use of iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate in project xipki by xipki.
the class IaikP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
Mechanism[] mechanisms;
try {
mechanisms = slot.getToken().getMechanismList();
} catch (TokenException ex) {
throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
}
P11SlotRefreshResult ret = new P11SlotRefreshResult();
if (mechanisms != null) {
for (Mechanism mech : mechanisms) {
ret.addMechanism(mech.getMechanismCode());
}
}
ConcurrentBagEntry<Session> session = borrowSession();
try {
// secret keys
List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
for (SecretKey secKey : secretKeys) {
byte[] keyId = secKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
continue;
}
analyseSingleKey(secKey, ret);
}
// first get the list of all CA certificates
List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
for (X509PublicKeyCertificate p11Cert : p11Certs) {
P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
ret.addCertificate(objId, parseCert(p11Cert));
}
List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
for (PrivateKey privKey : privKeys) {
byte[] keyId = privKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
break;
}
try {
analyseSingleKey(session.value(), privKey, ret);
} catch (XiSecurityException ex) {
LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
continue;
} catch (Throwable th) {
String label = "";
if (privKey.getLabel() != null) {
label = new String(privKey.getLabel().getCharArrayValue());
}
LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
continue;
}
}
return ret;
} finally {
sessions.requite(session);
}
}
use of iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate in project xipki by xipki.
the class IaikP11Slot method labelExists.
private static boolean labelExists(Session session, String keyLabel) throws P11TokenException {
ParamUtil.requireNonBlank("keyLabel", keyLabel);
Key key = new Key();
key.getLabel().setCharArrayValue(keyLabel.toCharArray());
Object[] objects;
try {
session.findObjectsInit(key);
objects = session.findObjects(1);
if (objects.length > 0) {
return true;
}
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
X509PublicKeyCertificate cert = new X509PublicKeyCertificate();
cert.getLabel().setCharArrayValue(keyLabel.toCharArray());
try {
session.findObjectsInit(cert);
objects = session.findObjects(1);
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
return objects.length > 0;
}
use of iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate in project xipki by xipki.
the class IaikP11Slot method removeObjects.
@Override
public int removeObjects(byte[] id, String label) throws P11TokenException {
if ((id == null || id.length == 0) && StringUtil.isBlank(label)) {
throw new IllegalArgumentException("at least one of id and label must not be null");
}
Key keyTemplate = new Key();
if (id != null && id.length > 0) {
keyTemplate.getId().setByteArrayValue(id);
}
if (StringUtil.isNotBlank(label)) {
keyTemplate.getLabel().setCharArrayValue(label.toCharArray());
}
String objIdDesc = getDescription(id, label);
int num = removeObjects(keyTemplate, "keys " + objIdDesc);
X509PublicKeyCertificate certTemplate = new X509PublicKeyCertificate();
if (id != null && id.length > 0) {
certTemplate.getId().setByteArrayValue(id);
}
if (StringUtil.isNotBlank(label)) {
certTemplate.getLabel().setCharArrayValue(label.toCharArray());
}
num += removeObjects(certTemplate, "certificates" + objIdDesc);
return num;
}
use of iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate in project xipki by xipki.
the class IaikP11Slot method idExists.
private static boolean idExists(Session session, byte[] keyId) throws P11TokenException {
Key key = new Key();
key.getId().setByteArrayValue(keyId);
Object[] objects;
try {
session.findObjectsInit(key);
objects = session.findObjects(1);
if (objects.length > 0) {
return true;
}
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
X509PublicKeyCertificate cert = new X509PublicKeyCertificate();
cert.getId().setByteArrayValue(keyId);
try {
session.findObjectsInit(cert);
objects = session.findObjects(1);
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
return objects.length > 0;
}
use of iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate in project xipki by xipki.
the class IaikP11Slot method getAllCertificateObjects.
private List<X509PublicKeyCertificate> getAllCertificateObjects(Session session) throws P11TokenException {
X509PublicKeyCertificate template = new X509PublicKeyCertificate();
List<Storage> tmpObjects = getObjects(session, template);
List<X509PublicKeyCertificate> certs = new ArrayList<>(tmpObjects.size());
for (PKCS11Object tmpObject : tmpObjects) {
X509PublicKeyCertificate cert = (X509PublicKeyCertificate) tmpObject;
certs.add(cert);
}
return certs;
}
Aggregations