Example 16 with P11TokenException
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class ProxyP11Module method send.
// method send
/**
* The request is constructed as follows.
* <pre>
* 0 - - - 1 - - - 2 - - - 3 - - - 4 - - - 5 - - - 6 - - - 7 - - - 8
* | Version | Transaction ID | Body ... |
* | ... Length | Action | Module ID | Content... |
* | .Content | <-- 10 + Length (offset).
*
* </pre>
* @param action action
* @param content content
* @return result.
* @throws P11TokenException If error occurred.
*/
public byte[] send(short action, ASN1Object content) throws P11TokenException {
byte[] encodedContent;
if (content == null) {
encodedContent = null;
} else {
try {
encodedContent = content.getEncoded();
} catch (IOException ex) {
throw new P11TokenException("could encode the content", ex);
}
}
int bodyLen = 4;
if (encodedContent != null) {
bodyLen += encodedContent.length;
}
byte[] request = new byte[10 + bodyLen];
// version
IoUtil.writeShort(version, request, 0);
// transaction id
byte[] transactionId = randomTransactionId();
System.arraycopy(transactionId, 0, request, 2, 4);
// length
IoUtil.writeInt(bodyLen, request, 6);
// action
IoUtil.writeShort(action, request, 10);
// module ID
IoUtil.writeShort(moduleId, request, 12);
// content
if (encodedContent != null) {
System.arraycopy(encodedContent, 0, request, 14, encodedContent.length);
}
byte[] response;
try {
response = send(request);
} catch (IOException ex) {
final String msg = "could not send the request";
LOG.error(msg + " {}", request);
throw new P11TokenException(msg + ": " + ex.getMessage(), ex);
}
int respLen = response.length;
if (respLen < 12) {
throw new P11TokenException("response too short");
}
// Length
int respBodyLen = IoUtil.parseInt(response, 6);
if (respBodyLen + 10 != respLen) {
throw new P11TokenException("message lengt unmatch");
}
// RC
short rc = IoUtil.parseShort(response, 10);
if (rc != 0) {
throw new P11TokenException("server returned RC " + P11ProxyConstants.getReturnCodeName(rc));
}
// Version
short respVersion = IoUtil.parseShort(response, 0);
if (version != respVersion) {
throw new P11TokenException("version of response and request unmatch");
}
// TransactionID
if (!equals(transactionId, response, 2)) {
throw new P11TokenException("version of response and request unmatch");
}
if (respLen < 14) {
throw new P11TokenException("too short successful response");
}
short respAction = IoUtil.parseShort(response, 12);
if (action != respAction) {
throw new P11TokenException("action of response and request unmatch");
}
int respContentLen = respLen - 14;
if (respContentLen == 0) {
return null;
}
byte[] respContent = new byte[respContentLen];
System.arraycopy(response, 14, respContent, 0, respContentLen);
return respContent;
}
Also used :
P11TokenException(org.xipki.security.exception.P11TokenException)
IOException(java.io.IOException)
Example 17 with P11TokenException
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class ProxyP11Module method refresh.
public void refresh() throws P11TokenException {
byte[] resp = send(P11ProxyConstants.ACTION_GET_SERVER_CAPS, null);
Asn1ServerCaps caps;
try {
caps = Asn1ServerCaps.getInstance(resp);
} catch (BadAsn1ObjectException ex) {
throw new P11TokenException("response is a valid Asn1ServerCaps", ex);
}
if (!caps.getVersions().contains(version)) {
throw new P11TokenException("Server does not support any version supported by the client");
}
this.readOnly = caps.isReadOnly();
resp = send(P11ProxyConstants.ACTION_GET_SLOT_IDS, null);
ASN1Sequence seq;
try {
seq = ASN1Sequence.getInstance(resp);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("response is not ASN1Sequence", ex);
}
final int n = seq.size();
Set<P11Slot> slots = new HashSet<>();
for (int i = 0; i < n; i++) {
Asn1P11SlotIdentifier asn1SlotId;
try {
ASN1Encodable obj = seq.getObjectAt(i);
asn1SlotId = Asn1P11SlotIdentifier.getInstance(obj);
} catch (Exception ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
P11SlotIdentifier slotId = asn1SlotId.getSlotId();
if (!conf.isSlotIncluded(slotId)) {
continue;
}
if (!conf.isSlotIncluded(slotId)) {
LOG.info("skipped slot {}", slotId);
continue;
}
P11Slot slot = new ProxyP11Slot(this, slotId, conf.isReadOnly(), conf.getP11MechanismFilter());
slots.add(slot);
}
setSlots(slots);
}
Also used :
Asn1ServerCaps(org.xipki.p11proxy.msg.Asn1ServerCaps)
Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11Slot(org.xipki.security.pkcs11.P11Slot)
P11TokenException(org.xipki.security.exception.P11TokenException)
BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)
HashSet(java.util.HashSet)
Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)
Example 18 with P11TokenException
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class ProxyP11Slot method getCertificate.
private X509Cert getCertificate(P11ObjectIdentifier certId) throws P11TokenException {
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, certId);
byte[] resp = module.send(P11ProxyConstants.ACTION_GET_CERT, new Asn1P11EntityIdentifier(entityId));
if (resp == null) {
return null;
}
try {
return new X509Cert(X509Util.parseCert(resp), resp);
} catch (CertificateException ex) {
throw new P11TokenException("could not parse certificate:" + ex.getMessage(), ex);
}
}
Also used :
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
X509Cert(org.xipki.security.X509Cert)
P11TokenException(org.xipki.security.exception.P11TokenException)
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
CertificateException(java.security.cert.CertificateException)
Example 19 with P11TokenException
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class ProxyP11Slot method parseGenerateKeypairResult.
private P11Identity parseGenerateKeypairResult(byte[] resp) throws P11TokenException {
if (resp == null) {
throw new P11TokenException("server returned no result");
}
Asn1P11EntityIdentifier ei;
try {
ei = Asn1P11EntityIdentifier.getInstance(resp);
} catch (BadAsn1ObjectException ex) {
throw new P11TokenException("invalid ASN1 object Asn1P11EntityIdentifier: " + ex.getMessage(), ex);
}
if (!slotId.equals(ei.getSlotId().getSlotId())) {
throw new P11TokenException("");
}
P11EntityIdentifier entityId = ei.getEntityId();
PublicKey publicKey = getPublicKey(entityId.getObjectId());
return new ProxyP11Identity(this, entityId, publicKey, null);
}
Also used :
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
PublicKey(java.security.PublicKey)
P11TokenException(org.xipki.security.exception.P11TokenException)
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)
Example 20 with P11TokenException
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class ProxyP11Slot method parseGenerateSecretKeyResult.
private P11Identity parseGenerateSecretKeyResult(byte[] resp) throws P11TokenException {
if (resp == null) {
throw new P11TokenException("server returned no result");
}
Asn1P11EntityIdentifier ei;
try {
ei = Asn1P11EntityIdentifier.getInstance(resp);
} catch (BadAsn1ObjectException ex) {
throw new P11TokenException("invalid ASN1 object Asn1P11EntityIdentifier: " + ex.getMessage(), ex);
}
if (!slotId.equals(ei.getSlotId().getSlotId())) {
throw new P11TokenException("");
}
P11EntityIdentifier entityId = ei.getEntityId();
return new ProxyP11Identity(this, entityId);
}
Also used :
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
P11TokenException(org.xipki.security.exception.P11TokenException)
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)
Aggregations
P11TokenException (org.xipki.security.exception.P11TokenException)57
TokenException (iaik.pkcs.pkcs11.TokenException)16
XiSecurityException (org.xipki.security.exception.XiSecurityException)16
IOException (java.io.IOException)11
Session (iaik.pkcs.pkcs11.Session)10
P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)10
ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)9
SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)9
ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)8
PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)8
RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)8
SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)8
DEROctetString (org.bouncycastle.asn1.DEROctetString)8
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)8
ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)7
DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)6
PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)6
RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)6
