use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Module method getInstance.
public static P11Module getInstance(P11ModuleConf moduleConf) throws P11TokenException {
ParamUtil.requireNonNull("moduleConf", moduleConf);
Module module;
try {
module = Module.getInstance(moduleConf.getNativeLibrary());
} catch (IOException ex) {
final String msg = "could not load the PKCS#11 module " + moduleConf.getName();
LogUtil.error(LOG, ex, msg);
throw new P11TokenException(msg, ex);
}
try {
module.initialize(new DefaultInitializeArgs());
} catch (PKCS11Exception ex) {
if (ex.getErrorCode() != PKCS11Constants.CKR_CRYPTOKI_ALREADY_INITIALIZED) {
LogUtil.error(LOG, ex);
close(moduleConf.getName(), module);
throw new P11TokenException(ex.getMessage(), ex);
} else {
LOG.info("PKCS#11 module already initialized");
if (LOG.isInfoEnabled()) {
try {
LOG.info("pkcs11.getInfo():\n{}", module.getInfo());
} catch (TokenException e2) {
LOG.debug("module.getInfo()", e2);
}
}
}
} catch (Throwable th) {
LOG.error("unexpected Exception", th);
close(moduleConf.getName(), module);
throw new P11TokenException(th.getMessage());
}
return new IaikP11Module(module, moduleConf);
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method getMechanism.
private static Mechanism getMechanism(long mechanism, P11Params parameters) throws P11TokenException {
Mechanism ret = Mechanism.get(mechanism);
if (parameters == null) {
return ret;
}
Params paramObj;
if (parameters instanceof P11RSAPkcsPssParams) {
P11RSAPkcsPssParams param = (P11RSAPkcsPssParams) parameters;
paramObj = new RSAPkcsPssParams(Mechanism.get(param.getHashAlgorithm()), param.getMaskGenerationFunction(), param.getSaltLength());
} else if (parameters instanceof P11ByteArrayParams) {
paramObj = new OpaqueParams(((P11ByteArrayParams) parameters).getBytes());
} else if (parameters instanceof P11IVParams) {
paramObj = new IVParams(((P11IVParams) parameters).getIV());
} else {
throw new P11TokenException("unknown P11Parameters " + parameters.getClass().getName());
}
if (paramObj != null) {
ret.setParams(paramObj);
}
return ret;
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
Mechanism[] mechanisms;
try {
mechanisms = slot.getToken().getMechanismList();
} catch (TokenException ex) {
throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
}
P11SlotRefreshResult ret = new P11SlotRefreshResult();
if (mechanisms != null) {
for (Mechanism mech : mechanisms) {
ret.addMechanism(mech.getMechanismCode());
}
}
ConcurrentBagEntry<Session> session = borrowSession();
try {
// secret keys
List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
for (SecretKey secKey : secretKeys) {
byte[] keyId = secKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
continue;
}
analyseSingleKey(secKey, ret);
}
// first get the list of all CA certificates
List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
for (X509PublicKeyCertificate p11Cert : p11Certs) {
P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
ret.addCertificate(objId, parseCert(p11Cert));
}
List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
for (PrivateKey privKey : privKeys) {
byte[] keyId = privKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
break;
}
try {
analyseSingleKey(session.value(), privKey, ret);
} catch (XiSecurityException ex) {
LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
continue;
} catch (Throwable th) {
String label = "";
if (privKey.getLabel() != null) {
label = new String(privKey.getLabel().getCharArrayValue());
}
LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
continue;
}
}
return ret;
} finally {
sessions.requite(session);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method generateSecretKey0.
@Override
protected P11Identity generateSecretKey0(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException {
if (keysize % 8 != 0) {
throw new IllegalArgumentException("keysize is not multiple of 8: " + keysize);
}
long mech;
if (PKCS11Constants.CKK_AES == keyType) {
mech = PKCS11Constants.CKM_AES_KEY_GEN;
} else if (PKCS11Constants.CKK_DES3 == keyType) {
mech = PKCS11Constants.CKM_DES3_KEY_GEN;
} else if (PKCS11Constants.CKK_GENERIC_SECRET == keyType) {
mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
} else if (PKCS11Constants.CKK_SHA_1_HMAC == keyType || PKCS11Constants.CKK_SHA224_HMAC == keyType || PKCS11Constants.CKK_SHA256_HMAC == keyType || PKCS11Constants.CKK_SHA384_HMAC == keyType || PKCS11Constants.CKK_SHA512_HMAC == keyType || PKCS11Constants.CKK_SHA3_224_HMAC == keyType || PKCS11Constants.CKK_SHA3_256_HMAC == keyType || PKCS11Constants.CKK_SHA3_384_HMAC == keyType || PKCS11Constants.CKK_SHA3_512_HMAC == keyType) {
mech = PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN;
} else {
throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) keyType));
}
assertMechanismSupported(mech);
ValuedSecretKey template = new ValuedSecretKey(keyType);
template.getToken().setBooleanValue(true);
template.getLabel().setCharArrayValue(label.toCharArray());
template.getSign().setBooleanValue(true);
template.getSensitive().setBooleanValue(true);
template.getExtractable().setBooleanValue(control.isExtractable());
template.getValueLen().setLongValue((long) (keysize / 8));
Mechanism mechanism = Mechanism.get(mech);
SecretKey key;
Session session = borrowWritableSession();
try {
if (labelExists(session, label)) {
throw new IllegalArgumentException("label " + label + " exists, please specify another one");
}
byte[] id = generateKeyId(session);
template.getId().setByteArrayValue(id);
try {
key = (SecretKey) session.generateKey(mechanism, template);
} catch (TokenException ex) {
throw new P11TokenException("could not generate generic secret key using " + mechanism.getName(), ex);
}
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
return new IaikP11Identity(this, entityId, key);
} finally {
returnWritableSession(session);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method generateECKeypair0.
@Override
protected P11Identity generateECKeypair0(ASN1ObjectIdentifier curveId, String label, P11NewKeyControl control) throws P11TokenException {
long mech = PKCS11Constants.CKM_EC_KEY_PAIR_GEN;
assertMechanismSupported(mech);
ECPrivateKey privateKey = new ECPrivateKey();
ECPublicKey publicKey = new ECPublicKey();
setKeyAttributes(label, PKCS11Constants.CKK_EC, control, publicKey, privateKey);
byte[] encodedCurveId;
try {
encodedCurveId = curveId.getEncoded();
} catch (IOException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
try {
publicKey.getEcdsaParams().setByteArrayValue(encodedCurveId);
return generateKeyPair(mech, privateKey, publicKey);
} catch (P11TokenException ex) {
X9ECParameters ecParams = ECNamedCurveTable.getByOID(curveId);
if (ecParams == null) {
throw new IllegalArgumentException("could not get X9ECParameters for curve " + curveId.getId());
}
try {
publicKey.getEcdsaParams().setByteArrayValue(ecParams.getEncoded());
} catch (IOException ex2) {
throw new P11TokenException(ex.getMessage(), ex);
}
return generateKeyPair(mech, privateKey, publicKey);
}
}
Aggregations