use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.
the class ProxyP11Slot method addCert0.
@Override
protected void addCert0(P11ObjectIdentifier objectId, X509Certificate cert) throws P11TokenException, CertificateException {
Asn1EntityIdAndCert asn1 = new Asn1EntityIdAndCert(new P11EntityIdentifier(slotId, objectId), cert);
module.send(P11ProxyConstants.ACTION_ADD_CERT, asn1);
}
use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.
the class EmulatorP11Slot method saveP11Entity.
private P11Identity saveP11Entity(KeyPair keypair, String label) throws P11TokenException {
byte[] id = generateId();
savePkcs11PrivateKey(id, label, keypair.getPrivate());
savePkcs11PublicKey(id, label, keypair.getPublic());
P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label));
try {
return new EmulatorP11Identity(this, identityId, keypair.getPrivate(), keypair.getPublic(), null, maxSessions, random);
} catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException ex) {
throw new P11TokenException("could not construct KeyStoreP11Identity: " + ex.getMessage(), ex);
}
}
use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.
the class EmulatorP11Slot method saveP11Entity.
private P11Identity saveP11Entity(SecretKey key, String label) throws P11TokenException {
byte[] id = generateId();
savePkcs11SecretKey(id, label, key);
P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label));
return new EmulatorP11Identity(this, identityId, key, maxSessions, random);
}
use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.
the class EmulatorP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
P11SlotRefreshResult ret = new P11SlotRefreshResult();
for (long mech : supportedMechs) {
ret.addMechanism(mech);
}
// Secret Keys
File[] secKeyInfoFiles = secKeyDir.listFiles(INFO_FILENAME_FILTER);
if (secKeyInfoFiles != null && secKeyInfoFiles.length != 0) {
for (File secKeyInfoFile : secKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(secKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(secKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
byte[] encodedValue = IoUtil.read(new File(secKeyDir, hexId + VALUE_FILE_SUFFIX));
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new ByteArrayInputStream(encodedValue), password);
SecretKey key = null;
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (ks.isKeyEntry(alias)) {
key = (SecretKey) ks.getKey(alias, password);
break;
}
}
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), key, maxSessions, random);
LOG.info("added PKCS#11 secret key {}", p11ObjId);
ret.addIdentity(identity);
} catch (ClassCastException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
// Certificates
File[] certInfoFiles = certDir.listFiles(INFO_FILENAME_FILTER);
if (certInfoFiles != null) {
for (File infoFile : certInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(infoFile.getName());
Properties props = loadProperties(infoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
try {
X509Cert cert = readCertificate(id);
ret.addCertificate(objId, cert);
} catch (CertificateException | IOException ex) {
LOG.warn("could not parse certificate " + objId);
}
}
}
// Private / Public keys
File[] privKeyInfoFiles = privKeyDir.listFiles(INFO_FILENAME_FILTER);
if (privKeyInfoFiles != null && privKeyInfoFiles.length != 0) {
for (File privKeyInfoFile : privKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(privKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(privKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
X509Cert cert = ret.getCertForId(id);
java.security.PublicKey publicKey = (cert == null) ? readPublicKey(id) : cert.getCert().getPublicKey();
if (publicKey == null) {
LOG.warn("Neither public key nor certificate is associated with private key {}", p11ObjId);
continue;
}
byte[] encodedValue = IoUtil.read(new File(privKeyDir, hexId + VALUE_FILE_SUFFIX));
PKCS8EncryptedPrivateKeyInfo epki = new PKCS8EncryptedPrivateKeyInfo(encodedValue);
PrivateKey privateKey = privateKeyCryptor.decrypt(epki);
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), privateKey, publicKey, certs, maxSessions, random);
LOG.info("added PKCS#11 key {}", p11ObjId);
ret.addIdentity(identity);
} catch (InvalidKeyException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
return ret;
}
use of org.xipki.security.pkcs11.P11EntityIdentifier in project xipki by xipki.
the class IaikP11Slot method analyseSingleKey.
private void analyseSingleKey(SecretKey secretKey, P11SlotRefreshResult refreshResult) {
byte[] id = secretKey.getId().getByteArrayValue();
P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(secretKey.getLabel()));
IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), secretKey);
refreshResult.addIdentity(identity);
}
Aggregations