use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method sign.
byte[] sign(long mechanism, P11Params parameters, byte[] content, IaikP11Identity identity) throws P11TokenException {
ParamUtil.requireNonNull("content", content);
assertMechanismSupported(mechanism);
int len = content.length;
int expectedSignatureLen;
if (mechanism == PKCS11Constants.CKM_SHA_1_HMAC) {
expectedSignatureLen = 20;
} else if (mechanism == PKCS11Constants.CKM_SHA224_HMAC || mechanism == PKCS11Constants.CKM_SHA3_224) {
expectedSignatureLen = 28;
} else if (mechanism == PKCS11Constants.CKM_SHA256_HMAC || mechanism == PKCS11Constants.CKM_SHA3_256) {
expectedSignatureLen = 32;
} else if (mechanism == PKCS11Constants.CKM_SHA384_HMAC || mechanism == PKCS11Constants.CKM_SHA3_384) {
expectedSignatureLen = 48;
} else if (mechanism == PKCS11Constants.CKM_SHA512_HMAC || mechanism == PKCS11Constants.CKM_SHA3_512) {
expectedSignatureLen = 64;
} else if (mechanism == PKCS11Constants.CKM_VENDOR_SM2 || mechanism == PKCS11Constants.CKM_VENDOR_SM2_SM3) {
expectedSignatureLen = 32;
} else {
expectedSignatureLen = identity.getExpectedSignatureLen();
}
ConcurrentBagEntry<Session> session0 = borrowSession();
try {
Session session = session0.value();
if (len <= maxMessageSize) {
return singleSign(session, mechanism, parameters, content, identity);
}
Key signingKey = identity.getSigningKey();
Mechanism mechanismObj = getMechanism(mechanism, parameters);
if (LOG.isTraceEnabled()) {
LOG.debug("sign (init, update, then finish) with private key:\n{}", signingKey);
}
session.signInit(mechanismObj, signingKey);
for (int i = 0; i < len; i += maxMessageSize) {
int blockLen = Math.min(maxMessageSize, len - i);
// byte[] block = new byte[blockLen];
// System.arraycopy(content, i, block, 0, blockLen);
session.signUpdate(content, i, blockLen);
}
return session.signFinal(expectedSignatureLen);
} catch (TokenException ex) {
throw new P11TokenException(ex);
} finally {
sessions.requite(session0);
}
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method labelExists.
private static boolean labelExists(Session session, String keyLabel) throws P11TokenException {
ParamUtil.requireNonBlank("keyLabel", keyLabel);
Key key = new Key();
key.getLabel().setCharArrayValue(keyLabel.toCharArray());
Object[] objects;
try {
session.findObjectsInit(key);
objects = session.findObjects(1);
if (objects.length > 0) {
return true;
}
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
X509PublicKeyCertificate cert = new X509PublicKeyCertificate();
cert.getLabel().setCharArrayValue(keyLabel.toCharArray());
try {
session.findObjectsInit(cert);
objects = session.findObjects(1);
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
return objects.length > 0;
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method openSession.
private Session openSession(boolean rwSession) throws P11TokenException {
Session session;
try {
session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rwSession, null, null);
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
countSessions.incrementAndGet();
return session;
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method singleSign.
private byte[] singleSign(Session session, long mechanism, P11Params parameters, byte[] content, IaikP11Identity identity) throws P11TokenException {
Key signingKey = identity.getSigningKey();
Mechanism mechanismObj = getMechanism(mechanism, parameters);
if (LOG.isTraceEnabled()) {
LOG.debug("sign with signing key:\n{}", signingKey);
}
byte[] signature;
try {
session.signInit(mechanismObj, signingKey);
signature = session.sign(content);
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
if (LOG.isDebugEnabled()) {
LOG.debug("signature:\n{}", hex(signature));
}
return signature;
}
use of org.xipki.security.exception.P11TokenException in project xipki by xipki.
the class IaikP11Slot method idExists.
private static boolean idExists(Session session, byte[] keyId) throws P11TokenException {
Key key = new Key();
key.getId().setByteArrayValue(keyId);
Object[] objects;
try {
session.findObjectsInit(key);
objects = session.findObjects(1);
if (objects.length > 0) {
return true;
}
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
X509PublicKeyCertificate cert = new X509PublicKeyCertificate();
cert.getId().setByteArrayValue(keyId);
try {
session.findObjectsInit(cert);
objects = session.findObjects(1);
} catch (TokenException ex) {
throw new P11TokenException(ex.getMessage(), ex);
} finally {
try {
session.findObjectsFinal();
} catch (TokenException ex) {
LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
}
}
return objects.length > 0;
}
Aggregations