreshResult ret = new P11SlotRefreshResult();
    if (mechanisms != null) {
        for (Mechanism mech : mechanisms) {
            ret.addMechanism(mech.getMechanismCode());
        }
    }
    ConcurrentBagEntry<Session> session = borrowSession();
    try {
        // secret keys
        List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
        for (SecretKey secKey : secretKeys) {
            byte[] keyId = secKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                continue;
            }
            analyseSingleKey(secKey, ret);
        }
        // first get the list of all CA certificates
        List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
        for (X509PublicKeyCertificate p11Cert : p11Certs) {
            P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
            ret.addCertificate(objId, parseCert(p11Cert));
        }
        List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
        for (PrivateKey privKey : privKeys) {
            byte[] keyId = privKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                break;
            }
            try {
                analyseSingleKey(session.value(), privKey, ret);
            } catch (XiSecurityException ex) {
                LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
                continue;
            } catch (Throwable th) {
                String label = "";
                if (privKey.getLabel() != null) {
                    label = new String(privKey.getLabel().getCharArrayValue());
                }
                LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
                continue;
            }
        }
        return ret;
    } finally {
        sessions.requite(session);
    }
}
Also used : RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) P11TokenException(org.xipki.security.exception.P11TokenException) DEROctetString(org.bouncycastle.asn1.DEROctetString) Mechanism(iaik.pkcs.pkcs11.Mechanism) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 10 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method generateSecretKey0.

@Override
protected P11Identity generateSecretKey0(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException {
    if (keysize % 8 != 0) {
        throw new IllegalArgumentException("keysize is not multiple of 8: " + keysize);
    }
    long mech;
    if (PKCS11Constants.CKK_AES == keyType) {
        mech = PKCS11Constants.CKM_AES_KEY_GEN;
    } else if (PKCS11Constants.CKK_DES3 == keyType) {
        mech = PKCS11Constants.CKM_DES3_KEY_GEN;
    } else if (PKCS11Constants.CKK_GENERIC_SECRET == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else if (PKCS11Constants.CKK_SHA_1_HMAC == keyType || PKCS11Constants.CKK_SHA224_HMAC == keyType || PKCS11Constants.CKK_SHA256_HMAC == keyType || PKCS11Constants.CKK_SHA384_HMAC == keyType || PKCS11Constants.CKK_SHA512_HMAC == keyType || PKCS11Constants.CKK_SHA3_224_HMAC == keyType || PKCS11Constants.CKK_SHA3_256_HMAC == keyType || PKCS11Constants.CKK_SHA3_384_HMAC == keyType || PKCS11Constants.CKK_SHA3_512_HMAC == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else {
        throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) keyType));
    }
    assertMechanismSupported(mech);
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValueLen().setLongValue((long) (keysize / 8));
    Mechanism mechanism = Mechanism.get(mech);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.generateKey(mechanism, template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not generate generic secret key using " + mechanism.getName(), ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Aggregations

TokenException (iaik.pkcs.pkcs11.TokenException)16 P11TokenException (org.xipki.security.exception.P11TokenException)16 Session (iaik.pkcs.pkcs11.Session)10 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)9 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)9 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)8 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)8 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)8 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)8 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)8 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)6 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)6 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)6 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)6 SM2PublicKey (iaik.pkcs.pkcs11.objects.SM2PublicKey)6 X509PublicKeyCertificate (iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)6 Key (iaik.pkcs.pkcs11.objects.Key)5 Mechanism (iaik.pkcs.pkcs11.Mechanism)4 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)3