Search in sources :

Example 11 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class IaikP11Slot method addCert0.

@Override
protected void addCert0(P11ObjectIdentifier objectId, X509Certificate cert) throws P11TokenException {
    X509PublicKeyCertificate newCaCertTemp = createPkcs11Template(new X509Cert(cert), objectId.getId(), objectId.getLabelChars());
    Session session = borrowWritableSession();
    try {
        session.createObject(newCaCertTemp);
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        returnWritableSession(session);
    }
}
Also used : X509Cert(org.xipki.security.X509Cert) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate) Session(iaik.pkcs.pkcs11.Session)

Example 12 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class IaikP11Slot method importSecretKey0.

@Override
protected P11Identity importSecretKey0(long keyType, byte[] keyValue, String label, P11NewKeyControl control) throws P11TokenException {
    ValuedSecretKey template = new ValuedSecretKey(keyType);
    template.getToken().setBooleanValue(true);
    template.getLabel().setCharArrayValue(label.toCharArray());
    template.getSign().setBooleanValue(true);
    template.getSensitive().setBooleanValue(true);
    template.getExtractable().setBooleanValue(control.isExtractable());
    template.getValue().setByteArrayValue(keyValue);
    SecretKey key;
    Session session = borrowWritableSession();
    try {
        if (labelExists(session, label)) {
            throw new IllegalArgumentException("label " + label + " exists, please specify another one");
        }
        byte[] id = generateKeyId(session);
        template.getId().setByteArrayValue(id);
        try {
            key = (SecretKey) session.createObject(template);
        } catch (TokenException ex) {
            throw new P11TokenException("could not create secret key", ex);
        }
        P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
        P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
        return new IaikP11Identity(this, entityId, key);
    } finally {
        returnWritableSession(session);
    }
}
Also used : ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey) SecretKey(iaik.pkcs.pkcs11.objects.SecretKey) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 13 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class IaikP11Slot method checkSessionLoggedIn.

private static boolean checkSessionLoggedIn(Session session) throws P11TokenException {
    SessionInfo info;
    try {
        info = session.getSessionInfo();
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    }
    if (LOG.isTraceEnabled()) {
        LOG.debug("SessionInfo: {}", info);
    }
    State state = info.getState();
    long deviceError = info.getDeviceError();
    LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError);
    boolean isRwSessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS);
    boolean isRoSessionLoggedIn = state.equals(State.RO_USER_FUNCTIONS);
    boolean sessionLoggedIn = ((isRoSessionLoggedIn || isRwSessionLoggedIn) && deviceError == 0);
    LOG.debug("sessionLoggedIn: {}", sessionLoggedIn);
    return sessionLoggedIn;
}
Also used : State(iaik.pkcs.pkcs11.State) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11TokenException(org.xipki.security.exception.P11TokenException) SessionInfo(iaik.pkcs.pkcs11.SessionInfo)

Example 14 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class ProxyP11Identity method sign0.

@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
    Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
    Asn1P11Params p11Param = null;
    if (parameters != null) {
        if (parameters instanceof P11RSAPkcsPssParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_RSA_PKCS_PSS, new Asn1RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
        } else if (parameters instanceof P11ByteArrayParams) {
            byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_OPAQUE, new DEROctetString(bytes));
        } else if (parameters instanceof P11IVParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
        } else {
            throw new IllegalArgumentException("unkown parameter 'parameters'");
        }
    }
    Asn1SignTemplate signTemplate = new Asn1SignTemplate(asn1EntityId, mechanism, p11Param, content);
    byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
    ASN1OctetString octetString;
    try {
        octetString = DEROctetString.getInstance(result);
    } catch (IllegalArgumentException ex) {
        throw new P11TokenException("the returned result is not OCTET STRING");
    }
    return (octetString == null) ? null : octetString.getOctets();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate) P11TokenException(org.xipki.security.exception.P11TokenException) Asn1RSAPkcsPssParams(org.xipki.p11proxy.msg.Asn1RSAPkcsPssParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) DEROctetString(org.bouncycastle.asn1.DEROctetString) P11IVParams(org.xipki.security.pkcs11.P11IVParams)

Example 15 with P11TokenException

use of org.xipki.security.exception.P11TokenException in project xipki by xipki.

the class ProxyP11Identity method digestSecretKey0.

@Override
protected byte[] digestSecretKey0(long mechanism) throws P11TokenException {
    Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
    Asn1DigestSecretKeyTemplate template = new Asn1DigestSecretKeyTemplate(asn1EntityId, mechanism);
    byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_DIGEST_SECRETKEY, template);
    ASN1OctetString octetString;
    try {
        octetString = DEROctetString.getInstance(result);
    } catch (IllegalArgumentException ex) {
        throw new P11TokenException("the returned result is not OCTET STRING");
    }
    return (octetString == null) ? null : octetString.getOctets();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) Asn1DigestSecretKeyTemplate(org.xipki.p11proxy.msg.Asn1DigestSecretKeyTemplate) P11TokenException(org.xipki.security.exception.P11TokenException)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)57 TokenException (iaik.pkcs.pkcs11.TokenException)16 XiSecurityException (org.xipki.security.exception.XiSecurityException)16 IOException (java.io.IOException)11 Session (iaik.pkcs.pkcs11.Session)10 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)10 ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)9 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)9 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)8 PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)8 RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)8 SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)8 DEROctetString (org.bouncycastle.asn1.DEROctetString)8 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)8 ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)7 DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)6 PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)6 RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)6