Example 21 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class EmulatorP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
P11SlotRefreshResult ret = new P11SlotRefreshResult();
for (long mech : supportedMechs) {
ret.addMechanism(mech);
}
// Secret Keys
File[] secKeyInfoFiles = secKeyDir.listFiles(INFO_FILENAME_FILTER);
if (secKeyInfoFiles != null && secKeyInfoFiles.length != 0) {
for (File secKeyInfoFile : secKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(secKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(secKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
byte[] encodedValue = IoUtil.read(new File(secKeyDir, hexId + VALUE_FILE_SUFFIX));
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new ByteArrayInputStream(encodedValue), password);
SecretKey key = null;
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (ks.isKeyEntry(alias)) {
key = (SecretKey) ks.getKey(alias, password);
break;
}
}
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), key, maxSessions, random);
LOG.info("added PKCS#11 secret key {}", p11ObjId);
ret.addIdentity(identity);
} catch (ClassCastException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
// Certificates
File[] certInfoFiles = certDir.listFiles(INFO_FILENAME_FILTER);
if (certInfoFiles != null) {
for (File infoFile : certInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(infoFile.getName());
Properties props = loadProperties(infoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
try {
X509Cert cert = readCertificate(id);
ret.addCertificate(objId, cert);
} catch (CertificateException | IOException ex) {
LOG.warn("could not parse certificate " + objId);
}
}
}
// Private / Public keys
File[] privKeyInfoFiles = privKeyDir.listFiles(INFO_FILENAME_FILTER);
if (privKeyInfoFiles != null && privKeyInfoFiles.length != 0) {
for (File privKeyInfoFile : privKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(privKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(privKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
X509Cert cert = ret.getCertForId(id);
java.security.PublicKey publicKey = (cert == null) ? readPublicKey(id) : cert.getCert().getPublicKey();
if (publicKey == null) {
LOG.warn("Neither public key nor certificate is associated with private key {}", p11ObjId);
continue;
}
byte[] encodedValue = IoUtil.read(new File(privKeyDir, hexId + VALUE_FILE_SUFFIX));
PKCS8EncryptedPrivateKeyInfo epki = new PKCS8EncryptedPrivateKeyInfo(encodedValue);
PrivateKey privateKey = privateKeyCryptor.decrypt(epki);
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), privateKey, publicKey, certs, maxSessions, random);
LOG.info("added PKCS#11 key {}", p11ObjId);
ret.addIdentity(identity);
} catch (InvalidKeyException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
return ret;
}
Also used :
PrivateKey(java.security.PrivateKey)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
CertificateException(java.security.cert.CertificateException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Properties(java.util.Properties)
X509Cert(org.xipki.security.X509Cert)
PublicKey(java.security.PublicKey)
IOException(java.io.IOException)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
InvalidKeyException(java.security.InvalidKeyException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SecretKey(javax.crypto.SecretKey)
P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
File(java.io.File)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 22 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11SecretKeyGenCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (keysize % 8 != 0) {
throw new IllegalCmdParamException("keysize is not multiple of 8: " + keysize);
}
long p11KeyType;
if ("AES".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_AES;
} else if ("DES3".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_DES3;
} else if ("GENERIC".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_GENERIC_SECRET;
} else {
throw new IllegalCmdParamException("invalid keyType " + keyType);
}
P11Slot slot = getSlot();
P11NewKeyControl control = getControl();
P11ObjectIdentifier objId = null;
try {
objId = slot.generateSecretKey(p11KeyType, keysize, label, control);
finalize(keyType, objId);
} catch (P11UnsupportedMechanismException ex) {
if (!createExternIfGenUnsupported) {
throw ex;
}
if (LOG.isInfoEnabled()) {
LOG.info("could not generate secret key {}: ", label, ex.getMessage());
}
if (LOG.isDebugEnabled()) {
LOG.debug("could not generate secret key " + label, ex);
}
byte[] keyValue = new byte[keysize / 8];
securityFactory.getRandom4Key().nextBytes(keyValue);
objId = slot.importSecretKey(p11KeyType, keyValue, label, control);
// clear the memory
Arrays.fill(keyValue, (byte) 0);
println("generated in memory and imported " + keyType + " key " + objId);
}
return null;
}
Also used :
P11NewKeyControl(org.xipki.security.pkcs11.P11NewKeyControl)
P11Slot(org.xipki.security.pkcs11.P11Slot)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
P11UnsupportedMechanismException(org.xipki.security.exception.P11UnsupportedMechanismException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 23 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11SecurityAction method getObjectIdentifier.
public P11ObjectIdentifier getObjectIdentifier() throws IllegalCmdParamException, XiSecurityException, P11TokenException {
P11Slot slot = getSlot();
P11ObjectIdentifier objIdentifier;
if (id != null && label == null) {
objIdentifier = slot.getObjectIdForId(Hex.decode(id));
} else if (id == null && label != null) {
objIdentifier = slot.getObjectIdForLabel(label);
} else {
throw new IllegalCmdParamException("exactly one of keyId or keyLabel should be specified");
}
return objIdentifier;
}
Also used :
P11Slot(org.xipki.security.pkcs11.P11Slot)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 24 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11DSAKeyGenLoadTest method genKeypair.
@Override
protected void genKeypair() throws Exception {
P11ObjectIdentifier objId = slot.generateDSAKeypair(plength, qlength, getDummyLabel(), getControl());
slot.removeIdentity(objId);
}
Also used :
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 25 with P11ObjectIdentifier
use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.
the class P11ECKeyGenLoadTest method genKeypair.
@Override
protected void genKeypair() throws Exception {
P11ObjectIdentifier objId = slot.generateECKeypair(curveNameOrOid, getDummyLabel(), getControl());
slot.removeIdentity(objId);
}
Also used :
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Aggregations
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)30
P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)15
P11Slot (org.xipki.security.pkcs11.P11Slot)15
P11TokenException (org.xipki.security.exception.P11TokenException)10
X509Certificate (java.security.cert.X509Certificate)8
Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)6
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)5
Session (iaik.pkcs.pkcs11.Session)4
TokenException (iaik.pkcs.pkcs11.TokenException)4
PublicKey (java.security.PublicKey)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
X509Cert (org.xipki.security.X509Cert)4
XiSecurityException (org.xipki.security.exception.XiSecurityException)4
SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)3
ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)3
InvalidKeyException (java.security.InvalidKeyException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertificateException (java.security.cert.CertificateException)3
P11SlotRefreshResult (org.xipki.security.pkcs11.P11SlotRefreshResult)3
Mechanism (iaik.pkcs.pkcs11.Mechanism)2
