Search in sources :

Example 11 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method sign.

byte[] sign(long mechanism, P11Params parameters, byte[] content, IaikP11Identity identity) throws P11TokenException {
    ParamUtil.requireNonNull("content", content);
    assertMechanismSupported(mechanism);
    int len = content.length;
    int expectedSignatureLen;
    if (mechanism == PKCS11Constants.CKM_SHA_1_HMAC) {
        expectedSignatureLen = 20;
    } else if (mechanism == PKCS11Constants.CKM_SHA224_HMAC || mechanism == PKCS11Constants.CKM_SHA3_224) {
        expectedSignatureLen = 28;
    } else if (mechanism == PKCS11Constants.CKM_SHA256_HMAC || mechanism == PKCS11Constants.CKM_SHA3_256) {
        expectedSignatureLen = 32;
    } else if (mechanism == PKCS11Constants.CKM_SHA384_HMAC || mechanism == PKCS11Constants.CKM_SHA3_384) {
        expectedSignatureLen = 48;
    } else if (mechanism == PKCS11Constants.CKM_SHA512_HMAC || mechanism == PKCS11Constants.CKM_SHA3_512) {
        expectedSignatureLen = 64;
    } else if (mechanism == PKCS11Constants.CKM_VENDOR_SM2 || mechanism == PKCS11Constants.CKM_VENDOR_SM2_SM3) {
        expectedSignatureLen = 32;
    } else {
        expectedSignatureLen = identity.getExpectedSignatureLen();
    }
    ConcurrentBagEntry<Session> session0 = borrowSession();
    try {
        Session session = session0.value();
        if (len <= maxMessageSize) {
            return singleSign(session, mechanism, parameters, content, identity);
        }
        Key signingKey = identity.getSigningKey();
        Mechanism mechanismObj = getMechanism(mechanism, parameters);
        if (LOG.isTraceEnabled()) {
            LOG.debug("sign (init, update, then finish) with private key:\n{}", signingKey);
        }
        session.signInit(mechanismObj, signingKey);
        for (int i = 0; i < len; i += maxMessageSize) {
            int blockLen = Math.min(maxMessageSize, len - i);
            // byte[] block = new byte[blockLen];
            // System.arraycopy(content, i, block, 0, blockLen);
            session.signUpdate(content, i, blockLen);
        }
        return session.signFinal(expectedSignatureLen);
    } catch (TokenException ex) {
        throw new P11TokenException(ex);
    } finally {
        sessions.requite(session0);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Example 12 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method labelExists.

private static boolean labelExists(Session session, String keyLabel) throws P11TokenException {
    ParamUtil.requireNonBlank("keyLabel", keyLabel);
    Key key = new Key();
    key.getLabel().setCharArrayValue(keyLabel.toCharArray());
    Object[] objects;
    try {
        session.findObjectsInit(key);
        objects = session.findObjects(1);
        if (objects.length > 0) {
            return true;
        }
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        try {
            session.findObjectsFinal();
        } catch (TokenException ex) {
            LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
        }
    }
    X509PublicKeyCertificate cert = new X509PublicKeyCertificate();
    cert.getLabel().setCharArrayValue(keyLabel.toCharArray());
    try {
        session.findObjectsInit(cert);
        objects = session.findObjects(1);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        try {
            session.findObjectsFinal();
        } catch (TokenException ex) {
            LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
        }
    }
    return objects.length > 0;
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) PKCS11Object(iaik.pkcs.pkcs11.objects.PKCS11Object) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey)

Example 13 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method openSession.

private Session openSession(boolean rwSession) throws P11TokenException {
    Session session;
    try {
        session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rwSession, null, null);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    countSessions.incrementAndGet();
    return session;
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) Session(iaik.pkcs.pkcs11.Session)

Example 14 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method singleSign.

private byte[] singleSign(Session session, long mechanism, P11Params parameters, byte[] content, IaikP11Identity identity) throws P11TokenException {
    Key signingKey = identity.getSigningKey();
    Mechanism mechanismObj = getMechanism(mechanism, parameters);
    if (LOG.isTraceEnabled()) {
        LOG.debug("sign with signing key:\n{}", signingKey);
    }
    byte[] signature;
    try {
        session.signInit(mechanismObj, signingKey);
        signature = session.sign(content);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("signature:\n{}", hex(signature));
    }
    return signature;
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) Mechanism(iaik.pkcs.pkcs11.Mechanism)

Example 15 with TokenException

use of iaik.pkcs.pkcs11.TokenException in project xipki by xipki.

the class IaikP11Slot method idExists.

private static boolean idExists(Session session, byte[] keyId) throws P11TokenException {
    Key key = new Key();
    key.getId().setByteArrayValue(keyId);
    Object[] objects;
    try {
        session.findObjectsInit(key);
        objects = session.findObjects(1);
        if (objects.length > 0) {
            return true;
        }
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        try {
            session.findObjectsFinal();
        } catch (TokenException ex) {
            LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
        }
    }
    X509PublicKeyCertificate cert = new X509PublicKeyCertificate();
    cert.getId().setByteArrayValue(keyId);
    try {
        session.findObjectsInit(cert);
        objects = session.findObjects(1);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        try {
            session.findObjectsFinal();
        } catch (TokenException ex) {
            LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
        }
    }
    return objects.length > 0;
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) PKCS11Object(iaik.pkcs.pkcs11.objects.PKCS11Object) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey)

Aggregations

TokenException (iaik.pkcs.pkcs11.TokenException)16 P11TokenException (org.xipki.security.exception.P11TokenException)16 Session (iaik.pkcs.pkcs11.Session)10 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)9 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)9 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)8 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)8 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)8 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)8 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)8 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)6 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)6 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)6 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)6 SM2PublicKey (iaik.pkcs.pkcs11.objects.SM2PublicKey)6 X509PublicKeyCertificate (iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)6 Key (iaik.pkcs.pkcs11.objects.Key)5 Mechanism (iaik.pkcs.pkcs11.Mechanism)4 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)3