use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11CertExportCmd method execute0.
@Override
protected Object execute0() throws Exception {
P11Slot slot = getSlot();
P11ObjectIdentifier objIdentifier = getObjectIdentifier();
X509Certificate cert = slot.exportCert(objIdentifier);
if (cert == null) {
throw new CmdFailure("could not export certificate " + objIdentifier);
}
saveVerbose("saved certificate to file", new File(outFile), cert.getEncoded());
return null;
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11ECKeyGenCmd method execute0.
@Override
protected Object execute0() throws Exception {
P11Slot slot = getSlot();
P11ObjectIdentifier objId = slot.generateECKeypair(curveName, label, getControl());
finalize("EC", objId);
return null;
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11DSAKeyGenCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (plen % 1024 != 0) {
throw new IllegalCmdParamException("plen is not multiple of 1024: " + plen);
}
if (qlen == null) {
if (plen <= 1024) {
qlen = 160;
} else if (plen <= 2048) {
qlen = 224;
} else {
qlen = 256;
}
}
P11Slot slot = getSlot();
P11ObjectIdentifier objId = slot.generateDSAKeypair(plen, qlen, label, getControl());
finalize("DSA", objId);
return null;
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class IaikP11Slot method generateKeyPair.
private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
final String label = toString(privateKey.getLabel());
byte[] id = null;
try {
KeyPair keypair;
Session session = borrowWritableSession();
try {
if (labelExists(session, label)) {
throw new IllegalArgumentException("label " + label + " exists, please specify another one");
}
id = generateKeyId(session);
privateKey.getId().setByteArrayValue(id);
publicKey.getId().setByteArrayValue(id);
try {
keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
} catch (TokenException ex) {
throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
}
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
java.security.PublicKey jcePublicKey;
try {
jcePublicKey = generatePublicKey(keypair.getPublicKey());
} catch (XiSecurityException ex) {
throw new P11TokenException("could not generate public key " + objId, ex);
}
PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
if (privateKey2 == null) {
throw new P11TokenException("could not read the generated private key");
}
return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
} finally {
returnWritableSession(session);
}
} catch (P11TokenException | RuntimeException ex) {
try {
removeObjects(id, label);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not remove objects");
}
throw ex;
}
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class IaikP11Slot method analyseSingleKey.
private void analyseSingleKey(Session session, PrivateKey privKey, P11SlotRefreshResult refreshResult) throws P11TokenException, XiSecurityException {
byte[] id = privKey.getId().getByteArrayValue();
java.security.PublicKey pubKey = null;
X509Cert cert = refreshResult.getCertForId(id);
if (cert != null) {
pubKey = cert.getCert().getPublicKey();
} else {
PublicKey p11PublicKey = getPublicKeyObject(session, id, null);
if (p11PublicKey == null) {
LOG.info("neither certificate nor public key for the key (" + hex(id) + " is available");
return;
}
pubKey = generatePublicKey(p11PublicKey);
}
P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(privKey.getLabel()));
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), privKey, pubKey, certs);
refreshResult.addIdentity(identity);
}
Aggregations