use of iaik.pkcs.pkcs11.objects.PublicKey in project xipki by xipki.
the class IaikP11Slot method generateSM2Keypair0.
@Override
protected P11Identity generateSM2Keypair0(String label, P11NewKeyControl control) throws P11TokenException {
long mech = PKCS11Constants.CKM_VENDOR_SM2_KEY_PAIR_GEN;
assertMechanismSupported(mech);
SM2PrivateKey privateKey = new SM2PrivateKey();
SM2PublicKey publicKey = new SM2PublicKey();
setKeyAttributes(label, PKCS11Constants.CKK_VENDOR_SM2, control, publicKey, privateKey);
return generateKeyPair(mech, privateKey, publicKey);
}
use of iaik.pkcs.pkcs11.objects.PublicKey in project xipki by xipki.
the class IaikP11Slot method generateKeyPair.
private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
final String label = toString(privateKey.getLabel());
byte[] id = null;
try {
KeyPair keypair;
Session session = borrowWritableSession();
try {
if (labelExists(session, label)) {
throw new IllegalArgumentException("label " + label + " exists, please specify another one");
}
id = generateKeyId(session);
privateKey.getId().setByteArrayValue(id);
publicKey.getId().setByteArrayValue(id);
try {
keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
} catch (TokenException ex) {
throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
}
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
java.security.PublicKey jcePublicKey;
try {
jcePublicKey = generatePublicKey(keypair.getPublicKey());
} catch (XiSecurityException ex) {
throw new P11TokenException("could not generate public key " + objId, ex);
}
PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
if (privateKey2 == null) {
throw new P11TokenException("could not read the generated private key");
}
return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
} finally {
returnWritableSession(session);
}
} catch (P11TokenException | RuntimeException ex) {
try {
removeObjects(id, label);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not remove objects");
}
throw ex;
}
}
use of iaik.pkcs.pkcs11.objects.PublicKey in project xipki by xipki.
the class IaikP11Slot method generateRSAKeypair0.
@Override
protected P11Identity generateRSAKeypair0(int keysize, BigInteger publicExponent, String label, P11NewKeyControl control) throws P11TokenException {
long mech = PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN;
assertMechanismSupported(mech);
RSAPrivateKey privateKey = new RSAPrivateKey();
RSAPublicKey publicKey = new RSAPublicKey();
setKeyAttributes(label, PKCS11Constants.CKK_RSA, control, publicKey, privateKey);
publicKey.getModulusBits().setLongValue((long) keysize);
if (publicExponent != null) {
publicKey.getPublicExponent().setByteArrayValue(publicExponent.toByteArray());
}
return generateKeyPair(mech, privateKey, publicKey);
}
use of iaik.pkcs.pkcs11.objects.PublicKey in project xipki by xipki.
the class IaikP11Slot method analyseSingleKey.
private void analyseSingleKey(Session session, PrivateKey privKey, P11SlotRefreshResult refreshResult) throws P11TokenException, XiSecurityException {
byte[] id = privKey.getId().getByteArrayValue();
java.security.PublicKey pubKey = null;
X509Cert cert = refreshResult.getCertForId(id);
if (cert != null) {
pubKey = cert.getCert().getPublicKey();
} else {
PublicKey p11PublicKey = getPublicKeyObject(session, id, null);
if (p11PublicKey == null) {
LOG.info("neither certificate nor public key for the key (" + hex(id) + " is available");
return;
}
pubKey = generatePublicKey(p11PublicKey);
}
P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(privKey.getLabel()));
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), privKey, pubKey, certs);
refreshResult.addIdentity(identity);
}
use of iaik.pkcs.pkcs11.objects.PublicKey in project xipki by xipki.
the class IaikP11Slot method removeIdentity0.
@Override
protected void removeIdentity0(P11ObjectIdentifier objectId) throws P11TokenException {
Session session = borrowWritableSession();
try {
byte[] id = objectId.getId();
char[] label = objectId.getLabelChars();
SecretKey secretKey = getSecretKeyObject(session, id, label);
if (secretKey != null) {
try {
session.destroyObject(secretKey);
} catch (TokenException ex) {
String msg = "could not delete secret key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
PrivateKey privKey = getPrivateKeyObject(session, id, label);
if (privKey != null) {
try {
session.destroyObject(privKey);
} catch (TokenException ex) {
String msg = "could not delete private key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
PublicKey pubKey = getPublicKeyObject(session, id, label);
if (pubKey != null) {
try {
session.destroyObject(pubKey);
} catch (TokenException ex) {
String msg = "could not delete public key " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
X509PublicKeyCertificate[] certs = getCertificateObjects(session, id, label);
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
try {
session.destroyObject(certs[i]);
} catch (TokenException ex) {
String msg = "could not delete certificate " + objectId;
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg);
}
}
}
} finally {
returnWritableSession(session);
}
}
Aggregations