use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class EmulatorP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
P11SlotRefreshResult ret = new P11SlotRefreshResult();
for (long mech : supportedMechs) {
ret.addMechanism(mech);
}
// Secret Keys
File[] secKeyInfoFiles = secKeyDir.listFiles(INFO_FILENAME_FILTER);
if (secKeyInfoFiles != null && secKeyInfoFiles.length != 0) {
for (File secKeyInfoFile : secKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(secKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(secKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
byte[] encodedValue = IoUtil.read(new File(secKeyDir, hexId + VALUE_FILE_SUFFIX));
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new ByteArrayInputStream(encodedValue), password);
SecretKey key = null;
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (ks.isKeyEntry(alias)) {
key = (SecretKey) ks.getKey(alias, password);
break;
}
}
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), key, maxSessions, random);
LOG.info("added PKCS#11 secret key {}", p11ObjId);
ret.addIdentity(identity);
} catch (ClassCastException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
// Certificates
File[] certInfoFiles = certDir.listFiles(INFO_FILENAME_FILTER);
if (certInfoFiles != null) {
for (File infoFile : certInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(infoFile.getName());
Properties props = loadProperties(infoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
try {
X509Cert cert = readCertificate(id);
ret.addCertificate(objId, cert);
} catch (CertificateException | IOException ex) {
LOG.warn("could not parse certificate " + objId);
}
}
}
// Private / Public keys
File[] privKeyInfoFiles = privKeyDir.listFiles(INFO_FILENAME_FILTER);
if (privKeyInfoFiles != null && privKeyInfoFiles.length != 0) {
for (File privKeyInfoFile : privKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(privKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(privKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
X509Cert cert = ret.getCertForId(id);
java.security.PublicKey publicKey = (cert == null) ? readPublicKey(id) : cert.getCert().getPublicKey();
if (publicKey == null) {
LOG.warn("Neither public key nor certificate is associated with private key {}", p11ObjId);
continue;
}
byte[] encodedValue = IoUtil.read(new File(privKeyDir, hexId + VALUE_FILE_SUFFIX));
PKCS8EncryptedPrivateKeyInfo epki = new PKCS8EncryptedPrivateKeyInfo(encodedValue);
PrivateKey privateKey = privateKeyCryptor.decrypt(epki);
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), privateKey, publicKey, certs, maxSessions, random);
LOG.info("added PKCS#11 key {}", p11ObjId);
ret.addIdentity(identity);
} catch (InvalidKeyException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
return ret;
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11SecretKeyGenCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (keysize % 8 != 0) {
throw new IllegalCmdParamException("keysize is not multiple of 8: " + keysize);
}
long p11KeyType;
if ("AES".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_AES;
} else if ("DES3".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_DES3;
} else if ("GENERIC".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_GENERIC_SECRET;
} else {
throw new IllegalCmdParamException("invalid keyType " + keyType);
}
P11Slot slot = getSlot();
P11NewKeyControl control = getControl();
P11ObjectIdentifier objId = null;
try {
objId = slot.generateSecretKey(p11KeyType, keysize, label, control);
finalize(keyType, objId);
} catch (P11UnsupportedMechanismException ex) {
if (!createExternIfGenUnsupported) {
throw ex;
}
if (LOG.isInfoEnabled()) {
LOG.info("could not generate secret key {}: ", label, ex.getMessage());
}
if (LOG.isDebugEnabled()) {
LOG.debug("could not generate secret key " + label, ex);
}
byte[] keyValue = new byte[keysize / 8];
securityFactory.getRandom4Key().nextBytes(keyValue);
objId = slot.importSecretKey(p11KeyType, keyValue, label, control);
// clear the memory
Arrays.fill(keyValue, (byte) 0);
println("generated in memory and imported " + keyType + " key " + objId);
}
return null;
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11SecurityAction method getObjectIdentifier.
public P11ObjectIdentifier getObjectIdentifier() throws IllegalCmdParamException, XiSecurityException, P11TokenException {
P11Slot slot = getSlot();
P11ObjectIdentifier objIdentifier;
if (id != null && label == null) {
objIdentifier = slot.getObjectIdForId(Hex.decode(id));
} else if (id == null && label != null) {
objIdentifier = slot.getObjectIdForLabel(label);
} else {
throw new IllegalCmdParamException("exactly one of keyId or keyLabel should be specified");
}
return objIdentifier;
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11DSAKeyGenLoadTest method genKeypair.
@Override
protected void genKeypair() throws Exception {
P11ObjectIdentifier objId = slot.generateDSAKeypair(plength, qlength, getDummyLabel(), getControl());
slot.removeIdentity(objId);
}
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11ECKeyGenLoadTest method genKeypair.
@Override
protected void genKeypair() throws Exception {
P11ObjectIdentifier objId = slot.generateECKeypair(curveNameOrOid, getDummyLabel(), getControl());
slot.removeIdentity(objId);
}
Aggregations