Examples with Key iaik.pkcs.pkcs11.objects.Key used on opensource projects

Search in sources :

Example 6 with Key

use of iaik.pkcs.pkcs11.objects.Key in project xipki by xipki.

the class IaikP11Slot method importSecretKey0.

@Override
protected P11Identity importSecretKey0(long keyType, byte[] keyValue, String label, P11NewKeyControl control) throws P11TokenException {
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValue().setByteArrayValue(keyValue);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.createObject(template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not create secret key", ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 7 with Key

use of iaik.pkcs.pkcs11.objects.Key in project xipki by xipki.

the class IaikP11Slot method refresh0.

@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
    Mechanism[] mechanisms;
    try {
        mechanisms = slot.getToken().getMechanismList();
    } catch (TokenException ex) {
        throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
    }
    P11SlotRefreshResult ret = new P11SlotRefreshResult();
    if (mechanisms != null) {
        for (Mechanism mech : mechanisms) {
            ret.addMechanism(mech.getMechanismCode());
        }
    }
    ConcurrentBagEntry<Session> session = borrowSession();
    try {
        // secret keys
        List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
        for (SecretKey secKey : secretKeys) {
            byte[] keyId = secKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                continue;
            }
            analyseSingleKey(secKey, ret);
        }
        // first get the list of all CA certificates
        List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
        for (X509PublicKeyCertificate p11Cert : p11Certs) {
            P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
            ret.addCertificate(objId, parseCert(p11Cert));
        }
        List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
        for (PrivateKey privKey : privKeys) {
            byte[] keyId = privKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                break;
            }
            try {
                analyseSingleKey(session.value(), privKey, ret);
            } catch (XiSecurityException ex) {
                LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
                continue;
            } catch (Throwable th) {
                String label = "";
                if (privKey.getLabel() != null) {
                    label = new String(privKey.getLabel().getCharArrayValue());
                }
                LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
                continue;
            }
        }
        return ret;
    } finally {
        sessions.requite(session);
    }
}
Also used : RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) P11TokenException(org.xipki.security.exception.P11TokenException) DEROctetString(org.bouncycastle.asn1.DEROctetString) Mechanism(iaik.pkcs.pkcs11.Mechanism) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 8 with Key

use of iaik.pkcs.pkcs11.objects.Key in project xipki by xipki.

the class IaikP11Slot method generateSecretKey0.

@Override
protected P11Identity generateSecretKey0(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException {
    if (keysize % 8 != 0) {
        throw new IllegalArgumentException("keysize is not multiple of 8: " + keysize);
    }
    long mech;
    if (PKCS11Constants.CKK_AES == keyType) {
        mech = PKCS11Constants.CKM_AES_KEY_GEN;
    } else if (PKCS11Constants.CKK_DES3 == keyType) {
        mech = PKCS11Constants.CKM_DES3_KEY_GEN;
    } else if (PKCS11Constants.CKK_GENERIC_SECRET == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else if (PKCS11Constants.CKK_SHA_1_HMAC == keyType || PKCS11Constants.CKK_SHA224_HMAC == keyType || PKCS11Constants.CKK_SHA256_HMAC == keyType || PKCS11Constants.CKK_SHA384_HMAC == keyType || PKCS11Constants.CKK_SHA512_HMAC == keyType || PKCS11Constants.CKK_SHA3_224_HMAC == keyType || PKCS11Constants.CKK_SHA3_256_HMAC == keyType || PKCS11Constants.CKK_SHA3_384_HMAC == keyType || PKCS11Constants.CKK_SHA3_512_HMAC == keyType) {
        mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
    } else {
        throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) keyType));
    }
    assertMechanismSupported(mech);
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValueLen().setLongValue((long) (keysize / 8));
    Mechanism mechanism = Mechanism.get(mech);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.generateKey(mechanism, template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not generate generic secret key using " + mechanism.getName(), ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Example 9 with Key

use of iaik.pkcs.pkcs11.objects.Key in project xipki by xipki.

the class IaikP11Slot method sign.

byte[] sign(long mechanism, P11Params parameters, byte[] content, IaikP11Identity identity) throws P11TokenException {
    ParamUtil.requireNonNull("content", content);
    assertMechanismSupported(mechanism);
    int len = content.length;
    int expectedSignatureLen;
    if (mechanism == PKCS11Constants.CKM_SHA_1_HMAC) {
        expectedSignatureLen = 20;
    } else if (mechanism == PKCS11Constants.CKM_SHA224_HMAC || mechanism == PKCS11Constants.CKM_SHA3_224) {
        expectedSignatureLen = 28;
    } else if (mechanism == PKCS11Constants.CKM_SHA256_HMAC || mechanism == PKCS11Constants.CKM_SHA3_256) {
        expectedSignatureLen = 32;
    } else if (mechanism == PKCS11Constants.CKM_SHA384_HMAC || mechanism == PKCS11Constants.CKM_SHA3_384) {
        expectedSignatureLen = 48;
    } else if (mechanism == PKCS11Constants.CKM_SHA512_HMAC || mechanism == PKCS11Constants.CKM_SHA3_512) {
        expectedSignatureLen = 64;
    } else if (mechanism == PKCS11Constants.CKM_VENDOR_SM2 || mechanism == PKCS11Constants.CKM_VENDOR_SM2_SM3) {
        expectedSignatureLen = 32;
    } else {
        expectedSignatureLen = identity.getExpectedSignatureLen();
    }
    ConcurrentBagEntry<Session> session0 = borrowSession();
    try {
        Session session = session0.value();
        if (len <= maxMessageSize) {
            return singleSign(session, mechanism, parameters, content, identity);
        }
        Key signingKey = identity.getSigningKey();
        Mechanism mechanismObj = getMechanism(mechanism, parameters);
        if (LOG.isTraceEnabled()) {
            LOG.debug("sign (init, update, then finish) with private key:\n{}", signingKey);
        }
        session.signInit(mechanismObj, signingKey);
        for (int i = 0; i < len; i += maxMessageSize) {
            int blockLen = Math.min(maxMessageSize, len - i);
            // byte[] block = new byte[blockLen];
            // System.arraycopy(content, i, block, 0, blockLen);
            session.signUpdate(content, i, blockLen);
        }
        return session.signFinal(expectedSignatureLen);
    } catch (TokenException ex) {
        throw new P11TokenException(ex);
    } finally {
        sessions.requite(session0);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) Mechanism(iaik.pkcs.pkcs11.Mechanism) Session(iaik.pkcs.pkcs11.Session)

Example 10 with Key

use of iaik.pkcs.pkcs11.objects.Key in project xipki by xipki.

the class IaikP11Slot method labelExists.

private static boolean labelExists(Session session, String keyLabel) throws P11TokenException {
    ParamUtil.requireNonBlank("keyLabel", keyLabel);
    Key key = new Key();
    key.getLabel().setCharArrayValue(keyLabel.toCharArray());
    Object[] objects;
    try {
        session.findObjectsInit(key);
        objects = session.findObjects(1);
        if (objects.length > 0) {
            return true;
        }
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        try {
            session.findObjectsFinal();
        } catch (TokenException ex) {
            LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
        }
    }
    X509PublicKeyCertificate cert = new X509PublicKeyCertificate();
    cert.getLabel().setCharArrayValue(keyLabel.toCharArray());
    try {
        session.findObjectsInit(cert);
        objects = session.findObjects(1);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        try {
            session.findObjectsFinal();
        } catch (TokenException ex) {
            LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
        }
    }
    return objects.length > 0;
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) PKCS11Object(iaik.pkcs.pkcs11.objects.PKCS11Object) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey)

Aggregations

SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)11 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)11 TokenException (iaik.pkcs.pkcs11.TokenException)10 P11TokenException (org.xipki.security.exception.P11TokenException)10 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)9 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)9 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)9 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)9 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)9 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)8 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)8 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)8 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)8 SM2PublicKey (iaik.pkcs.pkcs11.objects.SM2PublicKey)8 Session (iaik.pkcs.pkcs11.Session)7 Key (iaik.pkcs.pkcs11.objects.Key)6 X509PublicKeyCertificate (iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)5 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)5 Mechanism (iaik.pkcs.pkcs11.Mechanism)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial