Search in sources :

Example 1 with P11ContentSignerBuilder

use of org.xipki.security.pkcs11.P11ContentSignerBuilder in project xipki by xipki.

the class SignerFactoryRegisterImpl method newPkcs11Signer.

private ConcurrentContentSigner newPkcs11Signer(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
    if (p11CryptServiceFactory == null) {
        throw new ObjectCreationException("p11CryptServiceFactory is not set");
    }
    String str = conf.getConfValue("parallelism");
    int parallelism = securityFactory.getDefaultSignerParallelism();
    if (str != null) {
        try {
            parallelism = Integer.parseInt(str);
        } catch (NumberFormatException ex) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
        if (parallelism < 1) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
    }
    String moduleName = conf.getConfValue("module");
    str = conf.getConfValue("slot");
    Integer slotIndex = (str == null) ? null : Integer.parseInt(str);
    str = conf.getConfValue("slot-id");
    Long slotId = (str == null) ? null : Long.parseLong(str);
    if ((slotIndex == null && slotId == null) || (slotIndex != null && slotId != null)) {
        throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
    }
    String keyLabel = conf.getConfValue("key-label");
    str = conf.getConfValue("key-id");
    byte[] keyId = null;
    if (str != null) {
        keyId = Hex.decode(str);
    }
    if ((keyId == null && keyLabel == null) || (keyId != null && keyLabel != null)) {
        throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
    }
    P11CryptService p11Service;
    P11Slot slot;
    try {
        p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
        P11Module module = p11Service.getModule();
        P11SlotIdentifier p11SlotId;
        if (slotId != null) {
            p11SlotId = module.getSlotIdForId(slotId);
        } else if (slotIndex != null) {
            p11SlotId = module.getSlotIdForIndex(slotIndex);
        } else {
            throw new RuntimeException("should not reach here");
        }
        slot = module.getSlot(p11SlotId);
    } catch (P11TokenException | XiSecurityException ex) {
        throw new ObjectCreationException(ex.getMessage(), ex);
    }
    P11ObjectIdentifier p11ObjId = (keyId != null) ? slot.getObjectIdForId(keyId) : slot.getObjectIdForLabel(keyLabel);
    if (p11ObjId == null) {
        String str2 = (keyId != null) ? "id " + Hex.encode(keyId) : "label " + keyLabel;
        throw new ObjectCreationException("cound not find identity with " + str2);
    }
    P11EntityIdentifier entityId = new P11EntityIdentifier(slot.getSlotId(), p11ObjId);
    try {
        AlgorithmIdentifier macAlgId = null;
        String algoName = conf.getConfValue("algo");
        if (algoName != null) {
            try {
                macAlgId = AlgorithmUtil.getMacAlgId(algoName);
            } catch (NoSuchAlgorithmException ex) {
            // do nothing
            }
        }
        if (macAlgId != null) {
            P11MacContentSignerBuilder signerBuilder = new P11MacContentSignerBuilder(p11Service, entityId);
            return signerBuilder.createSigner(macAlgId, parallelism);
        } else {
            AlgorithmIdentifier signatureAlgId;
            if (conf.getHashAlgo() == null) {
                signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
            } else {
                PublicKey pubKey = slot.getIdentity(p11ObjId).getPublicKey();
                signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
            }
            P11ContentSignerBuilder signerBuilder = new P11ContentSignerBuilder(p11Service, securityFactory, entityId, certificateChain);
            return signerBuilder.createSigner(signatureAlgId, parallelism);
        }
    } catch (P11TokenException | NoSuchAlgorithmException | XiSecurityException ex) {
        throw new ObjectCreationException(ex.getMessage(), ex);
    }
}
Also used : P11MacContentSignerBuilder(org.xipki.security.pkcs11.P11MacContentSignerBuilder) P11Module(org.xipki.security.pkcs11.P11Module) P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier) PublicKey(java.security.PublicKey) P11Slot(org.xipki.security.pkcs11.P11Slot) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) P11ContentSignerBuilder(org.xipki.security.pkcs11.P11ContentSignerBuilder) P11CryptService(org.xipki.security.pkcs11.P11CryptService) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) XiSecurityException(org.xipki.security.exception.XiSecurityException) ObjectCreationException(org.xipki.common.ObjectCreationException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Aggregations

NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PublicKey (java.security.PublicKey)1 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1 ObjectCreationException (org.xipki.common.ObjectCreationException)1 P11TokenException (org.xipki.security.exception.P11TokenException)1 XiSecurityException (org.xipki.security.exception.XiSecurityException)1 P11ContentSignerBuilder (org.xipki.security.pkcs11.P11ContentSignerBuilder)1 P11CryptService (org.xipki.security.pkcs11.P11CryptService)1 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)1 P11MacContentSignerBuilder (org.xipki.security.pkcs11.P11MacContentSignerBuilder)1 P11Module (org.xipki.security.pkcs11.P11Module)1 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)1 P11Slot (org.xipki.security.pkcs11.P11Slot)1 P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)1