Example 6 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11CertExportCmd method execute0.
@Override
protected Object execute0() throws Exception {
P11Slot slot = getSlot();
P11ObjectIdentifier objIdentifier = getObjectIdentifier();
X509Certificate cert = slot.exportCert(objIdentifier);
if (cert == null) {
throw new CmdFailure("could not export certificate " + objIdentifier);
}
saveVerbose("saved certificate to file", new File(outFile), cert.getEncoded());
return null;
}
Also used :
CmdFailure(org.xipki.console.karaf.CmdFailure)
P11Slot(org.xipki.security.pkcs11.P11Slot)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11ECKeyGenCmd method execute0.
@Override
protected Object execute0() throws Exception {
P11Slot slot = getSlot();
P11ObjectIdentifier objId = slot.generateECKeypair(curveName, label, getControl());
finalize("EC", objId);
return null;
}
Also used :
P11Slot(org.xipki.security.pkcs11.P11Slot)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 8 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11DSAKeyGenCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (plen % 1024 != 0) {
throw new IllegalCmdParamException("plen is not multiple of 1024: " + plen);
}
if (qlen == null) {
if (plen <= 1024) {
qlen = 160;
} else if (plen <= 2048) {
qlen = 224;
} else {
qlen = 256;
}
}
P11Slot slot = getSlot();
P11ObjectIdentifier objId = slot.generateDSAKeypair(plen, qlen, label, getControl());
finalize("DSA", objId);
return null;
}
Also used :
P11Slot(org.xipki.security.pkcs11.P11Slot)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 9 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class IaikP11Slot method generateKeyPair.
private P11Identity generateKeyPair(long mech, PrivateKey privateKey, PublicKey publicKey) throws P11TokenException {
final String label = toString(privateKey.getLabel());
byte[] id = null;
try {
KeyPair keypair;
Session session = borrowWritableSession();
try {
if (labelExists(session, label)) {
throw new IllegalArgumentException("label " + label + " exists, please specify another one");
}
id = generateKeyId(session);
privateKey.getId().setByteArrayValue(id);
publicKey.getId().setByteArrayValue(id);
try {
keypair = session.generateKeyPair(Mechanism.get(mech), publicKey, privateKey);
} catch (TokenException ex) {
throw new P11TokenException("could not generate keypair " + Pkcs11Functions.mechanismCodeToString(mech), ex);
}
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, objId);
java.security.PublicKey jcePublicKey;
try {
jcePublicKey = generatePublicKey(keypair.getPublicKey());
} catch (XiSecurityException ex) {
throw new P11TokenException("could not generate public key " + objId, ex);
}
PrivateKey privateKey2 = getPrivateKeyObject(session, id, label.toCharArray());
if (privateKey2 == null) {
throw new P11TokenException("could not read the generated private key");
}
return new IaikP11Identity(this, entityId, privateKey2, jcePublicKey, null);
} finally {
returnWritableSession(session);
}
} catch (P11TokenException | RuntimeException ex) {
try {
removeObjects(id, label);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not remove objects");
}
throw ex;
}
}
Also used :
KeyPair(iaik.pkcs.pkcs11.objects.KeyPair)
RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey)
ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey)
SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey)
PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey)
DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
P11TokenException(org.xipki.security.exception.P11TokenException)
TokenException(iaik.pkcs.pkcs11.TokenException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Session(iaik.pkcs.pkcs11.Session)
Example 10 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class IaikP11Slot method analyseSingleKey.
private void analyseSingleKey(Session session, PrivateKey privKey, P11SlotRefreshResult refreshResult) throws P11TokenException, XiSecurityException {
byte[] id = privKey.getId().getByteArrayValue();
java.security.PublicKey pubKey = null;
X509Cert cert = refreshResult.getCertForId(id);
if (cert != null) {
pubKey = cert.getCert().getPublicKey();
} else {
PublicKey p11PublicKey = getPublicKeyObject(session, id, null);
if (p11PublicKey == null) {
LOG.info("neither certificate nor public key for the key (" + hex(id) + " is available");
return;
}
pubKey = generatePublicKey(p11PublicKey);
}
P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(privKey.getLabel()));
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), privKey, pubKey, certs);
refreshResult.addIdentity(identity);
}
Also used :
DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey)
RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey)
SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey)
ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey)
PublicKey(iaik.pkcs.pkcs11.objects.PublicKey)
X509Cert(org.xipki.security.X509Cert)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)30
P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)15
P11Slot (org.xipki.security.pkcs11.P11Slot)15
P11TokenException (org.xipki.security.exception.P11TokenException)10
X509Certificate (java.security.cert.X509Certificate)8
Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)6
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)5
Session (iaik.pkcs.pkcs11.Session)4
TokenException (iaik.pkcs.pkcs11.TokenException)4
PublicKey (java.security.PublicKey)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
X509Cert (org.xipki.security.X509Cert)4
XiSecurityException (org.xipki.security.exception.XiSecurityException)4
SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)3
ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)3
InvalidKeyException (java.security.InvalidKeyException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertificateException (java.security.cert.CertificateException)3
P11SlotRefreshResult (org.xipki.security.pkcs11.P11SlotRefreshResult)3
Mechanism (iaik.pkcs.pkcs11.Mechanism)2
