use of org.xipki.security.pkcs11.P11ContentSignerBuilder in project xipki by xipki.
the class SignerFactoryRegisterImpl method newPkcs11Signer.
private ConcurrentContentSigner newPkcs11Signer(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
if (p11CryptServiceFactory == null) {
throw new ObjectCreationException("p11CryptServiceFactory is not set");
}
String str = conf.getConfValue("parallelism");
int parallelism = securityFactory.getDefaultSignerParallelism();
if (str != null) {
try {
parallelism = Integer.parseInt(str);
} catch (NumberFormatException ex) {
throw new ObjectCreationException("invalid parallelism " + str);
}
if (parallelism < 1) {
throw new ObjectCreationException("invalid parallelism " + str);
}
}
String moduleName = conf.getConfValue("module");
str = conf.getConfValue("slot");
Integer slotIndex = (str == null) ? null : Integer.parseInt(str);
str = conf.getConfValue("slot-id");
Long slotId = (str == null) ? null : Long.parseLong(str);
if ((slotIndex == null && slotId == null) || (slotIndex != null && slotId != null)) {
throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
}
String keyLabel = conf.getConfValue("key-label");
str = conf.getConfValue("key-id");
byte[] keyId = null;
if (str != null) {
keyId = Hex.decode(str);
}
if ((keyId == null && keyLabel == null) || (keyId != null && keyLabel != null)) {
throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
}
P11CryptService p11Service;
P11Slot slot;
try {
p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
P11Module module = p11Service.getModule();
P11SlotIdentifier p11SlotId;
if (slotId != null) {
p11SlotId = module.getSlotIdForId(slotId);
} else if (slotIndex != null) {
p11SlotId = module.getSlotIdForIndex(slotIndex);
} else {
throw new RuntimeException("should not reach here");
}
slot = module.getSlot(p11SlotId);
} catch (P11TokenException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
P11ObjectIdentifier p11ObjId = (keyId != null) ? slot.getObjectIdForId(keyId) : slot.getObjectIdForLabel(keyLabel);
if (p11ObjId == null) {
String str2 = (keyId != null) ? "id " + Hex.encode(keyId) : "label " + keyLabel;
throw new ObjectCreationException("cound not find identity with " + str2);
}
P11EntityIdentifier entityId = new P11EntityIdentifier(slot.getSlotId(), p11ObjId);
try {
AlgorithmIdentifier macAlgId = null;
String algoName = conf.getConfValue("algo");
if (algoName != null) {
try {
macAlgId = AlgorithmUtil.getMacAlgId(algoName);
} catch (NoSuchAlgorithmException ex) {
// do nothing
}
}
if (macAlgId != null) {
P11MacContentSignerBuilder signerBuilder = new P11MacContentSignerBuilder(p11Service, entityId);
return signerBuilder.createSigner(macAlgId, parallelism);
} else {
AlgorithmIdentifier signatureAlgId;
if (conf.getHashAlgo() == null) {
signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
} else {
PublicKey pubKey = slot.getIdentity(p11ObjId).getPublicKey();
signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
}
P11ContentSignerBuilder signerBuilder = new P11ContentSignerBuilder(p11Service, securityFactory, entityId, certificateChain);
return signerBuilder.createSigner(signatureAlgId, parallelism);
}
} catch (P11TokenException | NoSuchAlgorithmException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
}
Aggregations