Search in sources :

Example 16 with P11Slot

use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.

the class SecurityAction method getSlot.

protected P11Slot getSlot(String moduleName, int slotIndex) throws XiSecurityException, P11TokenException, IllegalCmdParamException {
    P11Module module = getP11Module(moduleName);
    P11SlotIdentifier slotId = module.getSlotIdForIndex(slotIndex);
    return module.getSlot(slotId);
}
Also used : P11Module(org.xipki.security.pkcs11.P11Module) P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)

Example 17 with P11Slot

use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.

the class P11ObjectsDeleteCmd method execute0.

@Override
protected Object execute0() throws Exception {
    P11Slot slot = getSlot(moduleName, slotIndex);
    byte[] idBytes = null;
    if (id != null) {
        idBytes = Hex.decode(id);
    }
    int num = slot.removeObjects(idBytes, label);
    println("deleted " + num + " objects");
    return null;
}
Also used : P11Slot(org.xipki.security.pkcs11.P11Slot)

Example 18 with P11Slot

use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.

the class P11SecretKeyGenCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (keysize % 8 != 0) {
        throw new IllegalCmdParamException("keysize is not multiple of 8: " + keysize);
    }
    long p11KeyType;
    if ("AES".equalsIgnoreCase(keyType)) {
        p11KeyType = PKCS11Constants.CKK_AES;
    } else if ("DES3".equalsIgnoreCase(keyType)) {
        p11KeyType = PKCS11Constants.CKK_DES3;
    } else if ("GENERIC".equalsIgnoreCase(keyType)) {
        p11KeyType = PKCS11Constants.CKK_GENERIC_SECRET;
    } else {
        throw new IllegalCmdParamException("invalid keyType " + keyType);
    }
    P11Slot slot = getSlot();
    P11NewKeyControl control = getControl();
    P11ObjectIdentifier objId = null;
    try {
        objId = slot.generateSecretKey(p11KeyType, keysize, label, control);
        finalize(keyType, objId);
    } catch (P11UnsupportedMechanismException ex) {
        if (!createExternIfGenUnsupported) {
            throw ex;
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("could not generate secret key {}: ", label, ex.getMessage());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("could not generate secret key " + label, ex);
        }
        byte[] keyValue = new byte[keysize / 8];
        securityFactory.getRandom4Key().nextBytes(keyValue);
        objId = slot.importSecretKey(p11KeyType, keyValue, label, control);
        // clear the memory
        Arrays.fill(keyValue, (byte) 0);
        println("generated in memory and imported " + keyType + " key " + objId);
    }
    return null;
}
Also used : P11NewKeyControl(org.xipki.security.pkcs11.P11NewKeyControl) P11Slot(org.xipki.security.pkcs11.P11Slot) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) P11UnsupportedMechanismException(org.xipki.security.exception.P11UnsupportedMechanismException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 19 with P11Slot

use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.

the class P11SecurityAction method getObjectIdentifier.

public P11ObjectIdentifier getObjectIdentifier() throws IllegalCmdParamException, XiSecurityException, P11TokenException {
    P11Slot slot = getSlot();
    P11ObjectIdentifier objIdentifier;
    if (id != null && label == null) {
        objIdentifier = slot.getObjectIdForId(Hex.decode(id));
    } else if (id == null && label != null) {
        objIdentifier = slot.getObjectIdForLabel(label);
    } else {
        throw new IllegalCmdParamException("exactly one of keyId or keyLabel should be specified");
    }
    return objIdentifier;
}
Also used : P11Slot(org.xipki.security.pkcs11.P11Slot) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)

Example 20 with P11Slot

use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.

the class BSpeedP11DSASignCmd method nextTester.

@Override
protected LoadExecutor nextTester() throws Exception {
    DSAControl control = queue.poll();
    if (control == null) {
        return null;
    }
    P11Slot slot = getSlot();
    if (control.plen() == 1024) {
        if (!"SHA1withDSA".equalsIgnoreCase(sigAlgo)) {
            throw new IllegalCmdParamException("only SHA1withDSA is permitted for DSA with 1024 bit");
        }
    }
    return new P11DSASignLoadTest(securityFactory, slot, sigAlgo, control.plen(), control.qlen());
}
Also used : DSAControl(org.xipki.security.speed.cmd.DSAControl) P11DSASignLoadTest(org.xipki.security.speed.p11.P11DSASignLoadTest) P11Slot(org.xipki.security.pkcs11.P11Slot) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)

Aggregations

P11Slot (org.xipki.security.pkcs11.P11Slot)24 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)15 IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)8 P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)8 P11Module (org.xipki.security.pkcs11.P11Module)6 X509Certificate (java.security.cert.X509Certificate)5 P11CryptService (org.xipki.security.pkcs11.P11CryptService)5 P11TokenException (org.xipki.security.exception.P11TokenException)3 PublicKey (java.security.PublicKey)2 HashSet (java.util.HashSet)2 Asn1P11SlotIdentifier (org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)2 Asn1ServerCaps (org.xipki.p11proxy.msg.Asn1ServerCaps)2 BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)2 P11Identity (org.xipki.security.pkcs11.P11Identity)2 File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 MalformedURLException (java.net.MalformedURLException)1 InvalidKeyException (java.security.InvalidKeyException)1