Search in sources :

Example 1 with SecretKey

use of iaik.pkcs.pkcs11.objects.SecretKey in project xipki by xipki.

the class IaikP11Slot method getAllSecretKeyObjects.

private List<SecretKey> getAllSecretKeyObjects(Session session) throws P11TokenException {
    SecretKey template = new SecretKey();
    List<Storage> tmpObjects = getObjects(session, template);
    if (CollectionUtil.isEmpty(tmpObjects)) {
        return Collections.emptyList();
    }
    final int n = tmpObjects.size();
    LOG.info("found {} private keys", n);
    List<SecretKey> keys = new ArrayList<>(n);
    for (Storage tmpObject : tmpObjects) {
        SecretKey key = (SecretKey) tmpObject;
        keys.add(key);
    }
    return keys;
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) Storage(iaik.pkcs.pkcs11.objects.Storage) ArrayList(java.util.ArrayList)

Example 2 with SecretKey

use of iaik.pkcs.pkcs11.objects.SecretKey in project xipki by xipki.

the class IaikP11Slot method digestKey.

byte[] digestKey(long mechanism, IaikP11Identity identity) throws P11TokenException {
    ParamUtil.requireNonNull("identity", identity);
    assertMechanismSupported(mechanism);
    Key signingKey = identity.getSigningKey();
    if (!(signingKey instanceof SecretKey)) {
        throw new P11TokenException("digestSecretKey could not be applied to non-SecretKey");
    }
    if (LOG.isTraceEnabled()) {
        LOG.debug("digest (init, digestKey, then finish)\n{}", signingKey);
    }
    int digestLen;
    if (PKCS11Constants.CKM_SHA_1 == mechanism) {
        digestLen = 20;
    } else if (PKCS11Constants.CKM_SHA224 == mechanism || PKCS11Constants.CKM_SHA3_224 == mechanism) {
        digestLen = 28;
    } else if (PKCS11Constants.CKM_SHA256 == mechanism || PKCS11Constants.CKM_SHA3_256 == mechanism) {
        digestLen = 32;
    } else if (PKCS11Constants.CKM_SHA384 == mechanism || PKCS11Constants.CKM_SHA3_384 == mechanism) {
        digestLen = 48;
    } else if (PKCS11Constants.CKM_SHA512 == mechanism || PKCS11Constants.CKM_SHA3_512 == mechanism) {
        digestLen = 64;
    } else {
        throw new P11TokenException("unsupported mechnism " + mechanism);
    }
    ConcurrentBagEntry<Session> session0 = borrowSession();
    try {
        Session session = session0.value();
        session.digestInit(Mechanism.get(mechanism));
        session.digestKey((SecretKey) signingKey);
        byte[] digest = new byte[digestLen];
        session.digestFinal(digest, 0, digestLen);
        return digest;
    } catch (TokenException ex) {
        throw new P11TokenException(ex);
    } finally {
        sessions.requite(session0);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) Key(iaik.pkcs.pkcs11.objects.Key) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) Session(iaik.pkcs.pkcs11.Session)

Example 3 with SecretKey

use of iaik.pkcs.pkcs11.objects.SecretKey in project xipki by xipki.

the class IaikP11Slot method removeIdentity0.

@Override
protected void removeIdentity0(P11ObjectIdentifier objectId) throws P11TokenException {
    Session session = borrowWritableSession();
    try {
        byte[] id = objectId.getId();
        char[] label = objectId.getLabelChars();
        SecretKey secretKey = getSecretKeyObject(session, id, label);
        if (secretKey != null) {
            try {
                session.destroyObject(secretKey);
            } catch (TokenException ex) {
                String msg = "could not delete secret key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        PrivateKey privKey = getPrivateKeyObject(session, id, label);
        if (privKey != null) {
            try {
                session.destroyObject(privKey);
            } catch (TokenException ex) {
                String msg = "could not delete private key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        PublicKey pubKey = getPublicKeyObject(session, id, label);
        if (pubKey != null) {
            try {
                session.destroyObject(pubKey);
            } catch (TokenException ex) {
                String msg = "could not delete public key " + objectId;
                LogUtil.error(LOG, ex, msg);
                throw new P11TokenException(msg);
            }
        }
        X509PublicKeyCertificate[] certs = getCertificateObjects(session, id, label);
        if (certs != null && certs.length > 0) {
            for (int i = 0; i < certs.length; i++) {
                try {
                    session.destroyObject(certs[i]);
                } catch (TokenException ex) {
                    String msg = "could not delete certificate " + objectId;
                    LogUtil.error(LOG, ex, msg);
                    throw new P11TokenException(msg);
                }
            }
        }
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) DEROctetString(org.bouncycastle.asn1.DEROctetString) Session(iaik.pkcs.pkcs11.Session)

Example 4 with SecretKey

use of iaik.pkcs.pkcs11.objects.SecretKey in project xipki by xipki.

the class IaikP11Slot method importSecretKey0.

@Override
protected P11Identity importSecretKey0(long keyType, byte[] keyValue, String label, P11NewKeyControl control) throws P11TokenException {
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValue().setByteArrayValue(keyValue);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.createObject(template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not create secret key", ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 5 with SecretKey

use of iaik.pkcs.pkcs11.objects.SecretKey in project xipki by xipki.

the class IaikP11Slot method refresh0.

@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
    Mechanism[] mechanisms;
    try {
        mechanisms = slot.getToken().getMechanismList();
    } catch (TokenException ex) {
        throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
    }
    P11SlotRefreshResult ret = new P11SlotRefreshResult();
    if (mechanisms != null) {
        for (Mechanism mech : mechanisms) {
            ret.addMechanism(mech.getMechanismCode());
        }
    }
    ConcurrentBagEntry<Session> session = borrowSession();
    try {
        // secret keys
        List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
        for (SecretKey secKey : secretKeys) {
            byte[] keyId = secKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                continue;
            }
            analyseSingleKey(secKey, ret);
        }
        // first get the list of all CA certificates
        List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
        for (X509PublicKeyCertificate p11Cert : p11Certs) {
            P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
            ret.addCertificate(objId, parseCert(p11Cert));
        }
        List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
        for (PrivateKey privKey : privKeys) {
            byte[] keyId = privKey.getId().getByteArrayValue();
            if (keyId == null || keyId.length == 0) {
                break;
            }
            try {
                analyseSingleKey(session.value(), privKey, ret);
            } catch (XiSecurityException ex) {
                LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
                continue;
            } catch (Throwable th) {
                String label = "";
                if (privKey.getLabel() != null) {
                    label = new String(privKey.getLabel().getCharArrayValue());
                }
                LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
                continue;
            }
        }
        return ret;
    } finally {
        sessions.requite(session);
    }
}
Also used : RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) P11TokenException(org.xipki.security.exception.P11TokenException) DEROctetString(org.bouncycastle.asn1.DEROctetString) Mechanism(iaik.pkcs.pkcs11.Mechanism) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Aggregations

SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)6 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)6 Session (iaik.pkcs.pkcs11.Session)5 TokenException (iaik.pkcs.pkcs11.TokenException)5 P11TokenException (org.xipki.security.exception.P11TokenException)5 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)3 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)3 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)3 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)3 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)3 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)3 Mechanism (iaik.pkcs.pkcs11.Mechanism)2 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)2 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)2 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)2 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)2 SM2PublicKey (iaik.pkcs.pkcs11.objects.SM2PublicKey)2 X509PublicKeyCertificate (iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)2 DEROctetString (org.bouncycastle.asn1.DEROctetString)2 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)2