Search in sources :

Example 21 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class EmulatorP11Slot method refresh0.

@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
    P11SlotRefreshResult ret = new P11SlotRefreshResult();
    for (long mech : supportedMechs) {
        ret.addMechanism(mech);
    }
    // Secret Keys
    File[] secKeyInfoFiles = secKeyDir.listFiles(INFO_FILENAME_FILTER);
    if (secKeyInfoFiles != null && secKeyInfoFiles.length != 0) {
        for (File secKeyInfoFile : secKeyInfoFiles) {
            byte[] id = getKeyIdFromInfoFilename(secKeyInfoFile.getName());
            String hexId = hex(id);
            try {
                Properties props = loadProperties(secKeyInfoFile);
                String label = props.getProperty(PROP_LABEL);
                P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
                byte[] encodedValue = IoUtil.read(new File(secKeyDir, hexId + VALUE_FILE_SUFFIX));
                KeyStore ks = KeyStore.getInstance("JCEKS");
                ks.load(new ByteArrayInputStream(encodedValue), password);
                SecretKey key = null;
                Enumeration<String> aliases = ks.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    if (ks.isKeyEntry(alias)) {
                        key = (SecretKey) ks.getKey(alias, password);
                        break;
                    }
                }
                EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), key, maxSessions, random);
                LOG.info("added PKCS#11 secret key {}", p11ObjId);
                ret.addIdentity(identity);
            } catch (ClassCastException ex) {
                LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
                continue;
            } catch (Throwable th) {
                LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
                continue;
            }
        }
    }
    // Certificates
    File[] certInfoFiles = certDir.listFiles(INFO_FILENAME_FILTER);
    if (certInfoFiles != null) {
        for (File infoFile : certInfoFiles) {
            byte[] id = getKeyIdFromInfoFilename(infoFile.getName());
            Properties props = loadProperties(infoFile);
            String label = props.getProperty(PROP_LABEL);
            P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
            try {
                X509Cert cert = readCertificate(id);
                ret.addCertificate(objId, cert);
            } catch (CertificateException | IOException ex) {
                LOG.warn("could not parse certificate " + objId);
            }
        }
    }
    // Private / Public keys
    File[] privKeyInfoFiles = privKeyDir.listFiles(INFO_FILENAME_FILTER);
    if (privKeyInfoFiles != null && privKeyInfoFiles.length != 0) {
        for (File privKeyInfoFile : privKeyInfoFiles) {
            byte[] id = getKeyIdFromInfoFilename(privKeyInfoFile.getName());
            String hexId = hex(id);
            try {
                Properties props = loadProperties(privKeyInfoFile);
                String label = props.getProperty(PROP_LABEL);
                P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
                X509Cert cert = ret.getCertForId(id);
                java.security.PublicKey publicKey = (cert == null) ? readPublicKey(id) : cert.getCert().getPublicKey();
                if (publicKey == null) {
                    LOG.warn("Neither public key nor certificate is associated with private key {}", p11ObjId);
                    continue;
                }
                byte[] encodedValue = IoUtil.read(new File(privKeyDir, hexId + VALUE_FILE_SUFFIX));
                PKCS8EncryptedPrivateKeyInfo epki = new PKCS8EncryptedPrivateKeyInfo(encodedValue);
                PrivateKey privateKey = privateKeyCryptor.decrypt(epki);
                X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
                EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), privateKey, publicKey, certs, maxSessions, random);
                LOG.info("added PKCS#11 key {}", p11ObjId);
                ret.addIdentity(identity);
            } catch (InvalidKeyException ex) {
                LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
                continue;
            } catch (Throwable th) {
                LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
                continue;
            }
        }
    }
    return ret;
}
Also used : PrivateKey(java.security.PrivateKey) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier) CertificateException(java.security.cert.CertificateException) DEROctetString(org.bouncycastle.asn1.DEROctetString) Properties(java.util.Properties) X509Cert(org.xipki.security.X509Cert) PublicKey(java.security.PublicKey) IOException(java.io.IOException) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) InvalidKeyException(java.security.InvalidKeyException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SecretKey(javax.crypto.SecretKey) P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult) ByteArrayInputStream(java.io.ByteArrayInputStream) File(java.io.File) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 22 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class P11SecretKeyGenCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (keysize % 8 != 0) {
        throw new IllegalCmdParamException("keysize is not multiple of 8: " + keysize);
    }
    long p11KeyType;
    if ("AES".equalsIgnoreCase(keyType)) {
        p11KeyType = PKCS11Constants.CKK_AES;
    } else if ("DES3".equalsIgnoreCase(keyType)) {
        p11KeyType = PKCS11Constants.CKK_DES3;
    } else if ("GENERIC".equalsIgnoreCase(keyType)) {
        p11KeyType = PKCS11Constants.CKK_GENERIC_SECRET;
    } else {
        throw new IllegalCmdParamException("invalid keyType " + keyType);
    }
    P11Slot slot = getSlot();
    P11NewKeyControl control = getControl();
    P11ObjectIdentifier objId = null;
    try {
        objId = slot.generateSecretKey(p11KeyType, keysize, label, control);
        finalize(keyType, objId);
    } catch (P11UnsupportedMechanismException ex) {
        if (!createExternIfGenUnsupported) {
            throw ex;
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("could not generate secret key {}: ", label, ex.getMessage());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("could not generate secret key " + label, ex);
        }
        byte[] keyValue = new byte[keysize / 8];
        securityFactory.getRandom4Key().nextBytes(keyValue);
        objId = slot.importSecretKey(p11KeyType, keyValue, label, control);
        // clear the memory
        Arrays.fill(keyValue, (byte) 0);
        println("generated in memory and imported " + keyType + " key " + objId);
    }
    return null;
}
Also used : P11NewKeyControl(org.xipki.security.pkcs11.P11NewKeyControl) P11Slot(org.xipki.security.pkcs11.P11Slot) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) P11UnsupportedMechanismException(org.xipki.security.exception.P11UnsupportedMechanismException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 23 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class P11SecurityAction method getObjectIdentifier.

public P11ObjectIdentifier getObjectIdentifier() throws IllegalCmdParamException, XiSecurityException, P11TokenException {
    P11Slot slot = getSlot();
    P11ObjectIdentifier objIdentifier;
    if (id != null && label == null) {
        objIdentifier = slot.getObjectIdForId(Hex.decode(id));
    } else if (id == null && label != null) {
        objIdentifier = slot.getObjectIdForLabel(label);
    } else {
        throw new IllegalCmdParamException("exactly one of keyId or keyLabel should be specified");
    }
    return objIdentifier;
}
Also used : P11Slot(org.xipki.security.pkcs11.P11Slot) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 24 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class P11DSAKeyGenLoadTest method genKeypair.

@Override
protected void genKeypair() throws Exception {
    P11ObjectIdentifier objId = slot.generateDSAKeypair(plength, qlength, getDummyLabel(), getControl());
    slot.removeIdentity(objId);
}
Also used : P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 25 with P11ObjectIdentifier

use of org.xipki.security.pkcs11.P11ObjectIdentifier in project xipki by xipki.

the class P11ECKeyGenLoadTest method genKeypair.

@Override
protected void genKeypair() throws Exception {
    P11ObjectIdentifier objId = slot.generateECKeypair(curveNameOrOid, getDummyLabel(), getControl());
    slot.removeIdentity(objId);
}
Also used : P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Aggregations

P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)30 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)15 P11Slot (org.xipki.security.pkcs11.P11Slot)15 P11TokenException (org.xipki.security.exception.P11TokenException)10 X509Certificate (java.security.cert.X509Certificate)8 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)6 IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)5 Session (iaik.pkcs.pkcs11.Session)4 TokenException (iaik.pkcs.pkcs11.TokenException)4 PublicKey (java.security.PublicKey)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 X509Cert (org.xipki.security.X509Cert)4 XiSecurityException (org.xipki.security.exception.XiSecurityException)4 SecretKey (iaik.pkcs.pkcs11.objects.SecretKey)3 ValuedSecretKey (iaik.pkcs.pkcs11.objects.ValuedSecretKey)3 InvalidKeyException (java.security.InvalidKeyException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 P11SlotRefreshResult (org.xipki.security.pkcs11.P11SlotRefreshResult)3 Mechanism (iaik.pkcs.pkcs11.Mechanism)2