Search in sources :

Example 1 with P11ByteArrayParams

use of org.xipki.security.pkcs11.P11ByteArrayParams in project xipki by xipki.

the class P11ProxyResponder method processRequest.

/**
 * The request is constructed as follows:
 * <pre>
 * 0 - - - 1 - - - 2 - - - 3 - - - 4 - - - 5 - - - 6 - - - 7 - - - 8
 * |    Version    |        Transaction ID         |   Body ...    |
 * |   ... Length  |     Action    |   Module ID   |   Content...  |
 * |   .Content               | <-- 10 + Length (offset).
 *
 * </pre>
 */
byte[] processRequest(LocalP11CryptServicePool pool, byte[] request) {
    int reqLen = request.length;
    // TransactionID
    byte[] transactionId = new byte[4];
    if (reqLen > 5) {
        System.arraycopy(request, 2, transactionId, 0, 4);
    }
    // Action
    short action = P11ProxyConstants.ACTION_NOPE;
    if (reqLen > 11) {
        action = IoUtil.parseShort(request, 10);
    }
    if (reqLen < 14) {
        LOG.error("response too short");
        return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
    }
    // Version
    short version = IoUtil.parseShort(request, 0);
    if (!versions.contains(version)) {
        LOG.error("unsupported version {}", version);
        return getResp(P11ProxyConstants.VERSION_V1_0, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_VERSION);
    }
    // Length
    int reqBodyLen = IoUtil.parseInt(request, 6);
    if (reqBodyLen + 10 != reqLen) {
        LOG.error("message length unmatch");
        return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
    }
    short moduleId = IoUtil.parseShort(request, 12);
    int contentLen = reqLen - 14;
    byte[] content;
    if (contentLen == 0) {
        if (actionsRequireNonNullRequest.contains(action)) {
            LOG.error("content is not present but is required");
            return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
        }
        content = null;
    } else {
        if (actionsRequireNullRequest.contains(action)) {
            LOG.error("content is present but is not permitted");
            return getResp(version, transactionId, P11ProxyConstants.RC_BAD_REQUEST, action);
        }
        content = new byte[contentLen];
        System.arraycopy(request, 14, content, 0, contentLen);
    }
    P11CryptService p11CryptService = pool.getP11CryptService(moduleId);
    if (p11CryptService == null) {
        LOG.error("no module {} available", moduleId);
        return getResp(version, transactionId, P11ProxyConstants.RC_UNKNOWN_MODULE, action);
    }
    try {
        switch(action) {
            case P11ProxyConstants.ACTION_ADD_CERT:
                {
                    Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
                    X509Certificate cert = X509Util.toX509Cert(asn1.getCertificate());
                    slot.addCert(asn1.getEntityId().getObjectId().getObjectId(), cert);
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case P11ProxyConstants.ACTION_DIGEST_SECRETKEY:
                {
                    Asn1DigestSecretKeyTemplate template = Asn1DigestSecretKeyTemplate.getInstance(content);
                    long mechanism = template.getMechanism().getMechanism();
                    P11Identity identity = p11CryptService.getIdentity(template.getIdentityId().getEntityId());
                    byte[] hashValue = identity.digestSecretKey(mechanism);
                    ASN1Object obj = new DEROctetString(hashValue);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_DSA:
                {
                    Asn1GenDSAKeypairParams asn1 = Asn1GenDSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateDSAKeypair(asn1.getP(), asn1.getQ(), asn1.getG(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_EC:
                {
                    Asn1GenECKeypairParams asn1 = Asn1GenECKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateECKeypair(asn1.getCurveId().getId(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_RSA:
                {
                    Asn1GenRSAKeypairParams asn1 = Asn1GenRSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateRSAKeypair(asn1.getKeysize(), asn1.getPublicExponent(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_KEYPAIR_SM2:
                {
                    Asn1GenSM2KeypairParams asn1 = Asn1GenSM2KeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateSM2Keypair(asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GEN_SECRET_KEY:
                {
                    Asn1GenSecretKeyParams asn1 = Asn1GenSecretKeyParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.generateSecretKey(asn1.getKeyType(), asn1.getKeysize(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_CERT:
                {
                    P11EntityIdentifier entityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
                    X509Certificate cert = p11CryptService.getIdentity(entityId).getCertificate();
                    return getSuccessResp(version, transactionId, action, cert.getEncoded());
                }
            case P11ProxyConstants.ACTION_GET_CERT_IDS:
            case P11ProxyConstants.ACTION_GET_IDENTITY_IDS:
                {
                    Asn1P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content);
                    P11Slot slot = p11CryptService.getModule().getSlot(slotId.getSlotId());
                    Set<P11ObjectIdentifier> objectIds;
                    if (P11ProxyConstants.ACTION_GET_CERT_IDS == action) {
                        objectIds = slot.getCertIdentifiers();
                    } else {
                        objectIds = slot.getIdentityIdentifiers();
                    }
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                    for (P11ObjectIdentifier objectId : objectIds) {
                        vec.add(new Asn1P11ObjectIdentifier(objectId));
                    }
                    ASN1Object obj = new DERSequence(vec);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_MECHANISMS:
                {
                    P11SlotIdentifier slotId = Asn1P11SlotIdentifier.getInstance(content).getSlotId();
                    Set<Long> mechs = p11CryptService.getSlot(slotId).getMechanisms();
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                    for (Long mech : mechs) {
                        vec.add(new ASN1Integer(mech));
                    }
                    ASN1Object obj = new DERSequence(vec);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_PUBLICKEY:
                {
                    P11EntityIdentifier identityId = Asn1P11EntityIdentifier.getInstance(content).getEntityId();
                    PublicKey pubKey = p11CryptService.getIdentity(identityId).getPublicKey();
                    if (pubKey == null) {
                        throw new P11UnknownEntityException(identityId);
                    }
                    ASN1Object obj = KeyUtil.createSubjectPublicKeyInfo(pubKey);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_SERVER_CAPS:
                {
                    boolean readOnly = p11CryptService.getModule().isReadOnly();
                    ASN1Object obj = new Asn1ServerCaps(readOnly, versions);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_GET_SLOT_IDS:
                {
                    List<P11SlotIdentifier> slotIds = p11CryptService.getModule().getSlotIds();
                    ASN1EncodableVector vector = new ASN1EncodableVector();
                    for (P11SlotIdentifier slotId : slotIds) {
                        vector.add(new Asn1P11SlotIdentifier(slotId));
                    }
                    ASN1Object obj = new DERSequence(vector);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_IMPORT_SECRET_KEY:
                {
                    Asn1ImportSecretKeyParams asn1 = Asn1ImportSecretKeyParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.importSecretKey(asn1.getKeyType(), asn1.getKeyValue(), asn1.getLabel(), asn1.getControl());
                    ASN1Object obj = new Asn1P11EntityIdentifier(asn1.getSlotId(), keyId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_REMOVE_CERTS:
                {
                    Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1);
                    slot.removeCerts(asn1.getObjectId().getObjectId());
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case P11ProxyConstants.ACTION_REMOVE_IDENTITY:
                {
                    Asn1P11EntityIdentifier asn1 = Asn1P11EntityIdentifier.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1);
                    slot.removeIdentity(asn1.getObjectId().getObjectId());
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case P11ProxyConstants.ACTION_REMOVE_OBJECTS:
                {
                    Asn1RemoveObjectsParams asn1 = Asn1RemoveObjectsParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    int num = slot.removeObjects(asn1.getOjectId(), asn1.getObjectLabel());
                    ASN1Object obj = new ASN1Integer(num);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_SIGN:
                {
                    Asn1SignTemplate signTemplate = Asn1SignTemplate.getInstance(content);
                    long mechanism = signTemplate.getMechanism().getMechanism();
                    Asn1P11Params asn1Params = signTemplate.getMechanism().getParams();
                    P11Params params = null;
                    if (asn1Params != null) {
                        switch(asn1Params.getTagNo()) {
                            case Asn1P11Params.TAG_RSA_PKCS_PSS:
                                params = Asn1RSAPkcsPssParams.getInstance(asn1Params).getPkcsPssParams();
                                break;
                            case Asn1P11Params.TAG_OPAQUE:
                                params = new P11ByteArrayParams(ASN1OctetString.getInstance(asn1Params).getOctets());
                                break;
                            case Asn1P11Params.TAG_IV:
                                params = new P11IVParams(ASN1OctetString.getInstance(asn1Params).getOctets());
                                break;
                            default:
                                throw new BadAsn1ObjectException("unknown SignTemplate.params: unknown tag " + asn1Params.getTagNo());
                        }
                    }
                    byte[] message = signTemplate.getMessage();
                    P11Identity identity = p11CryptService.getIdentity(signTemplate.getIdentityId().getEntityId());
                    byte[] signature = identity.sign(mechanism, params, message);
                    ASN1Object obj = new DEROctetString(signature);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case P11ProxyConstants.ACTION_UPDATE_CERT:
                {
                    Asn1EntityIdAndCert asn1 = Asn1EntityIdAndCert.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getEntityId());
                    slot.updateCertificate(asn1.getEntityId().getObjectId().getObjectId(), X509Util.toX509Cert(asn1.getCertificate()));
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            default:
                {
                    LOG.error("unsupported XiPKI action code '{}'", action);
                    return getResp(version, transactionId, action, P11ProxyConstants.RC_UNSUPPORTED_ACTION);
                }
        }
    } catch (BadAsn1ObjectException ex) {
        LogUtil.error(LOG, ex, "could not process decode requested content (tid=" + Hex.encode(transactionId) + ")");
        return getResp(version, transactionId, action, P11ProxyConstants.RC_BAD_REQUEST);
    } catch (P11TokenException ex) {
        LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
        short rc;
        if (ex instanceof P11UnknownEntityException) {
            rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
        } else if (ex instanceof P11DuplicateEntityException) {
            rc = P11ProxyConstants.RC_DUPLICATE_ENTITY;
        } else if (ex instanceof P11UnsupportedMechanismException) {
            rc = P11ProxyConstants.RC_UNSUPPORTED_MECHANISM;
        } else {
            rc = P11ProxyConstants.RC_P11_TOKENERROR;
        }
        return getResp(version, transactionId, action, rc);
    } catch (XiSecurityException | CertificateException | InvalidKeyException ex) {
        LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
        return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
    } catch (Throwable th) {
        LogUtil.error(LOG, th, buildErrorMsg(action, transactionId));
        return getResp(version, transactionId, action, P11ProxyConstants.RC_INTERNAL_ERROR);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Asn1ServerCaps(org.xipki.p11proxy.msg.Asn1ServerCaps) P11TokenException(org.xipki.security.exception.P11TokenException) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) CertificateException(java.security.cert.CertificateException) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) P11Params(org.xipki.security.pkcs11.P11Params) Asn1RemoveObjectsParams(org.xipki.p11proxy.msg.Asn1RemoveObjectsParams) DEROctetString(org.bouncycastle.asn1.DEROctetString) P11DuplicateEntityException(org.xipki.security.exception.P11DuplicateEntityException) Asn1GenSecretKeyParams(org.xipki.p11proxy.msg.Asn1GenSecretKeyParams) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11UnknownEntityException(org.xipki.security.exception.P11UnknownEntityException) Asn1DigestSecretKeyTemplate(org.xipki.p11proxy.msg.Asn1DigestSecretKeyTemplate) Asn1GenDSAKeypairParams(org.xipki.p11proxy.msg.Asn1GenDSAKeypairParams) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) List(java.util.List) Asn1ImportSecretKeyParams(org.xipki.p11proxy.msg.Asn1ImportSecretKeyParams) ASN1Object(org.bouncycastle.asn1.ASN1Object) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier) P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier) PublicKey(java.security.PublicKey) Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate) P11Slot(org.xipki.security.pkcs11.P11Slot) Asn1P11ObjectIdentifier(org.xipki.p11proxy.msg.Asn1P11ObjectIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) P11Identity(org.xipki.security.pkcs11.P11Identity) InvalidKeyException(java.security.InvalidKeyException) P11CryptService(org.xipki.security.pkcs11.P11CryptService) X509Certificate(java.security.cert.X509Certificate) Asn1GenRSAKeypairParams(org.xipki.p11proxy.msg.Asn1GenRSAKeypairParams) Asn1EntityIdAndCert(org.xipki.p11proxy.msg.Asn1EntityIdAndCert) P11UnsupportedMechanismException(org.xipki.security.exception.P11UnsupportedMechanismException) Asn1GenSM2KeypairParams(org.xipki.p11proxy.msg.Asn1GenSM2KeypairParams) Asn1P11ObjectIdentifier(org.xipki.p11proxy.msg.Asn1P11ObjectIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Asn1GenECKeypairParams(org.xipki.p11proxy.msg.Asn1GenECKeypairParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier) BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)

Example 2 with P11ByteArrayParams

use of org.xipki.security.pkcs11.P11ByteArrayParams in project xipki by xipki.

the class ProxyP11Identity method sign0.

@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
    Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId);
    Asn1P11Params p11Param = null;
    if (parameters != null) {
        if (parameters instanceof P11RSAPkcsPssParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_RSA_PKCS_PSS, new Asn1RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
        } else if (parameters instanceof P11ByteArrayParams) {
            byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_OPAQUE, new DEROctetString(bytes));
        } else if (parameters instanceof P11IVParams) {
            p11Param = new Asn1P11Params(Asn1P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
        } else {
            throw new IllegalArgumentException("unkown parameter 'parameters'");
        }
    }
    Asn1SignTemplate signTemplate = new Asn1SignTemplate(asn1EntityId, mechanism, p11Param, content);
    byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
    ASN1OctetString octetString;
    try {
        octetString = DEROctetString.getInstance(result);
    } catch (IllegalArgumentException ex) {
        throw new P11TokenException("the returned result is not OCTET STRING");
    }
    return (octetString == null) ? null : octetString.getOctets();
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) Asn1P11Params(org.xipki.p11proxy.msg.Asn1P11Params) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) Asn1SignTemplate(org.xipki.p11proxy.msg.Asn1SignTemplate) P11TokenException(org.xipki.security.exception.P11TokenException) Asn1RSAPkcsPssParams(org.xipki.p11proxy.msg.Asn1RSAPkcsPssParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) DEROctetString(org.bouncycastle.asn1.DEROctetString) P11IVParams(org.xipki.security.pkcs11.P11IVParams)

Example 3 with P11ByteArrayParams

use of org.xipki.security.pkcs11.P11ByteArrayParams in project xipki by xipki.

the class P11SM3WithSM2SignatureSpi method engineInitSign.

@Override
protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
    if (!(privateKey instanceof P11PrivateKey)) {
        throw new InvalidKeyException("privateKey is not instanceof " + P11PrivateKey.class.getName());
    }
    this.signingKey = (P11PrivateKey) privateKey;
    if (!(signingKey.getPublicKey() instanceof ECPublicKey)) {
        throw new InvalidKeyException("only EC key is allowed");
    }
    ECPublicKey pubKey = (ECPublicKey) signingKey.getPublicKey();
    if (!GMUtil.isSm2primev2Curve(pubKey.getParams().getCurve())) {
        throw new InvalidKeyException("only EC key of curve sm2primev2 is allowed");
    }
    String algo = privateKey.getAlgorithm();
    if (!("EC".equals(algo) || "ECDSA".equals(algo))) {
        throw new InvalidKeyException("privateKey is not an EC private key: " + algo);
    }
    byte[] userId = (paramSpec == null) ? "1234567812345678".getBytes() : paramSpec.getId();
    if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2)) {
        mechanism = PKCS11Constants.CKM_VENDOR_SM2;
        outputStream = new DigestOutputStream(HashAlgo.SM3.createDigest());
        p11Params = null;
        ECPoint w = pubKey.getW();
        sm2Z = GMUtil.getSM2Z(userId, GMObjectIdentifiers.sm2p256v1, w.getAffineX(), w.getAffineY());
        try {
            outputStream.write(sm2Z, 0, sm2Z.length);
        } catch (IOException ex) {
            throw new InvalidKeyException("could not compute Z of SM2");
        }
    } else if (signingKey.supportsMechanism(PKCS11Constants.CKM_VENDOR_SM2_SM3)) {
        mechanism = PKCS11Constants.CKM_VENDOR_SM2_SM3;
        outputStream = new ByteArrayOutputStream();
        p11Params = new P11ByteArrayParams(userId);
    } else {
        throw new InvalidKeyException("privateKey and algorithm does not match");
    }
    this.signingKey = (P11PrivateKey) privateKey;
}
Also used : ECPublicKey(java.security.interfaces.ECPublicKey) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) DigestOutputStream(org.xipki.security.pkcs11.DigestOutputStream) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeyException(java.security.InvalidKeyException) ECPoint(java.security.spec.ECPoint)

Example 4 with P11ByteArrayParams

use of org.xipki.security.pkcs11.P11ByteArrayParams in project xipki by xipki.

the class IaikP11Slot method getMechanism.

private static Mechanism getMechanism(long mechanism, P11Params parameters) throws P11TokenException {
    Mechanism ret = Mechanism.get(mechanism);
    if (parameters == null) {
        return ret;
    }
    Params paramObj;
    if (parameters instanceof P11RSAPkcsPssParams) {
        P11RSAPkcsPssParams param = (P11RSAPkcsPssParams) parameters;
        paramObj = new RSAPkcsPssParams(Mechanism.get(param.getHashAlgorithm()), param.getMaskGenerationFunction(), param.getSaltLength());
    } else if (parameters instanceof P11ByteArrayParams) {
        paramObj = new OpaqueParams(((P11ByteArrayParams) parameters).getBytes());
    } else if (parameters instanceof P11IVParams) {
        paramObj = new IVParams(((P11IVParams) parameters).getIV());
    } else {
        throw new P11TokenException("unknown P11Parameters " + parameters.getClass().getName());
    }
    if (paramObj != null) {
        ret.setParams(paramObj);
    }
    return ret;
}
Also used : OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11TokenException(org.xipki.security.exception.P11TokenException) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11Params(org.xipki.security.pkcs11.P11Params) Params(iaik.pkcs.pkcs11.params.Params) OpaqueParams(iaik.pkcs.pkcs11.params.OpaqueParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) Mechanism(iaik.pkcs.pkcs11.Mechanism) P11IVParams(org.xipki.security.pkcs11.P11IVParams) IVParams(iaik.pkcs.pkcs11.params.IVParams) P11IVParams(org.xipki.security.pkcs11.P11IVParams) P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11RSAPkcsPssParams) RSAPkcsPssParams(iaik.pkcs.pkcs11.params.RSAPkcsPssParams)

Example 5 with P11ByteArrayParams

use of org.xipki.security.pkcs11.P11ByteArrayParams in project xipki by xipki.

the class EmulatorP11Identity method sm2Sign.

private byte[] sm2Sign(P11Params params, byte[] dataToSign, HashAlgo hash) throws P11TokenException {
    if (params == null) {
        throw new P11TokenException("userId must not be null");
    }
    byte[] userId;
    if (params instanceof P11ByteArrayParams) {
        userId = ((P11ByteArrayParams) params).getBytes();
    } else {
        throw new P11TokenException("params must be instanceof P11ByteArrayParams");
    }
    ConcurrentBagEntry<SM2Signer> sig0;
    try {
        sig0 = sm2Signers.borrow(5000, TimeUnit.MILLISECONDS);
    } catch (InterruptedException ex) {
        throw new P11TokenException("InterruptedException occurs while retrieving idle signature");
    }
    if (sig0 == null) {
        throw new P11TokenException("no idle SM2 Signer available");
    }
    try {
        SM2Signer sig = sig0.value();
        byte[] x962Signature = sig.generateSignatureForMessage(userId, dataToSign);
        return SignerUtil.dsaSigX962ToPlain(x962Signature, getSignatureKeyBitLength());
    } catch (CryptoException ex) {
        throw new P11TokenException("CryptoException: " + ex.getMessage(), ex);
    } catch (XiSecurityException ex) {
        throw new P11TokenException("XiSecurityException: " + ex.getMessage(), ex);
    } finally {
        sm2Signers.requite(sig0);
    }
}
Also used : XiSecurityException(org.xipki.security.exception.XiSecurityException) P11ByteArrayParams(org.xipki.security.pkcs11.P11ByteArrayParams) P11TokenException(org.xipki.security.exception.P11TokenException) CryptoException(org.bouncycastle.crypto.CryptoException)

Aggregations

P11ByteArrayParams (org.xipki.security.pkcs11.P11ByteArrayParams)5 P11TokenException (org.xipki.security.exception.P11TokenException)4 P11IVParams (org.xipki.security.pkcs11.P11IVParams)3 InvalidKeyException (java.security.InvalidKeyException)2 DEROctetString (org.bouncycastle.asn1.DEROctetString)2 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)2 Asn1P11Params (org.xipki.p11proxy.msg.Asn1P11Params)2 Asn1SignTemplate (org.xipki.p11proxy.msg.Asn1SignTemplate)2 XiSecurityException (org.xipki.security.exception.XiSecurityException)2 Mechanism (iaik.pkcs.pkcs11.Mechanism)1 IVParams (iaik.pkcs.pkcs11.params.IVParams)1 OpaqueParams (iaik.pkcs.pkcs11.params.OpaqueParams)1 Params (iaik.pkcs.pkcs11.params.Params)1 RSAPkcsPssParams (iaik.pkcs.pkcs11.params.RSAPkcsPssParams)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 PublicKey (java.security.PublicKey)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 ECPublicKey (java.security.interfaces.ECPublicKey)1