use of iaik.pkcs.pkcs11.objects.PrivateKey in project xipki by xipki.
the class IaikP11Slot method removeIdentity0.
@Override
protected void removeIdentity0(P11ObjectIdentifier objectId) throws P11TokenException {
Session session = borrowWritableSession();
try {
byte[] id = objectId.getId();
char[] label = objectId.getLabelChars();
SecretKey secretKey = getSecretKeyObject(session, id, label);
if (secretKey != null) {
try {
session.destroyObject(secretKey);
} catch (TokenException ex) {
String msg = "could not delete secret key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
PrivateKey privKey = getPrivateKeyObject(session, id, label);
if (privKey != null) {
try {
session.destroyObject(privKey);
} catch (TokenException ex) {
String msg = "could not delete private key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
PublicKey pubKey = getPublicKeyObject(session, id, label);
if (pubKey != null) {
try {
session.destroyObject(pubKey);
} catch (TokenException ex) {
String msg = "could not delete public key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
X509PublicKeyCertificate[] certs = getCertificateObjects(session, id, label);
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
try {
session.destroyObject(certs[i]);
} catch (TokenException ex) {
String msg = "could not delete certificate " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
}
} finally {
returnWritableSession(session);
}
}
use of iaik.pkcs.pkcs11.objects.PrivateKey in project xipki by xipki.
the class IaikP11Slot method generateDSAKeypair0.
@Override
protected // CHECKSTYLE:SKIP
P11Identity generateDSAKeypair0(BigInteger p, BigInteger q, BigInteger g, String label, P11NewKeyControl control) throws P11TokenException {
long mech = PKCS11Constants.CKM_DSA_KEY_PAIR_GEN;
assertMechanismSupported(mech);
DSAPrivateKey privateKey = new DSAPrivateKey();
DSAPublicKey publicKey = new DSAPublicKey();
setKeyAttributes(label, PKCS11Constants.CKK_DSA, control, publicKey, privateKey);
publicKey.getPrime().setByteArrayValue(p.toByteArray());
publicKey.getSubprime().setByteArrayValue(q.toByteArray());
publicKey.getBase().setByteArrayValue(g.toByteArray());
return generateKeyPair(mech, privateKey, publicKey);
}
use of iaik.pkcs.pkcs11.objects.PrivateKey in project xipki by xipki.
the class IaikP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
Mechanism[] mechanisms;
try {
mechanisms = slot.getToken().getMechanismList();
} catch (TokenException ex) {
throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
}
P11SlotRefreshResult ret = new P11SlotRefreshResult();
if (mechanisms != null) {
for (Mechanism mech : mechanisms) {
ret.addMechanism(mech.getMechanismCode());
}
}
ConcurrentBagEntry<Session> session = borrowSession();
try {
// secret keys
List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
for (SecretKey secKey : secretKeys) {
byte[] keyId = secKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
continue;
}
analyseSingleKey(secKey, ret);
}
// first get the list of all CA certificates
List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
for (X509PublicKeyCertificate p11Cert : p11Certs) {
P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
ret.addCertificate(objId, parseCert(p11Cert));
}
List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
for (PrivateKey privKey : privKeys) {
byte[] keyId = privKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
break;
}
try {
analyseSingleKey(session.value(), privKey, ret);
} catch (XiSecurityException ex) {
LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
continue;
} catch (Throwable th) {
String label = "";
if (privKey.getLabel() != null) {
label = new String(privKey.getLabel().getCharArrayValue());
}
LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
continue;
}
}
return ret;
} finally {
sessions.requite(session);
}
}
use of iaik.pkcs.pkcs11.objects.PrivateKey in project xipki by xipki.
the class IaikP11Slot method generateECKeypair0.
@Override
protected P11Identity generateECKeypair0(ASN1ObjectIdentifier curveId, String label, P11NewKeyControl control) throws P11TokenException {
long mech = PKCS11Constants.CKM_EC_KEY_PAIR_GEN;
assertMechanismSupported(mech);
ECPrivateKey privateKey = new ECPrivateKey();
ECPublicKey publicKey = new ECPublicKey();
setKeyAttributes(label, PKCS11Constants.CKK_EC, control, publicKey, privateKey);
byte[] encodedCurveId;
try {
encodedCurveId = curveId.getEncoded();
} catch (IOException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
try {
publicKey.getEcdsaParams().setByteArrayValue(encodedCurveId);
return generateKeyPair(mech, privateKey, publicKey);
} catch (P11TokenException ex) {
X9ECParameters ecParams = ECNamedCurveTable.getByOID(curveId);
if (ecParams == null) {
throw new IllegalArgumentException("could not get X9ECParameters for curve " + curveId.getId());
}
try {
publicKey.getEcdsaParams().setByteArrayValue(ecParams.getEncoded());
} catch (IOException ex2) {
throw new P11TokenException(ex.getMessage(), ex);
}
return generateKeyPair(mech, privateKey, publicKey);
}
}
Aggregations