Search in sources :

Example 6 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class P11CertExportCmd method execute0.

@Override
protected Object execute0() throws Exception {
    P11Slot slot = getSlot();
    P11ObjectIdentifier objIdentifier = getObjectIdentifier();
    X509Certificate cert = slot.exportCert(objIdentifier);
    if (cert == null) {
        throw new CmdFailure("could not export certificate " + objIdentifier);
    }
    saveVerbose("saved certificate to file", new File(outFile), cert.getEncoded());
    return null;
}
Also used : CmdFailure(org.xipki.console.karaf.CmdFailure) P11Slot(org.xipki.security.pkcs11.P11Slot) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 7 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class P11ECKeyGenCmd method execute0.

@Override
protected Object execute0() throws Exception {
    P11Slot slot = getSlot();
    P11ObjectIdentifier objId = slot.generateECKeypair(curveName, label, getControl());
    finalize("EC", objId);
    return null;
}
Also used : P11Slot(org.xipki.security.pkcs11.P11Slot) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 8 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class P11DSAKeyGenCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (plen % 1024 != 0) {
        throw new IllegalCmdParamException("plen is not multiple of 1024: " + plen);
    }
    if (qlen == null) {
        if (plen <= 1024) {
            qlen = 160;
        } else if (plen <= 2048) {
            qlen = 224;
        } else {
            qlen = 256;
        }
    }
    P11Slot slot = getSlot();
    P11ObjectIdentifier objId = slot.generateDSAKeypair(plen, qlen, label, getControl());
    finalize("DSA", objId);
    return null;
}
Also used : P11Slot(org.xipki.security.pkcs11.P11Slot) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 9 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class IaikP11Slot method generateKeyPair.

private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
    final String label = toString(privateKey.getLabel());
    byte[] id = null;
    try {
        KeyPair keypair;
        Session session = borrowWritableSession();
        try {
            if (labelExists(session, label)) {
                throw new IllegalArgumentException("label " + label + " exists, please specify another one");
            }
            id = generateKeyId(session);
            privateKey.getId().setByteArrayValue(id);
            publicKey.getId().setByteArrayValue(id);
            try {
                keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
            } catch (TokenException ex) {
                throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
            }
            P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
            P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
            java.security.PublicKey jcePublicKey;
            try {
                jcePublicKey = generatePublicKey(keypair.getPublicKey());
            } catch (XiSecurityException ex) {
                throw new P11TokenException("could not generate public key " + objId, ex);
            }
            PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
            if (privateKey2 == null) {
                throw new P11TokenException("could not read the generated private key");
            }
            return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
        } finally {
            returnWritableSession(session);
        }
    } catch (P11TokenException | RuntimeException ex) {
        try {
            removeObjects(id, label);
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not remove objects");
        }
        throw ex;
    }
}
Also used : KeyPair(iaik.pkcs.pkcs11.objects.KeyPair) RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey) ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey) SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey) PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey) DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey) P11TokenException(org.xipki.security.exception.P11TokenException) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) DEROctetString(org.bouncycastle.asn1.DEROctetString) XiSecurityException(org.xipki.security.exception.XiSecurityException) P11TokenException(org.xipki.security.exception.P11TokenException) TokenException(iaik.pkcs.pkcs11.TokenException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) Session(iaik.pkcs.pkcs11.Session)

Example 10 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class IaikP11Slot method analyseSingleKey.

private void analyseSingleKey(Session session, PrivateKey privKey, P11SlotRefreshResult refreshResult) throws P11TokenException, XiSecurityException {
    byte[] id = privKey.getId().getByteArrayValue();
    java.security.PublicKey pubKey = null;
    X509Cert cert = refreshResult.getCertForId(id);
    if (cert != null) {
        pubKey = cert.getCert().getPublicKey();
    } else {
        PublicKey p11PublicKey = getPublicKeyObject(session, id, null);
        if (p11PublicKey == null) {
            LOG.info("neither certificate nor public key for the key (" + hex(id) + " is available");
            return;
        }
        pubKey = generatePublicKey(p11PublicKey);
    }
    P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(privKey.getLabel()));
    X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
    IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), privKey, pubKey, certs);
    refreshResult.addIdentity(identity);
}
Also used : DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey) RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey) SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey) ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey) PublicKey(iaik.pkcs.pkcs11.objects.PublicKey) X509Cert(org.xipki.security.X509Cert) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate)

Aggregations

P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)30 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)15 P11Slot (org.xipki.security.pkcs11.P11Slot)15 P11TokenException (org.xipki.security.exception.P11TokenException)10 X509Certificate (java.security.cert.X509Certificate)8 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)6 IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)5 Session (iaik.pkcs.pkcs11.Session)4 TokenException (iaik.pkcs.pkcs11.TokenException)4 PublicKey (java.security.PublicKey)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 X509Cert (org.xipki.security.X509Cert)4 XiSecurityException (org.xipki.security.exception.XiSecurityException)4 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)3 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)3 InvalidKeyException (java.security.InvalidKeyException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 P11SlotRefreshResult (org.xipki.security.pkcs11.P11SlotRefreshResult)3 Mechanism (iaik.pkcs.pkcs11.Mechanism)2