Search in sources :

Example 11 with P11EntityIdentifier

use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.

the class ProxyP11Slot method addCert0.

@Override
protected void addCert0(P11ObjectIdentifier objectId, X509Certificate cert) throws P11TokenException, CertificateException {
    Asn1EntityIdAndCert asn1 = new Asn1EntityIdAndCert(new P11EntityIdentifier(slotId, objectId), cert);
    module.send(P11ProxyConstants.ACTION_ADD_CERT, asn1);
}
Also used : Asn1EntityIdAndCert(org.xipki.p11proxy.msg.Asn1EntityIdAndCert) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)

Example 12 with P11EntityIdentifier

use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.

the class EmulatorP11Slot method saveP11Entity.

private P11Identity saveP11Entity(KeyPair keypair, String label) throws P11TokenException {
    byte[] id = generateId();
    savePkcs11PrivateKey(id, label, keypair.getPrivate());
    savePkcs11PublicKey(id, label, keypair.getPublic());
    P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label));
    try {
        return new EmulatorP11Identity(this, identityId, keypair.getPrivate(), keypair.getPublic(), null, maxSessions, random);
    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException ex) {
        throw new P11TokenException("could not construct KeyStoreP11Identity: " + ex.getMessage(), ex);
    }
}
Also used : P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 13 with P11EntityIdentifier

use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.

the class EmulatorP11Slot method saveP11Entity.

private P11Identity saveP11Entity(SecretKey key, String label) throws P11TokenException {
    byte[] id = generateId();
    savePkcs11SecretKey(id, label, key);
    P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label));
    return new EmulatorP11Identity(this, identityId, key, maxSessions, random);
}
Also used : P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 14 with P11EntityIdentifier

use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.

the class EmulatorP11Slot method refresh0.

@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
    P11SlotRefreshResult ret = new P11SlotRefreshResult();
    for (long mech : supportedMechs) {
        ret.addMechanism(mech);
    }
    // Secret Keys
    File[] secKeyInfoFiles = secKeyDir.listFiles(INFO_FILENAME_FILTER);
    if (secKeyInfoFiles != null && secKeyInfoFiles.length != 0) {
        for (File secKeyInfoFile : secKeyInfoFiles) {
            byte[] id = getKeyIdFromInfoFilename(secKeyInfoFile.getName());
            String hexId = hex(id);
            try {
                Properties props = loadProperties(secKeyInfoFile);
                String label = props.getProperty(PROP_LABEL);
                P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
                byte[] encodedValue = IoUtil.read(new File(secKeyDir, hexId + VALUE_FILE_SUFFIX));
                KeyStore ks = KeyStore.getInstance("JCEKS");
                ks.load(new ByteArrayInputStream(encodedValue), password);
                SecretKey key = null;
                Enumeration<String> aliases = ks.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    if (ks.isKeyEntry(alias)) {
                        key = (SecretKey) ks.getKey(alias, password);
                        break;
                    }
                }
                EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), key, maxSessions, random);
                LOG.info("added PKCS#11 secret key {}", p11ObjId);
                ret.addIdentity(identity);
            } catch (ClassCastException ex) {
                LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
                continue;
            } catch (Throwable th) {
                LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
                continue;
            }
        }
    }
    // Certificates
    File[] certInfoFiles = certDir.listFiles(INFO_FILENAME_FILTER);
    if (certInfoFiles != null) {
        for (File infoFile : certInfoFiles) {
            byte[] id = getKeyIdFromInfoFilename(infoFile.getName());
            Properties props = loadProperties(infoFile);
            String label = props.getProperty(PROP_LABEL);
            P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
            try {
                X509Cert cert = readCertificate(id);
                ret.addCertificate(objId, cert);
            } catch (CertificateException | IOException ex) {
                LOG.warn("could not parse certificate " + objId);
            }
        }
    }
    // Private / Public keys
    File[] privKeyInfoFiles = privKeyDir.listFiles(INFO_FILENAME_FILTER);
    if (privKeyInfoFiles != null && privKeyInfoFiles.length != 0) {
        for (File privKeyInfoFile : privKeyInfoFiles) {
            byte[] id = getKeyIdFromInfoFilename(privKeyInfoFile.getName());
            String hexId = hex(id);
            try {
                Properties props = loadProperties(privKeyInfoFile);
                String label = props.getProperty(PROP_LABEL);
                P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
                X509Cert cert = ret.getCertForId(id);
                java.security.PublicKey publicKey = (cert == null) ? readPublicKey(id) : cert.getCert().getPublicKey();
                if (publicKey == null) {
                    LOG.warn("Neither public key nor certificate is associated with private key {}", p11ObjId);
                    continue;
                }
                byte[] encodedValue = IoUtil.read(new File(privKeyDir, hexId + VALUE_FILE_SUFFIX));
                PKCS8EncryptedPrivateKeyInfo epki = new PKCS8EncryptedPrivateKeyInfo(encodedValue);
                PrivateKey privateKey = privateKeyCryptor.decrypt(epki);
                X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
                EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), privateKey, publicKey, certs, maxSessions, random);
                LOG.info("added PKCS#11 key {}", p11ObjId);
                ret.addIdentity(identity);
            } catch (InvalidKeyException ex) {
                LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
                continue;
            } catch (Throwable th) {
                LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
                continue;
            }
        }
    }
    return ret;
}
Also used : PrivateKey(java.security.PrivateKey) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) CertificateException(java.security.cert.CertificateException) DEROctetString(org.bouncycastle.asn1.DEROctetString) Properties(java.util.Properties) X509Cert(org.xipki.security.X509Cert) PublicKey(java.security.PublicKey) IOException(java.io.IOException) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) InvalidKeyException(java.security.InvalidKeyException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult) ByteArrayInputStream(java.io.ByteArrayInputStream) File(java.io.File) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 15 with P11EntityIdentifier

use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.

the class IaikP11Slot method analyseSingleKey.

private void analyseSingleKey(SecretKey secretKey, P11SlotRefreshResult refreshResult) {
    byte[] id = secretKey.getId().getByteArrayValue();
    P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(secretKey.getLabel()));
    IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), secretKey);
    refreshResult.addIdentity(identity);
}
Also used : P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Aggregations

P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)17 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)11 P11TokenException (org.xipki.security.exception.P11TokenException)10 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)8 PublicKey (java.security.PublicKey)5 X509Certificate (java.security.cert.X509Certificate)4 X509Cert (org.xipki.security.X509Cert)4 Session (iaik.pkcs.pkcs11.Session)3 TokenException (iaik.pkcs.pkcs11.TokenException)3 InvalidKeyException (java.security.InvalidKeyException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 DEROctetString (org.bouncycastle.asn1.DEROctetString)3 Asn1EntityIdAndCert (org.xipki.p11proxy.msg.Asn1EntityIdAndCert)3 BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)3 XiSecurityException (org.xipki.security.exception.XiSecurityException)3 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)2 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)2 P11SlotRefreshResult (org.xipki.security.pkcs11.P11SlotRefreshResult)2 Mechanism (iaik.pkcs.pkcs11.Mechanism)1